- The verification process is interactive, so that the signatory can limit who can verify the signature.
- A disavowal protocol, which is a cryptographic protocol that allows them to determine whether a given signature is a forgery.
The first means that a signatory can allow only others who are authorized to access the document to verify their signature. If the document were to be leaked to a third party, the third party would be unable to verify that the signature is genuine. This is a designated verifier signature.
However, because of this property it means that the signatory may deny a signature which was valid. To prevent this, there is the second property, a method to prove that a given signature is a forgery.
See also Edit
- David Chaum, Hans van Antwerpen: Undeniable Signatures; Crypto'89, LNCS 435, Springer-Verlag, Berlin 1990, 212-216.