Provably secure pairing-based convertible undeniable signature with short signature length
Undeniable signatures, introduced by Chaum and van Antwerpen, is a useful cryptography primitive to limit the publicly verifiable property of ordinary digital signatures. In an undeniable signature scheme, the validity or invalidity of the signature can only be verified via the confirmation/disavowal protocol with the help of the signer. An extended concept, convertible undeniable signatures, was introduced by Boyar, Chaum, Damgård and Pedersen. In the new concept, the signer can publish some selective proofs to convert one or more undeniable signatures into publicly verifiable ones, or issue a universal proof to make all his undeniable signatures publicly verifiable. In this paper, we first present a security model for convertible undeniable signature schemes, and then propose a new construction from bilinear pairings. Compared with the other schemes in the literature, the new construction has three advantages: Our scheme is both selectively and universally convertible; the signature length of our scheme is as short as BLS signature; meanwhile, all the security properties are formally proven under some conventional assumptions in the random oracle model.