On the Security of a Certificateless Strong Designated Verifier Signature Scheme

Recently, Chen et al. proposed the first non-delegatable certificateless strong designated verifier signature scheme and claimed that their scheme achieves all security requirements. However, in this paper, we disprove their claim and present a concrete attack which shows that their proposed scheme is forgeable. More precisely, we show that there exist adversaries who are able to forge any signer\u27s signature for any designated verifier on any message of his choice

Attack on Kang et al.\u27s Identity-Based Strong Designated Verifier Signature Scheme

In this paper, we present a universal forgery attack on Kang et al.\u27s identity-based strong designated verifier signature (IBSDVS) scheme. We show anyone can forge a valid IBSDVS on an arbitrary message without the knowledge of the private key of either the signer or the designated verifier. Moreover, we point out that Kang et al.\u27s scheme does not satisfy the properties of strongness and non-delegatability. At last, an improved IBSDVS scheme for Kang et al.\u27s scheme is presented, and it is provably secure and achieves all the requirements for an IBSDVS

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

Strong designated verifier signature (generally abbreviated to SDVS) allows signers to obtain absolute control over who can verify the signature, while only the designated verifier other than anyone else can verify the validity of a SDVS without being able to transfer the conviction. Certificateless PKC has unique advantages comparing with certificate-based cryptosystems and identity-based PKC, without suffering from key escrow. Motivated by these attractive features, we propose a novel efficient CL-SDVS scheme without bilinear pairings or map-to-point hash operations. The proposed scheme achieves all the required security properties including EUF-CMA, non-transferability, strongness and non-delegatability. We also estimate the computational and communication efficiency. The comparison shows that our scheme outperforms all the previous CL-(S)DVS schemes. Furthermore, the crucial security properties of the CL-SDVS scheme are formally proved based on the intractability of SCDH and ECDL assumptions in random oracle model

On Designated Verifier Signature Schemes

Designated verifier signature schemes allow a signer to convince only the designated verifier that a signed message is authentic. We define attack models on the unforgeability property of such schemes and analyze relationships among the models. We show that the no-message model, where an adversary is given only public keys, is equivalent to the model, where an adversary has also oracle access to the verification algorithm. We also show a separation between the no-message model and the chosen-message model, where an adversary has access to the signing algorithm. Furthermore, we present a modification of the Yang-Liao designated verifier signature scheme and prove its security. The security of the modified scheme is based on the computational Diffie-Hellman problem, while the original scheme requires strong Diffie-Hellman assumption

Code-based Strong Designated Verifier Signatures: Security Analysis and a New Construction

Strong designated verifier signatures make the message authenticated only to a designated person called the designated verifier while privacy of the signer\u27s identity is preserved. This primitive is useful in scenarios that authenticity, signer ambiguity and signer\u27s privacy are required simultaneously such as electronic voting and tendering. To have quantum-attack-resistant strong designated verifier signatures as recommended in National Institute of Standards and Technology internal report (NISTIR 8105, dated April 2016), a provably secure code-based construction was proposed by Koochak Shooshtari et al. in 2016. In this paper, we show that this code-based candidate for strong designated verifier signa- tures does not have signer ambiguity or non-transferability, the main feature of strong designated verifier signatures. In addition, it is shown that it is not strongly unforgeable if a designated verifier transfers a signature to a third party. Then, a new proposal for strong designated verifier signatures based on coding theory is presented, and its security which includes strong unforgeability, signer ambiguity and privacy of the signer\u27s identity properties is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model

Asymmetric Message Franking: Content Moderation for Metadata-Private End-to-End Encryption

Content moderation is crucial for stopping abuse and harassment via messaging on online platforms. Existing moderation mechanisms, such as message franking, require platform providers to see user identifiers on encrypted traffic. These mechanisms cannot be used in messaging systems in which users can hide their identities, such as Signal. The key technical challenge preventing moderation is in simultaneously achieving cryptographic accountability while preserving deniability. In this work, we resolve this tension with a new cryptographic primitive: asymmetric message franking schemes (AMFs). We define strong security notions for AMFs, including the first formal treatment of deniability in moderation settings. We then construct, analyze, and implement an AMF scheme that is fast enough for deployment. We detail how to use AMFs to build content moderation for metadata-private messaging