Multi-designated Verifiers Signatures

Designated verifier signatures were introduced in the middle of the 90’s by Jakobsson, Sako and Impagliazzo, and independenty patended by Chaum as private signatures. In this setting, a signature can only be verified by a unique and specific user. At Crypto’03, Desmedt suggested the problem of generalizing the designated verifier signatures. In this case, a signature should be intended to a specific set of different verifiers. In this article, we provide a formal definition of multi-designated verifiers signatures and give a rigorous treatment of the security model for such a scheme. We propose a construction based on ring signatures, which meets our definition, but does not achieve the privacy of signer’s identity property. Finally, we propose a very efficient bi-designated verifiers signature scheme based on bilinear maps, which protects the anonymity of signers.