Fail-Stop Designated Recipient Signature Scheme and its Applications

How to design a fail-stop signature scheme is still a field in need of cultivation. If an attacker can successfully break an ordinary fail-stop signature scheme, then only a signer not a recipient is able to prove that a forgery has happened. This system only solves one dimensional of cryptographic problems. In this paper, we describe a new kind of digital signature scheme called fail-stop designated recipient signature scheme. The scheme allows a signer and an intended recipient to cooperatively provide a proof of forgery if an attacker can successfully forge a signature on a message m: The scheme also provides that the intended recipient is the only entity to verify the resulting signature and prove the validity to any interested third party. With this property, we show that our new signature scheme is the best alternative to solve certain problems concerning the protection of confidential documents especially those which are personally sensitive (to the owner) and is also applicable for group of recipients to verify a signature jointly (shared verification) in a group-oriented environment.