Generic constructions for universal designated-verifier signatures and identity-based signatures from standard signatures
Generic constructions for universal designated-verifier signatures and identity-based signatures from standard signatures
- Author(s): S.F. Shahandashti and R. Safavi-Naini
- DOI: 10.1049/iet-ifs.2009.0036
For access to this article, please select a purchase option:
Buy article PDF
Buy Knowledge Pack
IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.
Thank you
Your recommendation has been sent to your librarian.
- Author(s): S.F. Shahandashti 1 and R. Safavi-Naini 2
-
-
View affiliations
-
Affiliations:
1: School of Computer Science and Software Engineering (SCSSE) and Centre for Computer and Information Security Research (CCISR), University of Wollongong, Wollongong, Australia
2: Department of Computer Science and icore Information Security Lab (iCIS), University of Calgary, Calgary, Canada
-
Affiliations:
1: School of Computer Science and Software Engineering (SCSSE) and Centre for Computer and Information Security Research (CCISR), University of Wollongong, Wollongong, Australia
- Source:
Volume 3, Issue 4,
December 2009,
p.
152 – 176
DOI: 10.1049/iet-ifs.2009.0036 , Print ISSN 1751-8709, Online ISSN 1751-8717
- « Previous Article
- Table of contents
- Next Article »
The authors give a generic construction for universal (mutli) designated-verifier signature schemes from a large class of signature schemes, referred to as Class ℂ. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. The authors also propose a generic construction for (hierarchical) identity-based signature schemes from any signature scheme in ℂ and prove that the construction is secure against adaptive chosen message and identity attacks. The authors discuss possible extensions of our constructions to identity-based ring signatures and identity-based designated-verifier signatures from any signature in ℂ. Finally, the authors show that it is possible to combine the above constructions to obtain signatures with combined functionalities.
Inspec keywords: digital signatures; cryptography
Other keywords:
Subjects: Cryptography theory; Cryptography; Data security
References
-
-
1)
- Bellare, M., Rogaway, P.: `The exact security of digital signatures – how to sign with RSA and rabin', EUROCRYPT'96, 1996, p. 399–416.
-
2)
- Balfanz, D., Durfee, G., Shankar, N., Smetters, D.K., Staddon, J., Wong, H.C.: `Secret handshakes from pairing-based key agreements', IEEE Symp. on Security and Privacy (IEEES&P'03), 2003, IEEE Computer Society, p. 180–196.
-
3)
- Susilo, W., Zhang, F., Mu, Y.: `Identity-based strong designated verifier signature schemes', ACISP'04, 2004, p. 313–324, (LNCS, 3108).
-
4)
- Rivest, R.L., Shamir, A., Tauman, Y.: `How to leak a secret', ASIACRYPT, 2001, p. 552–565, (LNCS, 2248).
-
5)
- Goldwasser, S., Waisbard, E.: `Transformation of digital signature schemes into designated confirmer signature schemes', TCC'04, 2004, p. 77–100, (LNCS, 2951).
-
6)
- T. Elgamal . A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory , 4 , 469 - 472
-
7)
- Jakobsson, M., Sako, K., Impagliazzo, R.: `Designated verifier proofs and their applications', EUROCRYPT'96, 1996, p. 143–154.
-
8)
- Waters, B.: `Efficient identity-based encryption without random oracles', EUROCRYPT'05, 2005, p. 114–127, (LNCS, 3494).
-
9)
- N. Asokan , V. Shoup , M. Waidner . Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun. , 4 , 593 - 610
-
10)
- Zhang, R., Furukawa, J., Imai, H.: `Short signature and universal designated verifier signature without random oracles', ACNS'05, 2005, p. 483–498, (LNCS, 3531).
-
11)
- Galindo, D., Herranz, J., Kiltz, E.: `On the generic construction of identity-based signatures with additional properties', ASIACRYPT'06, 2006, p. 178–193, (LNCS, 4284).
-
12)
- Steinfeld, R., Wang, H., Pieprzyk, J.: `Efficient extension of standard Schnorr/RSA signatures into universal designated-verifier signatures', Public Key Cryptography (PKC'04), 2004, p. 86–100, (LNCS, 2947).
-
13)
- Holt, J.E., Bradshaw, R.W., Seamons, K.E., Orman, H.K.: `Hidden credentials', WPES'03, ACM, 2003, p. 1–8.
-
14)
- Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: `Universal designated-verifier signatures', ASIACRYPT'03, 2003, p. 523–542, (LNCS, 2894).
-
15)
- Gentry, C., Silverberg, A.: `Hierarchical ID-based cryptography', ASIACRYPT'02, 2002, p. 548–566, (LNCS, 2501).
-
16)
- D. Pointcheval , J. Stern . Security arguments for digital signatures and blind signatures. J Cryptol. , 3 , 361 - 396
-
17)
- K.G. Paterson . ID-based signatures from pairings on elliptic curves. Electron. Lett. , 18 , 1025 - 1026
-
18)
- Catalano, D., Dodis, Y., Visconti, I.: `Mercurial commitments: minimal assumptions and efficient constructions', TCC'06, 2006, p. 120–144, (LNCS, 3876).
-
19)
- Huang, Z., Chen, K., Wang, Y.: `Efficient identity-based signatures and blind signatures', CANS'05, 2005, p. 120–133, (LNCS, 3810).
-
20)
- Fiat, A., Shamir, A.: `How to prove yourself: practical solutions to identification and signature problems', CRYPTO'86, 1986, p. 186–194, (LNCS, 263).
-
21)
- Vergnaud, D.: `New extensions of pairing-based signatures into universal designated verifier signatures', ICALP'06 (2), 2006, p. 58–69, (LNCS, 4052).
-
22)
- Shamir, A.: `Identity-based cryptosystems and signature schemes', CRYPTO'84, 1984, p. 47–53.
-
23)
- Paterson, K.G., Schuldt, J.C.N.: `Efficient identity-based signatures secure in the standard model', ACISP'06, 2006, p. 207–222, (LNCS, 4058).
-
24)
- Zhang, F., Susilo, W., Mu, Y., Chen, X.: `Identity-based universal designated verifier signatures', EUC'05 Workshops, 2005, p. 825–834, (LNCS, 3823).
-
25)
- Cha, J.C., Cheon, J.H.: `An identity-based signature from gap Diffie–Hellman groups', Public Key Cryptography (PKC'03), 2003, p. 18–30, (LNCS, 2567).
-
26)
- X. Yi . An identity-based signature scheme from the Weil pairing. Commun. Lett., IEEE , 2 , 76 - 78
-
27)
- Boneh, D., Boyen, X.: `Short signatures without random oracles', EUROCRYPT'04, 2004, p. 56–73, (LNCS, 3027).
-
28)
- Laguillaumie, F., Libert, B., Quisquater, J.J.: `Universal designated verifier signatures without random oracles or non-black box assumptions', SCN'06, 2006, p. 63–77, (LNCS, 4116).
-
29)
- Boneh, D., Franklin, M.K.: `Identity-based encryption from the Weil pairing', CRYPTO'01, 2001, p. 213–229, (LNCS, 2139).
-
30)
- Benaloh, J.C., Tuinstra, D.: `Receipt-free secret-ballot elections', STOC'94, 1994, p. 544–553.
-
31)
- Cramer, R., Damgård, I., Schoenmakers, B.: `Proofs of partial knowledge and simplified design of witness hiding protocols', CRYPTO'94, 1994, p. 174–187, (LNCS, 839).
-
32)
- Bellare, M., Rogaway, P.: `Random oracles are practical: a paradigm for designing efficient protocols', ACM Conf. Computer and Communications Security (ACMCCS'93), ACM, 1993, p. 62–73.
-
33)
- Gennaro, R., Halevi, S., Rabin, T.: `Secure hash-and-sign signatures without the random oracle', EUROCRYPT'99, 1999, p. 123–139.
-
34)
- Rabin, M.O.: `Digitalized signatures and public-key functions as intractable as factorization', Report no. MIT/LCS/TR-212, 1979.
-
35)
- Bellare, M., Neven, G.: `Multi-signatures in the plain public-key model and a general forking lemma', ACM Conf. on Computer and Communications Security (ACMCCS'06), ACM, 2006, p. 390–399.
-
36)
- Guillou, L.C., Quisquater, J.J.: `A “Paradoxical” indentity-based signature scheme resulting from zero-knowledge', CRYPTO'88, 1988, p. 216–231, (LNCS, 403).
-
37)
- Huang, X., Susilo, W., Mu, Y., Wu, W.: `Universal designated verifier signature without delegatability', ICICS'06, 2006, p. 479–498, (LNCS, 4307).
-
38)
- Bellare, M., Goldreich, O.: `On defining proofs of knowledge', CRYPTO'92, 1992, p. 390–420, (LNCS, 740).
-
39)
- Li, Y., Lipmaa, H., Pei, D.: `On delegatability of four designated verifier signatures', ICICS'05, 2005, p. 61–71, (LNCS, 3783).
-
40)
- Sakai, R., Ohgishi, K., Kasahara, M.: `Cryptosystems based on pairing', Symp. on Cryptography and Information Security (SCIS), January 2000, p. 26–28.
-
41)
- Lipmaa, H., Wang, G., Bao, F.: `Designated verifier signature schemes: attacks, new security notions and a new construction', ICALP'05, 2005, p. 459–471, (LNCS, 3580).
-
42)
- Ng, C.Y., Susilo, W., Mu, Y.: `Universal designated multi verifier signature schemes', ICPADS'05 (2), 2005, IEEE Computer Society, p. 305–309.
-
43)
- Zhang, F., Safavi-Naini, R., Susilo, W.: `An efficient signature scheme from bilinear pairings and its applications', Public Key Cryptography (PKC'04), 2004, p. 277–290, (LNCS, 2947).
-
44)
- R. Cramer , V. Shoup . Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. , 3 , 161 - 185
-
45)
- F. Cao , Z. Cao . An identity based universal designated verifier signature scheme secure in the standard model. J. Syst. Software , 4 , 643 - 649
-
46)
- C.P. Schnorr . Efficient signature generation by smart cards. J Cryptol. , 3 , 161 - 174
-
47)
- Camenisch, J., Damgård, I.: `Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes', ASIACRYPT'00, 2000, p. 331–345, (LNCS, 1976).
-
48)
- Shahandashti, S.F., Safavi-Naini, R.: `Construction of universal designated-verifier signatures and identity-based signatures from standard signatures', Public Key Cryptography (PKC'08), 2008, p. 121–140, (LNCS, 4939).
-
49)
- Camenisch, J., Stadler, M.: `Efficient group signature schemes for large groups (extended abstract)', CRYPTO'97, 1997, p. 410–424, (LNCS, 1294).
-
50)
- Bellare, M., Namprempre, C., Neven, G.: `Security proofs for identity-based identification and signature schemes', EUROCRYPT'04, 2004, p. 268–286, (LNCS, 3027).
-
51)
- W. Diffie , M.E. Hellman . New directions in cryptography. IEEE Trans. Inf. Theory , 6 , 644 - 654
-
52)
- Barreto, P.S.L.M., Libert, B., McCullagh, N., Quisquater, J.J.: `Efficient and provably-secure identity-based signatures and signcryption from bilinear maps', ASIACRYPT'05, 2005, p. 515–532, (LNCS, 3788).
-
53)
- Shailaja, G., Kumar, K.P., Saxena, A.: `Universal designated multi verifier signature without random oracles', ICIT'06, 2006, IEEE Computer Society, p. 168–171.
-
54)
- Garay, J.A., Jakobsson, M., MacKenzie, P.D.: `Abuse-free optimistic contract signing', CRYPTO'99, 1999, p. 449–466, (LNCS, 1666).
-
55)
- Bellare, M., Palacio, A.: `GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks', CRYPTO'02, 2002, p. 162–177, (LNCS, 2442).
-
56)
- Camenisch, J., Lysyanskaya, A.: `Signature schemes and anonymous credentials from bilinear maps', CRYPTO'04, 2004, p. 56–72, (LNCS, 3152).
-
57)
- Camenisch, J., Lysyanskaya, A.: `A signature scheme with efficient protocols', SCN'02, 2002, p. 268–289, (LNCS, 2576).
-
58)
- J.A. Garay , P.D. MacKenzie , K. Yang . Strengthening zero-knowledge protocols using signatures. J. Cryptol. , 2 , 169 - 209
-
59)
- U. Feige , A. Fiat , A. Shamir . Zero-knowledge proofs of identity. J Cryptol. , 2 , 77 - 94
-
60)
- Laguillaumie, F., Vergnaud, D.: `Designated verifier signatures: anonymity and efficient construction from any bilinear map', SCN'04, 2004, p. 105–119, (LNCS, 3352).
-
61)
- S. Goldwasser , S. Micali , R. Rivest . A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. , 2 , 281 - 308
-
62)
- Laguillaumie, F., Vergnaud, D.: `Multi-designated verifiers signatures', ICICS'04, 2004, p. 495–507, (LNCS, 3269).
-
63)
- D. Vergnaud . New extensions of pairing-based signatures into universal (multi) designated verifier signatures.
-
64)
- Hess, F.: `Efficient identity based signature schemes based on pairings', Selected Areas in Cryptography (SAC'02), 2002, p. 310–324, (LNCS, 2595).
-
65)
- Okamoto, T.: `Provably secure and practical identification schemes and corresponding signature schemes', CRYPTO'92, 1992, p. 31–53, (LNCS, 740).
-
66)
- S. Goldwasser , S. Micali , C. Rackoff . The knowledge complexity of interactive proof systems. SIAM J. Comput. , 1 , 186 - 208
-
67)
- Boneh, D., Lynn, B., Shacham, H.: `Short signatures from the Weil pairing', ASIACRYPT'01, 2001, p. 514–532, (LNCS, 2248).
-
68)
- Tso, R., González Nieto, J., Okamoto, T., Boyd, C., Okamoto, E.: `Verifier-key-flexible universal designated-verifier signatures', IMA International Conference, 2007, p. 403–421, (LNCS, 4887).
-
69)
- X. Huang , W. Susilo , Y. Mu , W. Wu . Secure universal designated verifier signature without random oracles. Int. J. Inf. Sec. , 3 , 171 - 183
-
70)
- Kurosawa, K., Heng, S.H.: `From digital signature to ID-based identification/signature', Public Key Cryptography (PKC'04), 2004, p. 248–261, (LNCS, 2947).
-
71)
- Zhang, F., Kim, K.: `ID-based blind signature and ring signature from pairings', ASIACRYPT'02, 2002, p. 533–547, (LNCS, 2501).
-
72)
- R.L. Rivest , A. Shamir , L. Adleman . A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM , 2 , 120 - 126
-
73)
- Cramer, R., Damgård, I., MacKenzie, P.D.: `Efficient zero-knowledge proofs of knowledge without intractability assumptions', Public Key Cryptography (PKC'00), 2000, p. 354–372, (LNCS, 1751).
-
1)