A convertible limited (multi-) verifier signature (CL(M)VS) provides controlled verifiability and preserves the privacy of the signer. Furthermore, limited verifier(s) can designate the signature to a third party or convert it into a publicly verifiable signature upon necessity. In this proposal, we first present a generic construction of convertible limited verifier signature (CLVS) into which...

In ordinary digital signature schemes, anyone can verify signatures with signer’s public key. However it is not necessary for anyone to be convinced a justification of signer’s dishonorable message such as a bill. It is enough for a receiver only to convince outsiders of signature’s justification if the signer does not execute a contract. On the other hand there exist messages such as official ...

Motivated by the conflict between authenticity and privacy in the digital signature, the notion of limited verifier signature was introduced [1]. The signature can be verified by a limited verifier, who will try to preserve the privacy of the signer if the signer follows some specified rules. Also, the limited verifier can provide a proof to convince a judge that the signer has indeed generated...

A convertible authenticated encryption scheme allows the signer to create a valid authenticated ciphertext such that only the specified receiver can simultaneously recover and verify the message. To protect the receiver’s benefit of a later dispute on repudiation, the receiver has the ability to convert the signature into an ordinary one that can be verified by anyone. However, the previous pro...

A convertible authenticated encryption scheme allows a designated receiver to recover and verify a message simultaneously, during which the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. In this paper, after showing some weaknesses in Wu et al.’s [21] and Huang et al ’s [10] convertible authenticated encryption schemes, we propo...

In 2004, Sekhar proposed a new signature scheme with message recovery. Based on this signature scheme with message recovery, they also proposed a designated verifier signature scheme with non-repudiation of origin and a convertible designated verifier signature scheme with non-repudiation of origin. This paper, however, presents a security analysis where Sekhar’s signature schemes are vulnerabl...

A convertible authenticated encryption scheme allows a specified recipient to recover and verify a message simultaneously. Moreover the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. Recently, Lv et al. (2005) showed that the Wu et al.’s (1999) and the Huang et al.’s (2003) convertible authenticated encryption schemes cannot pro...

Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damg̊ard, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verifica...

Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damg̊ard, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verifica...

-Electronic contract-signing is an important issue in Electronic Commerce. This paper proposed a novel abuse-free contract signing protocol based on convertible signature and non-interactive designated verifier proof. One interesting property is that the outcome evidences are standard RSA signatures, which makes the protocol be easily integrated into existing systems.