Paper 2009/435

Efficient Confirmer Signatures from the ``Signature of a Commitment'' Paradigm

Laila El Aimani


Generic constructions of designated confirmer signatures follow one of the following two strategies; either produce a digital signature on the message to be signed, then encrypt the resulting signature, or produce a commitment on the message, encrypt the string used to generate the commitment and finally sign the latter. We study the second strategy by determining the exact security property needed in the encryption to achieve secure constructions. This study infers the exclusion of a useful type of encryption from the design due to an intrinsic weakness in the paradigm. Next, we propose a simple method to remediate to this weakness and we get efficient constructions which can be used with \emph{any} digital signature.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Designated Confirmer signatures``Signature of a commitment'' paradigmGeneric constructionReductionmeta-reductionZero Knowledge.
Contact author(s)
elaimani @ bit uni-bonn de
2009-11-24: revised
2009-09-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Laila El Aimani},
      title = {Efficient Confirmer Signatures from the  ``Signature of a Commitment'' Paradigm},
      howpublished = {Cryptology ePrint Archive, Paper 2009/435},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.