The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson in their seminal paper in [5]. In concurrent signature schemes, two entities can produce two signatures that are not binding, until an extra piece of information (namely the keystone) is released by one of the parties. Upon release of the keystone, both signatures become binding to their true signers concurrently. In this paper, we extend this notion by introducing a new and stronger notion called perfect concurrent signatures. We require that although both signers are known to be trustworthy, the two signatures are still ambiguous to any third party (c.f. [5]). We provide two secure schemes to realize the new notion based on Schnorr's signature schemes and bilinear pairing. These two constructions are essentially the same. However, as we shall show in this paper, the scheme based on bilinear pairing is more efficient than the one that is based on Schnorr's signature scheme.
展开▼
