Paper 2010/233

Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials

Georg Fuchsbauer


Verifiable encryption allows to encrypt a signature and prove that the plaintext is valid. We introduce a new primitive called commuting signature that extends verifiable encryption in multiple ways: a signer can encrypt both signature and message and prove validity; more importantly, given a ciphertext, a signer can create a verifiably encrypted signature on the encrypted message; thus signing and encrypting commute. We instantiate commuting signatures using the proof system by Groth and Sahai (EUROCRYPT '08) and the automorphic signatures by Fuchsbauer (ePrint report 2009/320). As an application, we give an instantiation of delegatable anonymous credentials, a powerful primitive introduced by Belenkiy et al. (CRYPTO '09). Our instantiation is arguably simpler than theirs and it is the first to provide non-interactive issuing and delegation, which is a standard requirement for non-anonymous credentials. Moreover, the size of our credentials and the cost of verification are less than half of those of the only previous construction, and efficiency of issuing and delegation is increased even more significantly. All our constructions are proved secure in the standard model.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
anonymitycredentialsdigital signatureselliptic curve cryptosystem
Contact author(s)
fuchsbau @ di ens fr
2010-04-28: received
Short URL
Creative Commons Attribution


      author = {Georg Fuchsbauer},
      title = {Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials},
      howpublished = {Cryptology ePrint Archive, Paper 2010/233},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.