Oblivious signature-based envelope

Ninghui Li, Wenliang Du, Dan Boneh

Research output: Contribution to journalArticlepeer-review

32 Scopus citations


We propose a new cryptographic primitive called oblivious signature-based envelope (OSBE). Informally, an OSBE scheme enables a sender to send an envelope (encrypted message) to a receiver, and has the following two properties: (1) The receiver can open the envelope if and only if it has a third party's (e.g., a certification authority's) signature on an agreed-upon message. (2) The sender does not learn whether the receiver has the signature or not. We show that OSBE can be used to break policy cycles in automated trust negotiation (ATN) and to achieve oblivious access control. We develop a provably secure and efficient OSBE protocol for certificates signed using RSA signatures, as well as provably secure and efficient one-round OSBE protocols for Rabin and BLS signatures from recent constructions for identity-based encryption. We also present constructions for Generalized OSBE, where signatures on multiple messages (and possibly by different authorities) are required to open the envelope.

Original languageEnglish (US)
Pages (from-to)293-302
Number of pages10
JournalDistributed Computing
Issue number4
StatePublished - May 2005

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications
  • Computational Theory and Mathematics


Dive into the research topics of 'Oblivious signature-based envelope'. Together they form a unique fingerprint.

Cite this