ArticlePublisher preview available

On delegatability of MDVS schemes

Authors:
Parvin Rastegari
Parvin Rastegari
Parvin Rastegari
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Willy Susilo at University of Wollongong
Willy Susilo
Read publisher preview
Download citation
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In a designated verifier signature (DVS) scheme, a signer (Alice) generates a signature which can only be verified by a designated verifier (Bob) chosen by her. Moreover, Bob cannot transfer his conviction about Alice’s signature to any third party. A DVS scheme provides the capability of authenticating Alice to Bob without disrupting her privacy. A multi designated verifier signature (MDVS) scheme is an extension of a DVS which consists of multiple designated verifiers. Non-delegatability is an essential property of a DVS scheme in scenarios where the responsibility of a signer (Alice) is important and she must not be able to delegate the signing rights to another entity. In this paper, we discuss on all MDVS schemes proposed up to now (to the best of our knowledge) and show that all of them are delegatable. As a result, proposing a non-delegatable MDVS scheme is an open research problem in the literature.
A preview of this full-text is provided by Springer Nature.
Learn more
Content available from Journal of Computer Virology and Hacking Techniques
This content is subject to copyright. Terms and conditions apply.
Journal of Computer Virology and Hacking Techniques (2022) 18:71–80
https://doi.org/10.1007/s11416-021-00382-2
ORIGINAL PAPER
On delegatability of MDVS schemes
Parvin Rastegari1·Willy Susilo2
Received: 14 October 2020 / Accepted: 26 March 2021 / Published online: 13 April 2021
© The Author(s), under exclusive licence to Springer-Verlag France SAS, part of Springer Nature 2021
Abstract
In a designated verifier signature (DVS) scheme, a signer (Alice) generates a signature which can only be verified by a
designated verifier (Bob) chosen by her. Moreover, Bob cannot transfer his conviction about Alice’s signature to any third
party. A DVS scheme provides the capability of authenticating Alice to Bob without disrupting her privacy. A multi designated
verifier signature (MDVS) scheme is an extension of a DVS which consists of multiple designated verifiers. Non-delegatability
is an essential property of a DVS scheme in scenarios where the responsibility of a signer (Alice) is important and she must
not be able to delegate the signing rights to another entity. In this paper, we discuss on all MDVS schemes proposed up to
now (to the best of our knowledge) and show that all of them are delegatable. As a result, proposing a non-delegatable MDVS
scheme is an open research problem in the literature.
1 Introduction
A digital signature scheme is an important primitive to
provide authentication, integrity of the messages and non-
repudiation in security protocols [1]. An ordinary digital
signature scheme is publicly verifiable, i.e., everyone who
holds Alice’s public key can verify her signature on every
messages. Although this public verifiability is useful in
many scenarios, it is not desirable in applications where
the signer must be authenticated without disrupting her pri-
vacy, such as e-voting and e-commerce applications. In 1989,
the concept of undeniable signatures [2] was proposed by
Chaum and Antwerpen to authenticate Alice to Bob without
disrupting her privacy. However, in an undeniable signa-
ture, Bob needs some help of Alice to verify her signature.
To omit the reciprocal communication between Alice and
Bob, the concept of designated verifier signature (or proof)
(DVS) was proposed by Jakobsson et al. [3], and inde-
pendently by Chaum [4], in 1996. DVS schemes provide
the authentication and the integrity of messages, without
BParvin Rastegari
p.rastegari@gmail.com
Willy Susilo
wsusilo@uow.edu.au
1Golpayegan University of Technology, Golpayegan, Isfahan
36925 87412, Iran
2Institute of Cybersecurity and Cryptology, School of
Computing and Information Technology, University of
Wollongong, Wollongong, NSW 2522, Australia
the non-repudiation property. In a DVS scheme, a signer,
Alice, is able to convince a designated verifier, Bob, that
she has indeed signed a message while Bob cannot trans-
fer this conviction to any third party. As a result, Alice is
authenticated to Bob and also her privacy is preserved con-
currently, without any interaction between Alice and Bob.
Additionally, the notion of strong DVS (SDVS) scheme, in
which the private key of the verifier is required in running
the verification algorithm, was also introduced in [3]. Later
in 2003, the concept of universal DVS (UDVS) scheme [5]
was proposed by Steinfeld et al., in which everyone, who
holds Alice’s ordinary signature on a message, can trans-
form it into a DVS for a designated verifier. It is obvious
that a UDVS scheme can be considered as a DVS scheme,
when the original signer (Alice) is herself the signature
holder.
In 1996, a discussion on multiple (instead of just one)
designated verifiers was provided in [3]. After a few years
in 2003, the notion of multi-designated verifier signature
(MDVS) scheme was presented by Desmedt [6]. Conse-
quently in 2004, Laguillaumie et al. formalized this concept
[7]. Up to now, a number of MDVS schemes with various
properties in different setting models have been presented in
the literature [824],
In 2005, a new security notion, named as non-delegatability
(ND), was introduced by Lipmaa et al. [25], which opens up a
new direction of research. In a non-delegatable DVS scheme,
neither the signer (Alice) nor a designated verifier (Bob) can
assign the signing rights to any third party (Carol) without the
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
ResearchGate has not been able to resolve any citations for this publication.
Multi Designated Verifiers Signature Schemes with Threshold Verifiability: Generic Pattern and a Concrete Scheme in the Standard Model
Article
Full-text available
In a designated verifier signature (DVS) scheme, the validity of the signature can only be checked by a designated entity chosen by the signer. Furthermore, the designated entity cannot convince a third party that the signature is generated by the signer. A multi‐designated verifiers signature (MDVS) scheme is an extension of a DVS which includes multiple designated verifiers. To the best of the authors’ knowledge, there are two existing patterns for an MDVS scheme. In the first pattern, every verifier of the set of designated verifiers can check the validity of the signature independently. In the second pattern, the cooperation of all designated verifiers is required for checking the validity of the signature. In this study, the authors propose a generic new pattern for an MDVS scheme in which a threshold number of the set of designated verifiers can check the validity of the signature. They also present a concrete MDVS scheme with threshold verifiability in the standard model. Moreover, they compare their scheme with other existing MDVS schemes. Finally, they briefly explain scenarios in which the proposed pattern can be applicable.
View
Universal Designated Verifier Signature Scheme with Non-Delegatability in the Standard Model
Article
  • Dec 2018
  • INFORM SCIENCES
The notion of a Designated Verifier Signature (DVS) scheme allows a signer to create a signature which is only verifiable by an intended verifier. DVS is a very useful scheme for authenticating a signer without interfering with her privacy. In 2003, Steinfeld et al. extended this notion to enable a Universal Designated Verifier Signature (UDVS) scheme. In UDVS, everyone who holds Alice's traditional signature on a message (the signature holder), can transform it into a DVS for a specific verifier. Non-delegatability is a critical property of a DVS scheme in applications where responsibility of a signer is important and can not be delegated to another entity. Shim (Information Science, 2014) posed an open problem on how to construct a non-delegatable UDVS scheme. Since then, it has been well acknowledged that constructing a UDVS scheme which is non-delegatable remains as an elusive research problem. Furthermore, gaining a construction which is based on the standard model (without random oracles) is most desirable in practice. In this work, we present an affirmative answer to the aforementioned open research problem. We present the first non-delegatable UDVS scheme and prove its security requirements in the standard model. To the best of our knowledge, our work is the first non-delegatable UDVS scheme, which fills the gap in the existing literature. Furthermore, when the signer is considered as the signature holder, our scheme is also considered as the first non-delegatable DVS scheme in the standard model.
View
ID-based multi-signer universal designated multi-verifier signature based on discrete logarithm
Article
  • Jan 2018
A multi-signer universal designated multi-verifier signature scheme allows a set of signers to cooperatively generate a public verifiable signature, the signature holder then can propose a new signature such that only the designated set of verifiers can verify it. In this paper, we propose an ID-based multi-signer universal designated multi-verifier signature scheme and prove the security in the random oracle model. In recent years, some good results have been achieved in speeding up the computation of bilinear pairings. However, the computation cost of the pairings is much higher than that of the scalar multiplication in the elliptic curve group. Therefore, it is still significant to design cryptosystem without pairings operation. Taken into the computational costs for signing and verifying, our scheme does not need pairing operations and it is more efficient than previous ones.
View
View
Designated verifier signature schemes: Attacks, new security notions and a new construction
Conference Paper
  • Jan 2005
  • Lect Notes Comput Sci
We show that the signer can abuse the disavowal protocol in the Jakobsson-Sako-Impagliazzo designated-verifier signature scheme. In addition, we identify a new security property-non-delegatability-that is essential for designated-verifier signatures, and show that several previously proposed designated-verifier schemes are delegatable. We give a rigorous formalisation of the security for designated-verifier signature schemes, and propose a new and efficient designated-verifier signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the non-programmable random oracle model, and non-delegatable under a loose reduction in the programmable random oracle model. As a direct corollary, we also get a new efficient conventional signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the non-programmable random oracle plus common reference string model.
View
A short non-delegatable strong designated verifier signature
Article
  • Jun 2014
A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability. © 2013 Higher Education Press and Springer-Verlag Berlin Heidelberg.
View
A new strong multiple designated verifiers signature for broadcast propagation
Article
  • Jan 2012
  • CONTROL CYBERN
A strong multiple designated verifiers signature (SMDVS) enables a signer to convince a set of verifiers by generating one signature, of which the verification needs a private key of a verifier. After a brief survey of current SMDVS schemes, we find no schemes suitable to a broadcast propagation, where the simulation needs only one verifier's private key. Motivated by this discovery, we propose a broadcast SMDVS scheme. The new scheme is proven secure in the random oracle model.
View
A non-delegatable strong designated verifier signature in ID-based setting for mobile environment
Article
  • Sep 2013
  • MATH COMPUT MODEL
Non-delegatability is an interesting property of designated verifier signatures (DVS) as it technically makes a signer responsible for the signer’s actions and protects the privacy of the signer. This property is critical for some financial scenarios when a user is required to do something by itself. As more financial applications are running in a mobile and ubiquitous computing environment, an efficient scheme with a non-delegatability property is desirable. This paper proposes such a scheme in an identity-based setting with detailed proofs. Technically, the scheme combines an identity-based Schnorr style signature and an identification method with an OR proof technique gluing the two parts. It is the second scheme secure in a strict model proposed by Huang et al. And it saves about half the communication and computation costs of the first one.
View
A Non-delegatable Identity-based Designated Verifier Signature Scheme without Bilinear Pairings
Article
Up to now, several non-delegatable identity-based (strong) designated ver-ifier signature schemes using bilinear pairings are proposed. In these identity-based (strong) designated verifier signature schemes, bilinear pairings are employed either in signing and verifying steps or only in the verifying step. However, the computation cost of pairings at a security level equivalent to a 128-bit symmetric key of AES is approximately 20 times higher than that of exponentiation over an elliptic curve group. Hence, pre-senting a (strong) designated verifier signature scheme which is identity-based without pairings and supports non-delegatability as well is vital. In this study, a non-delegatable identity-based designated verifier signature scheme without bilinear pairings using two concatenated Schnorr signatures is proposed. Our construction not only is approximately 40 times more efficient compared to the existing non-delegatable identity-based (strong) designated verifier signature schemes due to the avoiding bilinear pairings but also it is provable secure in the random oracle.
View
Non-delegatable Strong Designated Verifier Signature on Elliptic Curves
Conference Paper
  • Jan 2012
  • Lect Notes Comput Sci
We propose a non-delegatable strong designated verifier signature on elliptic curves. The size of the signature is less than 500 bits considering an 80 bits security strength. It provably satisfies the non-delegatability and signer ambiguity properties. The construction method is a combination of the Schnorr signature and the elliptic curve Diffie-Hellman problem.
View