Welcome to the resource topic for 2006/007
Title:
Further Discussions on the Security of a Nominative Signature Scheme
Authors: Lifeng Guo, Guilin Wang, Duncan S. Wong
Abstract:A nominative signature scheme allows a nominator (or signer) and a
nominee (or verifier) to jointly generate and publish a signature in
such a way that \emph{only} the nominee can verify the signature and
if necessary, \emph{only} the nominee can prove to a third party
that the signature is valid. In a recent work, Huang and Wang
proposed a new nominative signature scheme which, in addition to the
above properties, \emph{only} allows the nominee to convert a
nominative signature to a publicly verifiable one. In ACISP 2005,
Susilo and Mu presented several algorithms and claimed that these
algorithms can be used by the nominator to verify the validity of a
published nominative signature, show to a third party that the
signature is valid, and also convert the signature to a publicly
verifiable one, all \emph{without} any help from the nominee. In
this paper, we point out that Susilo and Mu’s attacks are actually
\emph{incomplete} and {\it inaccurate}. In particular, we show that
there exists no efficient algorithm for a nominator to check the
validity of a signature if this signature is generated by the
nominator and the nominee {\it honestly} and the Decisional
Diffie-Hellman Problem is hard. On the other hand, we point out that
the Huang-Wang scheme is indeed {\it insecure}, since there is an
attack that allows the nominator to generate valid nominative
signatures alone and prove the validity of such signatures to a
third party.
ePrint: https://eprint.iacr.org/2006/007
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .