In ordinary digital signature schemes, anyone can verifysignatures with signer's public key. However it is not necessary foranyone to be convinced a justification of signer's dis- honorablemessage such as a bill. It is enough for a receiver only to convinceoutsiders of signature's justification if the signer does not executea contract. On the other hand there exist messages such as officialdocuments which will be first treated as limited verifier signaturesbut after a few years as ordinary digital signa- tures. We willpropose a limited verifier signature scheme based onHorster-Michels-Petersen's authenticated encryption schemes, and showthat our limited verifier signature scheme is more ef- ficient thanChaum-Antwerpen undeniable signature schemes in a certain situation.And we will propose a convertible limited verifier signature schemebased on our limited verifier signature scheme, and show that ourconvertible limited verifier signature scheme is more efficient thanBoyar-Chaum-Damgard-Pedersen convertible undeniable signature schemesin a certain situation.
展开▼