Verifiably encrypted signature (VES) schemes allow a signer to encrypt a signature under the public key of a trusted party, the adjudicator, while maintaining public signature verifiability without interactive proofs. A popular application for this concept is fair online contract signing. This paper answers the question of whether it is possible to implement a VES without pairings and zero-knowledge proofs. Our construction is based on RSA signatures and a Merkle hash tree. Hence, the scheme is stateful but relies on relatively mild assumptions in the random oracle model. Thus, we provide an alternative that does not rely on pairing-based assumptions. The advantage of our approach over previous schemes is that widespread efficient hard- and software implementations of hash functions and RSA signatures can be easily reused for VES, i.e., we can avoid costly redevelopment. Furthermore, in contrast to using non-interactive zero-knowledge proofs, we only need a constant, small number of modular exponentiations. © 2009 Springer-Verlag.
CITATION STYLE
Rückert, M. (2009). Verifiably encrypted signatures from RSA without NIZKs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5922 LNCS, pp. 363–377). https://doi.org/10.1007/978-3-642-10628-6_24
Mendeley helps you to discover research relevant for your work.