Resumen de Privacy-providing signatures and their applications
Somayeh Heidarvand
In this thesis, we investigate the notion of privacy for signatures belonging tothe second type, i.e., those which provide privacy with respect to the signed message.
The first part of our work consists of one chapter in which one of the applications of blind signatures in on-line services and games is considered. In this way, we seek an ecient solution for a simple scenario in which a recipient can take a token from an issuer to be paid to an on-line service provider, without revealing anything about the service he intends to use.
The second part of the work considers the problem of formalizing the notion of convertible non-transferable signatures, which is addressed in two chapters. Here the notion of transferability refers to transferring the validity of a signature with respect to a given message by the recipient of the signature to a third party. The basic idea for constructing concrete schemes for such signatures is to build a scheme in which a signature can be valid with regard to any random message unless some piece of information is revealed. Non-transferable (sometimes also called private) signatures enable the signer or the recipient to decide who can verify the issued signature. It is possible to construct such signatures by computing a non-transferable signature using a non-transferable proof (in an interactive or non-interactive way) to prove its validity to the designated veri er. The concept of non-transferable signatures was introduced into cryptography by proposing undeniable signatures, in which after is- suing the signature nobody can verify it with regard to the signed message without the cooperation of the signer. This restriction of veri cation is the point of dierence between traditional signatures that are universally veri able and non-transferable signatures. The best-known examples of non-transferable signatures are undeniable signatures, designated con rmer signatures, directed signatures, universally desig- nated veri er signatures, nominative signatures, etc. In the rst three signatures, it is the signer who is interested in making the signature recognizable only to himself or some pre-chosen party, while in the last two it is the recipient who makes the signature private to himself or some known party chosen by himself. Each of these signatures has its own natural application scenarios. Although these signatures are dierent in both nature and application, almost all of them are built from the same basic primitives: zero-knowledge proofs and commitments.
