Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction

  • Helger Lipmaa
  • Guilin Wang
  • Feng Bao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3580)


We show that the signer can abuse the disavowal protocol in the Jakobsson-Sako-Impagliazzo designated-verifier signature scheme. In addition, we identify a new security property—non-delegatability—that is essential for designated-verifier signatures, and show that several previously proposed designated-verifier schemes are delegatable. We give a rigorous formalisation of the security for designated-verifier signature schemes, and propose a new and efficient designated-verifier signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the non-programmable random oracle model, and non-delegatable under a loose reduction in the programmable random oracle model. As a direct corollary, we also get a new efficient conventional signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the non-programmable random oracle plus common reference string model.


Designated verifier signature scheme non-delegatability non-programmable random oracle model signature scheme 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [DF02]
    Damgård, I., Fujisaki, E.: An Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [JSI96]
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and Their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  3. [KW03]
    Katz, J., Wang, N.: Efficiency Improvements for Signature Schemes with Tight Security Reductions. In: 10th ACM Conference on Computer and Communications Security, Washington, D.C., USA, October 27-31, pp. 155–164. ACM Press, New York (2003)CrossRefGoogle Scholar
  4. [LV04]
    Laguillaumie, F., Vergnaud, D.: Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 105–119. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. [Nie02]
    Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. [SBWP03]
    Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: Universal designated-verifier signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 523–542. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. [SKM03]
    Saeednia, S., Kremer, S., Markowitch, O.: An Efficient Strong Designated Verifier Signature Scheme. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 40–54. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. [SWP04]
    Steinfeld, R., Wang, H., Pieprzyk, J.: Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 86–100. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Helger Lipmaa
    • 1
  • Guilin Wang
    • 2
  • Feng Bao
    • 2
  1. 1.Cybernetica AS and University of TartuEstonia
  2. 2.Institute for Infocomm Research (I2R)Singapore

Personalised recommendations