Privacy-preserving signature

The invention claimed is: 1. A method for signing data so that a signature can be verified by a verifier while preserving the privacy of a signer, the method comprising: generating a signature nonce by processing the data with a secret function, wherein the secret function is a function known only to the signer and is used to generate a pseudo-random value of the signature nonce based on data to be signed; encrypting the signature nonce by the signer with a public key of the verifier to produce an encrypted signature nonce so that the encrypted signature nonce can be decrypted with a private key of the verifier instead of a private key of the signer; calculating a signature of the data of the signer by signing the data concatenated with the signature nonce using the private key of the signer; and distributing the data, the encrypted signature nonce, and the signature of the data of the signer. 2. The method of claim 1 , wherein generating the signature nonce comprises generating a random number for the signature nonce. 3. The method of claim 1 , further comprising obtaining the public key of the verifier. 4. The method of claim 1 , wherein the verifier is a universal verifier who can verify signatures from all signers. 5. The method of claim 4 , wherein once the encrypted signature nonce is received by the universal verifier, the encrypted signature nonce is decrypted with a private key of the universal verifier. 6. The method of claim 5 , wherein once the encrypted signature nonce is received by the universal verifier, the data concatenated with the decrypted signature nonce is verified using a public key of the signer. 7. The method of claim 6 , wherein the verifier verifies the data concatenated with the decrypted signature nonce by determining whether it matches the signature of the data of the signer. 8. The method of claim 1 , further comprising: transmitting the secret function to the verifier, wherein once the secret function is received by the verifier, the signature nonce is calculated by the verifier using the secret function. 9. The method of claim 8 , wherein once the signature nonce is calculated, the data concatenated with the calculated signature nonce is verified by the verifier using a public key of the signer. 10. The method of claim 9 , wherein verifying the data concatenated with the calculated signature nonce comprises determining whether the data concatenated with the calculated signature nonce matches the signature of the data of the signer. 11. A method for a verifier to verify data signed with a signature of the data of a signer, the method comprising: receiving the data, an encrypted signature nonce, and the signature of the data of the signer, wherein the encrypted signature nonce is produced by encrypting a signature nonce with a public key of the verifier, wherein the received data is processed with a secret function, wherein the secret function is a function known only to the signer and is used to generate a pseudo-random value of the signature nonce based on data to be signed, and wherein the signature of the data of signer is calculated by signing the data concatenated with the signature nonce using a private key of the signer; decrypting the encrypted signature nonce with a private key of the verifier since the signature nonce was encrypted with the private key of the verifier instead of the private key of the signer; and verifying the signature of the data of the signer concatenated with the decrypted signature nonce using a public key of the signer. 12. A non-transitory computer-readable storage medium storing a computer program to sign data so that a signature of the data of a signer can be verified by a verifier while preserving a privacy of the signer, the computer program comprising executable instructions that cause a computer to: generate a signature nonce by processing the data with a secret function, wherein the secret function is a function known only to the signer and is used to generate a pseudo-random value of the signature nonce based on data to be signed; encrypt the signature nonce by the signer with a public key of the verifier to produce an encrypted signature nonce so that the encrypted signature nonce can be decrypted with a private key of the verifier instead of a private key of the signer; calculate a signature of the data of the signer by signing the data concatenated with the signature nonce using the private key of the signer; and distribute the data, the encrypted signature nonce, and the signature of the data of the signer. 13. The non-transitory computer-readable storage medium of claim 12 , wherein once the encrypted signature nonce is received by the universal verifier, the encrypted signature nonce is decrypted with a private key of the verifier, and the data concatenated with the decrypted signature nonce is verified by determining whether it matches the signature of the data of the signer. 14. The non-transitory computer-readable storage medium of claim 12 , wherein once the signature nonce is calculated, the data concatenated with the calculated signature nonce is verified by the verifier using a public key of the signer.