Paper 2025/855

Posterior Security: Anonymity and Message Hiding of Standard Signatures

Tsz Hon Yuen, Monash University
Ying-Teng Chen, Monash University
Shimin Pan, The University of Hong Kong
Jiangshan Yu, The University of Sydney
Joseph K. Liu, Monash University
Abstract

We introduce posterior security of digital signatures, the additional security features after the original signature is generated. It is motivated by the scenario that some people store their secret keys in secure hardware and can only obtain a standard signature through a standardized interface. In this paper, we consider two different posterior security features: anonymity and message hiding. We first introduce incognito signature, a new mechanism to anonymize a standard signature. Different from other ring or group signatures, the signer generates a standard (non-anonymous) signature first. The signature is then anonymized by a converter before sending to the verifier, by hiding the signer public key with a set of decoy public keys. We then introduce concealed signature which hides the message in a commitment. The standard signature is converted such that it can be verified with the commitment. The models of posterior anonymity and posterior message hiding capture the separation of the signer and the converter. Anonymity or message hiding is provided by the converter after the creation of a standard signature by the signer. We give generic constructions of incognito signature and concealed signature. It can be applied to standard signatures like Schnorr. It gives the first practical anonymized ECDSA signature, and the signature size is logarithmic to the number of decoy public keys . The existing ring signature scheme with ECDSA keys is at least 152 times longer than our scheme for . The incognito signature and concealed signature can be composed to provide posterior anonymity and message hiding. It is useful in applications like two-tier central bank digital currency, where users want to hide their addresses (public keys) and transaction amounts (messages) when the payment is settled in the interbank layer.

Note: Full version of the paper to be published in ACM CCS 2025.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. CCS 2025
Keywords
PrivacySignatures
Contact author(s)
john tszhonyuen @ monash edu
ying-teng chen @ monash edu
smpan @ connect hku hk
jiangshan yu @ sydney edu au
joseph liu @ monash edu
History
2025-05-17: approved
2025-05-15: received
See all versions
Short URL
https://ia.cr/2025/855
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/855,
      author = {Tsz Hon Yuen and Ying-Teng Chen and Shimin Pan and Jiangshan Yu and Joseph K. Liu},
      title = {Posterior Security: Anonymity and Message Hiding of Standard Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/855},
      year = {2025},
      url = {https://eprint.iacr.org/2025/855}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.