Identity-based strong designated verifier signature revisited

Designated verifier signature (DVS) allows the signer to persuade a verifier the validity of a statement but prevent the verifier from transferring the conviction. Strong designated verifier signature (SDVS) is a variant of DVS, which only allows the verifier to privately check the validity of the signer’s signature. In this work we observe that the unforgeability model considered in the existing identity-based SDVS schemes is not strong enough to capture practical attacks, and propose to consider another model which is shown to be strictly stronger than the old one. We then propose a new efficient construction of identity-based SDVS scheme, which is provably unforgeable under the newly proposed definition, based on the hardness of Computational Diffie–Hellman problem in the random oracle model. Our scheme is perfectly non-transferable in the sense that the signer and the designated verifier can produce identically distributed signatures on the same message. Besides, it is the first IBSDVS scheme that is non-delegatable with respect to (an identity-based variant of) the definition proposed by Lipmaa et al. (ICALP 2005).