(Strong) multidesignated verifiers signatures secure against rogue key attack
Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-desig...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7344 https://ink.library.smu.edu.sg/context/sis_research/article/8347/viewcontent/LNCS_7645___Network_and_System_Security.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue key attack on MDVS. In this attack scenario, a malicious designated verifier tries to forge a signature that passes through the verification of another honest designated verifier. A common counter-measure involves making the knowledge of secret key assumption (KOSK) in which an adversary is required to produce a proof-of-knowledge of the secret key. We strengthened the existing security model to capture this attack and propose a new construction that does not rely on the KOSK assumption. Secondly, we propose a generic construction of strong MDVS |
|---|