Provably Secure Pairing-Based Convertible Undeniable Signature with Short Signature Length

“…This was pointed out by Kurosawa and Heng [24], and Huang et al [22] furthermore noticed that, for convertible schemes, this might be an issue for token generation as well.…”

“…Another aspect of the above security notion which we would like to highlight is the definition of S. We note that anyone can sample S and that when using this definition of S, invisibility implies anonymity i.e. the inability for an adversary to distinguish between signatures constructed by different users (see [16,22] for a formal proof of this). Some schemes (e.g.…”

“…Recently, Huang, Mu, Susilo and Wu [22] proposed the currently most efficient scheme in the random oracle model which supports both selective and universal conversion. Yuen, Au, Liu and Susilo [39] proposed a selective and universal convertible standard model scheme, but it was shown by Phong, Kurosawa and Ogata [33] that the scheme is not invisible for the standard definition of invisibility.…”

“…However, despite the practical advantages of this property, it is not considered in the formalization, security model or the concrete schemes presented in most recent papers [27,25,22,39,2,34,33] (we note that [20] discuss delegation of verification as an extension). In these schemes, only the ability of the signer to confirm, disavow and convert signatures is considered and no explicit mechanism is provided for delegating this ability.…”

An Efficient Convertible Undeniable Signature Scheme with Delegatable Verification

“…This was pointed out by Kurosawa and Heng [24], and Huang et al [22] furthermore noticed that, for convertible schemes, this might be an issue for token generation as well.…”

“…Another aspect of the above security notion which we would like to highlight is the definition of S. We note that anyone can sample S and that when using this definition of S, invisibility implies anonymity i.e. the inability for an adversary to distinguish between signatures constructed by different users (see [16,22] for a formal proof of this). Some schemes (e.g.…”

“…Recently, Huang, Mu, Susilo and Wu [22] proposed the currently most efficient scheme in the random oracle model which supports both selective and universal conversion. Yuen, Au, Liu and Susilo [39] proposed a selective and universal convertible standard model scheme, but it was shown by Phong, Kurosawa and Ogata [33] that the scheme is not invisible for the standard definition of invisibility.…”

“…However, despite the practical advantages of this property, it is not considered in the formalization, security model or the concrete schemes presented in most recent papers [27,25,22,39,2,34,33] (we note that [20] discuss delegation of verification as an extension). In these schemes, only the ability of the signer to confirm, disavow and convert signatures is considered and no explicit mechanism is provided for delegating this ability.…”

An Efficient Convertible Undeniable Signature Scheme with Delegatable Verification

“…An earlier version of the scheme in this section appears in [38]. In 2007, Huang et al [20] proposed a pairing-based convertible undeniable signatures secure in the random oracle model. Huang et al [19] also proposed a generic construction of universally-convertible undeniable signatures from a strongly unforgeable classic signature scheme, a selectively-convertible undeniable signature scheme and a collision resistant hash function.…”

(Convertible) Undeniable Signatures Without Random Oracles

Provably secure strong designated verifier signature scheme based on coding theory