Multi-designated verifiers signatures: anonymity without encryption

In 1996, Jakobsson, Sako, and Impagliazzo and, on the other hand, Chaum proposed the notion of designated verifier signature to solve some of the intrinsic problems of undeniable signatures. The generalization of this concept, suggested by Desmedt at Crypto'03's rump session, was formally investigated by Laguillaumie and Vergnaud at ICICS'04 as multi-designated verifiers signatures. The protection of the signer's privacy, as defined in that paper, seems difficult to achieve, and the protocols they proposed capture this property with an IND-CCA2 encryption of the signature. In this article, we propose the first multi-designated verifiers signature scheme which protects the anonymity of signers without encryption. This scheme is designed to be the extension of their B2DVS one and relies on Boneh et al.'s pairing-based ring signatures. The security of the new protocol relies, in the random oracle model, on the difficulty of solving the Diffie–Hellman problem in a bilinear setting.