One-move convertible nominative signature in the standard model

A nominative signature (NS) is a non-self-authenticating signature that is jointly generated by a signer (or a nominator) and a user (or a nominee), but once generated, its validity can only be determined by the user. No one else including the signer can tell the signature's validity unless the user confirms or disavows so, whereas the user cannot cheat either. One-move NS is an efficient type of NS that requires the signer to send only one message to the user during the signature generation stage. Currently, there exists only one one-move NS scheme that is proven secure in the standard model, and is convertible, that is, the user can transform a nominative signature to a publicly verifiable standard signature without the signer's aid. However, the number of elements in the keys of both signer and user grows linearly with the value of the security parameter. In this paper, we propose a new one-move NS which is convertible, can be proven secure in the standard model, and also has a constant number of elements in the keys of both the signer and the user. We apply the Boneh-Boyen short standard signature in a novel way to build this nominative signature scheme. We show that this new scheme achieves the best performance among all the schemes proven secure in the standard model, and its security relies only on the standard q-strong Diffie-Hellman and decisional Diffie-Hellman assumptions. Finally, we will present a generic construction by utilizing a secure standard signature scheme and a secure encryption scheme. Copyright (c) 2013 John Wiley & Sons, Ltd.