Rigorous security requirements for designated verifier signatures

Abstract

In this paper, we point out that previous security models for the Designated Verifier Signature (DVS) are not sufficient because some serious problems may be caused such that the verifier cannot confirm the validity of the signature even if a scheme satisfies previous security models. Hence, our aim is to clarify rigorous security requirements for the DVS. We use the universal composability (UC) framework. First, we define an ideal DVS functionality within the UC framework. Next, we propose a new security model for the DVS and show that it is necessary and sufficient by proving the equivalence between the DVS functionality and the proposed model. By our reconsideration, it emerges that the DVS requires stronger unforgeability than previous definitions but privacy of signer's identity considered in previous definitions is unnecessary. Finally, we revisit the security of previous DVS schemes according to our rigorous security model. Then, we justify the DVS functionality in feasibility by showing some DVS schemes can satisfy the proposed model. © 2011 Springer-Verlag.