No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Abstract
A strong multiple designated verifiers signature (SMDVS) enables a signer to convince a set of verifiers by generating one signature, of which the verification needs a private key of a verifier. After a brief survey of current SMDVS schemes, we find no schemes suitable to a broadcast propagation, where the simulation needs only one verifier's private key. Motivated by this discovery, we propose a broadcast SMDVS scheme. The new scheme is proven secure in the random oracle model.
... This notion was first formalised in 2004 by Laguillaumie and Vergnaud [7]. Since then, a number of MDVS schemes with various properties in different setting models have been proposed [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23]. These MDVS schemes are categorised in the two following patterns: ...
... Two existing patterns are similar in all algorithms except in the DVer algorithm. These algorithms are defined as follows [7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23]. ...
... Nontransferability is ensured by a transcript simulation algorithm that can be performed by the cooperation of all designated verifiers to generate a signature which is indistinguishable from the one that should be generated by the signer. This property is defined the same in two existing patterns [7][8][9][10][11][12][13][14][15][17][18][19][20][21][22][23], as well as our proposed pattern (this property is defined a little different in [16]). ...
In a designated verifier signature (DVS) scheme, the validity of the signature can only be checked by a designated entity chosen by the signer. Furthermore, the designated entity cannot convince a third party that the signature is generated by the signer. A multi‐designated verifiers signature (MDVS) scheme is an extension of a DVS which includes multiple designated verifiers. To the best of the authors’ knowledge, there are two existing patterns for an MDVS scheme. In the first pattern, every verifier of the set of designated verifiers can check the validity of the signature independently. In the second pattern, the cooperation of all designated verifiers is required for checking the validity of the signature. In this study, the authors propose a generic new pattern for an MDVS scheme in which a threshold number of the set of designated verifiers can check the validity of the signature. They also present a concrete MDVS scheme with threshold verifiability in the standard model. Moreover, they compare their scheme with other existing MDVS schemes. Finally, they briefly explain scenarios in which the proposed pattern can be applicable.
In a designated verifier signature (DVS) scheme, a signer (Alice) generates a signature which can only be verified by a designated verifier (Bob) chosen by her. Moreover, Bob cannot transfer his conviction about Alice’s signature to any third party. A DVS scheme provides the capability of authenticating Alice to Bob without disrupting her privacy. A multi designated verifier signature (MDVS) scheme is an extension of a DVS which consists of multiple designated verifiers. Non-delegatability is an essential property of a DVS scheme in scenarios where the responsibility of a signer (Alice) is important and she must not be able to delegate the signing rights to another entity. In this paper, we discuss on all MDVS schemes proposed up to now (to the best of our knowledge) and show that all of them are delegatable. As a result, proposing a non-delegatable MDVS scheme is an open research problem in the literature.
Fog computing is viewed as an extended technique of cloud computing. In Internet of things–based collaborative fog computing systems, a fog node aggregating lots of data from Internet of things devices has to transmit the information to distributed cloud servers that will collaboratively verify it based on some predefined auditing policy. However, compromised fog nodes controlled by an adversary might inject bogus data to cheat or confuse remote servers. It also causes the waste of communication and computation resources. To further control the lifetime of signing capability for fog nodes, an appropriate mechanism is crucial. In this article, the author proposes a time-constrained strong multi-designated verifier signature scheme to meet the above requirement. In particular, a conventional non-delegatable strong multi-designated verifier signature scheme with low computation is first given. Based on its constructions, we show how to transform it into a time-constrained variant. The unforgeability of the proposed schemes is formally proved based on the famous elliptic curve discrete logarithm assumption. The security requirement of strong signer ambiguity for our substantial constructions is also analyzed by utilizing the intractable assumption of decisional Diffie–Hellman. Moreover, some comparisons in terms of the signature size and computational costs for involved entities among related mechanisms are made.
Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue key attack on MDVS. In this attack scenario, a malicious designated verifier tries to forge a signature that passes through the verification of another honest designated verifier. A common counter-measure involves making the knowledge of secret key assumption (KOSK) in which an adversary is required to produce a proof-of-knowledge of the secret key. We strengthened the existing security model to capture this attack and propose a new construction that does not rely on the KOSK assumption. Secondly, we propose a generic construction of strong MDVS.
A strong multiple designated verifiers signature (SMDVS) enables a signer to convince a set of verifiers by generating one signature, of which the verification needs the private key of a verifier. After a brief survey of the current SMDVS schemes, we find no schemes suitable to the broadcast propagation, where the simulation needs only one verifier's private key. Motivated by this discovery, we propose a broadcast SMDVS scheme. The new scheme is proven secure in the random oracle model.
Universal Designated-Verifier Signature (UDVS) schemes are digital signature schemes with additional functionality which allows
any holder of a signature to designate the signature to any desired designated-verifier such that the designated-verifier can verify that the message was signed by the signer, but is unable to convince anyone
else of this fact.
Since UDVS schemes reduce to standard signatures when no verifier designation is performed, it is natural to ask how to extend
the classical Schnorr or RSA signature schemes into UDVS schemes, so that the existing key generation and signing implementation
infrastructure for these schemes can be used without modification. We show how this can be efficiently achieved, and provide
proofs of security for our schemes in the random oracle model.
To date, there are numerous variants of designated verifier signatures (DVS), including the notion of strong DVS, multi DVS,
universal DVS, etc. In this paper, for the first time, we present a generic definition of DVS model. We also explore the related security notions in DVS, including unforgeability, non-transferability and non-delegatability,
and study the relationship of these notions against variants of DVS. Furthermore, we classify the multi designated verifier
signature schemes into four categories depending on the way the verification and simulation is performed. We also point out
some drawbacks on the existing DVS schemes, and finally present a new and efficient constant size multi DVS scheme that produces a constant size signature regardless the size of the receivers’ group. Our scheme is proven
secure in the standard model.
This paper proposes a designated verifier signature scheme based on the Schnorr signature and the Zheng signcryption schemes. One of the advantages of the new scheme compared with all previously proposed schemes is that it achieves the "strong designated verifier" property without encrypting any part of the signatures. This is because the des- ignated verifier's secret key is involved in the verification phase. Another advantage of the proposed scheme is the low communication and computational cost. Generating a signature requires only one modular exponentiation, while this amount is two for the verification. Also, a signature in our scheme is more than four times shorter than those of known designated verifier schemes.
Designated verifier signatures were introduced in the middle of the 90’s by Jakobsson, Sako and Impagliazzo, and independenty
patended by Chaum as private signatures. In this setting, a signature can only be verified by a unique and specific user.
At Crypto’03, Desmedt suggested the problem of generalizing the designated verifier signatures. In this case, a signature
should be intended to a specific set of different verifiers. In this article, we provide a formal definition of multi-designated
verifiers signatures and give a rigorous treatment of the security model for such a scheme. We propose a construction based
on ring signatures, which meets our definition, but does not achieve the privacy of signer’s identity property. Finally, we propose a very efficient bi-designated verifiers signature scheme based on bilinear maps, which protects
the anonymity of signers.
Keywordsmulti-designated verifiers signatures-ring signatures-bilinear maps-privacy of signer’s identity-exact security
The concept of Designated Verifier Signatures (DVS) was introduced by Jakobsson, Sako and Impagliazzo at Eurocrypt'96. These signatures are intended to a specific verifier, who is the only one able to check their validity. In this context, we formalize the notion of privacy of signer's identity which captures the strong designated verifier property investigated in their paper. We propose a variant of the pairing-based DVS scheme introduced at Asiacrypt'03 by Steinfeld, Bull, Wang and Pieprzyk. Contrary to their proposal, our new scheme can be used with any admissible bilinear map, especially with the low cost pairings and achieves the new anonymity property (in the random oracle model). Moreover, the unforgeability is tightly related to the Gap-Bilinear Diffie-Hellman assumption, in the random oracle model and the signature length is around 75 % smaller than the original proposal.
In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then
the first UDMVS scheme is presented in the standard model (i.e. without random oracles) based on Waters’ signature scheme.
In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed
scheme is based on the Gap Bilinear Diffie-Hellman assumption.
An identity-based (ID-based) universal designated verifier signature (ID-UDVS) scheme allows a signature holder to designate a specific verifier of the signature by using a simplified public identity such as e-mail address. In the paper, we present an efficient identity-based universal designated multi-verifiers signature (ID-UDMVS) scheme by extending a single verifier to a set of multi-verifiers for verification of a signature. To achieve our goal, we construct an ID-based signature scheme providing batch verification and then, using this scheme as a building block, we firstly propose an ID-UDMVS scheme with constant signature size. Interestingly our construction method can be used as a generic method transforming an ID-UDVS scheme, which is defined in a bilinear version of the so-called ∑ protocol, to an ID-UDMVS scheme.
In 1996, Jakobsson, Sako, and Impagliazzo and, on the other hand, Chaum proposed the notion of designated verifier signature to solve some of the intrinsic problems of undeniable signatures. The generalization of this concept, suggested by Desmedt at Crypto'03's rump session, was formally investigated by Laguillaumie and Vergnaud at ICICS'04 as multi-designated verifiers signatures. The protection of the signer's privacy, as defined in that paper, seems difficult to achieve, and the protocols they proposed capture this property with an IND-CCA2 encryption of the signature. In this article, we propose the first multi-designated verifiers signature scheme which protects the anonymity of signers without encryption. This scheme is designed to be the extension of their B2DVS one and relies on Boneh et al.'s pairing-based ring signatures. The security of the new protocol relies, in the random oracle model, on the difficulty of solving the Diffie–Hellman problem in a bilinear setting.
Designated verifier signatures are privacy-oriented signatures that provide message authenticity only to a specified verifier
but nobody else. We consider strong multi-designated verifiers such that knowledge of either one of designated verifiers’
private keys is required to verify the signature. We propose the first identity-based construction.
In an ID-based universal designated verifier signature scheme, a single signer generates a signature that can only be verified by a designated verifier using a simplified public identity such as an e-mail address. In this paper, we expand the scheme to a multi-user setting for generating and verifying signatures in practical applications. An ID-based multi-signer universal designated multi-verifier signature scheme based on bilinear pairings is proposed that allows a set of multi-signer to cooperatively generate a signature and designate a set of multi-verifier to verify it. The security of the proposed scheme is demonstrated to be resistant to existentially forgery from adaptive chosen-message and chosen-ID attacks under the Bilinear Diffie–Hellman problem.
Multi-Designated Verifier Signatures (MDVS) are privacy-oriented signatures that can only be verified by a set of users specified by the signer. We propose two new generic constructions of MDVS from variants of existing cryptographic schemes, which are ring signature from anonymous subset and multi-chameleon hash. We first devise a single add-on protocol which enables many existing identity-based (ID-based) ring signature schemes to support anonymous subset, which gives us three ID-based MDVS schemes. We then construct a multi-chameleon hash from an existing scheme with key exposure freeness. Interestingly, these two techniques can be seen as a multisignature version of Hess's ID-based signature and Schnorr signature respectively.