In this paper, we present a new cryptographic primitive called “policy-controlled signatures”. In this notion, a signer can sign a message and attach it with some policies. Only a verifier who satisfies the policies attached can verify the authenticity of the message. This type of signature schemes has many applications, in particular to deal with sensitive data, where the signer does not want to allow anyone who is unauthorized to verify the authenticity of the messages. The notion of policy-controlled signatures resembles some similarities with designated verifier signatures, as it can also be used to designate a signature to multiple recipients. Nevertheless, we shall demonstrate that the notion of policy-controlled signatures generalize the notion of designated verifier signatures. A concrete scheme that is secure in our model is also provided. Furthermore, we also present an extension to “universal policy-controlled signature”. In this extended notion, we combine the idea of universal designated verifier signatures with policy-controlled signatures to allow more flexible delegations. We also provide a concrete scheme that is secure in our model.
Read full abstract