A Traceable Universal Designated Verifier Transitive Signature Scheme
Abstract
:1. Introduction
1.1. Our Contributions
- (1)
- Our goal is to substitute the public verifiability of transitive signatures with single entity verifiability, where the entity is trusted. Therefore, we adopt the UDVTS proposed by [2]. Considering that the common issue of designated verifier signatures is that arbitration service cannot be provided when there is a signature dispute, we have introduced a tracer into the system that can find the true source of the signature.
- (2)
- We propose the concept of TUDVTS. We introduce to the UDVTS a tracer who is responsible for arbitrating any disputed data, and the chain relationships in the graphic remain hidden from other entities except the tracer. Therefore, this scheme protects the rights and interests of the signer and the verifier.
- (3)
- We describe definitions of TUDVTS and its security model. The security requirements of TUDVTS include unforgeability, privacy, and traceability. The unforgeability of TUDVTS means that any adversary cannot forge a transitive signature or a designated verifier signature even if it is allowed to obtain signatures on many other messages and public keys of its choice. The TUDVTS scheme encompasses two distinct forms of privacy: the non-transferability of TUDVTS and the privacy of transitive signatures. The former means that there is no way for anyone to distinguish between the two designated verifier signatures produced by the combiner or the verifier. The latter means that there is no way for anyone to distinguish between the two transitive signatures produced by the signer or the combiner. The traceability implies that the tracer can determine whether the signer signed the message.
- (4)
- We construct a TUDVTS scheme. By incorporating traceability, our scheme not only achieves the goal of controlling the verifier but also provides an arbitration service when signature disputes arise. We have conducted proofs to establish that our scheme satisfies the unforgeability, privacy, and traceability.
1.2. Related Works
- Transitive Signatures (TS). The earliest transitive signature schemes, DLTS and RSATS-1, were proposed by Micali and Rivest [1], where their security relies on the discrete logarithm problem and the RSA assumption, respectively. Note that the former can resist adaptive chosen-message attacks, while the latter can only resist non-adaptive chosen-message attacks. In the same year, Bellare and Neven [3] proposed the “node certification paradigm” and constructed two schemes based on RSA assumption and factoring, respectively. In addition, they proposed other new schemes based on the one-more discrete logarithm problem and one-more gap Diffie-Hellman problem [4]. By employing braid groups, Wang et al. [5] designed a transitive signature scheme that was not susceptible to quantum attacks at the time. Previous schemes required special hash functions, which made them less efficient. Lin et al. [6] introduced a scheme that utilizes general hash functions to achieve improved efficiency by reducing computational time.
- Universal Designated Verifier Signatures (UDVS). Steinfeld et al. [17] introduced the concept of UDVS: only the verifier designated by the signature holder is allowed to authenticate signatures. Steinfeld et al. [17] proposed the first UDVS scheme by utilizing a BLS [18] short signature in the same year. They then combined the standard RSA and Schnor schemes to propose two identity-based UDVS schemes [19]. Ng et al. [20] proposed another scheme with multiple verifiers designated, allowing multiple verifiers to authenticate the signature. Zhang et al. [21] use the model proposed by Steinfeld et al. [17] to design two new identity-based UDVS schemes. The security of the above schemes all rely on the random oracle model. Zhang et al. [22] designed the first UDVS scheme that is provably secure in the standard model. Shahandashti et al. [23] provided a generic construction of UDVS from standard digital signatures. Since then, a multitude of UDVS schemes with distinct features have been put forward, such as multi-signer and multiple designated verifiers UDVS [24], UDVS without delegatability [25], universal designated verifier ring signatures [26], and universal designated multi-verifiers content extraction signatures [27]. To resist quantum attacks, Li et al. [28] constructed the first lattice-based UDVS scheme. Moreover, Tang et al. [29] pointed out that the strong privacy in traditional universal designated verifier signature schemes leads to the problem of unfairness to the verifier and, thus, designed a traceable universal designated verifier signature proof scheme.
2. Preliminaries
2.1. Notations
2.2. Graphs
2.3. Admissible Bilinear Pairing
- (1)
- Bilinearity: , for all .
- (2)
- Non-degeneracy: .
- (3)
- Computability: is efficiently computable for all .
2.4. Complexity Assumptions
- (1)
- The oracle : inputs a point , returns a random point .
- (2)
- The CDH oracle : inputs a point , returns a point .
3. Traceable Universal Designated Verifier Transitive Signature Scheme
- . The initialization algorithm that takes as input the security parameter k, outputs the public parameters .
- . The key generation algorithm that takes as input the public parameters , outputs all users’ public/secret key pairs .
- . The transitive signing algorithm that takes as input the signer’s secret key and nodes and outputs an original signature of edge relative to .
- . The verification algorithm that takes as input the signer’s public key , nodes , and a candidate signature , which outputs 1 if accepting the signature or 0 for rejecting it.
- . The composition algorithm that takes as input the signer’s public key ,nodes , and two signatures , which outputs the composed signature or the symbol ⊥to indicate failure.
- . The translation algorithm that takes as input the tracer’s public key and a transitive signature of edge and outputs a translated signature . In addition, the combiner selects and saves a secret value t.
- . The signature holder’s designation algorithm that takes as input the verifier’s public key , nodes , a secret value t, and a translated signature , which outputs a designated verifier signature .
- . The transcript simulation algorithm that takes as input the signer’s public key , the tracer’s public key , the verifier’s secret key , nodes , and the translated signature , which outputs a simulated signature .
- . The designated verifying algorithm that takes as input the signer’s public key , the verifier’s secret key , nodes , and a designated verifier signature , which outputs 1 if accepting the signature or 0 for rejecting it.
- . The tracing algorithm that takes as input the tracer’s secret key and the translated signature , which outputs the transitive signature .
- Correctness: we require five obvious correctness properties in TUDVTS. The first four points are the correctness requirements of UDVTS. Algorithm TVry checks the correctness of TSign and Comp. Algorithm DV checks the correctness of DS and Sim. Algorithm Trans checks the correctness of Trace.
- Correctness of TSign: If , then
- Correctness of Comp: If , then
- Correctness of DS: If , then
- Correctness of Sim: If , then
- Correctness of Trace: If , then .
Security Models
- Unforgeability: the unforgeability of TUDVTS is similar to the unforgeability of UDVTS. TUDVTS encompasses two distinct forms of unforgeability. The first property refers to the fact that any adversary cannot output a forgery even if it is allowed to obtain transitive signatures on many other messages of its choice, i.e., the transitive signature unforgeability (TS-unforgeability). The second property refers to the impossibility for any adversary to forge a valid designated verifier signature even if they possess a valid translated signature from before, i.e., the designated verifier signature unforgeability (DV-unforgeability). Note that it is possible that the translated signature in DV-unforgeability is forged. As described in reference [29], we only consider this case where the translated signature is sent by the designator.
- Setup: the public parameters and the signer’s public/secret key-pair are generated by running Setup and KGen, respectively. Then, it is sent to .
- TSign Query: picks an edge . Then, the transitive signature is generated by running TSign and sent to .
- Setup: the public parameters and all users’ public/secret key-pairs are generated by running Setup and KGen, respectively. Then, it is sent to .
- Trans Query: picks an edge . The transitive signature is first generated by running TSign. Then, the translated signature is generated by running Trans and sent to . The secret value t is kept private.
- DS Query: picks an edge (), a verifier’s public key and the corresponding translated signature . He initially acquires the signature using the aforementioned procedure in the absence of the translated signature. Then, is generated by running DS and sent to .
- DV Query: requests the verification result of () using the chosen public key . The verification result is generated by running DV and sent to .
- SKey Query: picks a verifier’s public key . Then, the corresponding private key is sent to .
- -
- DV().
- -
- has never been submitted to DS Query.
- -
- has never been submitted to SKey Query.
- Setup: the public parameters and all users’s public/secret key-pairs are generated by running Setup and KGen, respectively. Then, it is sent to .
- Stage 1: the distinguisher adaptively makes Trans Query, DS Query, DV Query, Sim Query, SKey Query: it responds to in the same way as in game .
- -
- Sim Query: assuming that requests a simulated signature on edge () using the chosen public key , he initially acquires the signature using the aforementioned procedure in the absence of the translated signature. Then, the simulated signature is generated by running Sim and sent to .
- Challenge stage: returns and that satisfy the following conditions:
- -
- .
- -
- has never been submitted to DS Query and Sim Query.
- -
- has never been submitted to SKey Query.
In reply, the experiment randomly samples . If , then the signature is generated by running DS and returned to . Otherwise, the signature is generated by running Sim and returned to . - Stage 2. Upon the receipt of the signature, can still proceed with the query in stage 1. However, he cannot choose for DS Query or Sim Query.
- Guess stage. outputs his guess .
- Traceability: as stated in [29], in order to determine whether the signer signed the message, we introduce a tracer in UDVTS. The tracer can restore the translated signature to its corresponding transitive signature . According to TV-unforgeability, only the signer and the combiner have the ability to obtain valid transitive signatures. Thus, the tracer can track the identity of the translated signature generator by checking whether the transitive signature is valid.
4. Our TUDVTS Scheme
4.1. Construction
- Setup(): this algorithm first obtains by running GGen. Then, it generates a bilinear map and a generator g of and outputs the public parameters ).
- KGen(): this algorithm takes as input the public parameters . It computes , where . It outputs three pairs of public/secret keys , which denote the signer, the verifier, and the tracer, respectively.
- TSign(): this algorithm takes as input the signer’s secret key a and nodes . It computes if , where . If , swap i and j.
- TVry(): this algorithm takes as input the signer’s public key A, nodes , and a signature . If , then it outputs 1 (accept). Otherwise, it outputs 0 (reject).
- Comp(): this algorithm takes as input the signer’s public key A, nodes , and two signatures of and of . If and are both valid signatures, then it outputs the composed signature of . Otherwise, it outputs ⊥.
- Trans(): this algorithm takes as input the tracer’s public key D and the signature of . The combiner computes , where . He outputs the translated signature .
- DS(): this algorithm takes as input the verifier’s public key B and the translated signature . The combiner randomly chooses , and calculates and Then, he outputs the designated verifier signature .
- Sim(): this algorithm takes as input the signer’s public key A, the tracer’s public key D and notes . The verifier randomly picks , and calculates and Then, he outputs a simulated signature .
- DV(): this algorithm takes as input the signer’s public key A, the tracer’s public key D, notes and the signature . The designated verifier calculates and checks whether . If this holds, then the algorithm outputs 1 (accept). Otherwise, it outputs 0 (reject).
- Trace(): this algorithm takes as input the translated signature . The tracer computes and checks whether . If this holds then is legitimate.
4.2. Correctness
- Correctness of TSign: if , where , then
- Correctness of Comp: If , where , then
- Correctness of DS: if and
- Correctness of Sim: If and
- Correctness of Trace: if , then
4.3. Security Analysis
- Setup:
- 1.
- sets A as the signer’s public key and sets D as the tracer’s public key.
- 2.
- computes as the public key of the verifier , where is his private key. For , sets B as his public key. Then, maintains a list L and adds all the pairs () to L, where .
- 3.
- sends () to .
- Query:
- 1.
- maintains a list to record the hash values output by calling .
- 2.
- When queries , completes the following:
- -
- If , then ; ; ; ; .
- -
- returns to .
- Query:
- 1.
- maintains a list to record the hash values output by oracle. randomly picks a verifier’s public key and a number and computes .
- 2.
- When queries , completes the following:
- -
- Firstly, obtains and as above if the two hash values do not exist.
- -
- Returns to . Then, adds all the message/value pairs to .
- Trans Query: assuming that requests a translated signature on an edge () that he has chosen. In reply, firstly obtains the signature if is empty. performs the following (assume ):
- 1.
- If or , invokes to obtain or .
- 2.
- If is empty, then; .
- 3.
- For all ,If is empty, then ; .If is empty, then ; .
- 4.
- .
- 5.
- randomly picks , computes and . maintains a list and stores all the random numbers t to .
- 6.
- Returns () to , and stores the corresponding t in .
- DS Query: assuming that requests a designated verifier signature on edge () using the chosen public key , firstly obtains the translated signature as above if the signature does not exist. Then, randomly selects and calculates and , returns to adversary .
- DV Query: assuming that requests a verification result of () using the chosen public key , calculates , returns 1 if , otherwise returns 0.
- SKey Query: assuming that requests the corresponding private key using the chosen public key , outputs the corresponding private key if . Otherwise, the operation aborts. The probability of not aborting is .
- Forgery: eventually, takes as input and , obtains by asking for the oracle, when the edge and the verifier’s public key chosen by himself. Then, he obtains a translated signature by Trans Query and computes . In the end, returns a forgery signature . If , then the operation aborts. The probability of not aborting is . We assume , otherwise can query the by himself. Let the graph be composed of all pairs submitted to Trans Query and let be the transitive closure of G. is valid if it satisfies the following:
- -
- DV().
- -
- has never been submitted to DS Query.
- -
- has never been submitted to SKey Query.
- 1.
- .
- 2.
- .For all ,
- 3.
- .
- 4.
- .
- 1.
- .
- 2.
- .For all ,
- 3.
- .
- 4.
- .
- -
- has never been submitted to SKey Query.
- -
- In the output forgery, chooses the public key B.
- Setup: sets A as the signer’s public key and returns to .
- TSign Query: assuming that requests a signature on an edge () that he has chosen. In reply, performs the following (Assume ):
- 1.
- If or , invokes to obtain or .
- 2.
- If is empty, then; .
- 3.
- For all ,If is empty, then ; .If is empty, then ; .
- 4.
- .
- 5.
- Returns to .
- Then, adaptively invokes the oracle. responds to in the same way as in the proof above.
- Setup:
- 1.
- sets as the public key of the signer and the tracer, respectively, where .
- 2.
- sets as the ith () verifier’s public/private key-pair, where . Then, maintains a list L and adds all the public/private key-pairs to L.
- 3.
- sends () to .
- Stage 1: the distinguisher adaptively invokes Query, Query, Trans Query, DS Query, DV Query, Sim Query, SKey Query. It responds to in the same way as in game .
- -
- SKey Query: if requests the private key associated with a chosen public key , verifies the list L and provides the matching private key in response.
- -
- Sim Query: assuming that requests a simulated signature on edge () using the chosen public key , firstly obtains the translated signature as above if the signature does not exist. Then, randomly selects and calculates and , returns to distinguisher .
- Challenge stage: returns and that satisfy the following conditions:
- -
- .
- -
- has never been submitted to DS Query and Sim Query.
- -
- has never been submitted to SKey Query.
In reply, randomly samples . If , then the signature is generated by running DS and returned to . Otherwise, the signature is generated by running Sim and returned to . - Stage 2: upon the receipt of the signature, can still proceed with the query in Stage 1. However, he cannot query the translated signature on edge , and cannot choose for DS Query or Sim Query.
- Guess stage: outputs his guess .
5. Efficiency Analysis
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Micali, S.; Rivest, R.L. Transitive Signature Schemes. In Topics in Cryptology—CT-RSA 2002; Preneel, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2002; pp. 236–243. [Google Scholar]
- Hou, S.; Huang, X.; Liu, J.K.; Li, J.; Xu, L. Universal Designated Verifier Transitive Signatures for Graph-Based Big Data. Inf. Sci. 2015, 318, 144–156. [Google Scholar] [CrossRef]
- Bellare, M.; Neven, G. Transitive Signatures Based on Factoring and RSA. In Advances in Cryptology—ASIACRYPT 2002; Zheng, Y., Ed.; Springer: Berlin/Heidelberg, Germany, 2002; pp. 397–414. [Google Scholar]
- Bellare, M.; Neven, G. Transitive Signatures: New Schemes and Proofs. IEEE Trans. Inf. Theory 2005, 51, 2133–2151. [Google Scholar] [CrossRef]
- Wang, L.; Cao, Z.; Zheng, S.; Huang, X.; Yang, Y. Transitive Signatures from Braid Groups. In Progress in Cryptology—INDOCRYPT 2007; INDOCRYPT’07; Springer: Berlin/Heidelberg, Germany, 2007; pp. 183–196. [Google Scholar]
- Lin, C.; Zhu, F.; Wu, W.; Liang, K.; Choo, K.K.R. A New Transitive Signature Scheme. In Network and System Security; Chen, J., Piuri, V., Su, C., Yung, M., Eds.; Springer: Cham, Switzerland, 2016; pp. 156–167. [Google Scholar]
- Zhu, F.; Zhang, Y.; Lin, C.; Wu, W.; Meng, R. A Universal Designated Multi-Verifier Transitive Signature Scheme. In Information Security and Cryptology; Chen, X., Lin, D., Yung, M., Eds.; Springer: Cham, Switzerland, 2018; pp. 180–195. [Google Scholar]
- Lin, C.; Wu, W.; Huang, X.; Xu, L. A New Universal Designated Verifier Transitive Signature Scheme for Big Graph Data. J. Comput. Syst. Sci. 2017, 83, 73–83. [Google Scholar] [CrossRef]
- Noh, G.; Jeong, I.R. Transitive Signature Schemes for Undirected Graphs from Lattices. KSII Trans. Internet Inf. Syst. 2019, 13, 3316–3332. [Google Scholar]
- Noh, G.; Chun, J.Y. Identity-Based Transitive Signature Scheme from Lattices. J. Korea Inst. Inf. Secur. Cryptol. 2021, 31, 509–516. [Google Scholar]
- Rivest, R.; Hohenberger, S. The Cryptographic Impact of Groups with Infeasible Inversion. Doctoral Dissertation, Massachusetts Institute of Technology, Cambridge, MA, USA, 2003. [Google Scholar]
- Kuwakado, H.; Tanaka, H. Transitive Signature Scheme for Directed Trees. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 2003, 86-A, 1120–1126. [Google Scholar]
- Yi, X. Directed Transitive Signature Scheme. In Topics in Cryptology—CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, San Francisco, CA, USA, 5–9 February 2007, Proceedings; Abe, M., Ed.; Springer: Berlin/Heidelberg, Germnay, 2007; Volume 4377, pp. 129–144. [Google Scholar]
- Neven, G. A Simple Transitive Signature Scheme for Directed Trees. Theor. Comput. Sci. 2008, 396, 277–282. [Google Scholar] [CrossRef]
- Camacho, P.; Hevia, A. Short Transitive Signatures for Directed Trees. In Topics in Cryptology—CT-RSA 2012; Dunkelman, O., Ed.; CT-RSA 2012. Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2012; Volume 7178, pp. 35–50. [Google Scholar]
- Xu, J.; Chang, E.; Zhou, J. Directed Transitive Signature on Directed Tree. In Proceedings of the Singapore Cyber-Security Conference (SG-CRC) 2016-Cyber-Security by Design, Singapore, 14–15 January 2016; Cryptology and Information Security Series. Mathur, A., Roychoudhury, A., Eds.; IOS Press: Amsterdam, The Netherlands, 2016; Volume 14, pp. 91–98. [Google Scholar]
- Steinfeld, R.; Bull, L.; Wang, H.; Pieprzyk, J. Universal Designated-Verifier Signatures. In Advances in Cryptology—ASIACRYPT 2003; Laih, C.S., Ed.; ASIACRYPT 2003. Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2894, pp. 523–542. [Google Scholar]
- Boneh, D.; Lynn, B.; Shacham, H. Short Signatures from the Weil Pairing. In Advances in Cryptology—ASIACRYPT 2001; Boyd, C., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; pp. 514–532. [Google Scholar]
- Steinfeld, R.; Wang, H.; Pieprzyk, J. Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures. In Public Key Cryptography-PKC 2004, 7th International Workshop on Theory and Practice in Public Key Cryptography, Singapore, 1–4 March 2004; Lecture Notes in Computer Science; Bao, F., Deng, R.H., Zhou, J., Eds.; Springer: Berlin/Heidelberg, Germany, 2004; Volume 2947, pp. 86–100. [Google Scholar]
- Ng, C.Y.; Susilo, W.; Mu, Y. Universal Designated Multi Verifier Signature Schemes. In Proceedings of the 11th International Conference on Parallel and Distributed Systems, ICPADS 2005, Fuduoka, Japan, 20–22 July 2005; pp. 305–309. [Google Scholar]
- Zhang, F.; Susilo, W.; Mu, Y.; Chen, X. Identity-Based Universal Designated Verifier Signatures. In Embedded and Ubiquitous Computing-EUC 2005 Workshops, EUC 2005 Workshops: UISW, NCUS, SecUbiq, USN, and TAUES, Nagasaki, Japan, 6–9 December 2005, Proceedings; Lecture Notes in Computer Science; Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T., Eds.; Springer: Berlin/Heidelberg, Germany, 2005; Volume 3823, pp. 825–834. [Google Scholar]
- Zhang, R.; Furukawa, J.; Imai, H. Short Signature and Universal Designated Verifier Signature Without Random Oracles. In Applied Cryptography and Network Security, Third International Conference, ACNS 2005, New York, NY, USA, 7–10 June 2005, Proceedings; Lecture Notes in Computer Science; Ioannidis, J., Keromytis, A.D., Yung, M., Eds.; Springer: Berlin/Heidelberg, Germany, 2005; Volume 3531, pp. 483–498. [Google Scholar]
- Shahandashti, S.F.; Safavi-Naini, R. Generic Constructions for Universal Designated-Verifier Signatures and Identitybased Signatures from Standard Signatures. IET Inf. Secur. 2009, 3, 152–176. [Google Scholar] [CrossRef]
- Chang, T.Y. An ID-Based Multi-Signer Universal Designated Multi-Verifier Signature Scheme. Inf. Comput. 2011, 209, 1007–1015. [Google Scholar] [CrossRef]
- Huang, X.; Susilo, W.; Mu, Y.; Wu, W. Universal Designated Verifier Signature Without Delegatability. In Information and Communications Security, 8th International Conference, ICICS 2006, Raleigh, NC, USA, 4–7 December 2006, Proceedings; Lecture Notes in Computer Science; Ning, P., Qing, S., Li, N., Eds.; Springer: Berlin/Heidelberg, Germany, 2006; Volume 4307, pp. 479–498. [Google Scholar]
- Li, J.; Wang, Y. Universal Designated Verifier Ring Signature (Proof) Without Random Oracles. In Emerging Directions in Embedded and Ubiquitous Computing, EUC 2006 Workshops: NCUS, SecUbiq, USN, TRUST, ESO, and MSA, Seoul, Korea, 1–4 August 2006, Proceedings; Lecture Notes in Computer Science; Zhou, X., Sokolsky, O., Yan, L., Jung, E., Shao, Z., Mu, Y., Lee, D.C., Kim, D., Jeong, Y., Xu, C., Eds.; Springer: Berlin/Heidelberg, Germany, 2006; Volume 4097, pp. 332–341. [Google Scholar]
- Wang, M.; Zhang, Y.; Ma, J.; Wu, W. A Universal Designated Multi Verifiers Content Extraction Signature Scheme. Int. J. Comput. Sci. Eng. 2020, 21, 49–59. [Google Scholar] [CrossRef]
- Li, B.H.; Liu, Y.Z.; Yang, S. Lattice-Based Universal Designated Verifier Signatures. In Proceedings of the 15th International Conference on e-Business Engineering, ICEBE, Xi’an, China, 12–14 October 2018; IEEE Computer Society. pp. 329–334. [Google Scholar]
- Tang, F.; Ma, S.; Ma, C.L. Traceable Universal Designated Verifier Signature Proof Scheme. Ruan Jian Xue Bao/J. Softw. 2022, 33, 4305. [Google Scholar]
- Gao, W.; Wang, G.; Wang, X.; Li, F. Round-Optimal ID-Based Blind Signature Schemes without ROS Assumption. J. Commun. 2012, 7, 909–920. [Google Scholar] [CrossRef]
Algorithm | TSign | TVry | Comp | Trans | DS | DV | Sim |
---|---|---|---|---|---|---|---|
UDVTS | — | — | — | ||||
TUDVTS | — | — |
Algorithm | TSign | TVry | Comp | Trans | DS | DV | Sim |
---|---|---|---|---|---|---|---|
UDVTS | — | ||||||
TUDVTS |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hou, S.; Lin, C.; Yang, S. A Traceable Universal Designated Verifier Transitive Signature Scheme. Information 2024, 15, 43. https://doi.org/10.3390/info15010043
Hou S, Lin C, Yang S. A Traceable Universal Designated Verifier Transitive Signature Scheme. Information. 2024; 15(1):43. https://doi.org/10.3390/info15010043
Chicago/Turabian StyleHou, Shaonan, Chengjun Lin, and Shaojun Yang. 2024. "A Traceable Universal Designated Verifier Transitive Signature Scheme" Information 15, no. 1: 43. https://doi.org/10.3390/info15010043
APA StyleHou, S., Lin, C., & Yang, S. (2024). A Traceable Universal Designated Verifier Transitive Signature Scheme. Information, 15(1), 43. https://doi.org/10.3390/info15010043