Efficient Strong Designated Verifier Signature Schemes without Random Oracles or Delegatability

Designated verifier signature (DVS) is a cryptographic primitive that allows a signer to convince a verifier the validity of a statement in a way that the verifier is unable to transfer the conviction to a third party. In DVS, signatures are publicly verifiable. The validity of a signature ensures that it is from either the signer or the verifier. Strong DVS (SDVS) enhances the privacy of the signer so that anyone except the designated verifier cannot verify the signer’s signatures. In this paper we propose a highly efficient SDVS scheme based on pseudorandom functions, which is proved to be secure in the standard model. Compared with the most efficient SDVS scheme secure in the random oracle model, our scheme has almost the same complexity in terms of both the computational cost of generating a signature and signature size. A signature of our scheme is simply the output of a pseudorandom function. The security of the scheme is tightly reduced to the hardness of DDH problem and the security of the pseudorandom function. Since our scheme is vulnerable to delegatability attacks, the study of which was initiated by Lipmaa, Wang and Bao in ICALP 2005, we then propose another construction of SDVS, which is the first one immune to delegatability attacks. The scheme is also very efficient, and has the same signature size with that of Lipmaa-Wang-Bao non-delegatable DVS scheme. We show that it is secure based on discrete logarithm assumption and gap Diffie-Hellman assumption in the random oracle model.

[1]  Jean-Jacques Quisquater,et al.  Universal Designated Verifier Signatures Without Random Oracles or Non-black Box Assumptions , 2006, SCN.

[2]  Hideki Imai,et al.  Short Signature and Universal Designated Verifier Signature Without Random Oracles , 2005, ACNS.

[3]  Ron Steinfeld,et al.  Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures , 2004, Public Key Cryptography.

[4]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[5]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[6]  Yi Mu,et al.  Universal Designated Verifier Signature Without Delegatability , 2006, ICICS.

[7]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[8]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[9]  Fabien Laguillaumie,et al.  Multi-designated Verifiers Signatures , 2004, ICICS.

[10]  Yi Mu,et al.  Secure universal designated verifier signature without random oracles , 2008, International Journal of Information Security.

[11]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[14]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[15]  Yi Mu,et al.  Short Designated Verifier Signature Scheme and Its Identity-based Variant , 2008, Int. J. Netw. Secur..

[16]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[17]  Gerrit Bleumer,et al.  Undeniable Signatures , 2011, Encyclopedia of Cryptography and Security.

[18]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[19]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[20]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[21]  Yi Mu,et al.  Identity-Based Strong Designated Verifier Signature Schemes , 2004, ACISP.

[22]  Fabien Laguillaumie,et al.  Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map , 2004, SCN.

[23]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[24]  Hovav Shacham,et al.  Efficient Ring Signatures Without Random Oracles , 2007, Public Key Cryptography.

[25]  Qiong Huang,et al.  Non-delegatable Identity-based Designated Verifier Signature , 2009, IACR Cryptol. ePrint Arch..

[26]  Damien Vergnaud,et al.  New Extensions of Pairing-Based Signatures into Universal Designated Verifier Signatures , 2006, ICALP.

[27]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[28]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[29]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[30]  Olivier Markowitch,et al.  An Efficient Strong Designated Verifier Signature Scheme , 2003, ICISC.