Advertisement

(Strong) multidesignated verifiers signatures secure against rogue key attack

Authors

  • Man Ho Au,

    Corresponding author
    1. Centre for Computer and Information Security Research (CCISR), School of Computer Science and Software Engineering, University of Wollongong, Australia
    • Correspondence to: Man Ho Au, School of Computer Science and Software Engineering, University of Wollongong, NSW 2522, Australia.

      E-mail: aau@uow.edu.au

    Search for more papers by this author
  • Guomin Yang,

    1. Centre for Computer and Information Security Research (CCISR), School of Computer Science and Software Engineering, University of Wollongong, Australia
    Search for more papers by this author
  • Willy Susilo,

    1. Centre for Computer and Information Security Research (CCISR), School of Computer Science and Software Engineering, University of Wollongong, Australia
    Search for more papers by this author
  • Yunmei Zhang

    1. Centre for Computer and Information Security Research (CCISR), School of Computer Science and Software Engineering, University of Wollongong, Australia
    Search for more papers by this author

SUMMARY

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multidesignated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue key attack on MDVS. In this attack scenario, a malicious designated verifier tries to forge a signature that passes through the verification of another honest designated verifier. A common counter-measure involves making the knowledge of secret key assumption in which an adversary is required to produce a proof-of-knowledge of the secret key. We strengthened the existing security model to capture this attack and propose a new construction that does not rely on the knowledge of secret key assumption. Secondly, we propose a generic construction of strong MDVS. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary