Universal Designated-Verifier Signatures (UDVS) are proposed to protect the privacy of a signature holder. Since UDVS schemes reduce to standard signatures when no verifier designation is performed, from the perspective of a signer, it is natural to ask if a UDVS can be constructed from widely used standardized-signatures so that the existing public key infrastructures for these schemes can be used without modification. Additionally, if designated-verifiers already have their own private/public key-pairs (which may be of a different type from the signer's), then, for the convenience of designated-verifiers, it is also natural to ask if designated-verifiers can use their own private keys to verify designated signatures instead of using a new key compatible with the UDVS system. In this paper, we address these problems and propose a new UDVS scheme. In our scheme, the signature is generated by a signer using DSA/ECDSA, and the designated-signature can be verified using the original private key (RSA-based or DL-based) of the designated-verifier instead of using a new key. We call this new property verifier-key-flexible. The security of the scheme is proved in the random oracle model. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Tso, R., Nieto, J. M. G., Okamoto, T., Boyd, C., & Okamoto, E. (2007). Verifier-key-flexible universal designated-verifier signatures. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4887 LNCS, pp. 403–421). Springer Verlag. https://doi.org/10.1007/978-3-540-77272-9_24
Mendeley helps you to discover research relevant for your work.