Abstract. The concept of Designated Verifier Signatures (DVS) was introduced by Jakobsson, Sako and Impagliazzo at Eurocrypt’96. These signatures are intended to a specific verifier, who is the only one able to check their validity. In this context, we formalize the notion of privacy of signer’s identity which captures the strong designated verifier property investigated in their paper. We propose a variant of the pairing-based DVS scheme introduced at Asiacrypt’03 by Steinfeld, Bull, Wang and Pieprzyk. Contrary to their proposal, our new scheme can be used with any admissible bilinear map, especially with the low cost pairings and achieves the new anonymity property (in the random oracle model). Moreover, the unforgeability is tightly related to the Gap-Bilinear Diffie-Hellman assumption, in the random oracle model and the signature length is around 75 % smaller than the original proposal.

Abstract. We show that the signer can abuse the disavowal protocol in the Jakobsson-Sako-Impagliazzo designated-verifier signature scheme. In addition, we identify a new security property—non-delegatability—that is essential for designated-verifier signatures, and show that several previously proposed designated-verifier schemes are delegatable. We give a rigorous formalisation of the security for designated-verifier signature schemes, and propose a new and efficient designated-verifier signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the nonprogrammable random oracle model, and non-delegatable under a loose reduction in the programmable random oracle model. As a direct corollary, we also get a new efficient conventional signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the nonprogrammable random oracle plus common reference string model.

Abstract. In a proxy signature scheme, a user delegates his/her signing capability to another user in such a way that the latter can sign messages on behalf of the former. In this paper, we first propose a provably secure proxy signature scheme, which is based on a two-party Schnorr signature scheme. Then, we extend this basic scheme into designated-verifier proxy signatures (DVPS). More specifically, we get two versions of DVPS: weak DVPS and strong DVPS. In both versions, the validity of a proxy signature can be checked only by the designated verifier. In a weak DVPS scheme, however, the designated verifier can further convert such proxy signatures into public verifiable ones, while a strong DVPS scheme does not have the same property even if the designated verifier’s secret key is revealed willingly or unwillingly. In addition, we briefly discuss some potential applications for DVPS.

Universal designated verifier signatures (UDVS) were introduced in 2003 by Steinfeld et al. to allow signature holders to monitor the verification of a given signature in the sense that any plain signature can be publicly turned into a signature which is only verifiable by some specific designated verifier. Privacy issues, like non-dissemination of digital certificates, are the main motivations to study such primitives. In this paper, we propose two fairly efficient UDVS schemes which are secure (in terms of unforgeability and anonymity) in the standard model (i.e. without random oracles). Their security relies on algorithmic assumptions which are much more classical than assumptions involved in the two only known UDVS schemes in standard model to date. The latter schemes, put forth by Zhang et al. in 2005 and Vergnaud in 2006, rely on the Strong Diffie-Hellman assumption and the strange-looking knowledge of exponent assumption (KEA). Our schemes are obtained from Waters’s signature and they do not need the KEA assumption. They are also the first random oracle-free constructions with the anonymity property.

Identity based cryptosystem simplifies the key management and revocation problem. Here we propose an Identity Based Strong Designated Verifier Signature (IBSDVS) scheme using bilinear pairings. The Designated Verifier Signature scheme described in [10] is identity based but it suffers from the deligatability as pointed out in [4]. We analyse the security of the scheme and show that the problem of delegatability does not exist in our scheme.

Designated verifier signature (DVS) is a cryptographic primitive that allows a signer to convince a verifier the validity of a statement in a way that the verifier is unable to transfer the conviction to a third party. In DVS, signatures are publicly verifiable. The validity of a signature ensures that it is from either the signer or the verifier. Strong DVS (SDVS) enhances the privacy of the signer so that anyone except the designated verifier cannot verify the signer’s signatures. In this paper we propose a highly efficient SDVS scheme based on pseudorandom functions, which is proved to be secure in the standard model. Compared with the most efficient SDVS scheme secure in the random oracle model, our scheme has almost the same complexity in terms of both the computational cost of generating a signature and signature size. A signature of our scheme is simply the output of a pseudorandom function. The security of the scheme is tightly reduced to the hardness of DDH problem and the security of the pseudorandom function. Since our scheme is vulnerable to delegatability attacks, the study of which was initiated by Lipmaa, Wang and Bao in ICALP 2005, we then propose another construction of SDVS, which is the first one immune to delegatability attacks. The scheme is also very efficient, and has the same

Abstract. Non-interactive designated verifier (NIDV) proofs were first introduced by Jakobsson et al. and have widely been used as confirmation and denial proofs for undeniable signature schemes. There appears to be no formal security modelling for NIDV undeniable signatures or for NIDV proofs in general. Indeed, recent work by Wang has shown the original NIDV undeniable signature scheme of Jakobsson et al. to be flawed. We argue that NIDV proofs may have applications outside of the context of undeniable signatures and are therefore of independent interest. We therefore present two security models, one for general NIDV proof systems, and one specifically for NIDV undeniable signatures. We go on to repair the NIDV proofs of Jakobsson et al., producing secure NIDV proofs suited to combination with Chaum’s original undeniable signature scheme resulting in a secure and efficient concrete NIDV undeniable signature scheme. 1

Abstract: The paper proposes four new ID based strong designated verifier proxy signature (SDVPS) scheme. The schemes are formed by introducing proxy in ID based SDVS, ID based in SDVPS and ID based proxy in SDVS. We have also analyzed the security of the schemes and their computation aspects.

Abstract. In Eurocrypt 2004, Chen, Kudla and Paterson introduced the concept of concurrent signatures, which allow two parties to produce two ambiguous signatures until the initial signer releases an extra piece of information (called keystone). Once the keystone is publicly known, both signatures are bound to their true signers concurrently. In ICICS 2004, Susilo, Mu and Zhang further proposed perfect concurrent signatures to strengthen the ambiguity of concurrent signatures. That is, even if the both signers are known having issued one of the two ambiguous signatures, any third party is still unable to deduce who signed which signature, different from Chen et al.’s scheme. In this paper, we point out that Susilo et al.’s two perfect concurrent signature schemes are actually not concurrent signatures. Specifically, we identify an attack that enables the initial signer to release a carefully prepared keystone that binds the matching signer’s signature, but not the initial signer’s. Therefore, their schemes are unfair for the matching signer. Moreover, we present an effective way to avoid this attack so that the improved schemes are truly perfect concurrent signatures.

Abstract: Proxy signature schemes allow delegation of signing rights. The paper