### Abstract

In some practical circumstances, the ability of a signer should be restricted. In group signature schemes, a group member may be allowed to generate signatures up to a certain number of times according to his/her position in the group. In proxy signature schemes, an original signer may want to allow a proxy signer to generate a certain number of signatures on behalf of the original signer. In the paper, we discuss signature schemes, called c-times signature schemes, that restrict the signing ability of a signer up to c times for pre-defined value c at set-up. We formally define the notion and the security model of c-times signature schemes. In fact, c-times signature schemes can be classified into two types according to restriction features: one with an explicit limitation, called a c-times signature scheme, and the other with an implicit limitation, called an implicit c-times signature scheme. We present two instances of implicit c-times signature schemes and then give proofs of the security. For one instance we suggest ^{c}S which is a composition of a signature scheme S based on the discrete logarithm and Feldman's VSS. For the other we present ^{c} DSA based on DSA. Our basic approach can be applied to signature schemes such as HVZK based signature schemes.

Original language | English |
---|---|

Pages (from-to) | 324-335 |

Number of pages | 12 |

Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |

Volume | 2727 LNCS |

DOIs | |

Publication status | Published - 2003 Dec 1 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)*,

*2727 LNCS*, 324-335. https://doi.org/10.1007/3-540-45067-X_28