| The notion of transitive signatures,which was first introduced by Micali and Rivest in 2002,is an efficient method to authenticate dynamically growing and naturally transitive graphs.In a transitive signature scheme,given two signatures on adjacent edges(i,j)and anyone with public information can compute a signature on edge(i,k).Potential applications of transitive signatures include administrative domains,military chains of command,certificate chain of PKI and electronic government.However,when applying transitive signatures in those situa-tions,transitive signatures may be leaked by the verifier and the attacker.Thus,the privacy of membership in the system is at risk.To address privacy issues associated with dissemination of transitive signatures,we propose two cryptographic schemes:1.We integrate transitive signatures and universal designated verifier signatures,and propose a new type of digital signatures called Universal Designated Ver-ifier Transitive Signatures(UDVTS).UDVTS not only preserves all desirable properties of transitive signatures but also efficiently prevents dissemination of transitive signatures by verifiers.In the random oracle model,the scheme is proved to be secure under the assumption that the one-more BDH problem is hard.The simulation results demonstrate that our scheme is practical in real life applications of UDVTS.2.We integrate transitive signatures and identity-based signcryption,and pro-pose a new type of signcryption called Identity-Based Transitive Signcryption(IBTSC).IBTSC not only preserves all desirable properties of transitive sig-natures but also efficiently prevents dissemination of transitive signatures by eavesdroppers.The proposed scheme achieves both the functions of transitive signature and encryption in a single logical step,at a cost significantly less than that required by the transitive signature-then-encryption" method.In the ran-dom oracle model,the scheme is proved to be secure under the assumption that the BDH problem is hard. |
PDF Full Text Request