在双线性对下基于身份的非交互通用指定验证者签名证明

通用指定验证者签名证明(UDVSP)系统旨在保护签名拥有者的私有性,即从签名者得到有效签名的拥有者确信某个验证者他拥有有效签名,但是没有泄露签名的任何信息.与通用指定验证者签名相比,现有的UDVSP拥有指定的验证者不必预先建立自己的公私钥对的优点,以及如下缺点:①在签名拥有者和验证者之间存在一个交互协议;②签名拥有者不能验证指定验证者的身份.结果任意的攻击者都可以冒充指定验证者.文章给出了基于身份的非交互UDVSP和它的安全性定义.接着使用双线性对最早构造了基于身份的非交互UDVSP,该证明具有如下的优点:①指定验证者不需建立公私钥对;②证明是非交互的;③只有指定的验证者才能相信签名拥有者拥有签名者的有效签名.而且,在DLP,CDH,SDH和BPI是难的假设下,本系统是安全的.

Non-interactive ID-based Universal Designated-Verifier Signature Proof from bilinear pairings

The universal designated verifier signature proof(UDVSP) system aims to protect a signa- ture holder's privacy by allowing him to convince a verifier that he holds a valid signature from the signer without revealing the signature itself. Comparing with the universal designated verifier signature (UDVS), the existing UDVSP has the following advantage: the designated verifier does not have to set up a private/public key, and disadvantages: ① there exists an interactive protocol between the signature holder and the verifier; ② the signature holder can not verify the identity of the designated verifier, then arbitrary attacker may pretend to be the designated verifier. In this paper, we give the formal definitions of non-interactive ID-based NDVSP and its security. Then, we construct the first non-interactive ID-based UDVSP systems based on bilinear pairings, which have the following advantages: ① the designated verifier does not have to set up a private/pub- lic key; ② system is non-interactive; ③Only the designated verifier can believe that the signature holder holds a valid signature from the signer. Furthermore, we prove that our systems are secure un- der the assumption DLP, CDH, SDH and BPI are hard.