Degree Name

Doctor of Philosophy


School of Computer Science and Software Engineering


In this thesis, we provide contributions to signature schemes and identi cation schemes in four di erent ways.

First, we make contributions to universal designated veri er signatures. We propose the notion of a one-time universal designated veri er signature such that the number of veri ers verifying the signature is controlled by the signer. We also propose the notion of a universal designated veri er signature with threshold-signers such that the privacy and anonymity of the signer can be achieved.

Second, we propose a new notion called "policy-controlled signatures". In this notion, a policy-controlled signature can be veri ed by a veri er that satis es a policy assigned by a signer. We provide two extensions to this notion, which are "universal policy-controlled signatures" and "multi-level controlled signatures". Universal policy-controlled signatures allow a party called "a policy signer" to apply a policy on a signature on a particular message such that only a veri er that satis es this policy can verify this policy-controlled signature. In practice, some policies can be simply represented by a level of the security, for example, "POLICY= more than the fth level of security". From the above idea, a de nition of multi-level controlled signatures is introduced. It allows a signer to eliminate the unnecessary chain of attributes in the policy and simply assign the level of security as a policy instead. Hence, the size of the policy remains constant.

Next, a new notion called "fair multi-signatures" is proposed. A multi-signature allows a group of parties to engage in an interactive protocol in order to generate a joint signature on an agreement. If all the signers follow the protocol honestly, then a multi-signature is generated and distributed fairly. However, if a dishonest signer refuses to complete his part in the protocol, but he has already obtained the other parties' contributions, then the honest signers cannot obtain a multi-signature and yet the dishonest signer can generate a multi-signature. Our notion of fair multisignatures ensures that if the protocol is completed, then every signer involved in the signing protocol can output a multi-signature. Meanwhile, if the protocol is not completed, then none of the signers involved in the signing protocol can output a multi-signature.

Finally, in modern communications, the public becomes aware of privacy issues. Some identi cation systems provide privacy for users, especially those that are based on zero knowledge proof. However, a malicious user may take advantage of privacy to deny his malicious acts. Hence, we propose a new notion called "escrowed deniable identi cation schemes". In this notion, a trusted party is introduced to act as a transaction opener such that it can generate evidence of the conversation from the deniable transcript generated during the interaction between a prover and a veri er. In an identi cation scheme, the major concern about security is impersonation. The strongest type of attack against identi cation schemes is the reset attack. In this thesis, we provide an identity-based identi cation scheme secure against reset attack. We also provide proof of our scheme which is secure against reset attack in the standard model.