Unformatted text preview: s, the Alice Software Company should be unable to deny a valid signature. Undeniable signatures [343, 327] are suited to these sorts of tasks. Like a normal digital signature, an undeniable signature depends on the signed document and the signer’s private key. But unlike normal digital signatures, an undeniable signature cannot be verified without the signer’s consent. Although a better name for these signatures might be something like “nontransferable signatures, ” the name comes from the fact that if Alice is forced to either acknowledge or deny a signature—perhaps in court—she cannot falsely deny her real signature. The mathematics are complicated, but the basic idea is simple: (1) Alice presents Bob with a signature. (2) Bob generates a random number and sends it to Alice. (3) Alice does a calculation using the random number and her private key and sends Bob the result. Alice could only do this calculation if the signature is valid. (4) Bob confirms this. There is also an additional protocol so that Alice can prove that she did not sign a document, and cannot falsely deny a signature. Bob can’t turn around and convince Carol that Alice’s signature is valid, because Carol doesn’t know that Bob’s numbers are random. He could have easily worked the protocol backwards on paper, without any help from Alice, and then shown Carol the result. Carol can be convinced that Alice’s signature is valid only if she completes the protocol with Alice herself. This might not make much sense now, but it will once you see the mathematics in Section 23.4. This solution isn’t perfect. Yvo Desmedt and Moti Yung show that it is possible, in some applications, for Bob to convince Carol that Alice’s signature is valid [489]. Previous Table of Contents Next Products  Contact Us  About Us  Privacy  Ad Info  Home Use of this site is subject to certain Terms & Conditions, Copyright © 19962000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written pe...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details