Chaum's Designated Confirmer Signature Revisited

This article revisits the original designated confirmer signature scheme of Chaum. Following the same spirit we naturally extend the Chaum’s construction in a more general setting and analyze its security in a formal way. We prove its security in the random oracle model by using a random hash function and a random permutation. We notably consider the confirmer as an attacker against the existential forgery under an adaptive chosen-message attack. This security property is shown to rely on the hardness of forging signatures in a universal way of a classical existentially forgeable signature scheme. Furthermore, we show that the invisibility of the signatures under a non-adaptive chosen-message (aka lunchtime) attack relies on some invisibility properties of an existentially forgeable undeniable signature scheme. The existence of this cryptographic primitive is shown equivalent to the existence of publickey cryptosystems. It is also interesting to see that this article confirms the security of Chaum’s scheme since our construction is a natural generalization of this scheme.