ECDSA-compatible Delegable Undeniable Signature

We present the first ECDSA-compatible delegable undeniable signature. Undeniable signature was first introduced by Chaum and Antwerpen. Such signatures cannot be verified without running a zero-knowledge protocol with the signer. Delegable undeniable signature extends this by allowing the signer to delegate the verification ability to a third party. An example use case for delegable undeniable signature is that a trusted party verifies a user’s personal information, signs a message and then passes the signature back to the user. If a verifier needs to know that personal information (e.g. an online merchant selling alcohol needs to verify the user’s age), the user can run the verification protocol as a delegate to prove the trusted party (e.g. the government) signed that personal information. The verifier will be convinced the signature is genuine, but will not be able to convince others. Our signature scheme is based on standard ECDSA, which is the most common signature scheme in blockchain technology. It is easy to construct (it involves two standard ECDSA signatures) and easy to verify (a simple two-round zero-knowledge protocol). We believe our signature scheme is useful especially in Self-Sovereign Digital Identity.