|
Undeniable signature is a form of digital signature invented by David Chaum and Hans van Antwerpen in 1989. It has two distinctive features: # The verification process is ''interactive'', so that it is impossible to verify a signature without the signer's participation. # A disavowal protocol, which is a cryptographic protocol that allows a verifier to distinguish two cases: (a) the signature is not valid; (b) the signer is giving improper responses. The first means that a signer can allow only others who are authorized to access the document to verify their signature. In other words, he can limit who can verify the signature by choosing to participate or not in the verifying protocol. If the document were to be leaked to a third party, the third party would be unable to verify that the signature is genuine. This approach is similar to a designated verifier signature, where a signer can choose the set of possible verifiers in advance (but does not need to participate in the verification protocol, because it is non-interactive). However, because of this property it means that the signatory may deny a signature which signed by him. To prevent this, there is the second property, a method to prove that a given signature is indeed invalid (under the signer's key) or the signer is trying to deny it. ==Example== The following protocol was suggested by David Chaum Alice has private key ''x'' and public key ''y = gx''. She signes the message ''m'' by computing ''z = mx'' mod ''p''. ''p'' is a big prime number. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「undeniable signature」の詳細全文を読む スポンサード リンク
|