In Proceedings of CT-RSA 2014. vol. 8366 of LNCS. pages 349–66. Springer-Verlag, Feb. 2014.
Verifiably encrypted signatures were introduced by Boneh, Gentry, Lynn, and Shacham in 2003, as a non-interactive analogue to interactive protocols for verifiable encryption of signatures. As their name suggests, verifiably encrypted signatures were intended to capture a notion of encryption, and constructions in the literature use public-key encryption as a building block.
In this paper, we show that previous definitions for verifiably encrypted signatures do not capture the intuition that encryption is necessary, by presenting a generic construction of verifiably encrypted signatures from any signature scheme. We then argue that signatures extracted by the arbiter from a verifiably encrypted signature object should be distributed identically to ordinary signatures produced by the original signer, a property that we call resolution independence. Our generic construction of verifiably encrypted signatures does not satisfy resolution independence, whereas all previous constructions do. Finally, we introduce a stronger but less general version of resolution independence, which we call resolution duplication. We show that verifiably encrypted signatures that satisfy resolution duplication generically imply public-key encryption.