In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by h...In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.展开更多
基金The work was supported by the National Key Technologies R&D Programs of China(2018YFB1402702 and 2017YFB0802500)the“13th”Five-Year National Cryptographic Development Foundation(MMJJ20180208)+1 种基金NSFC-Genertec Joint Fund For Basic Research(U1636104)the National Natural Science Foundation of China(Grant Nos.61572132,61972032 and U1705264).
文摘In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.
