How to Protect a Signature from Being Shown to a Third Party

            Marek Klonowski, Przemyslaw Kubiak,
               Miroslaw Kutylowski, Anna Lauks

Many attempts to controlling who and under which circumstances can
verify our signatures have been made so far. For this purpose one can use 
undeniable signatures, designated confirmer signatures, and
designated verifier signatures. We introduce a new kind of signatures,
called  dedicated digital signatures (or dds for short). The core
idea is that a designated verifier can present
a standard signature of the signer derived from dds to a third party, but
at the price of  revealing  the private key of the designated verifier 
or at the price of revealing the designated verifier's signature of 
a particular message. Therefore the verifier will show the signature only
in very  special situations.

We apply the basic scheme in a variety of situations. Dds scheme allows
to use standard signature software for authenticating documents that should 
not be shown to a third party.
Another application is that Alice may give Bob two documents and 
guarantee that Bob will publish at most one of them. Another variant 
of the dds scheme  solves the problem of simultaneous publication: 
Bob who publishes a signature of Alice reveals his signature 
for another message at the same moment.