Cryptology ePrint Archive: Report 2005/149

Conditionally Verifiable Signatures

Aldar C-F. Chan and Ian F. Blake

Abstract: We introduce a new digital signature model, called conditionally verifiable signature (CVS), which allows a signer to specify and convince a recipient under what conditions his signature would become valid and verifiable; the resulting signature is not publicly verifiable immediately but can be converted back into an ordinary one (verifiable by anyone) after the recipient has obtained proofs, in the form of signatures/endorsements from a number of third party witnesses, that all the specified conditions have been fulfilled. A fairly wide set of conditions could be specified in CVS. The only job of the witnesses is to certify the fulfillment of a condition and none of them need to be actively involved in the actual signature conversion, thus protecting user privacy. It is guaranteed that the recipient cannot cheat as long as at least one of the specified witnesses does not collude. We formalize the concept of CVS and give a generic CVS construction based on any CPA-secure identity based encryption (IBE) scheme. Theoretically, we show that the existence of IBE with indistinguishability under a chosen plaintext attack (a weaker notion than the standard one) is necessary and sufficient for the construction of a secure CVS.\footnote{Due to page limit, some proofs are omitted here but could be found in the full version \cite{CB05ibecvs}.}

Category / Keywords: public-key cryptography / digital signatures, privacy, accountability, bilinear pairings, identity based encryption, timed release cryptography, fair exchange

Publication Info: An extended abstract will appear in Indocrypt 2006

Date: received 24 May 2005, last revised 12 Oct 2006

Contact author: chun-fai-aldar chan at inrialpes fr

Available format(s): PDF | BibTeX Citation

Note: Feedback and comments are greatly appreciated.

Version: 20061012:072519 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]