The Security of the FDH Variant of Chaum’s Undeniable Signature Scheme

A. Fiat; A. May; D. Chaum; D. Chaum; D. Chaum; D. Chaum; D. Chaum; D. Pointcheval; I. Damgård; J. Boyar; J. Camenisch; J. Coron; M. Abdalla; M. Bellare; M. Bellare; M. Bellare; M. Bellare; M. Jakobsson; M. Michels; R. Cramer; R. Gennaro; S. Galbraith; S. Goldwasser; S.D. Galbraith; T. Okamoto

The Security of the FDH Variant of Chaum’s Undeniable Signature Scheme

Authors: A. Fiat
A. May
D. Chaum
D. Chaum
D. Chaum
D. Chaum
D. Chaum
D. Pointcheval
I. Damgård
J. Boyar
J. Camenisch
J. Coron
M. Abdalla
M. Bellare
M. Bellare
M. Bellare
M. Bellare
M. Jakobsson
M. Michels
R. Cramer
R. Gennaro
S. Galbraith
S. Goldwasser
S.D. Galbraith
T. Okamoto
Publication date: 1 January 2005
Publisher: 'Springer Science and Business Media LLC'
Doi

Abstract

In this paper, a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes is introduced. Note that forgeability does not necessarily imply impersonation ability. The security of the full-domain hash (FDH) variant of Chaum's undeniable signature scheme is then classified according to three dimensions, the goal of adversaries, the attacks, and the zero-knowledg (ZK) level of confirmation and disavowal protocols. Each security is then related to some well-known computational problem. In particular, the security of the FDH variant of Chaum's scheme with noninteractive zero-knowledge (NIZK) protocol confirmation and disavowal protocols is proven to be equivalent to the computational Diffie-Hellman (CDH) problem, as opposed to the gap Diffie-Hellman (GDH) problem as claimed by Okamoto and Pointcheval