A New Certificateless Strong Designated Verifier Signature Scheme: Non-Delegatable and SSA-KCA Secure

Certificateless public key cryptography is a commonly adopted implementation system to solve problems of key-escrow and untrusted authority. Certificateless strong designated verifier signatures (CL-SDVSs) are special variations of digital signatures, since their authenticity can only be convinced by a designated verifier. To offer this functionality, most CL-SDVS mechanisms use shared secret key between a signer and a designated verifier. However, Shim points out that the leakage of common values will inevitably delegate signing capability to any third party. Furthermore, we notice that such protocols also cannot fulfill the notion of signer ambiguity if a signer's private key is compromised, and signatures have not been received by a designated verifier. In this paper, the author defines the first formal security model of strong signer ambiguity against key-compromise attacks (SSA-KCA) for CL-SDVS schemes. Then, a concrete construction satisfying not only the proposed SSA-KCA security, but also the essential existential unforgeability under adaptive chosen-message attacks (EUF-CMA) security against super-level adversaries is presented. We show that our construction is both non-delegatable and non-transferable. In addition, without using time-consuming bilinear pairings, the proposed scheme exhibits lower computational costs and shorter signature lengths when compared with previous works, which makes our protocol suitable for computationconstrained mobile devices in low-bandwidth Internet of Thing communication environments.