Efficient Convertible Undeniable Signatures with Delegatable Verification

摘要

Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damgard, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verification token, either for individual signatures or for all signatures universally. In addition, the original definition allows the signer to delegate the ability to prove validity and convert signatures to a semi-trusted third party by providing a verification key. While this functionality is implemented by the early convertible undeniable signature schemes, most recent schemes do not consider this form of delegation despite its practical appeal. In this paper we present an updated definition and security model for schemes allowing delegation, and furthermore highlight a new essential security property, token soundness, which is not formally treated in the previous security models for convertible undeniable signatures. We then propose a new convertible undeniable signature scheme. The scheme allows delegation of verification and is provably secure in the standard model assuming the computational co-Diffie-Hellman problem, a closely related problem, and the decisional linear problem are hard. Furthermore, unlike the recently proposed schemes by Phong et al. and Huang et al., our scheme provably fulfills all security requirements while providing short signatures.