Selected Areas in Cryptography - 17th International Workshop, SAC 2010, Waterloo, Ontario, Canada, August 12-13, 2010, Revised Selected Papers; 01/2010
ABSTRACT: How to define the security of undeniable signature schemes is a challenging task. This paper presents two security definitions
of undeniable signature schemes which are more useful or natural than the existing definition. It then proves their equivalence.
We first define the UC-security, where UC means universal composability. We next show that there exists a UC-secure undeniable
signature scheme which does not satisfy the standard definition of security that has been believed to be adequate so far.
More precisely, it does not satisfy the invisibility defined by . We then show a more adequate definition of invisibility
which captures a wider class of (naturally secure) undeniable signature schemes.
We finally prove that the UC-security against non-adaptive adversaries is equivalent to this definition of invisibility and
the strong unforgeability in
-hybrid model, where
is the ideal ZK functionality. Our result of equivalence implies that all the known proven secure undeniable signature schemes
(including Chaum’s scheme) are UC-secure if the confirmation/disavowal protocols are both UC zero-knowledge.
07/2008: pages 524-535;
Automata, Languages and Programming, 35th International Colloquium, ICALP 2008, Reykjavik, Iceland, July 7-11, 2008, Proceedings, Part II - Track B: Logic, Semantics, and Theory of Programming & Track C: Security and Cryptography Foundations; 01/2008
IACR Cryptology ePrint Archive. 01/2008; 2008:94.
Security and Cryptography for Networks, 6th International Conference, SCN 2008, Amalfi, Italy, September 10-12, 2008. Proceedings; 01/2008