A multiple designated verifiers signature (MDVS) is introduced in 2004 by Laguillaumie-Vergnaud, in which specific verifiers chosen by the signer (designated verifiers) are the only entities who can verify the signature. They also constructed two concrete MDVS schemes MDVS1 and MDVS2 from bilinear maps which are proved to be secure in the random oracle model. This paper proposes a new forgery attack against MDVS1 and MDVS2, which allows an adversary, from a valid signature sigma on a document, to forge a signature on the same document. Because of the definition of the unforgeability of MDVS schemes, when all designated verifiers are colluded, thencan forge a signature on an arbitrary document (and thus the same document). However, the signer cannot distinguish who forged a signature (whether the adversary or the colluded designated verifiers) when the forged signature is given. Thus, the signer cannot convince the designated verifiers and this is critical for MDVS because the scheme is based on the trusty relationship between the signer and the designated verifiers. We also show the forgery attack against a DVS scheme proposed by Ohyama-Tanaka based on MDVS2.
[1]
Fabien Laguillaumie,et al.
Multi-designated Verifiers Signatures
,
2004,
ICICS.
[2]
Markus Jakobsson,et al.
Designated Verifier Proofs and Their Applications
,
1996,
EUROCRYPT.
[3]
Fabien Laguillaumie,et al.
Multi-designated verifiers signatures: anonymity without encryption
,
2007,
Inf. Process. Lett..
[4]
Antoine Joux.
A One Round Protocol for Tripartite Diffie-Hellman
,
2000,
ANTS.
[5]
Antoine Joux,et al.
A One Round Protocol for Tripartite Diffie–Hellman
,
2000,
Journal of Cryptology.
[6]
Kyung-Ah Shim.
Rogue-key attacks on the multi-designated verifiers signature scheme
,
2008,
Inf. Process. Lett..