Dingyi Pei’s research while affiliated with Guangzhou University and other places

To date, there are numerous variants of designated verifier signatures (DVS), including the notion of strong DVS, multi DVS, universal DVS, etc. In this paper, for the first time, we present a generic definition of DVS model. We also explore the related security notions in DVS, including unforgeability, non-transferability and non-delegatability, and study the relationship of these notions against variants of DVS. Furthermore, we classify the multi designated verifier signature schemes into four categories depending on the way the verification and simulation is performed. We also point out some drawbacks on the existing DVS schemes, and finally present a new and efficient constant size multi DVS scheme that produces a constant size signature regardless the size of the receivers’ group. Our scheme is proven secure in the standard model.

In a paper recently published in ICALP 2005, Lipmaa, Wang and Bao identified a new essential security property, non-delegatability, of designated verifier signature (DVS) schemes. Briefly, in a non-delegatable DVS scheme, neither a signer nor a designated verifier can delegate the signing rights to any third party T without revealing their secret keys. We show that the Susilo-Zhang-Mu identity-based strong DVS scheme, Ng-Susilo-Mu universal designated multi verifier signature scheme, the Laguillaumie-Vergnaud multi-DVS scheme and the Zhang-Furukawa-Imai universal DVS scheme are delegatable. Together with the results of Lipmaa, Wang and Bao, our results show that most of the previously proposed DVS schemes are delegatable. However, the Laguillaumie-Vergnaud and Zhang-Furukawa-Imai schemes may still be secure in practice, since there the only party who can delegate signing is the designated verifier, who may not have motivation to do so. We finish the paper with some discussion on whether the the non-delegatability notion of Lipmaa, Wang and Bao is appropriate.