University of Wollongong
Browse

Security remarks on a convertible nominative signature scheme

Download (263.46 kB)
journal contribution
posted on 2024-11-15, 07:57 authored by Guilin Wang, Feng Bao
A nominative signature scheme allows a nominator (i.e. the signer) and a nominee (i.e. a designated verifier) to jointly generate and publish a signature so that only the nominee can check the validity of a nominative signature and further convince a third party to accept this fact. Recently, Huang and Wang proposed such a new scheme at ACISP 2004, and claimed that their scheme is secure under some standard computational assumptions. In this paper, we remark that their scheme is not a nominative signature in fact, since it fails to meet the crucial security requirement: verification untransferability. Specifically, we identify an adaptively chosen-message attack against their scheme such that the nominator can determine the validity of a new message-signature pair with some indirect help from the nominee. Moreover, we point out that using our attack the nominator is further able to demonstrate the validity of nominative signatures to a third party. Therefore, the Huang-Wang scheme does not meet confirmation/disavowal untransferability either.

History

Citation

Wang, G. & bao, F. (2007). Security remarks on a convertible nominative signature scheme. IFIP - International Federation for Information Processing, 232 265-275.

Volume

232

Pagination

265-275

Language

English

RIS ID

41113

Usage metrics

    Categories

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC