The Research Of Attribute-Based Designated Confirmer Signature

As one of the focuses of cryptography research in recent years,attribute-based signature,also known as attribute signature,can provide fine-grained access control,abundant access policies and favorable privacy,thus having a wide range of application prospect.The designated confirmer signature(DCS),which has attracted the attention and research of scholars,can designate a confirmer to confirm or deny the signature just like the signer and no third party can confirm or deny the signature except for the signer and the confirmer,which makes it suitable for signing sensitive message.Traditional DCS is“one-to-one”,which means the signature of a signer is designated to a confirmer,resulting in obvious limitations.In this paper,the nature of “attribute-based” is introduced to the DCS to break through those limitations and achieve “many-to-many” to form attribute-based designated confirmer signature(ABDCS),which means it is signed by the signer satisfying access structure and is confirmed or denied by the designated confirmer satisfying access structure.The ABDCS is an extension of the study of cryptography theory.Furthermore,it can greatly expand the application scope due to the rich and flexible access strategy of “attribute-based”,thus having important theoretical and practical significance.The main achievements are as follows:1.Key policy attribute-based designated confirmer signature(KP-ABDCS)was studied,with its formal definition and formalized security model being presented.A ABDCS scheme,whose access structure is monotone boolean circuit,was constructed by means of multilinear mapping.It was proved under the random orator model that if the k-MCDH hypothesis is true,the constructed scheme is selectively unforgeable.2.Signature policy attribute-based convertible designated confirmer signature(SP-ABCDCS)was studied,with its formal definition and formalized security model being presented.Based on the discrete logarithm problem,a ABCDCS scheme without bilinear pairing was constructed through a threshold signature scheme,which was constructed by using Fiat-Shamir transformation based on Cramer et al's witness hidden protocol,in which Schnorr protocol was chosen as its basic ∑ protocol and(t,n)threshold scheme as its secret sharing scheme,and then combined with designated confirmation,collusive prevention and equal signature of knowledge.The security of this scheme was proved under the random oracle model.