Strong Designated Verifier Signatures from Isogeny Assumptions
摘要
Designated verifier signatures (DVS) enable a signer to create a signature that only a specific verifier can authenticate, thereby ensuring both message authenticity and signer privacy. Strong designated verifier signatures (SDVS) further enhance the security of the signer’s identity. In particular, they guarantee that it is computationally infeasible for any third party, even those possessing the secret keys of the signer or the designated verifier, to determine the public key under which the signature was produced. In this paper, we introduce a novel construction of a strong designated verifier signature scheme based on isogeny assumptions. Our scheme leverages the computational difficulty of finding isogenies between supersingular elliptic curves, a problem believed to be resistant to quantum attacks. Our construction achieves strong off-the-record security, unforgeability, and privacy of the signer’s identity in the random oracle model. Furthermore, we employ optimized techniques to substantially reduce key sizes without compromising signature compactness. The resulting public keys are only 16 kB, and the secret keys are 128 bits, while a signature achieving 128-bit classical security is 862 bytes, which is smaller than those in lattice-based or code-based SDVS proposals.