Xin Liu, University of Wollongong
Abstract: Withdrawable signature, a recently introduced variant of digital signature, addresses the need for flexibility in existing digital signatures by allowing signers to retract their signatures securely and efficiently. To achieve this, a withdrawable signature scheme initially creates an “unverifiable” signature on the signer’s public key, which can later be converted into a conventional, verifiable signature only by the signer. Previously, there were only two specific constructions using Schnorr and pairing. Recognizing the practical importance of the RSA signature, we aim to provide a generic construct of the withdrawable signature from the hash-then-one-way type signature, with RSA being a concrete instantiation.
We revisit and extend the definition and security notions of the existing withdrawable signature, introducing the concept of the “extended withdrawable signature” that extends the verification of the withdrawable signature from certain verifiers only to allow universal verification — a feature not achieved by previous work. We provide formal security analysis to demonstrate that our generic construction satisfies the revisited security notions of the withdrawable signature. This approach broadens the applicability and enhances the security of withdrawable signatures in various cryptographic applications.