| 摘要 |
A portion of the signed message in an ECPVS is kept truly confidential by dividing the message being signed into at least three parts, wherein one portion is visible, another portion is recoverable by any entity and carries the necessary redundancy for verification, and at least one additional portion is kept confidential. The additional portion is kept confidential by encrypting such portion using a key generated from information specific to that verifying entity. In this way, any entity with access to the signer's public key can verify the signature by checking for a specific characteristic, such as a certain amount of redundancy in the one recovered portion, but cannot recover the confidential portion, only the specific entity can do so. Message recovery is also provided in an elliptic curve signature using a modification of the well analyzed ECDSA signing equation instead of, e.g. the Schnorr equation used in traditional PV signature schemes. |
