(Strong) Multi-Designated Verifiers Signatures Secure against Rogue Key Attack

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue key attack on MDVS. In this attack scenario, a malicious designated verifier tries to forge a signature that passes through the verification of another honest designated verifier. A common counter-measure involves making the knowledge of secret key assumption (KOSK) in which an adversary is required to produce a proof-of-knowledge of the secret key. We strengthened the existing security model to capture this attack and propose a new construction that does not rely on the KOSK assumption. Secondly, we propose a generic construction of strong MDVS

(Strong) multi-designated verifiers signatures secure against rogue key attack

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue key attack on MDVS. In this attack scenario, a malicious designated verifier tries to forge a signature that passes through the verification of another honest designated verifier. A common counter-measure involves making the knowledge of secret key assumption (KOSK) in which an adversary is required to produce a proof-of-knowledge of the secret key. We strengthened the existing security model to capture this attack and propose a new construction that does not rely on the KOSK assumption. Secondly, we propose a generic construction of strong MDVS

Stronger Security and Constructions of Multi-Designated Verifier Signatures

Off-the-Record (OTR) messaging is a two-party message authentication protocol that also provides plausible deniability: there is no record that can later convince a third party what messages were actually sent. To extend OTR to group messaging we need to consider issues that are not present in the 2-party case. In group OTR (as in two-party OTR), the sender should be able to authenticate (or sign) his messages so that group members can verify who sent a message (that is, signatures should be unforgeable, even by group members). Also as in the two-party case, we want the off-the-record property: even if some verifiers are corrupt and collude, they should not be able to prove the authenticity of a message to any outsider. Finally, we need consistency, meaning that a corrupt sender cannot create confusion in the group as to what he said: if any group member accepts a signature, then all of them do. To achieve these properties it is natural to consider Multi-Designated Verifier Signatures (MDVS), which intuitively seem to target exactly the properties we require. However, existing literature defines and builds only limited notions of MDVS, where (a) the off-the-record property (referred to as source hiding) only holds when all verifiers could conceivably collude, and (b) the consistency property is not considered. The contributions of this paper are two-fold: stronger definitions for MDVS, and new constructions meeting those definitions. We strengthen source-hiding to support any subset of corrupt verifiers, and give the first formal definition of consistency. We give several constructions of our stronger notion of MDVS: one from generic standard primitives such as pseudorandom functions, pseudorandom generators, key agreement and NIZKs; one from specific instances of these primitives (for concrete efficiency); and one from functional encryption. The third construction requires an involved trusted setup step — including verification keys derived from a master secret — but this trusted setup buys us verifier-identity-based signing, for which such trusted setup is unavoidable. Additionally, in the third construction, the signature size can be made smaller by assuming a bound on colluding verifiers

Contributions to pairing-based digital signatures

Nowadays, electronic communication plays a key role in the way people communicate in business or financial transactions. As e-commerce becomes more and more popular, the demand for digital signature is increasing rapidly. In 1976 Whitfield Diffie and Martin Hellman introduced the concept of digital signature [31] which is used to demonstrate the authenticity of a message or document. In 1977, Ronald Rivest, Adi Shamir and Len Adleman [66] proposed the notion of the RSA algorithm based on the factoring problem. In addition to the RSA signature, other signatures such as ElGamal signature [34], Rabin signature [65], Pairing-based signature [14], Undeniable signature [21] and others have been proposed by a number of different researchers. Due to the fact that users can enjoy properties such as authentication of the message, integrity of the message and non-repudiation of the message, digital signature has partially replaced the original ink on paper signatures. However, there exist a number of problems and potential attacks on digital signatures. It is observed that the majority of IBS schemes have the weakness of private key escrow. Additionally, existing solutions for security model could be made simpler and much more practical. In this thesis, two different pairing-based signatures: efficeint escrow free identity based signature [88] and (strong) multi-designated verifiers signatures secure against rogue key attack - are proposed to enhance the security of the pairing-based signature against a number of attacks. This thesis addresses two problems in the two different pairing-based signatures mentioned earlier and comes up with solutions that is neat, correct, secure and efficient