Lipmaa, Helger; Wang, Guilin; and bao, Feng, 2005, Designated verifier signature schemes: attacks, new security notions and a new construction, Lecture notes in computer science, 3580, 459-471.
We show that the signer can abuse the disavowal protocol in the Jakobsson-Sako-Impagliazzo designated-verifier signature scheme. In addition, we identify a new security property—non-delegatability—that is essential for designated-verifier signatures, and show that several previously proposed designated-verifier schemes are delegatable. We give a rigorous formalisation of the security for designated-verifier signature schemes, and propose a new and efficient designated-verifier signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the nonprogrammable random oracle model, and non-delegatable under a loose reduction in the programmable random oracle model. As a direct corollary, we also get a new efficient conventional signature scheme that is provably unforgeable under a tight reduction to the Decisional Diffie-Hellman problem in the nonprogrammable random oracle plus common reference string model. Keywords. Designated verifier signature scheme, non-delegatability, non-programmable random oracle model, signature scheme.