Designated confirmer signatures revisited
2007 (English)In: Theory of Cryptography, Proceedings, 2007, 342-361 p.Conference paper (Refereed)
Previous definitions of designated confirmer signatures in the literature are incomplete, and the proposed security definitions fail to capture key security properties, such as unforgeability against malicious confirmers and non-transferability. We propose new definitions. Previous schemes rely on the random oracle model or set-up assumptions, or are secure with respect to relaxed security definitions. We construct a practical scheme that is provably secure with respect to our security definition under the strong RSA-assumption, the decision composite residuosity assumption, and the decision Diffie-Hellman assumption. To achieve our results we introduce several new relaxations of standard notions. We expect these techniques to be useful in the construction and analysis of other efficient cryptographic schemes.
Place, publisher, year, edition, pages
2007. 342-361 p.
, LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743
MES, PROOFS, SECURE, CRYPTOSYSTEMS
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-50893ISI: 000245275900019OAI: oai:DiVA.org:kth-50893DiVA: diva2:462985
4th Theory of Cryptography Conference. Amsterdam, NETHERLANDS. FEB 21-24, 2007
QC 201112092011-12-082011-12-082011-12-09Bibliographically approved