International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Conditionally Verifiable Signatures

Aldar C-F. Chan
Ian F. Blake
Search ePrint
Search Google
Abstract: We introduce a new digital signature model, called conditionally verifiable signature (CVS), which allows a signer to specify and convince a recipient under what conditions his signature would become valid and verifiable; the resulting signature is not publicly verifiable immediately but can be converted back into an ordinary one (verifiable by anyone) after the recipient has obtained proofs, in the form of signatures/endorsements from a number of third party witnesses, that all the specified conditions have been fulfilled. A fairly wide set of conditions could be specified in CVS. The only job of the witnesses is to certify the fulfillment of a condition and none of them need to be actively involved in the actual signature conversion, thus protecting user privacy. It is guaranteed that the recipient cannot cheat as long as at least one of the specified witnesses does not collude. We formalize the concept of CVS and give a generic CVS construction based on any CPA-secure identity based encryption (IBE) scheme. Theoretically, we show that the existence of IBE with indistinguishability under a chosen plaintext attack (a weaker notion than the standard one) is necessary and sufficient for the construction of a secure CVS.\footnote{Due to page limit, some proofs are omitted here but could be found in the full version \cite{CB05ibecvs}.}
  title={Conditionally Verifiable Signatures},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / digital signatures, privacy, accountability, bilinear pairings, identity based encryption, timed release cryptography, fair exchange},
  note={An extended abstract will appear in Indocrypt 2006 13433 received 24 May 2005, last revised 12 Oct 2006},
  author={Aldar C-F. Chan and Ian F. Blake},