Formal definition and construction of nominative signature
Since the introduction of nominative signature in 1996, thereare three problems that have still not been solved. First, there is no convincingapplication proposed; second, there is no formal security modelavailable; and third, there is no proven secure scheme constructed, giventhat all the previous schemes have already been found flawed. In thispaper, we give positive answers to these problems. First, we illustratethat nominative signature is a better tool for building user certificationsystems which were originally implemented using universal designatedverifiersignature. Second, we propose a formal definition and adversarialmodel for nominative signature. Third, we show that Chaums undeniablesignature can be transformed to an efficient nominative signatureby simply using a standard signature. The security of our transformationcan be proven under the standard number-theoretic assumption
Please refer to publisher version or contact your library.