Abstract
-
In this paper, we present a new cryptographic primitive called “policy-controlled signatures”. In this notion, a
signer can sign a message and attach it with some policies. Only a verifier who satisfies the policies attached can
verify the authenticity of the message. This type of signature schemes has many applications, in particular to
deal with sensitive data, where the signer does not want to allow anyone who is unauthorized to verify the
authenticity of the messages. The notion of policy-controlled signatures resembles some similarities with
designated verifier signatures, as it can also be used to designate a signature to multiple recipients.
Nevertheless, we shall demonstrate that the notion of policy-controlled signatures generalize the notion of
designated verifier signatures. A concrete scheme that is secure in our model is also provided. Furthermore, we
also present an extension to “universal policy-controlled signature”. In this extended notion, we combine the
idea of universal designated verifier signatures with policy-controlled signatures to allow more flexible
delegations. We also provide a concrete scheme that is secure in our model.