On the Soundness of Restricted Universal Designated Verifier Signatures and Dedicated Signatures

In 2006, Huang, Susilo, Mu and Zhang proposed the concept of restricted universal designated verifier signatures while Klonowski, Kubiak, Kutylowski and Lauks proposed independently the dual primitive of dedicated signatures. In both notions, a signature holder can convince one or more verifiers of his knowledge of a digital signature, but cannot exploit this knowledge without being punished for that. In this paper, we state that a signature holder may generically provide a proof that it has a certain signature without being punished and that consequently both primitives cannot fulfill their alleged security goals. To demonstrate the feasibility of this claim, we propose the first non-interactive universal designated verifier proof of the possession of an Elgamal or a DSA signature in the random oracle model. This construction may be of independent interest.

[1]  Daniel R. L. Brown Generic Groups, Collision Resistance, and ECDSA , 2002, Des. Codes Cryptogr..

[2]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[3]  Fabien Laguillaumie,et al.  Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map , 2004, SCN.

[4]  H. Sibert,et al.  A Zero-Knowledge Identification Scheme in Gap Diffie-Hellman Groups , 2005 .

[5]  Ron Steinfeld,et al.  Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures , 2004, Public Key Cryptography.

[6]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[7]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[8]  Olivier Markowitch,et al.  An Efficient Strong Designated Verifier Signature Scheme , 2003, ICISC.

[9]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[10]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[11]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[12]  Marek Klonowski,et al.  How to Protect a Signature from Being Shown to a Third Party , 2006, TrustBus.

[13]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[14]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[15]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[16]  Damien Vergnaud,et al.  New Extensions of Pairing-Based Signatures into Universal Designated Verifier Signatures , 2006, ICALP.

[17]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[18]  Jean-Jacques Quisquater,et al.  Universal Designated Verifier Signatures Without Random Oracles or Non-black Box Assumptions , 2006, SCN.

[19]  Yi Mu,et al.  Zero-Knowledge Proofs of Possession of Digital Signatures and Its Applications , 1999, ICICS.

[20]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[21]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[22]  Yi Mu,et al.  Restricted Universal Designated Verifier Signature , 2006, UIC.

[23]  Ronald V. Book,et al.  On Languages Accepted in Polynomial Time , 1972, SIAM J. Comput..

[24]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[25]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[26]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[27]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[28]  Vijay Varadharajan,et al.  Information and Communication Security , 1999, Lecture Notes in Computer Science.

[29]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[30]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[31]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[32]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.