Unlinkable Multi-party Concurrent Signatures

Abstract

The concept of concurrent signatures was first introduced by Chen et al. at Eurocrypt 2004. In a concurrent signature scheme, users produce ambiguous signatures that are only verifiable by the users themselves but not by any other outsiders until the release of an extra secret called the keystone. Once the keystone was released, all the signatures become binding to their signers concurrently and anyone can verify the signatures. Since then, a few concurrent signature schemes have been proposed. Tonien et al. constructed the first multi-party concurrent signature scheme at ISC 2006. In this paper, for the first time we construct an unlinkable multi-party concurrent signature scheme. After the release of the keystone, the concurrent signatures can be converted to ordinary signatures that don’t contain any information of keystone to remain unlinkable. This property offers a stronger notion of anonymity than previous schemes.