{"title":"1-out-of-2签名","authors":"Mirosław Kutyłowski, Jun Shao","doi":"10.1145/1966913.1966965","DOIUrl":null,"url":null,"abstract":"We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement.\n The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally.\n Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"1-out-of-2 signature\",\"authors\":\"Mirosław Kutyłowski, Jun Shao\",\"doi\":\"10.1145/1966913.1966965\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement.\\n The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally.\\n Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.\",\"PeriodicalId\":72308,\"journal\":{\"name\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1966913.1966965\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1966913.1966965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement.
The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally.
Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.