Strong Designated Verifier Signature in a Multi-user Setting

The security of strong designated verifier (SDV) signature schemes has thus far been analyzed only in a two-user setting. We observe that security in a two-user setting does not necessarily imply the same in a multi-user setting for SDV signatures. Moreover, we show that existing security notions do not adequately model the security of SDV signatures even in a two-user setting. We then propose revised notions of security in a multi-user setting and show that no existing scheme satisfies these notions. A new SDV signature scheme is then presented and proven secure under the revised notions in the standard model. For the purpose of constructing the SDV signature scheme, we propose a one-pass key establishment protocol in the standard model, which is of independent interest in itself.

[1]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[2]  Markus Jakobsson,et al.  Blackmailing using Undeniable Signatures , 1994, EUROCRYPT.

[3]  Yong Li,et al.  On Delegatability of Four Designated Verifier Signatures , 2005, ICICS.

[4]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[5]  Moti Yung,et al.  Weakness of Undeniable Signature Schemes (Extended Abstract) , 1991, EUROCRYPT.

[6]  Caroline J. Kudla,et al.  Special Signature Schemes and Key Agreement Protocols , 2006 .

[7]  Yi Mu,et al.  Short (Identity-Based) Strong Designated Verifier Signature Schemes , 2006, ISPEC.

[8]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[9]  Ron Steinfeld,et al.  Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures , 2004, Public Key Cryptography.

[10]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[11]  Javier Herranz,et al.  Efficient Authentication for Reactive Routing Protocols , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[12]  Moti Yung,et al.  Weaknesses of undeniable signature schemes , 1991 .

[13]  Raylin Tso,et al.  Practical Strong Designated Verifier Signature Schemes Based on Double Discrete Logarithms , 2005, CISC.

[14]  Olivier Chevassut,et al.  Key Derivation and Randomness Extraction , 2005, IACR Cryptol. ePrint Arch..

[15]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[16]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[17]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[18]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[19]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[20]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[21]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[22]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[23]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[24]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[25]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[26]  Jacques Stern,et al.  Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes , 2006, ICALP.

[27]  Fabien Laguillaumie,et al.  Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map , 2004, SCN.

[28]  Olivier Markowitch,et al.  An Efficient Strong Designated Verifier Signature Scheme , 2003, ICISC.

[29]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[30]  Rosario Gennaro,et al.  New Approaches for Deniable Authentication , 2005, CCS '05.

[31]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[32]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[33]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..