Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Invisible signature

Invisible signatures (usually, but not characteristically called undeniable ) are a kind of signatures providing more privacy than ordinary ones. [Pg.10]

This is why invisible signatures were introduced in [ChAn90]. (Conversely, if one says that the purpose of digital signature schemes is to imitate handwritten signatures as closely as possible, an invisible signature scheme does too little.)... [Pg.10]

Invisibility was not defined formally in the first publications about invisible signature schemes. Sketches of computational and information-theoretic invisibihty are contained in [BCDP91, CBDP91] and [ChHP92], respectively. Neither is completely satisfactory yet. [Pg.28]

Both terms are allowed because scheme is the usual word with signature schemes, whereas protocol is usual with the 2-party and multi-party protocols mentioned below. If there is any distinction in the present context, then protocols are smaller than schemes, e.g., there is a verification protocol as a part of an invisible signature scheme. [Pg.40]

Hence the goal was one common definition that should at least cover the GMR definition, the schemes invented as ordinary digital signature schemes but not exactly fitting the GMR definition, and all the existing variants of fail-stop and invisible signature schemes, where existing means that a concrete construction has been proposed in the literature. Such a definition is sketched here. [Pg.47]

Signing and testing may be more than algorithms for instance, there is the interactive verification protocol of invisible signature schemes. Hence they must at least be defined as interactive programs. [Pg.50]

The requirement of the recipient on disputes Once a recipient has accepted a certain message as authenticated by a certain signer (in an authentication transaction), he should win disputes about that message in court. The only exception is with schemes like invisible signature schemes, where disputes only work if the signer cooperates. [Pg.59]

Privacy requirements. The only privacy requirement that has so far been considered is the invisibility of invisible signature schemes. (Recall that blind signature schemes and schemes without subliminal channels are not signature schemes in the sense of the minimal requirements.) One could also add normal confidentiality requirements with respect to outsiders. [Pg.61]

The recipient wishes that any message he has accepted as authenticated should also be accepted by the court if a dispute about this message arises. However, in a minimal requirement fulfilled by invisible signature schemes, too, one has to allow the court to decide that the signer has not cooperated. Hence the result should be TRUE or not cooperated . [Pg.81]

The only requirement ever made in the interest of the signer if she has in fact authenticated the message, i.e., in the lower half of Table 5.2, is the one from invisible signature schemes There, the recipient should not be able to convince a third party, i.e., a court, that the message had been authenticated, unless the signer cooperates. However, the requirement one could make here is only a special case of invisibility, which also deals with dishonest third parties. [Pg.90]

This combination is offered by invisible signature schemes. [Pg.90]

Invisible Signature Schemes with Dual Security... [Pg.131]

In the following, these properties are taken for granted hence the name dual invisible signature scheme is restricted to schemes with these properties. [Pg.131]

The structure of authentication and disputes in existing dual invisible signature schemes resembles that of existing invisible signature schemes with ordinary security, not that of fail-stop signature schemes. The protocol carried out during authentication is of the following restricted form ... [Pg.131]

In the first round, the entity of the signer sends a value to the entity of the recipient. This value is called the invisible signature, and it is the only value that the recipient s entity stores. [Pg.131]

The recipient s entity sends the invisible signature to the court s entity, who passes it on to the signer s entity. [Pg.132]

If the signer disavows, her entity gives the court s entity a zero-knowledge proof (see above) that the invisible signature is not correct. This is called the disavowal protocol. [Pg.132]

I know a secret key sk that corresponds to pk and leads to an invisible signature... [Pg.145]

Figure 6.10. Possible and correct invisible signatures in existing schemes... Figure 6.10. Possible and correct invisible signatures in existing schemes...
As mentioned in Section 6.1.4, the usual method to obtain a non-invisible signature scheme with dual security is to use a fail-stop signature scheme and to identify broken with FALSE. The properties of the only other existing scheme of this type were sketched there, too. [Pg.146]

Note that only dual security has been achieved, and not a fail-stop property The court s entity cannot distinguish the situation where an attacker shows a random number s, claiming it were an invisible signature, and the signer disavows s , from the situation where the cryptologic assumption has been broken. Hence the court s result is acc = FALSE in both cases, never acc = broken . [Pg.146]

See other pages where Invisible signature is mentioned: [Pg.10]    [Pg.10]    [Pg.28]    [Pg.28]    [Pg.50]    [Pg.50]    [Pg.88]    [Pg.92]    [Pg.98]    [Pg.101]    [Pg.101]    [Pg.102]    [Pg.106]    [Pg.131]    [Pg.132]    [Pg.132]    [Pg.132]    [Pg.145]    [Pg.145]    [Pg.146]    [Pg.242]    [Pg.247]   
See also in sourсe #XX -- [ Pg.10 , Pg.28 , Pg.131 ]



SEARCH



A Variant Invisible Signatures

Dual invisible signature scheme

Invisible Signature Schemes with Dual Security

Possible and correct invisible signatures in existing schemes

Signature

© 2024 chempedia.info