An Efficient Convertible Undeniable Signature Scheme with Delegatable Verification

Abstract: Abstract. Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damgård, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verification token, either for individual signatures or for all signatures universally. In addition, the signer is a… Show more

“…Both works indicate that, if using NIZK proofs in undeniable signatures, the common reference string must be legitimately set up (say, by a trusted party like the CA in PKI). Unfortunately, the scheme of Huang and Wong [23] turned out not satisfying anonymity, as shown in [38]. The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper.…”

“…Unfortunately, the scheme of Huang and Wong [23] turned out not satisfying anonymity, as shown in [38]. The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper. Both works [23,38] do not consider unambiguity.…”

“…Subsequent to a preliminary version of this work [34] on the Eprint, Schuldt, Matsuura [38], and Huang, Wong [23] have suggested some other schemes with interesting additional properties. Both works indicate that, if using NIZK proofs in undeniable signatures, the common reference string must be legitimately set up (say, by a trusted party like the CA in PKI).…”

“…The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper. Both works [23,38] do not consider unambiguity.…”

Provably Secure Convertible Undeniable Signatures with Unambiguity

“…Both works indicate that, if using NIZK proofs in undeniable signatures, the common reference string must be legitimately set up (say, by a trusted party like the CA in PKI). Unfortunately, the scheme of Huang and Wong [23] turned out not satisfying anonymity, as shown in [38]. The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper.…”

“…Unfortunately, the scheme of Huang and Wong [23] turned out not satisfying anonymity, as shown in [38]. The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper. Both works [23,38] do not consider unambiguity.…”

“…Subsequent to a preliminary version of this work [34] on the Eprint, Schuldt, Matsuura [38], and Huang, Wong [23] have suggested some other schemes with interesting additional properties. Both works indicate that, if using NIZK proofs in undeniable signatures, the common reference string must be legitimately set up (say, by a trusted party like the CA in PKI).…”

“…The scheme of [38], while relying on a more standard assumption, produces longer signatures (or public keys) than the ones in this paper. Both works [23,38] do not consider unambiguity.…”

Provably Secure Convertible Undeniable Signatures with Unambiguity

“…SCUS schemes can also be used as a the main building block in protocols such as fair payment [3]. There is a long list of work on SCUS schemes in the literature, including [10,15,17,26,28] in the standard model.…”

Relation between Verifiable Random Functions and Convertible Undeniable Signatures, and New Constructions

A Note on the Invisibility and Anonymity of Undeniable Signature Schemes