The Joint Signature and Encryption Revisited
In this paper, the authors studied the classical paradigms used to build many opaque signatures, namely StE, EtS, and CtEtS. They showed using an increasingly popular tool, namely meta-reductions, that StE and CtEaS require expensive encryption in order to provide a reasonable security level for the resulting construction. This is due to an intrinsic weakness of those paradigms which consists in the possibility of obtaining the opaque signature without the help of the signer. Next, they proposed some adjustments to these paradigms which circumvent this weakness and allow to rest on cheap encryption without compromising the security level of the result.