Paper 2006/226

The Fairness of Perfect Concurrent Signatures

Guilin Wang, Feng Bao, and Jianying Zhou


At Eurocrypt 2004, Chen, Kudla and Paterson introduced the concept of {\it concurrent signatures}, which allows two parties to produce two ambiguous signatures until an extra piece of information (called {\it keystone}) is released by the initial signer. Once the keystone is released publicly, both signatures are binding to their true signers {\it concurrently}. At ICICS 2004, Susilo, Mu and Zhang further proposed {\it perfect concurrent signatures} to strengthen the ambiguity of concurrent signatures. That is, even the both signers are known having issued one of the two ambiguous signatures, any third party is still unable to deduce who signed which signature, different from Chen et al.'s scheme. However, this paper points out that Susilo et al.'s two perfect concurrent signatures are actually {\it not} concurrent signatures. Specifically, we identify an attack that enables the initial signer to release a carefully prepared keystone that binds the matching signer's signature, but not the initial signer's. Therefore, both of their two schemes are {\it unfair} for the matching signer. Moreover, we present a simple but effective way to avoid this attack such that the improved schemes are truly perfect concurrent signatures.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
glwang @ i2r a-star edu sg
2006-07-06: received
Short URL
Creative Commons Attribution


      author = {Guilin Wang and Feng Bao and Jianying Zhou},
      title = {The Fairness of Perfect Concurrent Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2006/226},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.