Research On Identity-Based Designated Verifier Signature Scheme

Designated verifier signature (DVS), which characteristic is that the designated verifier designated by the signer can verify the effectiveness of the signer's signature, but the designated verifier cannot convince the third party to believe the signer's signature. Since he himself can also produce legal signature. Although one knows private key of the signer or the designated verifier, he cannot know who is signer except for signer and the designated verifier. That is to say, DVS is perfectly solving contradiction problem of "privacy" and "reality" by losing non-repudiation. Strong designated verifier signature (SDVS) is a special DVS. In SDVS, only the designated verifier is capable of verifying the effectiveness of the signature. Because it must be used the private key of the designated verifier. In certain special circumstances, it requests multiple designated verifiers can verify the effectiveness of the signature.The main contributions of the dissertation are listed as follows.(1) A cryptanalysis of the efficient id-based strong designated verifier signature scheme proposed by Li et al. is provided. Some security drawbacks have been found: non-designated-verifier can also check the validity of the signature, and it does not have unforgeability. An improved scheme was designed, which mends the security leak of it and also retains the merits of the original signature scheme. A new SDVS is proposed from bilinear map, which satisfies non-transferability, unforgeability, privacy of signer's identity and low computational cost.(2) A new ID-based strong multi-designated verifier signature scheme is designed from multilinear pairings. The scheme introduces two independent PKG to solve the hidden secure trouble to a certain extent, in which the single PKG can impersonate the signers to forge their signatures. The signature can be verified independently by each of the designated verifiers designated by the signer and no one else than the designated person can be convinced by this signature. The security of the scheme is based on solving the multilinear diffie-hellman problem, the difficulty of the discrete logarithm problem and the security of hash function. Analysis shows that the proposed scheme is more efficient than the existing schemes.(3) An Identity-Based chain verification signature scheme is designed. The new scheme overcomes the shortcoming of the conventional schemes that all verifiers have the equal right to verify the signature. In this scheme, in order to verify the validity of the signature, the verifier has to be authorized by all chain grantors in turn, and any chain grantor (even all chain grantors conspire) cannot verify the validity of the signature. In addition, the signature scheme can easily add or delete the chain grantor and defend the secret keys of the chain grantors and signature verifier.