Privacy-enhanced Designated Confirmer Signature without Random Oracles

As an extension of digital signature, designated confirmer signature (DCS) efficiently realizes the privacy protection of the signer. In a DCS scheme, the validity of the signature must be confirmed by the signer or a semi-trusted third party, called confirmer. Since the DCS signature is generated by encrypting a standard signature with the designated confirmer’s public key, only the confirmer can disavow invalid signatures. Moreover, the confirmer always can further convert a DCS into an ordinary signature by decrypting the DCS such that it is publicly verifiable. This property is necessary in some cases. However, from the view of the signer, the privacy is leaked if the DCS is converted into an ordinary signature by the confirmer. In this work, we propose a new DCS scheme without the random oracles. Both the signer and confirmer in this new construction can confirm a valid DCS and disavow an invalid signature. Furthermore, the authority of the confirmer is limited. He is designated by the signer to verify the validity of a signature only when the signer is unavailable. However, the confirmer cannot convert a valid DCS into a standard signature. This new property of DCS is more favorable to the signer.