Generic constructions for universal designated-verifier signatures and identitybased signatures from standard signatures

The authors give a generic construction for universal (mutli) designated-verifier signature schemes from a large class of signature schemes, referred to as Class ℂ. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. The authors also propose a generic construction for (hierarchical) identity-based signature schemes from any signature scheme in ℂ and prove that the construction is secure against adaptive chosen message and identity attacks. The authors discuss possible extensions of our constructions to identity-based ring signatures and identity-based designated-verifier signatures from any signature in ℂ. Finally, the authors show that it is possible to combine the above constructions to obtain signatures with combined functionalities.

[1]  Jonathan Katz Signature Schemes Based on the (Strong) RSA Assumption , 2010 .

[2]  Jean-Jacques Quisquater,et al.  Universal Designated Verifier Signatures Without Random Oracles or Non-black Box Assumptions , 2006, SCN.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[5]  Damien Vergnaud,et al.  New Extensions of Pairing-Based Signatures into Universal Designated Verifier Signatures , 2006, ICALP.

[6]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[7]  Hideki Imai,et al.  Short Signature and Universal Designated Verifier Signature Without Random Oracles , 2005, ACNS.

[8]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[9]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[10]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[11]  Jean-Sébastien Coron,et al.  Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring , 2006, Journal of Cryptology.

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Ivan Visconti,et al.  Mercurial Commitments: Minimal Assumptions and Efficient Constructions , 2006, TCC.

[14]  Jin Li,et al.  Universal Designated Verifier Ring Signature (Proof) Without Random Oracles , 2006, EUC Workshops.

[15]  Fabien Laguillaumie,et al.  Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map , 2004, SCN.

[16]  Xun Yi,et al.  An identity-based signature scheme from the Weil pairing , 2003, IEEE Communications Letters.

[17]  Yi Mu,et al.  Identity-Based Universal Designated Verifier Signatures , 2005, EUC Workshops.

[18]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[19]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[20]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[21]  Bimal Roy Advances in Cryptology - ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, December 4-8, 2005, Proceedings , 2005, ASIACRYPT.

[22]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[23]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[24]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[25]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[26]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[27]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[28]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[29]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[30]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[31]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[32]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[33]  Yi Mu,et al.  Universal Designated Verifier Signature Without Delegatability , 2006, ICICS.

[34]  Yong Li,et al.  On Delegatability of Four Designated Verifier Signatures , 2005, ICICS.

[35]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[36]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[37]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[38]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[39]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[40]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[41]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[42]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[43]  Kenneth G. Paterson,et al.  ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[44]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[45]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[46]  Jan Camenisch,et al.  Advances in cryptology - EUROCRYPT 2004 : International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004 : proceedings , 2004 .

[47]  Shafi Goldwasser,et al.  Transformation of Digital Signature Schemes into Designated Confirmer Signature Schemes , 2004, TCC.

[48]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[49]  Kenneth G. Paterson,et al.  Efficient Identity-Based Signatures Secure in the Standard Model , 2006, ACISP.

[50]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[51]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[52]  J. Camenisch,et al.  Proof systems for general statements about discrete logarithms , 1997 .

[53]  Yi Mu,et al.  Restricted Universal Designated Verifier Signature , 2006, UIC.

[54]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[55]  Chanathip Namprempre,et al.  From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security , 2002, EUROCRYPT.

[56]  Yuliang Zheng,et al.  Public key cryptography : third International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, Melbourne, Victoria, Australia, January 18-20, 2000 : proceedings , 2000 .

[57]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[58]  Kefei Chen,et al.  Efficient Identity-Based Signatures and Blind Signatures , 2005, CANS.

[59]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[60]  Kazuo Ohta,et al.  On Concrete Security Treatment of Signatures Derived from Identification , 1998, CRYPTO.