Formal definition and construction of nominative signature

Authors

Dennis Y. W. Liu, City University of Hong Kong
Duncan S. Wong, City University of Hong KongFollow
Xinyi Huang, University of WollongongFollow
Guilin Wang, University of BirminghamFollow
Qiong Huang, City University of Hong Kong
Yi Mu, University of WollongongFollow
Willy Susilo, University of WollongongFollow

RIS ID

21316

Publication Details

Liu, D. Y. W., Wong, D. S., Huang, X., Wang, G., Huang, Q., Mu, Y. & Susilo, W. (2007). Formal definition and construction of nominative signature. H. Imai, S. Qing & G. Wang In International Conference on Information and Communications Security, 12-15 December, Zhengzhou, China. Lecture Notes in Computer Science, 4861 57-68.

Abstract

Since the introduction of nominative signature in 1996, thereare three problems that have still not been solved. First, there is no convincingapplication proposed; second, there is no formal security modelavailable; and third, there is no proven secure scheme constructed, giventhat all the previous schemes have already been found flawed. In thispaper, we give positive answers to these problems. First, we illustratethat nominative signature is a better tool for building user certificationsystems which were originally implemented using universal designatedverifiersignature. Second, we propose a formal definition and adversarialmodel for nominative signature. Third, we show that Chaums undeniablesignature can be transformed to an efficient nominative signatureby simply using a standard signature. The security of our transformationcan be proven under the standard number-theoretic assumption