Secure universal designated verifier signature without random oracles

In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature to any desired designated verifier (using the verifier’s public key), such that only the designated verifier can believe that the signature holder does have a valid publicly verifiable signature, and hence, believes that the signer has signed the message. Any other third party cannot believe this fact because this verifier can use his secret key to create a valid UDVS which is designated to himself. In ACNS 2005, Zhang, Furukawa and Imai proposed the first UDVS scheme without random oracles. In this paper, we give a security analysis to the scheme of Zhang et al. and propose a novel UDVS scheme without random oracles based on Waters’ signature scheme, and prove that our scheme is secure under the Gap Bilinear Diffie Hellman assumption.     

标准模型下广义指定验证者签密

针对现实中签名的安全问题,提出了基于Waters技术的标准模型下安全的广义指定验证者签密方案。签密能够在一个逻辑步骤内同时完成加密和签名的功能。在广义指定验证者签名中,签名持有者即其拥有签名者的签名,能够确认一个指定验证者使其拥有这个签名,而指定验证者不能转移这种认定给其他任何人,仅指定的验证者能够验证签名的存在性。该方案通过广义指定验证者和签密的结合,消除了签名者和签名持有者在签名传输时所需的安全通道。在计算性线性Diffie-Hellman问题假设下,该方案被证明是安全的。和现有的方案相比,所提方案具有较高的计算效率。     

无证书的广义指定多个验证者签名体制*

提出了无证书的广义指定多个验证者的签名体制,将指定单个验证者签名方案扩展到了指定多个验证者的签名方案。该方案满足所有无证书体制下指定验证者签名所要满足的安全要求,它的不可伪造性依赖于BDH假设,并且在随机预言模型下证明了该方案能够抵抗适应性选择消息和身份攻击。     

An ID-based multi-signer universal designated multi-verifier signature scheme

In an ID-based universal designated verifier signature scheme, a single signer generates a signature that can only be verified by a designated verifier using a simplified public identity such as an e-mail address. In this paper, we expand the scheme to a multi-user setting for generating and verifying signatures in practical applications. An ID-based multi-signer universal designated multi-verifier signature scheme based on bilinear pairings is proposed that allows a set of multi-signer to cooperatively generate a signature and designate a set of multi-verifier to verify it. The security of the proposed scheme is demonstrated to be resistant to existentially forgery from adaptive chosen-message and chosen-ID attacks under the Bilinear Diffie-Hellman problem.     

Identity-based universal designated multi-verifiers signature schemes

An identity-based (ID-based) universal designated verifier signature (ID-UDVS) scheme allows a signature holder to designate a specific verifier of the signature by using a simplified public identity such as e-mail address. In the paper, we present an efficient identity-based universal designated multi-verifiers signature (ID-UDMVS) scheme by extending a single verifier to a set of multi-verifiers for verification of a signature. To achieve our goal, we construct an ID-based signature scheme providing batch verification and then, using this scheme as a building block, we firstly propose an ID-UDMVS scheme with constant signature size. Interestingly our construction method can be used as a generic method transforming an ID-UDVS scheme, which is defined in a bilinear version of the so-called ∑ protocol, to an ID-UDMVS scheme.     

无证书广义指定多个验证者有序多重签名

有序多重签名方案一般都是基于离散对数或身份的,存在着证书管理问题或是密钥托管问题。广义指定多个验证者签名体制允许签名的持有者指定多个签名的验证者,只有被指定的验证者可以验证签名的有效性。将无证书签名体制和广义指定多个验证者签名体制相结合,提出了无证书广义指定多个验证者有序多重签名方案及其安全模型。在随机预言模型下的安全性分析表明：该方案可以抵抗适应性选择消息攻击,其不可伪造性基于BDH困难假设。     

自认证广义指定验证者签密方案

基于自认证签密和广义指定验证者签名的思想,一个新的自认证广义指定验证者签密方案被提出,在椭圆曲线离散对数问题和双线性Diffie-Hellman问题的困难性假设下,该方案被证明是安全的。该方案允许签密的持有者指定签密给指定的验证者,仅仅只有指定的验证者能够验证这个签密,不存在证书管理问题和密钥托管问题,具有存储量小、安全性强等优点,在电子商务和电子政务中具有很实用的价值。     

标准模型下可证明安全的广义指定验证者签名(证明)方案

基于最新被提出的k+1平方根假设,提出了两个新的不同类型的广义指定验证者签名方案,它们都是在标准模型之下可证明安全的。第二个方案的指定者可以把签名任意指定给某一个验证者,指定验证者借助Schnorr认证协议的思想采用一个高效的交互协议进行验证。因此,第二个方案常被称为广义指定验证者签名证明方案。     

A novel identity-based strong designated verifier signature scheme

Unlike ordinary digital signatures, a designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party. In a strong designated verifier signature scheme, no third party can even verify the validity of a designated verifier signature, since the designated verifier’s private key is required in the verifying phase. Firstly, this paper proposes the model of identity-based strong designated verifier signature scheme based on bilinear pairings by combining identity-based cryptosystem with the designated verifier signature scheme, and then, provides one concrete strong identity-based designated verifier signature scheme, which has short size of signature, low communication and computational cost. We provide security proofs for our scheme.     

一种通用的指定验证者环签名方案的改进

Li-Wang(2006)提出了一种通用指定验证者环签名方案(UDVRS)。该方案允许签名者指定一个验证者并产生一个指定验证者环签名,使得只有指定验证者才能验证该环签名。通过对Li-Wang提出的通用环签名方案进行分析,指出了该方案并不满足指定验证者性质,给出了攻击方法。为避免该缺陷,对Li-Wang通用指定验证者环签名方案进行改进,改进后的方案是可证安全的。     

可追溯的广义指定验证者签名证明方案

为了解决传统广义指定验证者签名证明方案中强隐私保护性质对验证者不公平的问题,提出了可追溯的广义指定验证者签名证明（traceable universal designated verifier signature proof,TUDVSP）方案.在TUDVSP方案中,引入一个追溯中心,可将指定者的转换签名恢复为原始签名,从而防止签名者与指定者合谋欺骗验证者.基于现实应用考虑,从不可伪造性、抗仿冒攻击和可追溯性这3个方面定义了TUDVSP方案的安全模型.利用双线性映射构造具体的TUDVSP方案,并证明该方案具有不可伪造性、抗仿冒攻击和可追溯性.实验结果表明,完成一次签名追溯仅需21 ms左右的计算开销与120字节的通信开销.     

广义指定多个验证者有序多重签名方案

广义指定多个验证者签名允许签名持有者指定多个签名验证者,有序多重签名则可满足多个签名者以严格的次序进行签名的要求。根据上述特性,提出一种基于身份的广义指定多个验证者有序多重签名方案,采用类短签名的形式构造签名,并在随机预言模型下证明方案的安全性。分析结果表明,该方案具有较高的效率,可抵抗适应性选择消息和身份攻击。     

新的基于身份的广义指定多验证者签名

在一个指定验证者签名方案中,只有指定的验证者才能验证签名的有效性。论文基于双线性对提出一种新的基于身份的广义指定多个验证者签名方案。新方案采用引进两个独立PKG的方法,在一定程度上消除了单个PKG可以伪造用户签名的安全缺陷。证明了在BDH问题假设和随机预言机下新方案是安全的。     

Efficient strong designated verifier signature schemes without random oracle or with non-delegatability

Designated verifier signature (DVS) allows a signer to convince a designated verifier that a signature is generated by the signer without letting the verifier transfer the conviction to others, while the public can still tell that the signature must be generated by one of them. Strong DVS (SDVS) strengthens the latter part by restricting the public from telling whether the signature is generated by one of them or by someone else. In this paper, we propose two new SDVS schemes. Compared with existing SDVS schemes, the first new scheme has almost the same signature size and meanwhile, is proven secure in the standard model, while the existing ones are secure in the random oracle model. It has tight security reduction to the DDH assumption and the security of the underlying pseudorandom functions. Our second new scheme is the first SDVS supporting non-delegatability, the notion of which was introduced by Lipmaa, Wang and Bao in the context of DVS in ICALP 2005. The scheme is efficient and is provably secure in the random oracle model based on the discrete logarithm assumption and Gap Diffie–Hellman assumption.     

A strong designated verifier signature scheme tightly related to the LRSW assumption

In this paper, we propose the first strong designated verifier signature scheme with a tight security reduction to the LRSW assumption in the standard model.     

A novel ID-based designated verifier signature scheme

In a designated verifier signature scheme, only the designated verifier can verify the validity of a signature. This paper studies an Identity-based Strong Designated Verifier Signature (IBSDVS) scheme based on bilinear pairings by combining ID-based cryptosystem with the designated verifier signature scheme. We analyze the security of the scheme and the result shows that the security of our proposed scheme is closely related to the Bilinear Diffie-Hellman problem and the scheme is against delegatability attack.     

Comment on Saeednia et al.'s strong designated verifier signature scheme

In 1996, Jakobsson et al. proposed a designated verifier signature scheme in which only one specified person, called a designated verifier, can be convinced of the validity of the signature and the identity of the signer. This is possible by giving the designated verifier the ability to simulate a signature him/herself in an indistinguishable way. Therefore, the other third party cannot determine whether the signature is from the signer or the designated verifier. However, in some circumstances, the third party may be convinced that a signature intended for the designated verifier is actually generated by the signer.In 2003, Saeednia et al. proposed a strong designated verifier signature scheme to overcome this problem. However, we found that Saeednia et al.'s scheme would reveal the identity of the signer if the secret key of this signer is compromised. In this paper, we provide a new strong designated verifier signature scheme that provides signer ambiguity, even if the secret key of the signer is compromised. We also analyze the proposed scheme.     

一个强指定验证者签名方案的密码学分析

对李明祥等提出的一个基于身份的强指定验证者签名方案进行了安全性分析,指出其存在两个重大的安全缺陷：（1）该方案是可以普遍伪造的;（2）该方案不是一个指定验证者签名方案,非指定验证者也可以验证签名的有效性。提出了改进方案,克服了原方案的缺陷,提高了系统的安全性,并保留了原方案的优点。     

基于ECC的自认证广义指定验证者签密

广义指定验证者签名允许签名的持有者指定签名给指定的验证者,但仅有指定的验证者能够验证这个签名,针对该问题,利用椭圆曲线密码体制(ECC)和自认证签密的特点,提出一个基于ECC的自认证广义指定验证者签密。该方案不仅消除了证书存在问题和密钥托管问题,而且具有算法复杂度低、处理速度快、存储空间占用小等特点,适合应用于电子投票、电子拍卖等领域。     

带消息恢复功能的代理盲签名方案分析与改进

对俞建英等人提出的具有消息恢复功能的代理盲签名方案(计算机应用与软件,2011年第2期)进行安全性分析,指出在该方案中指定验证者可以冒充代理签名者对任意消息伪造代理盲签名,且代理签名者和指定验证者合谋可以追踪消息拥有者。为此,提出一种可以抵抗指定验证者的伪造攻击和链接攻击的代理盲签名方案。分析结果表明,改进的方案具有强不可伪造性、不可否认性、不可链接性和保密性等安全性质。