Anonymous Signatures Revisited

Lecture Notes in Computer Science, 2006

Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and nonrepudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some affirmative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her identity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signature. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Recently, several studies about proxy signature schemes have been conducted. In 2009, Yu et al. proposed an anonymous proxy signature scheme attempting to protect the proxy signer's privacy from outsiders. They claimed that their scheme can make the proxy signer anonymous. However, based on our research, we determined that this was not the case and the proxy signer's privacy was not anonymous. Hence, in this paper, we propose a new anonymous proxy signature scheme that truly makes the proxy signer anonymous while making it more secure and efficient when compared with Yu et al.'s scheme. Our proxy signature scheme consists of two contributions. First, we mainly use random numbers and bilinear pairings to attain the anonymous property. Secondly, we increase the security and efficiency of our proxy in the design.

Proxy signature schemes can be used in many business applications such as when the original signer is not present to sign important documents. Any proxy signature scheme has to meet the identifiability, undeniability, verifiability and unforgeability security requirements. In some conditions, it may be necessary to protect the proxy signer's privacy from outsiders or third parties. Recently, several studies about proxy signature schemes have been conducted but only Yu et al.' anonymous proxy signature scheme proposed in 2009 attempting to protect the proxy signer's privacy from outsiders. They claimed their scheme can make the proxy signer anonymous. However, based on our research, we determined that this was not the case and the proxy signer's privacy was not anonymous. Hence, in this paper, we propose a new anonymous proxy signature scheme that truly makes the proxy signer anonymous while making it more secure and efficient when compared with Yu et al.'s scheme in 2009. Our proxy signature scheme consists of two constructions. First, we mainly use random numbers and bilinear pairings to attain the anonymous property in our proxy. Secondly, we increase the security, integrity, and efficiency of our proxy through modifications.

2004

We present a new model for undeniable signatures:

IET Information Security, 2009

This paper introduces Hidden Identity-based Signatures (Hidden-IBS), a type of digital signatures that provide mediated signer-anonymity on top of Shamir's Identity-based signatures. The motivation of our new signature primitive is to resolve an important issue with the kind of anonymity offered by "group signatures" where it is required that either the group membership list is public or that the opening authority is dependent on the group manager for its operation. Contrary to this, Hidden-IBS do not require the maintenance of a group membership list and they enable an opening authority that is totally independent of the group manager. As we argue this makes Hidden-IBS much more attractive than group signatures for a number of applications. In this paper, we provide a formal model of Hidden-IBS as well as two efficient constructions that realize the new primitive. Our elliptic curve construction that is based on the SDH/DLDH assumptions produces signatures that are merely half a Kbyte long and can be implemented very efficiently.

Computer Security – ESORICS 2016, 2016

This paper presents an anonymous certification (AC) scheme, built over an attribute based signature (ABS). After identifying properties and core building blocks of anonymous certification schemes, we identify ABS limitations to fulfill AC properties, and we propose a new system model along with a concrete mathematical construction based on standard assumptions and the random oracle model. Our solution has several advantages. First, it provides a data minimization cryptographic scheme, permitting the user to reveal only required information to any service provider. Second, it ensures unlinkability between the different authentication sessions, while preserving the anonymity of the user. Third, the derivation of certified attributes by the issuing authority relies on a non interactive protocol which provides an interesting communication overhead.

2004

Anonymous communication protocols, very essential for preserving privacy of the parties communicating, may lead to severe problems. A malicious server may use anonymous communication protocols for injecting unwelcome messages into the system so that their source can be hardly traced. So anonymity and privacy protection on one side and protection against such phenomena as spam are so far contradictory goals. We propose a mechanism that may be used to limit the mentioned side effects of privacy protection. During the protocol proposed each encrypted message admitted into the system is signed by a respective authority. Then, on its route through the network the encrypted message and the signature are re-encrypted universally. The purpose of universal re-encryption is to hide the routes of the messages from an observer monitoring the traffic. Despite re-encryption, signature of the authority remains valid. Depending on a particular application, verification of the signature is possible either off-line by anybody with the access to the ciphertext and the signature or requires contact with the authority that has issued the signature. Our work is an extension of recent works by Golle, Jakobsson, Juels and Syverson.

Information

In modern applications, such as Electronic Voting, e-Health, e-Cash, there is a need that the validity of a signature should be verified by only one responsible person. This is opposite to the traditional digital signature scheme where anybody can verify a signature. There have been several solutions for this problem, the first one is we combine a signature scheme with an encryption scheme; the second one is to use the group signature; and the last one is to use the strong designated verifier signature scheme with the undeniable property. In this paper, we extend the traditional digital signature scheme to propose a new solution for the aforementioned problem. Our extension is in the sense that only a designated verifier (responsible person) can verify a signer’s signature, and if necessary (in case the signer refuses to admit his/her signature) the designated verifier without revealing his/her secret key is able to prove to anybody that the signer has actually generated the signatu...

2008

In this paper, we propose a new signature scheme that is existentially unforgeable under a chosen message attack without random oracle. The security of our scheme depends on a new complexity assumption called the k+1 square roots assumption. We also discuss the relationship between the k+1 square roots assumption and some related problems and provide some conjectures. Moreover, the k+1 square roots assumption can be used to construct shorter signatures under the random oracle model. As some applications, a new chameleon hash signature scheme and a on-line/off-line signature scheme and a new efficient anonymous credential scheme based on the proposed signature scheme are presented.

2006

Universal designated verifier signatures (UDVS) were introduced in 2003 by Steinfeld et al. to allow signature holders to monitor the verification of a given signature in the sense that any plain signature can be publicly turned into a signature which is only verifiable by some specific designated verifier. Privacy issues, like non-dissemination of digital certificates, are the main motivations to study such primitives. In this paper, we propose two fairly efficient UDVS schemes which are secure (in terms of unforgeability and anonymity) in the standard model (i.e. without random oracles). Their security relies on algorithmic assumptions which are much more classical than assumptions involved in the two only known UDVS schemes in standard model to date. The latter schemes, put forth by Zhang et al. in 2005 and Vergnaud in 2006, rely on the Strong Diffie-Hellman assumption and the strange-looking knowledge of exponent assumption (KEA). Our schemes are obtained from Waters's signature and they do not need the KEA assumption. They are also the first random oracle-free constructions with the anonymity property.