TY - GEN
T1 - Designated verifier proofs and their applications
AU - Jakobsson, Markus
AU - Sako, Kazue
AU - Impagliazzo, Russell
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1996.
PY - 1996
Y1 - 1996
N2 - For many proofs of knowledge it is important that only the verifier designated by the confirmer can obtain any conviction of the cor- rectness of the proof. A good example of such a situation is for undeniable signatures, where the confirmer of a signature wants to make sure that only the intended verifier(s) in fact can be convinced about the validity or invalidity of the signature. Generally, authentication of messages and off-the-record messages are in conflict with each other. We show how, using designation of verifiers, these notions can be combined, allowing authenticated but privat con- versations to take place. Our solution guarantees that only the specified verifier can be convinced by the proof, even if he shares all his secret information with entities that want to get convinced. Our solution is based on trap-door commitments [4], allowing the desig- nated verifier to open up commitments in any way he wants. We demon- strate how a trap-door commitment scheme can be used to construct designated verifier proofs, both interactive and non-interactive. We ex- amplify the verifier designation method for the confirmation protocol for undeniable signatures.
AB - For many proofs of knowledge it is important that only the verifier designated by the confirmer can obtain any conviction of the cor- rectness of the proof. A good example of such a situation is for undeniable signatures, where the confirmer of a signature wants to make sure that only the intended verifier(s) in fact can be convinced about the validity or invalidity of the signature. Generally, authentication of messages and off-the-record messages are in conflict with each other. We show how, using designation of verifiers, these notions can be combined, allowing authenticated but privat con- versations to take place. Our solution guarantees that only the specified verifier can be convinced by the proof, even if he shares all his secret information with entities that want to get convinced. Our solution is based on trap-door commitments [4], allowing the desig- nated verifier to open up commitments in any way he wants. We demon- strate how a trap-door commitment scheme can be used to construct designated verifier proofs, both interactive and non-interactive. We ex- amplify the verifier designation method for the confirmation protocol for undeniable signatures.
UR - http://www.scopus.com/inward/record.url?scp=84927752554&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84927752554&partnerID=8YFLogxK
U2 - 10.1007/3-540-68339-9_13
DO - 10.1007/3-540-68339-9_13
M3 - Conference contribution
AN - SCOPUS:84927752554
SN - 354061186X
SN - 9783540611868
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 143
EP - 154
BT - Advances in Cryptology - EUROCRYPT 1996 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings
A2 - Maurer, Ueli
PB - Springer Verlag
T2 - 15th International conference on Theory and Application of Cryptographic Techniques, EUROCRYPT 1996
Y2 - 12 May 1996 through 16 May 1996
ER -