How to achieve non-repudiation of origin with privacy protection in cloud computing

•We define two security goals of the non-repudiation of origin: NRO-I and NRO-II.•We show that the (strongly) existential unforgeability of digital signatures is not sufficient to provide NRO-II.•We define the privacy of message sender in communication protocols with non-repudiation of origin.•We describe a communication protocol where the non-repudiation of origin and the privacy of message originator co-exist.

This paper studies a security issue in cloud computing: non-repudiation of origin (NRO) with privacy protection on message originator. We first define two concrete goals of NRO: NRO-I and NRO-II. Both notions are inspired by the non-repudiation service we can have by using traditional handwritten signatures as the evidence of origin. Then we show that existentially unforgeable digital signatures can provide NRO-I but not always NRO-II, by giving a counterexample. Another contribution of this paper is a communication protocol accommodating non-repudiation of origin and privacy of message originator. Our protocol satisfies NRO-I and NRO-II, and the recipient is unable to convince any other entities about the identity of message originator. The essence of our protocol is a designated verifier signature scheme with unforgeability against the designated verifier.