Certificate-based verifiably encrypted RSA signatures

The RSA signature scheme is one of the most popular signature schemes to date. This paper proposes a certificate-based verifiably encrypted RSA signature scheme that is the first to accomplish optimistic fair exchange of the standard RSA signatures. The main characteristic of this scheme is that the signer can unilaterally choose a certificate authority as his/her adjudicator in fair exchange. Then a certificate, or generally, a signature, acts not only as the binding of the public key and its holder but also as the certificate authority's guarantee against partiality in adjudication. We introduce a strong security model, in which there are three types of inside adversaries with more power than outside adversaries in previous verifiably encrypted RSA signature schemes. We then show that the proposed scheme is existentially unforgeable under the Discrete Logarithm (DL) assumption, the Computational Diffile-Dellman (CDH) assumption, and the RSA assumption in the random oracle model. Because the proposed scheme can be directly used in the current Public-Key Infrastructure (PKI) environment, it is more practical and trustworthy than the previous schemes in the real world. Copyright (c) 2013 John Wiley & Sons, Ltd. This paper proposes a certificate-based verifiably encrypted RSA signature scheme that is the first to accomplish optimistic fair exchange of the standard RSA signatures. The proposed scheme is existentially unforgeable under the discrete logarithm assumption, the computational Diffie-Hellman assumption and the RSA assumption in the random oracle model. The proposed scheme can be directly used in the current PKI environment.