The security of the FDH variant of Chaum's undeniable signature scheme
In this paper, a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes is introduced. Note that forgeability does not necessarily imply impersonation ability. The security of the full-domain hash (FDH) variant of Chaum's undeniable signature scheme is then cl...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2006
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/1973/ http://shdl.mmu.edu.my/1973/2/1624637 |
| Summary: | In this paper, a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes is introduced. Note that forgeability does not necessarily imply impersonation ability. The security of the full-domain hash (FDH) variant of Chaum's undeniable signature scheme is then classified according to three dimensions, the goal of adversaries, the attacks, and the zero-knowledg (ZK) level of confirmation and disavowal protocols. Each security is then related to some well-known computational problem. In particular, the security of the FDH variant of Chaum's scheme with noninteractive zero-knowledge (NIZK) protocol confirmation and disavowal protocols is proven to be equivalent to the computational Diffie-Hellman (CDH) problem, as opposed to the gap Diffie-Hellman (GDH) problem as claimed by Okamoto and Pointcheval. |
|---|