Designated Verifier Signatures: Anonymity and Efficient Construction from Any Bilinear Map

  • Fabien Laguillaumie
  • Damien Vergnaud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)


The concept of Designated Verifier Signatures (DVS) was introduced by Jakobsson, Sako and Impagliazzo at Eurocrypt’96. These signatures are intended to a specific verifier, who is the only one able to check their validity. In this context, we formalize the notion of privacy of signer’s identity which captures the strong designated verifier property investigated in their paper. We propose a variant of the pairing-based DVS scheme introduced at Asiacrypt’03 by Steinfeld, Bull, Wang and Pieprzyk. Contrary to their proposal, our new scheme can be used with any admissible bilinear map, especially with the low cost pairings and achieves the new anonymity property (in the random oracle model). Moreover, the unforgeability is tightly related to the Gap-Bilinear Diffie-Hellman assumption, in the random oracle model and the signature length is around 75% smaller than the original proposal.


Designated verifier signatures Privacy of signer’s identity Bilinear Diffie-Hellman problems Exact security Tight reduction 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-Privacy in Public-Key Encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 162–177. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In: Proc. of 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. SIAM J. Computing 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Camenisch, J.: Efficient and Generalized Group Signatures. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 465–479. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Chaum, D.: Private Signature and Proof Systems. United States Patent 5,493,614 (1996)Google Scholar
  8. 8.
    Goh, E.-J., Jarecki, S.: A Signature Scheme as Secure as the Diffie-Hellman Problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 401–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptative chosen-message attacks. SIAM J. of Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Laguillaumie, F., Vergnaud, D.: Efficient and Provably Secure Designated Verifier Signature Schemes from Bilinear Maps. Crypto 2003 rump session. Rapport de Recherche LMNO, 2003-25, 16 pages (2003)Google Scholar
  12. 12.
    Laguillaumie, F., Vergnaud, D.: Designated Verifier Signatures: Anonymity and Efficient Construction from any Bilinear Map. Full version, IACR e-printGoogle Scholar
  13. 13.
    Okamoto, T., Pointcheval, D.: The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In: Proc. of PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)Google Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to Leak a Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Saeednia, S., Kremer, S., Markowitch, O.: An Efficient Strong Designated Verifier Signature Scheme. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 40–54. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Shoup, V.: OAEP reconsidered. J. Cryptology 15(4), 223–249 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: Universal Designated Verifier Signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 523–542. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Steinfeld, R., Wang, H., Pieprzyk, J.: Efficient Extension of Standard Schnorr/RSA signatures into Universal Designated-Verifier Signatures. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 86–100. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Susilo, W., Zhang, F., Mu, Y.: Identity-based Strong Designated Verifier Signatures Schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 313–324. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Fabien Laguillaumie
    • 1
    • 2
  • Damien Vergnaud
    • 2
  1. 1.France Telecom Research and DevelopmentCaen Cedex 4France
  2. 2.Laboratoire de Mathématiques Nicolas OresmeUniversité de CaenCaen CedexFrance

Personalised recommendations