Skip to main content

SDVS Sender-Privacy in the Multi-party Setting

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14534))

  • 123 Accesses

Abstract

Strong designated verifier signature schemes rely on sender-privacy to hide the identity of the creator of a signature to all but the intended recipient. This property can be invaluable in, for example, the context of deniability, where the identity of a party should not be deducible from the communication sent during a protocol execution. In this work, we explore the technical definition of sender-privacy and extend it from a 2-party setting to an n-party setting. Afterwards, we show in which cases this extension provides stronger security and in which cases it does not.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_33

    Chapter  Google Scholar 

  2. Chaum, D.: Private signature and proof systems. US Patent No. 5,493,614, February 1996

    Google Scholar 

  3. Chaum, D., van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_20

    Chapter  Google Scholar 

  4. Huang, Q., Yang, G., Wong, D.S., Susilo, W.: Identity-based strong designated verifier signature revisited. J. Syst. Softw. 84(1), 120–129 (2011). https://doi.org/10.1016/j.jss.2010.08.057

    Article  Google Scholar 

  5. Huang, X., Susilo, W., Mu, Y., Zhang, F.: Short (identity-based) strong designated verifier signature schemes. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 214–225. Springer, Heidelberg (2006). https://doi.org/10.1007/11689522_20

    Chapter  Google Scholar 

  6. Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_13

    Chapter  Google Scholar 

  7. Laguillaumie, F., Vergnaud, D.: Designated verifier signatures: anonymity and efficient construction from any bilinear map. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 105–119. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30598-9_8

    Chapter  Google Scholar 

  8. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32

    Chapter  Google Scholar 

  9. Saeednia, S., Kremer, S., Markowitch, O.: An efficient strong designated verifier signature scheme. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 40–54. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24691-6_4

    Chapter  Google Scholar 

  10. Susilo, W., Zhang, F., Mu, Y.: Identity-based strong designated verifier signature schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 313–324. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_27

    Chapter  Google Scholar 

Download references

Acknowledgements

Jeroen van Wier was supported by the Luxembourg National Research Fund (FNR), under the joint CORE project Q-CoDe (CORE17/IS/11689058/Q-CoDe/Ryan) and the CORE project EquiVox (C19/IS/13643617/EquiVox/Ryan).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jeroen van Wier .

Editor information

Editors and Affiliations

Appendices

A Full Proof of Theorem 2

Theorem 2. For any adversary \(\mathcal {A}\), set of oracles \(\mathcal {O}\) and DVS scheme \(\varPi \), there exists an adversary \(\mathcal {B}\) such that

$$\begin{aligned} \frac{1}{2}\textsf{Adv} ^{nr\textsf{SendPriv}}_{\varPi ,\mathcal {A},\mathcal {O}}(\kappa ,n) \le \textsf{Adv} ^{\textsf{SendPriv}}_{\varPi ,\mathcal {B},\mathcal {O}}(\kappa ,n). \end{aligned}$$

Proof

Here, we omit the subscripts \(\varPi \) and \(\mathcal {O}\) for \(\textsf{Adv} \) and \(\textsf{G} \) for simplicity. Let \(\mathcal {B}\) be defined as in Games 5 and 6. The permutation is used here to hide the indexation of the parties from the adversary. Note that applying a permutation \(\pi \) in this fashion is equivalent to generating the keypairs in the order \(\pi ^{-1}(0)\dots \pi ^{-1}(n)\) and since these are i.i.d. samples the order of their generation does not affect the winning probability of \(\mathcal {A}\). However, it guarantees that the winning probability of \(\mathcal {A}\) is the same for every c. Note that here we use \(\Pr _{\pi }\) to indicate the uniform probability over all \(\pi : [n] \mapsto [n]\) such that \(\pi (n)=n\).

figure au
figure av
figure aw

   \(\square \)

B Full Proof of Theorem 3

Theorem 3. For any adversary \(\mathcal {A}\) and set of oracles \(\mathcal {O}\), there exists an adversary \(\mathcal {B}\) such that

$$\begin{aligned} \frac{2}{n^3 - n} \cdot \textsf{Adv} ^{\textsf{ChosenSendPriv}}_{\varPi ,\mathcal {A}, \mathcal {O}}(\kappa ,n) \le \textsf{Adv} ^{\textsf{SendPriv}}_{\varPi ,\mathcal {B}, \mathcal {O}}(\kappa ,n) \end{aligned}$$

Proof

Fix \(\mathcal {A}\). Let \(\mathcal {B}\) be defined as in Game 7 and Game 8.

figure ax
figure ay

The permutation is used here to hide the indexation of the parties from the adversary. Note that applying a permutation \(\pi \) in this fashion is equivalent to generating the keypairs in the order \(\pi ^{-1}(0)\dots \pi ^{-1}(n)\) and since these are i.i.d. samples the order of their generation does not affect the winning probability of \(\mathcal {A}\). When playing game \(\textsf{G} ^\textsf{SendPriv} _{\varPi ,\mathcal {B}}\), we can now distinguish two cases:

  1. 1.

    \(\{\pi (s_0), \pi (s_1)\} = \{0,1\}\) and \(\pi (r) = n\). Since \(\pi \) is random and unknown to \(\mathcal {A}\), this happens with probability \(\frac{2(n-2)!}{(n+1)!}\). In this case, \(\mathcal {A}\) has chosen \(P_0\) and \(P_1\) as the possible signers and \(P_n\) as the verifier, making \(\textsf{G} ^\textsf{ChosenSendPriv} _{\varPi , \mathcal {A}}\) and \(\textsf{G} ^{\textsf{SendPriv}}_{\varPi , \mathcal {B}}\) equivalent.

  2. 2.

    Otherwise, \(\mathcal {A}\) has chosen different signers or verifiers, in which case \(\textsf{G} ^{\textsf{SendPriv}}_{\varPi , \mathcal {B}}\) becomes equivalent to a random coin flip, with probability \(\frac{1}{2}\) of guessing c.

Combining this, we get that

figure az

Thus,

$$\begin{aligned} \textsf{Adv} ^{\textsf{SendPriv}}_{\varPi ,\mathcal {B},\mathcal {O}}(\kappa ,n) = \frac{2(n-2)!}{(n+1)!} \cdot \textsf{Adv} ^{\textsf{ChosenSendPriv}}_{\varPi ,\mathcal {A},\mathcal {O}}(\kappa ,n). \end{aligned}$$

   \(\square \)

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

van Wier, J. (2024). SDVS Sender-Privacy in the Multi-party Setting. In: Manulis, M., Maimuţ, D., Teşeleanu, G. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2023. Lecture Notes in Computer Science, vol 14534. Springer, Cham. https://doi.org/10.1007/978-3-031-52947-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-52947-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-52946-7

  • Online ISBN: 978-3-031-52947-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics