Certificateless Strong Designated Verifier Signature Scheme

“…The CL-SDVS scheme proposed in Reference [24] is pointed vulnerable to concrete attack which shows the signature is forgeable [26]. Recalling the proofs of previous insecure schemes [16][17][18]22], we find that there is an inappropriate restriction in their security models of unforgeability. The adversary cannot query target signer or the target verifier to sign arbitrary message, nor to check the validity of any signature.…”

“…Thus our proposed scheme inherently satisfies the security property of strongness. We provide a security comparison of our proposed scheme with known existing CL-DVS schemes (H-scheme [16], D-scheme [18], C-scheme [17], Y-scheme [23], X-scheme [22] and I-scheme [21]) in Tab. 1, which demonstrates that most existing schemes cannot satisfy all the required security properties, while ours can achieve all.…”

“…However, most of them [17][18] still need several pairing operations and the previous one does not resist the public key replace attack. Recently, several certificateless strong DVS schemes (CL-SDVS for short) have been proposed [20][21][22][23][24]. Unfortunately, some of them cannot achieve all the security properties as they claimed.…”

“…Unfortunately, some of them cannot achieve all the security properties as they claimed. According to [25], the scheme in Reference [22] is insecure against the malicious PKC attack and public key replacement attack. The CL-SDVS scheme proposed in Reference [24] is pointed vulnerable to concrete attack which shows the signature is forgeable [26].…”

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

“…The CL-SDVS scheme proposed in Reference [24] is pointed vulnerable to concrete attack which shows the signature is forgeable [26]. Recalling the proofs of previous insecure schemes [16][17][18]22], we find that there is an inappropriate restriction in their security models of unforgeability. The adversary cannot query target signer or the target verifier to sign arbitrary message, nor to check the validity of any signature.…”

“…Thus our proposed scheme inherently satisfies the security property of strongness. We provide a security comparison of our proposed scheme with known existing CL-DVS schemes (H-scheme [16], D-scheme [18], C-scheme [17], Y-scheme [23], X-scheme [22] and I-scheme [21]) in Tab. 1, which demonstrates that most existing schemes cannot satisfy all the required security properties, while ours can achieve all.…”

“…However, most of them [17][18] still need several pairing operations and the previous one does not resist the public key replace attack. Recently, several certificateless strong DVS schemes (CL-SDVS for short) have been proposed [20][21][22][23][24]. Unfortunately, some of them cannot achieve all the security properties as they claimed.…”

“…Unfortunately, some of them cannot achieve all the security properties as they claimed. According to [25], the scheme in Reference [22] is insecure against the malicious PKC attack and public key replacement attack. The CL-SDVS scheme proposed in Reference [24] is pointed vulnerable to concrete attack which shows the signature is forgeable [26].…”

Efficient and Provably-secure Certificateless Strong Designated Verifier Signature Scheme without Pairings

“…Lee [4] analyzed two certificateless signature (CLS) schemes, one of which was a CL-SDVS scheme that was proposed by Xiao et al [5]. The analysis model is proposed by Huang et al [6].…”

General Certificateless Strong Designated Verifier Signature Schemes

Certificateless designated verifier signature revisited: achieving a concrete scheme in the standard model