Designated Confirmer Signature Research Articles

Designated confirmer threshold signature and its applications in blockchains

The non-transferability of a designated confirmer signature scheme allows a signer to control the verification ability of a signature, hence protecting the signer’s privacy. However, a designated confirmer signature is insufficient when the secret keys are damaged and incapable of collaborative signature generation. In this paper, we circumvent these limitations by introducing the notion of designated confirmer threshold signature. First, we present a formal security model, then give a generic construction, which utilizes threshold signature schemes, encryption schemes and Σ-protocols. Instantiating this generic construction, we have two specific schemes, based on threshold Schnorr and threshold ECDSA, respectively. We further design two efficient Σ-protocols for efficient proofs. We also implement these schemes, and the experiment results show that our schemes are practical with rich functionalities. Finally, we demonstrate interesting applications for blockchains, such as verifiable asset auctions in blockchain and traditional electronic bidding.

A new generic construction of anonymous designated confirmer signature for privacy-preserving fair exchange

ABSTRACTDesignated confirmer signature (DCS), introduced by Chaum at Eurocrypt 1994, can be used to control the public verifiability of a digital signature. It is a very useful tool in many applications which require a signature to remain anonymous and unverifiable until a certain time/condition is reached. In this paper, we propose a new generic construction of Anonymous Identity-Based DCS from Anonymous Identity-Based Signature. Interestingly, our construction also automatically implies an Anonymous Identity-Based Convertible Undeniable Signature scheme. We prove that the construction is secure for signer, verifier and confirmer in the standard model.

Multiple Attribute Authorities Attribute-Based Designated Confirmer Signature Scheme with Unified Verification

Multiple Attribute Authorities Attribute-Based Designated Confirmer Signature Scheme with Unified Verification

An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage

The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

Privacy-Enhanced Designated Confirmer Signature without Random Oracles

As an extension of digital signature, designated confirmer signature (DCS) efficiently realizes the privacy protection of the signer. In a DCS scheme, the validity of the sig-nature must be confirmed by the signer or a semi-trusted third party, called confirmer. Since the DCS signature is generated by encrypting a standard signature with the designated confirmer's public key, only the confirmer can disavow invalid signatures. Moreover, the confirmer al-ways can further convert a DCS into an ordinary signature by decrypting the DCS such that it is publicly verifiable. This property is necessary in some cases. However, from the view of the signer, the privacy is leaked if the DCS is converted into an ordinary signature by the confirmer. In this work, we propose a new DCS scheme without the random oracles. Both the signer and confirmer in this new construction can confirm a valid DCS and disavow an invalid signature. Furthermore, the authority of the confirmer is limited. He is designated by the signer to verify the validity of a signature only when the signer is unavailable. However, the confirmer cannot convert a valid DCS into a standard signature. This new property of DCS is more favorable to the signer.

The construction of ambiguous optimistic fair exchange from designated confirmer signature without random oracles

Ambiguous Optimistic Fair Exchange (AOFE), introduced by Huang et al. in ASIACRYPT 2008, is an extension of OFE that enhances the fairness of the two communicating parties in the exchange of signatures. The first scheme was proven secure without random oracles while its partial signature contains dozens of group elements. Recently, interactive AOFE was introduced and the construction is more practical, where a partial signature only contains three group elements. It is based on the existence of Designated Confirmer Signature (DCS) with a special property where one is able to sample a confirmer signature efficiently from a signer’s signature space. Nevertheless, we note that there are only a few DCS schemes that have this special property. Security of the interactive AOFE construction relies on the q-Computational and Decisional Hidden Strong Diffie-Hellman assumptions. In this paper, we propose a new construction of interactive AOFE from DCS, where the underlying DCS is standard and does not require any special property. We also propose a new DCS construction. By applying our transformation from DCS to interactive AOFE, we build a concrete interactive AOFE which is secure under more standard number-theoretic assumptions, namely Strong Diffie-Hellman and Decision Linear assumptions, without random oracles. A partial signature of the interactive AOFE contains six group elements, while a full signature contains two only.

Efficient Designated Confirmer Signature and DCS-Based Ambiguous Optimistic Fair Exchange

Designated confirmer signature (DCS) extends the undeniable signature so that a party called confirmer can also confirm/disavow nonself-authenticating signatures on the signer's behalf. Previous DCS schemes, however, can let a signer confirm a valid signature but not disavow an invalid one, while only a confirmer can. It remains open to construct a DCS which also allows the signer to disavow. In this work, we propose new security models for formalizing the signer's ability to disavow. We propose a new DCS scheme and prove its security without random oracles. The new DCS scheme is efficient and also convertible. A signature in this new DCS consists of only three bilinear group elements. This is much shorter than any of the existing schemes. In addition, the scheme can be extended to support multiple confirmers and threshold conversion. Adding a confirmer incurs the addition of only one group element in a signature. Furthermore, we propose an efficient construction of ambiguous optimistic fair exchange (AOFE) of digital signatures based on the new DCS scheme. A partial AOFE signature consists of three elements in an elliptic curve group and four in group , and a full signature has only three group elements, which are shorter than those in Garay 's scheme (Crypto 1999) and Huang 's scheme (Asiacrypt 2008).

Identity based designated multi-confirmer signature: a new type signature

Designated confirmer signatures play an important role in e-commerce. In the verification of the designated confirmer signature, it is necessary that the signer or the designated confirmer confirms the signature to the verifier. In this paper, we present a new type designated confirmer signature called designated multi-confirmer signature. In designated multi-confirmer signature scheme, the signer delegates the ability of confirmation to a group of confirmers. The verification requires that the verifier cooperates with all n confirmers in the group, so the possibility that the confirmation ability is abused is reduced greatly. The identity based encryption scheme proposed by Boneh and Franklin in 2001 using bilinear pairings is the only practical identity based public-key encryption scheme so far. In this paper we firstly present the concept of designated multi-confirmer signature and give a concrete identity based scheme. Our scheme is compatible with Boneh and Franklin encryption scheme and can be used as identity based designated confirmer signature (when n = 1).

Proxy Confirmation Signatures

The undeniable signature, introduced by Chaum et al. in 1989, provides a nice property that the signer has an additional control over who will benefit from being convinced by the signature. However, a conspicuous drawback of undeniable signature is that the signer may be unavailable or refuse to cooperate. Chaum in 1994 proposed a designated confirmer signature scheme to protect the recipient's right. There exists a confirmer, who can always help the recipient prove the validity of the signature to others. Unfortunately, Chaum's paper did not consider that a malicious confirmer proves the validity of the signature to any persons as his will or even leaks the sensitive information to the signer's enemies. This paper proposes a new signature scheme called proxy confirmation signature where the proxy confirmer can only acquire a temporary proxy confirmation capability instead of a perpetual one from the signer. That is, the signer not only can delegate the confirmation capability to the proxy confirmer, but also can revoke the proxy confirmer's capability for avoiding the abuse. Moreover, our scheme also provides a technique to properly restrict the proxy confirmer to convincing only some specified verifiers that the signature is valid.