Two-in-one oblivious signatures secure in the random oracle model

Abstract

An oblivious signature is a kind of digital signature providing privacy protection for the signature requester. According to the pioneer work introduced by Chen in 1994, it is defined in two different types; an oblivious signature with n messages and, an oblivious signature with n keys. In an oblivious signature with n messages, it allows a signature requester to get a signature on 1-out-of-n messages while during the signing process, the signer cannot find out which one of the n messages has been signed. In an oblivious signature with n keys, it allows a signature requester to get a signature signed by 1-out-of-n signers while during the signing process, no one except the requester can know who has really signed the message. In 2008, Tso et al. gave formal definitions on the models of oblivious signatures and gave an example on the construction of oblivious signatures based on the Schnorr signature. In this paper, we follow Tso et al.’s work but combine the two functionalities into one scheme. We called it Two-in-one oblivious signature. In out scheme, a signature requester can ask 1-out-of-n1 signers to sign 1- out-of-n2 messages. At the end of our protocol, no one (including the n1 possible-signers) knows who has really signed the message as well as which one of the n2 message has been signed. The scheme is useful in many applications such as e-cash, e-voting and e-auction etc. We will give a formal model on our scheme and give a rigorous security proof based on the random oracle model.