Han-Yu Lin
ABSTRACT
A strong designated verifier signature (SDVS) is a variation of traditional digital signatures, since it allows a signer to designate an intended receiver as the verifier rather than anyone. To do this, a signer must incorporate the verifier's public key with the signing procedure such that only the intended receiver could verify this signature with his/her private key. Such a signature further enables a designated verifier to simulate a computationally indistinguishable transcript intended for himself. Consequently, no one can identify the real signer's identity from a candidate signer and a designated verifier, which is referred to as the property of signer ambiguity. A strong notion of signer ambiguity states that no polynomial-time adversary can distinguish the real signer of a given SDVS that is not received by the designated verifier, even if the adversary has obtained the signer's private key. In 2013, Islam and Biswas proposed a provably secure certificateless strong designated verifier signature (CL-SDVS) scheme based on bilinear pairings. In this paper, we will demonstrate that their scheme fails to satisfy strong signer ambiguity and must assume a trusted private key generator (PKG). In other words, their CL-SDVS scheme is vulnerable to both key-compromise and malicious PKG attacks. Additionally, we present an improved variant to eliminate these weaknesses.
- Chaum, D., and van Antwerpen, H. 1989. Undeniable signature. Advances in Cryptology - CRYPTO '89. Springer-Verlag, Berlin, 212--216. Google Scholar
Digital Library
- Jakobsson, M., Sako, K., and Impagliazzo, R. 1996. Designated verifier proofs and their applications. Advances in Cryptology - EUROCRYPT'96. Springer-Verlag, Berlin, 143--154. Google ScholarDigital Library
- Saeednia, S., Kremer, S., and Markowitch, O. 2003. An efficient strong designated verifier signature scheme. In Proceedings of the 6th International Conference on Information Security and Cryptology (Seoul, South Korea, November 27 -- 28, 2003). ICISC 2003. 40--54.Google Scholar
- Susilo, W., Zhang, F., and Mu, Y. 2004. Identity-based strong designated verifier signature schemes. In Proceedings of the 9th Australasian Conference on Information Security and Privacy, LNCS 3108, (Sydney, Australia, July 13 -- 15, 2004). ACISP 2004. 313--324.Google Scholar
- Lee, J. S., and Chang, J. H. 2007. Strong designated verifier signature scheme with message recovery. In Proceedings of the 9th International Conference on Advanced Communication Technology. 1 (Gangwon-Do, South Korea, February 12 -- 14, 2007). ICACT'07. 801--803.Google Scholar
- Kang, B., Boyd, C., and Dawson, E. 2009. A novel identity-based strong designated verifier signature scheme. J. Syst. Software. 82, 2 (Feb. 2009), 270--273. Google ScholarDigital Library
- Hsu, C. L., and Lin, H. Y. 2014. Universal forgery attack on a strong designated verifier signature scheme. Int. Arab J. Inf. Techn. 11, 5 (Sep. 2014), 425--428.Google Scholar
- Lin, H. Y., Wu, T. S., and Yeh, Y. S. 2011. A DL based short strong designated verifier signature scheme with low computation. J. Inf. Sci. Eng. 27, 2 (Mar. 2011), 451--463.Google Scholar
- Al-Riyami, S. S., and Paterson, K. G. 2003. Certificateless public key cryptography. Advances in Cryptology - ASIACRYPT 2003. Springer-Verlag, Berlin, 452--473.Google Scholar
- Diffie, W., and Hellman, M. 1976. New directions in cryptography. IEEE T. Inform. Theory. IT-22, 6 (Nov. 1976), 644--654. Google ScholarDigital Library
- Shamir, A. 1984. Identity-based cryptosystems and signature schemes. Advances in Cryptology - CRYPTO '84. Springer-Verlag, Berlin, 47--53. Google ScholarDigital Library
- Huang, X., Susilo, W., Mu, Y., and Zhang, F. 2006. Certificateless designated verifier signature schemes. In Proceedings of the IEEE 20th International Conference on Advanced Information Networking and Applications. 2 (Vienna, Austria, April 18 -- 20, 2006). AINA'06. 15--19. Google ScholarDigital Library
- Du, H., and Wen, Q. 2007. Efficient and provably-secure certificateless short signature scheme from bilinear pairings. Comput. Stand. Inter. 31, 2 (Feb 2009). Google ScholarDigital Library
- Fan, C. I., Hsu, R. H., and Ho, P. H. 2009. Cryptanalysis on Du-Wen certificateless short signature scheme. In Proceedings of the fourth Joint Workshop on Information Security (Kaohsiung, Taiwan, August 06 -- 07, 2009). JWIS'09. 1--7.Google Scholar
- Choi, K.Y., Park, J. H., and Lee, D. H. 2011. A new provably secure certificateless short signature scheme. Comput. Math. Appl. 61, 7 (Apr. 2011), 1760--1768. Google ScholarDigital Library
- Tian, M., Huang, L., and Yang, W. 2011. On the security of a certificateless short signature scheme. Cryptology ePrint Archive. 2011/418 (Aug. 2011). http://eprint.iacr.org/2011/419Google Scholar
- Islam, S. K. H., and Biswas, G. P. 2013. Provably secure certificateless strong designated verifier signature scheme based on elliptic curve bilinear pairings. Journal of King Saud University-Computer and Information Sciences. 25, 1 (Jan. 2013), pp. 51--61. Google ScholarDigital Library
Index Terms
- On the security of a provably secure certificateless strong designated verifier signature scheme based on bilinear pairings
Recommendations
Forgery Attacks on Lee-Chang's Strong Designated Verifier Signature Scheme
FGCNS '08: Proceedings of the 2008 Second International Conference on Future Generation Communication and Networking Symposia - Volume 02In 2008, Lee-Chang pointed out that Saeednia et al.'s scheme would reveal the identity of the signer if the secret key of the signer is compromised. Then, they proposed a new strong designated verifier signature scheme that provides signer ambiguity, ...
Comment on Saeednia et al.'s strong designated verifier signature scheme
In 1996, Jakobsson et al. proposed a designated verifier signature scheme in which only one specified person, called a designated verifier, can be convinced of the validity of the signature and the identity of the signer. This is possible by giving the ...
Signer-admissible strong designated verifier signature from bilinear pairings
In the designated verifier signature, the validity of signature can be proved by the specific verifier although the verifier has no ability to prove this to others. On the other hand, strong designated verifier signature SDVS can only be verified by the ...
Comments