Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Li-Hong Guo,Hai-Tao Wu,Qing Yang

DOI: https://doi.org/10.2991/icwcsn-16.2017.32

2016-01-01

Abstract:Proxy signature schemes have been suggested for use in a number of applications, so the security of proxy signature scheme is more and more important. However, at present, almost all the proxy signature schemas were proven secure in the random oracle model, which has received a lot of criticism. Recently, Yu et al. proposed a designated verifier proxy signature scheme without random oracles by using Waters hashing technique. The formal models and a strictly logical process were provided in this schema. But Kang et al. show some attacks on Yu et al.s scheme and offer its insecurity proof. In this paper, in order to overcome the weaknesses in Yu et al.s scheme we make supplements on it and make it secure resist Kang et al.s attacks.

Shengke Zeng,Hu Xiong

DOI: https://doi.org/10.6633/ijns.201409.16(5).02

2014-01-01

Abstract:As an extension of digital signature, designated confirmer signature (DCS) efficiently realizes the privacy protection of the signer. In a DCS scheme, the validity of the sig-nature must be confirmed by the signer or a semi-trusted third party, called confirmer. Since the DCS signature is generated by encrypting a standard signature with the designated confirmer's public key, only the confirmer can disavow invalid signatures. Moreover, the confirmer al-ways can further convert a DCS into an ordinary signature by decrypting the DCS such that it is publicly verifiable. This property is necessary in some cases. However, from the view of the signer, the privacy is leaked if the DCS is converted into an ordinary signature by the confirmer. In this work, we propose a new DCS scheme without the random oracles. Both the signer and confirmer in this new construction can confirm a valid DCS and disavow an invalid signature. Furthermore, the authority of the confirmer is limited. He is designated by the signer to verify the validity of a signature only when the signer is unavailable. However, the confirmer cannot convert a valid DCS into a standard signature. This new property of DCS is more favorable to the signer.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Xiao Zhang,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-319-60055-0_24

2017-01-01

Abstract:In this paper, we construct the first tightly secure signature scheme against adaptive chosen message attacks (CMA) from the Decisional Composite Residuosity (DCR) Assumption. Moreover, the verification key in our scheme is of constant size. Based on the DCR assumption, we design a one-time secure signature scheme first, then we employ a flat tree structure to obtain a signature scheme that is secure against non-adaptive chosen message attacks (NCMA). By combining the one-time scheme and NCMA-secure scheme, we obtain the final CMA-secure signature scheme with a tight security reduction to the DCR assumption.

Jun-Rui Wang,Xing Xie,Yu-Chi Chen

DOI: https://doi.org/10.6688/JISE.20220938(5).0011

2022-01-01

Journal of information science and engineering

Abstract:Designated verifier signature (DVS) is a variant of digital signature which can desig-nate a verifier to verify signatures. The key difference between message authentication code and DVS is that there is no initial and shared key in DVS. In this paper, we propose a new generic construction of DVS from standard cryptographic algorithms. Our DVS construc-tion is very modular and composed of a few fundamentally cryptographic primitives (i.e., message authentication code, public key encryption and collision resistant hash). Based on the DVS construction, we can also obtain a generic construction of threshold designated verifier signature with only slight modification.

Debiao He,Jianhua Chen

2013-01-01

The International Arab Journal of Information Technology

Abstract:To solve the key escrow problem in identity-based cryptosystem, Al-Riyami et al. introduced the CertificateLess Public Key Cryptography (CL-PKC). As an important cryptographic primitive, CertificateLess Designated Verifier Signature (CLDVS) scheme was studied widely. Following Al-Riyami et al. work, many certificateless Designated Verifier Signature (DVS) schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. In order to improve the performance we propose a certificateless DVS scheme without bilinear pairings. With the running time of the signature being saved greatly, our scheme is more practical than the previous related schemes for practical application.

Yang Chen,Yang Zhao,Hu Xiong,Feng Yue

DOI: https://doi.org/10.6633/ijns.201707.19(4).10

2017-01-01

Abstract:The designated verifier signature only enables the designated verifier to check the correctness of the signature, while any third party can not verify whether this signature is valid or not. Most of the previous designated verifier signature schemes depend on certificate-based cryptography or identity-based cryptography, while little attention has been paid to the certificateless designated verifier signature scheme which has much more advantages than the previous constructions. In this paper, we propose the first certificateless strong designated verifier signature scheme with non-delegatability. We show that our scheme satisfies the basic properties of a designated verifier signature scheme and resists the two types of adversaries in certificateless cryptography. In addition, the comparison with other existing certificateless SDVS schemes demonstrates the proposed scheme is provided with a good level of security and performance.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1109/isdpe.2007.76

2007-01-01

Abstract:Identity based crypto system is a public key cryptosystem where the public key can be represented as an arbitrary string. However, an identity based signature scheme that is fully secure in the standard model with a tight reduction has not been proposed until now. In this paper, we propose an identity based signature scheme that is fully secure in the standard model and has several advantages-computational efficiency, short public parameters, and a tight security reduction. In many situations we want to enjoy confidentiality and authenticity simultaneously. A traditional approach to achieve this objective is to "sign-then-encrypt" this message, or we can employ special cryptographic scheme like signcryption. To the best of our knowledge, reference [15] proposes the only identity based signcryption scheme in the standard model. But its security proof is based on a weaker model-"sample-ID" model and the reduction is not tight. Combining an identity based encryption scheme, we also propose the first identity based signcryption scheme that is fully secure in the standard model with a tight reduction. Moreover, our signcryption scheme has public verifiability.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Bo Yang,Ying Sun,Yong Yu,Qi Xia

DOI: https://doi.org/10.1109/incos.2012.24

2012-01-01

Abstract:Designated verifier signature (DVS) is a cryptographic primitive, which allows a signer to convince a designated verifier of the validity of a signed statement and prevents the verifier from convincing any third party about the signature. As a variant of DVS, strong DVS (SDVS), which exhibits perfect non-transferability, does not accommodate secure disavow ability (or non-repudiation). It makes a SDVS more like a message authentication code rather than a digital signature. In this situation, the signer has to bear the responsibility of some "forged" signatures produced by the designated verifier. Therefore, it's interesting to construct a strong DVS scheme with secure disavow ability. In this paper, we address this problem with a novel construction of a SDVS scheme with secure disavow ability. The new scheme utilizes a chameleon hash function and supports the signer to have a complete control of his signature. Our scheme achieves unforgeability, non-transferability and secure disavow ability. Comparisons show that the new scheme outperforms the existing one in terms of computational efficiency and signature length.

Xin Lv,Feng Xu,Ping Ping,Xuan Liu,Huaizhi Su

DOI: https://doi.org/10.1109/DCABES.2015.48

2015-01-01

Abstract:Ring signatures enable a user to sign a message so that a ring of possible signers is identified, without revealing exactly which member of that ring actually generated the signature. In some situations, however, an actual signer may possibly want to expose himself, for instance, if doing so, he will acquire an enormous benefit. In this paper, a signature scheme with designated verifiability based on Schnorr ring signature is proposed. The scheme provides a confirmation procedure, in which the real signer is able to convince a designated party that he is the one who generates the signature. The confirming procedure involves an interactive Zero-Knowledge proof protocol, which is non-transferable, and it only can be triggered by the signer. Based on the intractability of Discrete Logarithm Problem (DLP), the scheme is existentially unforgeable under adaptive-chosen message attack in the random oracle model.

Mingwu Zhang,Tsuyoshi Takagi,Bo Yang,Fagen Li

DOI: https://doi.org/10.1587/transfun.e95.a.259

2012-01-01

Abstract:Strong designated verifier signature scheme (SDVS) allows a verifier to privately check the validity of a signature. Recently, Huang et al. first constructed an identity-based SDVS scheme (HYWS) in a stronger security model with non-interactive proof of knowledge, which holds the security properties of unforgeability, non-transferability, non-delegatability, and privacy of signer's identity. In this paper, we show that their scheme does not provide the claimed properties. Our analysis indicates that HYWS scheme neither resist on the designated verifier signature forgery nor provide simulation indistinguishability, which violates the security properties of unforgeability, non-delegatability and non-transferability.

Yongjian Liao,Zhiguang Qin

DOI: https://doi.org/10.1109/iccis.2008.4670894

2008-01-01

Abstract:There are only two possible signers in designated verifier signature(DVS) scheme, thus anyone else can not know who is the real signer according to signature/message pairs. Lipmaa et al. discovered delegatability attack on almost all existing designated verifier signature according to original definition of DVS, and later Li et al. subdivided the delegation and defined verifier-only delegatability. Here, we point out the formal definition of verifier-only delegatability is not reasonable and redefine it. Meanwhile we show ZFI DVS scheme is not verifier-only delegatable, but is delegatable, and show ZJ DVS scheme is verifier-only delegatable scheme. We present notion of signer-only delegatability and put forward general construction from verifier-only delegatable DVS scheme to signer-only delegatable DVS scheme, vice verse. We using ZJ DVS scheme as example to show how to construct signer-only delegatable scheme. Finally we classify delegatable DVS scheme into both signer and designated verifier delegatable scheme, verifier-only delegatable scheme and signer-only scheme.

Yang Muxiang,Su Li,Li Jun,Hong Fan

DOI: https://doi.org/10.1007/bf02831833

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:In multisignature schemes signers can sign either in a linear order or not in any specified order, but neither of them is adequate in some scenarios where require mixture using of orderless and ordered multisignature. Most order-specified multisignatures specified the orders as linear ones. In this paper, we proposed an order-specified multisignature scheme based on DSA secure against active insider attack. To our knowledge, it is the first order-specified multisignature shceme based on DSA signature scheme, in which signers can sign in flexible order represented by series-parallel graphs. In the multisignature scheme verification to both signers and signing order are available. The security of the scheme is proved by reduce to an identification scheme that is proved have some concrete security. The running time of verifying a signature is comparable to previous schemes while the running time of multisignature generation and the space needed is less than those schemes.

Shifeng Sun,Qiaoyan Wen,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1109/isise.2010.47

2010-01-01

Abstract:Recently, several ID-based strong designated verifier signature schemes have been proposed in the literature. However, most of them can not satisfy the strong ness property that any third party without the designated verifier's private key is unable to check the validity of a designated verifier signature, and they are not given the rigorous security proofs. To solve those problems above, we put forward a new efficient ID-based strong designated verifier signature scheme in this paper which is strong, and rigorously proved secure in the random oracle model based on the Bilinear Diffie-Hellmanassumptions.

Shaonan Hou,Shaojun Yang,Chengjun Lin

DOI: https://doi.org/10.3390/math12193070

IF: 2.4

2024-09-30

Mathematics

Abstract:Transitive signatures allow any entity to obtain a valid signature of (i,k) by combining signatures of (i,j) and (j,k). However, the traditional transitive signature scheme does not offer fine-grained control over the combiner. To address this issue, we propose a formal definition of the attribute-based designated combiner transitive signature (ABDCTS) and its security model, where only entities whose inherent attributes meet the access policy can combine signatures. By introducing the fine-grained access control structure, control over the combiner is achieved. To demonstrate the feasibility of our primitive, this paper presents the first attribute-based designated combiner transitive signature scheme. Under an adaptive chosen-message attack, we prove its security based on the one-more CDH problem and the co-CDH problem, and that its algorithms have robustness.

mathematics

秦志光,廖永建

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.05.033

2009-01-01

Abstract:Compared with ordinary digital signature,the designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party.In designated verifier signature scheme,no third party can even verify the validity of a designated verifier signature since it must use the designated verifier's secret key in verification.Recently,an ID-based strong designated verifier scheme,ID-based designated verifier proxy signature scheme,and partial cryptanalysis ware proposed.In this paper,we show that the designated verifier signature scheme is delegatable,and the designated verifier proxy signature is forgeable since construction of the proxy scheme is unreasonable.