Universal Designated-Verifier Signatures

  • Ron Steinfeld
  • Laurence Bull
  • Huaxiong Wang
  • Josef Pieprzyk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)

Abstract

Motivated by privacy issues associated with dissemination of signed digital certificates, we define a new type of signature scheme called a ‘Universal Designated-Verifier Signature’ (UDVS). A UDVS scheme can function as a standard publicly-verifiable digital signature but has additional functionality which allows any holder of a signature (not necessarily the signer) to designate the signature to any desired designated-verifier (using the verifier’s public key). Given the designated-signature, the designated-verifier can verify that the message was signed by the signer, but is unable to convince anyone else of this fact.

We propose an efficient deterministic UDVS scheme constructed using any bilinear group-pair. Our UDVS scheme functions as a standard Boneh-Lynn-Shacham (BLS) signature when no verifier-designation is performed, and is therefore compatible with the key-generation, signing and verifying algorithms of the BLS scheme. We prove that our UDVS scheme is secure in the sense of our unforgeability and privacy notions for UDVS schemes, under the Bilinear Diffie-Hellman (BDH) assumption for the underlying group-pair, in the random-oracle model. We also demonstrate a general constructive equivalence between a class of unforgeable and unconditionally-private UDVS schemes having unique signatures (which includes the deterministic UDVS schemes) and a class of ID-Based Encryption (IBE) schemes which contains the Boneh-Franklin IBE scheme but not the Cocks IBE scheme.

References

  1. 1.
    Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-based Cryptosystems. In: CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001), See full updated version available at: http://crypto.stanford.edu/~dabo/pubs.html CrossRefGoogle Scholar
  5. 5.
    Brands, S.: A technical overview of digital credentials (1999), Available at: http://www.xs4all.nl/~brands/
  6. 6.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates. MIT Press, Cambridge (2000)Google Scholar
  7. 7.
    Brassard, G., Chaum, D., Crúpeau, C.: Minimum Disclosure Proofs of Knowledge. Journal of Computer and System Sciences 37(2), 156–189 (1988)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-Transferrable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Camenisch, J., Michels, M.: Confirmer Signature Schemes Secure against Adaptive Adversaries. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 243–258. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., van Antwerpen, H.: Undeniable Signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Chaum, D.: Security without ID: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  12. 12.
    Chaum, D.: Zero-Knowledge Undeniable Signatures. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991)Google Scholar
  13. 13.
    Chaum, D.: Designated Confirmer Signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 86–91. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  14. 14.
    Cocks, C.: An Identity Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Coron, J.-S.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  17. 17.
    Gennaro, R., Rabin, T.: RSA-Based Undeniable Signatures. J. of Cryptology 13, 397–416 (2000)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 690–728 (1991)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Scheme Secure against Adaptively Chosen Message Attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. J. of Computer and System Sciences 28(2), 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and Their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  22. 22.
    Joux: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  23. 23.
    Joux, A.: The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Krawcyk, H., Rabin, T.: Chameleon Signatures. In: NDSS 2000 (2000), Available at: http://www.isoc.org/isoc/conferences/ndss/2000/proceedings/
  25. 25.
    Michels, M., Stadler, M.: Generic Constructions for Secure and Efficient Confirmer Signature Schemes. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 406–421. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Authors of this paper (2003) (work in progress)Google Scholar
  27. 27.
    Okamoto, T.: Designated Confirmer Signatures and Public-Key Encryption are Equivalent. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 61–74. Springer, Heidelberg (1994)Google Scholar
  28. 28.
    Rivest, R., Shamir, A., Tauman, Y.: How to Leak a Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  29. 29.
    Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  30. 30.
    Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption (Version 1.1). ISO/IEC JTC 1/SC 27 (December 2001)Google Scholar
  31. 31.
    Steinfeld, R., Bull, L., Zheng, Y.: Content Extraction Signatures. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ron Steinfeld
    • 1
  • Laurence Bull
    • 2
  • Huaxiong Wang
    • 1
  • Josef Pieprzyk
    • 1
  1. 1.Dept. of ComputingMacquarie UniversityNorth RydeAustralia
  2. 2.School of Computer Science and Software EngineeringMonash UniversityMelbourneAustralia

Personalised recommendations