The Security of the FDH Variant of Chaum's Undeniable Signature Scheme [chapter]

Wakaha Ogata, Kaoru Kurosawa, Swee-Huay Heng
2005 Lecture Notes in Computer Science  
In this paper, we first introduce a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes. Note that forgeability does not necessarily imply impersonation ability. We then classify the security of the FDH variant of Chaum's undeniable signature scheme according to three dimensions, the goal of adversaries, the attacks and the ZK level of confirmation and disavowal protocols. We finally relate each security to some well-known computational problem. In
more » ... r, we prove that the security of the FDH variant of Chaum's scheme with NIZK confirmation and disavowal protocols is equivalent to the CDH problem, as opposed to the GDH problem as claimed by Okamoto and Pointcheval.
doi:10.1007/978-3-540-30580-4_23 fatcat:66akybw2j5bijacvruqptaumai