Provably secure message recovery limited verifier signature scheme with low cost

Chien Lung Hsu, Han Yu Lin*

*Corresponding author for this work

Research output: Contribution to journalJournal Article peer-review


Digital signatures provide the functions of integrity, authenticity, and non-repudiation for signing messages. In some applications, the signature only needs to be verified by some specified recipient while keeping the message secret from the public. The message recovery limited verifier signature (MRLVS) scheme can be used to achieve this purpose. To protect the recipient's benefit in case of a later repudiation of the signer, we should enable the specified recipient to convert the signature into a publicly verifiable (PV) one. To achieve this purpose, Araki et al. and Sekhar proposed convertible MRLVS schemes, respectively. Both of them, however, require the cooperation of the signer and are vulnerable to forgery attacks. In this paper, we propose an efficient and secure MRLVS scheme allowing a specified recipient to reveal a PV-signature without the assistance of the signer. The security proof of unforgeability against existential forgery on adaptive chosen-message attacks (EF-CMA) is given in the random oracle model. Moreover, the proposed scheme requires lower computation/communication costs and storage space, as compared with previous works.

Original languageEnglish
Pages (from-to)1187-1199
Number of pages13
JournalInformation (Japan)
Issue number4
StatePublished - 04 2014
Externally publishedYes


  • Conversion
  • Digital signature
  • Limited verifier
  • Message recovery
  • Random oracle model


Dive into the research topics of 'Provably secure message recovery limited verifier signature scheme with low cost'. Together they form a unique fingerprint.

Cite this