Paper 2006/007

Further Discussions on the Security of a Nominative Signature Scheme

Lifeng Guo, Guilin Wang, and Duncan S. Wong


A nominative signature scheme allows a nominator (or signer) and a nominee (or verifier) to jointly generate and publish a signature in such a way that \emph{only} the nominee can verify the signature and if necessary, \emph{only} the nominee can prove to a third party that the signature is valid. In a recent work, Huang and Wang proposed a new nominative signature scheme which, in addition to the above properties, \emph{only} allows the nominee to convert a nominative signature to a publicly verifiable one. In ACISP 2005, Susilo and Mu presented several algorithms and claimed that these algorithms can be used by the nominator to verify the validity of a published nominative signature, show to a third party that the signature is valid, and also convert the signature to a publicly verifiable one, all \emph{without} any help from the nominee. In this paper, we point out that Susilo and Mu's attacks are actually \emph{incomplete} and {\it inaccurate}. In particular, we show that there exists no efficient algorithm for a nominator to check the validity of a signature if this signature is generated by the nominator and the nominee {\it honestly} and the Decisional Diffie-Hellman Problem is hard. On the other hand, we point out that the Huang-Wang scheme is indeed {\it insecure}, since there is an attack that allows the nominator to generate valid nominative signatures alone and prove the validity of such signatures to a third party.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Digital SignatureNominative Signature
Contact author(s)
lfguo @ amss ac cn
2006-01-10: received
Short URL
Creative Commons Attribution


      author = {Lifeng Guo and Guilin Wang and Duncan S.  Wong},
      title = {Further Discussions on the Security of a Nominative Signature Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2006/007},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.