CryptoDB
Designated Confirmer Signatures Revisited
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Previous definitions of designated confirmer signatures in the literature are incomplete, and the proposed security definitions fail to capture key security properties, such as unforgeability against malicious confirmers and non-transferability. We propose new definitions. Previous schemes rely on the random oracle model or set-up assumptions, or are secure with respect to relaxed security definitions. We construct a practical scheme that is provably secure with respect to our security definition under the strong RSA-assumption, the decision composite residuosity assumption, and the decision Diffie-Hellman assumption. To achieve our results we introduce several new relaxations of standard notions. We expect these techniques to be useful in the construction and analysis of other efficient cryptographic schemes. |
BibTeX
@misc{eprint-2006-21616,
title={Designated Confirmer Signatures Revisited},
booktitle={IACR Eprint archive},
keywords={designated confirmer signature, zero-knowledge, CCA2-security},
url={http://eprint.iacr.org/2006/123},
note={ douglas@inf.ethz.ch 13570 received 28 Mar 2006, last revised 26 Feb 2007},
author={Douglas Wikström},
year=2006
}