Abstract
We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and a sample RSA signature on a single public message.
Our scheme possesses several attractive properties. First of all, provable security, as forging the undeniable signatures is as hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition, these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small number of exponentiations). Furthermore the RSA-based structure of our scheme provides with simple and elegant solutions to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of the signing and confirmation operations.
Due to the above properties and the fact that our undeniable signatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations.
Extended Abstract. A complete version of the paper is available from http://www.research.ibm.com/security/papers 1997.html
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. JCSS, 37(2):156–189, 1988.
J. Boyar, D. Chaum, I. Damgård, and T. Pedersen. Convertible undeniable signatures. In A.J. Menezes and S. A. Vanstone, editors, Proc. CRYPTO 90, pages 189–205. Springer-Verlag, 1991. Lecture Notes in Computer Science No. 537.
M. Bellare and P. Rogaway. The exact security of digital signatures, how to sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology: EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 399–416. Springer-Verlag, 1996.
David Chaum and Hans Van Antwerpen. Undeniable signatures. In G. Brassard, editor, Proc. CRYPTO 89, pages 212–217. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.
D. Chaum, J.-H. Evertse, and J. van der Graaf. An improved protocol for demonstrating possession of a discrete logarithm and some generalizations. In EUROCRYPT'87, pages 127–141, 1987.
D. Chaum. Zero-knowledge undeniable signatures. In Proc. EUROCRYPT 90, pages 458–464. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 473.
David Chaum. Designated confirmer signatures. In EUROCRYPT'94, pages 86–91, 1994.
D. Chaum and T. Pedersen. Wallet databases with observers. In CRYPTO'92, pages 89–105. Springer-Verlag, 1993. Lecture Notes in Computer Science No. 740.
D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. In J. Feigenbaum, editor, Proc. CRYPTO 91, pages 470–484. Springer, 1992. Lecture Notes in Computer Science No. 576.
I. Damgård. Personal communication. November, 1996.
Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. How to share a function securely. In Proc. 26th ACM Symp. on Theory of Computing, pages 522–533, Santa Fe, 1994. IEEE.
I. Damgard and T. Pedersen. New convertible undeniable signature schemes. In Eurocrypt'96, pages 372–386. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1070.
Y Desmedt and M. Yung. Weaknesses of undeniable signature schemes. In Eurocrypt'91, pages 205–220,1991.
A. Fujioka, T. Okamoto, and K. Ohta. Interactive bi-proof systems and undeniable signature schemes. In Eurocrypt'91, pages 243–256, 1991.
Fiat, A. and Shamir, A. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Crypto '86, pages 186–194. Springer-Verlag, 1986. Lecture Notes in Computer Science No. 263.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Crypto'96, pages 157–172. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1109. Complete version available from http://www.research.ibm.com/security/papersl997.html
O. Goldreich, S. Micali, and A. Wigderson. Proofs that Yield Nothing but the Validity of the Assertion, and a Methodology of Cryptographic Protocol Design. In Proceeding 27th Annual Symposium on the Foundations of Computer Science, pages 174–187. ACM, 1986.
Oded Goldreich. Foundation of Cryptography—Fragments of a Book. Electronic Colloquium on Computational Complexity, February 1995. Available online from http://www.eccc.uni-trier.de/eccc/.
M. Jakobsson. Blackmailing using undeniable signatures. In EUROCRYPT'94, pages 425–427, 1994.
M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In U. Maurer, editor, Advances in Cryptology: EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 143–154. Springer-Verlag, 1996.
M. Jakobsson and M. Yung. Proving without knowing: On oblivious, agnostic and blindfolded provers. In Crypto '96, pages 201–215. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1109.
M. Michels. Breaking and Repairing a Convertible Undeniable Signature Scheme. In Proceedings of the 1996 ACM Conference on Computer and Communications Security, 1996.
Tatsuaki Okamoto. Designated confirmer signatures and public-key encryption are equivalent. In Yvo G. Desmedt, editor, Advances in Cryptology: CRYPTO '94, volume 839 of Lecture Notes in Computer Science, pages 61–74. Springer-Verlag, 1994.
T. Pedersen. Distributed provers with applications to undeniable signatures. In Eurocrypt'91, pages 221–242, 1991.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Gennaro, R., Krawczyk, H., Rabin, T. (1997). RSA-based undeniable signatures. In: Kaliski, B.S. (eds) Advances in Cryptology — CRYPTO '97. CRYPTO 1997. Lecture Notes in Computer Science, vol 1294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0052232
Download citation
DOI: https://doi.org/10.1007/BFb0052232
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63384-6
Online ISBN: 978-3-540-69528-8
eBook Packages: Springer Book Archive