Principal Investigator Shafrira Goldwasser
Since designated confirmer signature schemes were introduced by Chaum and formalized by Okamoto, a number of attempts have been made to design efficient and secure designated confirmer signature schemes. Unfortunately, there has been a consistent gap in security claims and analysis between all generic theoretical proposals and any concrete implementation proposal one can envision using in practice. In this paper we propose a modification of Okamoto’s definition of security which still captures security against chosen message attack, and yet enables us to design and prove security for a multitude of concrete proposals of designated confirmer signatures. We present a simple transformation of a large class of digital signature schemes, all of which are secure against chosen message attack into designated confirmer signature schemes. We prove security of the schemes obtained under the same security assumption made by the digital signature scheme transformed, and an encryption scheme we use as a tool.