Universal designated verifier signature scheme with non-delegatability in the standard model
The notion of a Designated Verifier Signature (DVS) scheme allows a signer to create a signature which is only verifiable by an intended verifier. DVS is a very useful scheme for authenticating a signer without interfering with her privacy. In 2003, Steinfeld et al. extended this notion to enable a Universal Designated Verifier Signature (UDVS) scheme. In UDVS, everyone who holds Alice's traditional signature on a message (the signature holder), can transform it into a DVS for a specific verifier. Non-delegatability is a critical property of a DVS scheme in applications where responsibility of a signer is important and can not be delegated to another entity. Shim (Information Science, 2014) posed an open problem on how to construct a non-delegatable UDVS scheme. Since then, it has been well acknowledged that constructing a UDVS scheme which is non-delegatable remains as an elusive research problem. Furthermore, gaining a construction which is based on the standard model (without random oracles) is most desirable in practice. In this work, we present an affirmative answer to the aforementioned open research problem. We present the first non-delegatable UDVS scheme and prove its security requirements in the standard model. To the best of our knowledge, our work is the first non-delegatable UDVS scheme, which fills the gap in the existing literature. Furthermore, when the signer is considered as the signature holder, our scheme is also considered as the first non-delegatable DVS scheme in the standard model.