Designated Verifier Signature Research Articles

Cryptanalysis of Strong Designated Verifier Signature Scheme with Non-delegatability and Non-transferability

Strong designated verifier signature scheme (SDVS) allows a verifier to privately check the validity of a signature. Recently, Huang et al. first constructed an identity-based SDVS scheme (HYWS) in a stronger security model with non-interactive proof of knowledge, which holds the security properties of unforgeability, non-transferability, non-delegatability, and privacy of signer's identity. In this paper, we show that their scheme does not provide the claimed properties. Our analysis indicates that HYWS scheme neither resist on the designated verifier signature forgery nor provide simulation indistinguishability, which violates the security properties of unforgeability, non-delegatability and non-transferability.

Certificate-Based Strong Designated Verifier Signature Scheme

Certificate-Based Strong Designated Verifier Signature Scheme

A query verification scheme for dynamic outsourced databases

Recently, Kyriakos et al. proposed a Partially Materialized Digest scheme ( PMD ). Their scheme uses separate indexes for the data and the verification information to realize the authenticity and completeness verification in outsourced database. In this paper, we analyze PMD and show the drawbacks in PMD such as the slow update, the collusion and forgery attacks, and no content access control etc. In order to overcome these defects, the idea of designated verifier signature is introduced into query verification, and a secure, efficient query verification scheme for dynamic outsourced databases is proposed based on PMD . The analysis of security and performance shows that the proposed scheme has not only the same advantages with PMD , but also prevents the collusion and forgery attacks as well as enforces content access control. Furthermore, the update speed of the proposed scheme is faster than PMD , the storage cast of the proposed is lower than PMD .

AN EFFICIENT AND SECURE IDENTITY-BASED STRONG DESIGNATED VERIFIER SIGNATURE SCHEME

A strong designated verifier signature scheme makes it possible for a signer to convince a designatedverifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a thirdparty, and no third party can even verify the validity of a designated verifier signature. In 2008, Zhang and Mao proposed a novel ID- based strong designated verifier signature scheme based on bilinear pairings by combining ID-basedcryptosystem with the designated verifier signature. However, Kang et al. pointed out that Zhang-Mao scheme did notsatisfy the strong designated verifier signature property and then proposed an efficient ID-based designated verifiersignature scheme that is strong and unforgeable. Nevertheless, this paper demonstrates that Kang et al.’s scheme is stillvulnerable to universal forgery attacks and then proposes an improved scheme that not only can overcome such forgeryattacks but also can provide more efficiency. http://dx.doi.org/10.5755/j01.itc.40.4.982

Attribute-based strong designated-verifier signature scheme

In a strong designated-verifier signature scheme, only the verifier who is designated by a signer can check the validity of a signature via her/his private keys, which process contrasts with the public verifiability of a typical signature scheme. In applications in multi-user communication environments, a user may want to sign a document such that only some specified parties can confirm the signature. To do so, the signer can generate many designated-verifier signatures on a document for various designated verifiers, or she/he signs the document, encrypts the signature, and then sends the encrypted messages to the specified parties. However, the signer has to generate multiple signatures, as determined by the numbers of the designated verifiers in the former method and the latter method, signs a document and then encrypts it, that could lose their designation (which phenomenon is called source hiding). To solve the above problems, this study proposes an attribute-based strong designated-verifier signature scheme with source hiding, such that a signer needs to generate only one signature for a group of designated verifiers with attributes at specified values. To the best of the authors’ knowledge, no attribute-based strong designated-verifier signature scheme has been formally presented before.

Efficient strong designated verifier signature schemes without random oracle or with non-delegatability

Designated verifier signature (DVS) allows a signer to convince a designated verifier that a signature is generated by the signer without letting the verifier transfer the conviction to others, while the public can still tell that the signature must be generated by one of them. Strong DVS (SDVS) strengthens the latter part by restricting the public from telling whether the signature is generated by one of them or by someone else. In this paper, we propose two new SDVS schemes. Compared with existing SDVS schemes, the first new scheme has almost the same signature size and meanwhile, is proven secure in the standard model, while the existing ones are secure in the random oracle model. It has tight security reduction to the DDH assumption and the security of the underlying pseudorandom functions. Our second new scheme is the first SDVS supporting non-delegatability, the notion of which was introduced by Lipmaa, Wang and Bao in the context of DVS in ICALP 2005. The scheme is efficient and is provably secure in the random oracle model based on the discrete logarithm assumption and Gap Diffie–Hellman assumption.

An ID-based multi-signer universal designated multi-verifier signature scheme

In an ID-based universal designated verifier signature scheme, a single signer generates a signature that can only be verified by a designated verifier using a simplified public identity such as an e-mail address. In this paper, we expand the scheme to a multi-user setting for generating and verifying signatures in practical applications. An ID-based multi-signer universal designated multi-verifier signature scheme based on bilinear pairings is proposed that allows a set of multi-signer to cooperatively generate a signature and designate a set of multi-verifier to verify it. The security of the proposed scheme is demonstrated to be resistant to existentially forgery from adaptive chosen-message and chosen-ID attacks under the Bilinear Diffie–Hellman problem.

Generic Constructions for Strong Designated Verifier Signature

A designated verifier signature is a special type of digital signature, which convinces a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party. A strong designated verifier signature scheme enhances the privacy of the signer such that no one but the designated verifier can verify the signer's signatures. In this paper we present two generic frame works for constructing strong designated verifier signature schemes from any secure ring signature scheme and any deniable one-pass authenticated key exchange protocol, respectively. Compared with similar protocols, the instantiations of our construction achieve improved efficiency.

A Strong Designated-Verifier Ring Signature Scheme Providing One-Out-of-All Signer Anonymity

The first strong designated-verifier ring signature scheme provides signer ambiguity to protect signers' identity, because the actual signer is guessed to be some ring member or designated verifier. Only the designated verifier is convinced that the actual signer is some ring members. To provide signer anonymity maximally, the actual signer should be guessed to be not only the ring members but also all possible ones. Then the actual signer's anonymity suffers the maximum protection, though only the designated verifier is still convinced that the actual signer is some ring member. So the first strong designated-verifier signature scheme providing one-out-of-all signer anonymity is proposed to protect signers' identity maximally. Moreover, the signer admission is provided for the actual signer to prove who the actual signer is. The security proof of our scheme is also given.

Proxiable Designated Verifier Signature

Designated Verifier Signature (DVS) guarantees that only a verifier designated by a signer can verify the “validity of a signature”. In this paper, we propose a new variant of DVS; Proxiable Designated Verifier Signature (PDVS) where the verifier can commission a third party (i.e., the proxy) to perform some process of the verification. In the PDVS system, the verifier can reduce his computational cost by delegating some process of the verification without revealing the validity of the signature to the proxy. In all DVS systems, the validity of a signature means that a signature satisfies both properties that (1) the signature is judged “accept” by a decision algorithm and (2) the signature is confirmed at it is generated by the signer. So in the PDVS system, the verifier can commission the proxy to check only the property (1). In the proposed PDVS model, we divide verifier's secret keys into two parts; one is a key for performing the decision algorithm, and the other is a key for generating a dummy signature, which prevents a third party from convincing the property (2). We also define security requirements for the PDVS, and propose a PDVS scheme which satisfies all security requirements we define.

A New ID-based Designated Verifier Proxy Multi-Signature Scheme

Proxy multi-signature allows a proxy signer to generate signatures on behalf of a group of original signers. In a designated verifier signature scheme, the signature only can be verified by a designated person. In this paper, we give the model of ID-based designated verifier proxy multi-signature and present a new ID-based designated verifier proxy multi- signature scheme. Its security is based on the computational Diffie-Hellman (CDH) problem and it is highly efficient.

Proxiable Designated Verifier Signature

Proxiable Designated Verifier Signature

ID-based directed proxy signature scheme from bilinear pairings

A proxy signature scheme allows an entity to designate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former.Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite common. In 2006, Sunder Lal et al. [25] proposed designated verifier proxy signatures (DVPS) by combining the concept of proxy signatures with designated verifier signatures. In which the proxy signature can only be verified by the designated verifier and the designated verifier cannot convince any other party about the validity of the signatures. But in some situations/applications, it is necessary to convince the other parties about the validity of the signature because the signed messages may also be concern to others. In this paper, an ID-based directed proxy signatures from bilinear pairings is proposed by combining the concept of proxy signatures with directed signatures in the ID-based setting. In the proposed scheme, only the designated verifier can directly verify the proxy signature generated by the proxy signer on behalf of the original signer and any other party can verify the validity of the proxy signature with the help of the proxy signer or the designated verifier. Finally, we discussed the security requirements of the proposed scheme.

Identity-based strong designated verifier signature revisited

Abstract Designated verifier signature (DVS) allows the signer to persuade a verifier the validity of a statement but prevent the verifier from transferring the conviction. Strong designated verifier signature (SDVS) is a variant of DVS, which only allows the verifier to privately check the validity of the signer’s signature. In this work we observe that the unforgeability model considered in the existing identity-based SDVS schemes is not strong enough to capture practical attacks, and propose to consider another model which is shown to be strictly stronger than the old one. We then propose a new efficient construction of identity-based SDVS scheme, which is provably unforgeable under the newly proposed definition, based on the hardness of Computational Diffie–Hellman problem in the random oracle model. Our scheme is perfectly non-transferable in the sense that the signer and the designated verifier can produce identically distributed signatures on the same message. Besides, it is the first IBSDVS scheme that is non-delegatable with respect to (an identity-based variant of) the definition proposed by Lipmaa et al. (ICALP 2005).

A Provably Secure and Efficient Strong Designated Verifier Signature Scheme

Strong designated verifier signature scheme could make it possible for a signer to convince only the designated verifier that the signature is made by the signer. In 2007, Lee et al. proposed a designated verifier signature scheme with message recovery, attaching target message with signature, to prevent any attack by eavesdropping. In this paper, we propose an efficient strong designated verifier signature scheme, using key distribution mechanism where both sender and designated receiver share encryption/decryption key to fulfill encryption/decryption algorithm with low cost of communication and computation: 30% and 50% of Lee et al. scheme, respectively. We would prove its security based on public problem-Gap Diffie-Hellman (GDH) assumption.

Forgery attacks on Kang et al.’s identity-based strong designated verifier signature scheme and its improvement with security proof

Recently, Kang et al. proposed a new identity-based strong designated verifier signature scheme (ID-SDVS) and identity-based designated verifier proxy signature scheme (ID-DVPS). They claimed that their schemes are unforgeable. However, we found out that their schemes are universally forgeable in the sense that anyone can forge valid ID-SDVS and ID-DVPS on an arbitrary message without the knowledge of the secret key of either the signer or the designated verifier. Finally, we propose an improved ID-SDVS which is unforgeable. We give formal security proof of universal unforgeability of our scheme. We also give an improved ID-DVPS.

Universal Designated-Verifier Partially Blind Signatures for E-Commerce

Blind signature schemes can prevent the information of a signature and message pair from leaking to the signer. Partially blind signature is a signature of which the message containing some information agreed by the signer and the signature requester is in an unblinded form. To protect the privacy of partially blind signature holders from leaking out by verifiers, we introduced universal designated-verifier partially blind signatures, in which any holder of a partially blind signature can convert the partially blind signature into a designated-verifier signature. Given the designated-verifier signature, only the designated verifier can verify that the message is signed by the signer, but he is unable to convince anyone else of this fact. In this paper, we also proposed a universal designated-verifier partially blind signature scheme from bilinear pairings based on Chow et al.’s public key infrastructure (PKI)-based partially blind signature scheme. Finally, we illustrate the application of the universal designated-verifier partially blind signatures that they can be used in untraceable electronic commerce systems and other trust negotiation systems.

Delegatability of an Identity Based Strong Designated Verifier Signature Scheme

In 2007, Kancharla et al. proposed an identity-based strong designated verifier signature (IBSDVS) scheme based on bilinear pairings, and claimed it unforgeable and non-delegatable. However, in this paper, we show that this scheme is actually delegatable.

Generic constructions for universal designated-verifier signatures and identity-based signatures from standard signatures

The authors give a generic construction for universal (mutli) designated-verifier signature schemes from a large class of signature schemes, referred to as Class ℂ. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. The authors also propose a generic construction for (hierarchical) identity-based signature schemes from any signature scheme in ℂ and prove that the construction is secure against adaptive chosen message and identity attacks. The authors discuss possible extensions of our constructions to identity-based ring signatures and identity-based designated-verifier signatures from any signature in ℂ. Finally, the authors show that it is possible to combine the above constructions to obtain signatures with combined functionalities.

키 노출 공격에 안전한 ID-기반의 강한 지정된 검증자 서명 기법

A strong designated verifier signature scheme is a special type of signature scheme which provides signer anonymity by enabling the specified recipient, called a designated verifier, to simulate a signature which is indistinguishable from the signer`s signature. It has many applications such as software distribution or electronic voting. In this paper, we consider two important security properties of strong designated verifier signature scheme - source hiding and security against key-compromise attack. We show that the two properties cannot be achieved at the same time. Finally, we present a new ID-based strong designated verifier signature scheme which is secure against key-compromise attack.