At the fourth ACM conference on electronic commerce (EC’03), S. Han, K.Y. Yeung and J. Wang proposed an ID-based confirmer signature scheme using pairings (actually, this is an ID-based undeniable signature scheme). However, in this paper, we will show that this signature scheme is not secure. The signer can deny any signature, even this signature is his valid signature and any one can forge a ...

Conventional authenticated encryption (AE) schemes put emphasis on the single-user setting, which only allow one signer to produce an authenticated ciphertext such that merely the designated recipient is capable of recovering the message and verifying its corresponding signature. In the multi-user environments, e.g., organizational operations, several senior managers might cooperatively sign a ...

Undeniable signatures were proposed to limit the verification property of ordinary digital signatures. In fact, the verification of such signatures cannot be attained without the help of the signer, via the confirmation/denial protocols. Later, the concept was refined to give the possibility of converting a selected signature into an ordinary one, or publishing a universal receipt that turns al...

This paper first introduces the concept of universal designated verifier ring signature (UDVRS), which not only allows members of a group to sign messages on behalf of the group without revealing their identities, but also allows any holder of the signature (not necessary the signer) to designate the signature to any designated verifier. According to whether the designator has a registered publ...

To solve the key escrow problem in identity-based cryptosystem, Al-Riyami et al. introduced the CertificateLess Public Key Cryptography (CL-PKC). As an important cryptographic primitive, CertificateLess Designated Verifier Signature (CLDVS) scheme was studied widely. Following Al-Riyami et al. work, many certificateless Designated Verifier Signature (DVS) schemes using bilinear pairings have be...

E-mail brings us lots of conveniences. Especially with help of PGP and S/MIME, it gives both confidentiality and message/origin authentication. However, in some cases for strong privacy, a message sender will not want to let others know even the fact that he sent a message to a recipient. Very recently, Harn and Ren proposed a fully deniable authentication scheme for E-mail where a sender can r...

We present a new notion of identity-based quotable ring signature. This new cryptographic primitive can be used to derive new ring signatures on substrings of an original message from an original ring signature on the original message, which is generated by the actual signer included in the ring. No matter whether a ring signature is originally generated or is quoted from another valid ring sig...