International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Fairness of Perfect Concurrent Signatures

Authors:
Guilin Wang
Feng Bao
Jianying Zhou
Download:
URL: http://eprint.iacr.org/2006/226
Search ePrint
Search Google
Abstract: At Eurocrypt 2004, Chen, Kudla and Paterson introduced the concept of {\it concurrent signatures}, which allows two parties to produce two ambiguous signatures until an extra piece of information (called {\it keystone}) is released by the initial signer. Once the keystone is released publicly, both signatures are binding to their true signers {\it concurrently}. At ICICS 2004, Susilo, Mu and Zhang further proposed {\it perfect concurrent signatures} to strengthen the ambiguity of concurrent signatures. That is, even the both signers are known having issued one of the two ambiguous signatures, any third party is still unable to deduce who signed which signature, different from Chen et al.'s scheme. However, this paper points out that Susilo et al.'s two perfect concurrent signatures are actually {\it not} concurrent signatures. Specifically, we identify an attack that enables the initial signer to release a carefully prepared keystone that binds the matching signer's signature, but not the initial signer's. Therefore, both of their two schemes are {\it unfair} for the matching signer. Moreover, we present a simple but effective way to avoid this attack such that the improved schemes are truly perfect concurrent signatures.
BibTeX
@misc{eprint-2006-21719,
  title={The Fairness of Perfect Concurrent Signatures},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography /},
  url={http://eprint.iacr.org/2006/226},
  note={ glwang@i2r.a-star.edu.sg 13333 received 3 Jul 2006},
  author={Guilin Wang and Feng Bao and Jianying Zhou},
  year=2006
}