為了方便於匿名性的應用上，陳等學者的具有鏈結性之指定驗證者環簽章法提供n位環成員分之一的簽章者匿名性。該簽章法的計算成本和參加計算的環成員人數呈正比。對於簽章者匿名性而言，最佳的簽章者匿名性應是隱身於所有合法的使用者中；為最佳的簽章者匿名性， 所有合法的使用者人數n通常是非常大的，因此提供最佳的簽章者匿名性時，陳等學者的方法效率並非有效方法。另外，陳等學者的方法中所含的強鏈結性會傷害到環簽章的簽章者匿名性。為了有效地提供最佳的簽章者匿名性以及移除強鏈結性對簽章者匿名性的傷害，我們提出了具有最佳簽章者匿名性與強指定驗證者之弱鏈結性環簽章法。在計算成本的分析上，我們的方法比陳等學者的方法有效。在簽章者匿名性上，我們的方法也比陳等學者的方法強。另外，為了防止訊息洩漏與身分相關敏感資料，我們也提供了具有最佳簽章者匿名性與強指定驗證者之弱鏈結性環簽密法。最後，我們的兩篇方法均有正式的安全性證明。

For the anonymous applications, Chen et al. proposed a designated-verifier linkable ring signature scheme with “one-out-of-n” signer anonymity, where n is the number of ring members.  In their scheme, the computational cost of each designated-verifier linkable ring signature is proportional to n.  The maximum signer anonymity should be one-out-of-maximum anonymity that each one is hidden among all possible users, so n should be the total number of users.  Due to the computational cost, Chen et al.’s scheme is an inefficient solution when n is very large.  Moreover, the strong linkability also damages the signer anonymity.  To efficiently provide one-out-of-maximum signer anonymity and remove the damage caused by strong linkability, our strong designated-verifier weak-linkable ring signature scheme is proposed.  Due to the performance analysis, our scheme is more efficient than Chen et al.’s scheme, although our signer anonymity is stronger than Chen et al.’s signer anonymity.  Moreover, the message may leak some sensitive identity data, this thesis also proposed a strong designated-verifier weak-linkable ring signcryption scheme to provide indistinguishable message confidentiality.  Moreover, our security properties are proved in the random oracle model.

Table of Content
Chapter 1 Introduction	1
1.1	Motivation	1
1.2	Our Contribution	5
Chapter 2 Our Strong Designated-Verifier Weak Linkable Ring Signature Scheme	6
2.1	Our SDV-WLRS Scheme	6
2.2	Security Analysis	9
2.3	Performance Analysis and Discussion	24
Chapter 3 Our Strong Designated-Verifier Weak Linkable Ring Signcryption Scheme	27
3.1	Our SDV-WLRSC Scheme	27
3.2	Security Analysis	31
3.3	Performance Analysis and Discussion	53
Chapter 4 Conclusions	56
References	57
Appendix A	61
  
List of Tables
Table 1.1: Security Property Comparison between Chen et al.’s and Our Schemes	25
Table 1.2: Computational Cost Comparison between Chen et al.’s and Our schemes	26
Table 2.1: Computational Cost for Our schemes	55

[1]	M. Jakobsson, K. Sako and R. Impaglizzo, “Designated Verifier Proofs and Their Application,” Advances in Cryptogy-Eurocypt’ 96, LNCS 1070, Berlin: Springer-Verlag, 1996, pp. 143-154.
[2]	S. Saeednia, S. Kermer and O. Markowitch, “An Efficient Strong Designated Verifier Signature Scheme,” In Information Security and Cryptology-INCISC 2003, LNCS 2971, Berlin: Springer-Verlag, 2003, pp. 40-54.
[3]	R. L. Rivest, A. Shamir, and Y. Tauman, “How to Leak a Secret,” Advances in Cryptology-Asiacrypt 2001, LNCS 2248, Berlin：Springer-Verlag, 2001, pp. 552-565.
[4]	C. Gamage, B. Gras, B. Crispo, and A. S Tanenbaum, “An Identity-based Ring Signature Scheme with Enhanced Privacy,” Securecomm and Workshops, Baltimore, MD, USA, Aug. 28-Sep. 1, 2006, pp. 1-5.
[5]	Huaqun Wang, Futai Zhang and Yanfei Sun, “Cryptanalysis of a Generalized Ring Signature Scheme,” IEEE Transactions on Dependable and Secure Computing, vol. 6, issue 2, pp. 149-151, April-June 2009.
[6] 	E. Bresson, J. Stern, and M. Szydlo “Threshold Ring Signatures and Applications to Ad-hoc Groups,” in Rroc advances in Cryptology-CRYPTO’02, LNCS 2442, Berlin: Spring-Verlag, 2002, pp. 465-480.
[7]	Fangguo Zhang and Kwangjo Kim, “ID-Based Blind Signature and Ring Signature form Pairings,” in Advance in Cryptology-ASIACRYPT 2002, LNCS 2501, Berlin: Springer-Verlag, 2002, pp. 629-637.
[8] 	J. Ren and L. Harn, “Generalized Ring Signature,” IEEE Transactions on Dependable and Secure Computing, vol. 5, issue 3, pp. 155-163, July-Sept. 2008.
[9] 	H. Wang, S. Han, C. Deng, and F. Zhang, “Cryptanalysis and Improvement of a Ring Signature Based on ElGamal Signature,” WCSE’09, WRI World Congress on Software Engineering, 2009, Vol. 3, pp. 397-401, May 2009.
[10] Joseph K. Liu, Man Ho Au, Willy Susilo, and Jianying Zhou, “Online/Offline Ring Signature Scheme,” ICICS 2009, LNCS 5927, Heidelberg: Springer-Verlag, 2009, pp. 80-90.
[11] Joseph K. Liu, Victor K. Wei, and Duncan S. Wong, “Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups,” 9th Australasian Coference, LNCS 3108, Berlin: Springer-Verlag, 2004, pp. 325-355.
[12]	Guomin Chen, Chunhui Wu, Wei Han, Xiaofeng Chen, Hyunrok Lee, and Kwangjo Kim, “A New Receipt-Free Voting Scheme Based on Linkable Ring Signature for Designated Verifiers,” Proceedings of the 2008 International Conference on Embedded Software and Systems Symposia, 2008, pp. 18-23.
[13]	Ik Rae Jeong, Jeong Ok Kwon, Dong Hoon Lee, "Ring Signature with Weak Linkability and Its Applications," IEEE Transactions on Knowledge and Data Engineering, vol. 20, no. 8, pp. 1145-1148, Jan. 2008.
[14]	J. S. Lee and J. H. Chang, “Strong Designated Verifier Ring Signature Scheme,” Innovations and Advanced Techniques in Computer and Information Sciences and Engineering , Netherlands:Springer-Verlag , 2007 , pp.543-547.
[15]	L. Wu and D. Li, “Strong Designated Verifier ID-Based Ring Signature Scheme,” Information Science and Engineering, 2008, ISISE’08. International Symposium, Vol. 1 Shanghai, P. R. O. C., Dec. 20-22, 2008, pp.294-298.
[16]	S. J. Hwang and K. L. Cheng, “A Ring Signature Scheme with Strong Designated Verifier to Provide Signer Anonymity,” in Workshop on Cryptography and Information Security, NCS 2009, Taipei, Taiwan, R.O.C., Dec. 2009, pp. 58-69.
[17]	Y. Zheng, “Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption),” Advances in Cryptology — CRYPTO'97, LNCS 1294, New York: Springer-Verlag, 1997, pp. 165-179.
[18]	Y. Yu, F. Li, C. Xu, and Y. Sun, “An Efficient Identity-based Anonymous Signcryption Scheme,” Wuhan University Journal of Natural Sciences, Vol. 13, No. 6, pp. 670-674, 2008.
[19]	Z.-C. Zhu, Y.-Z. Zhang, and F. Wang, “An Efficient and Provable Secure Identity Based Ring Signcryption Scheme,” Computer Standards & Interfaces, Vol. 31, Issue 6, Nov. pp. 1092-1097, 2009.
[20]	M. Zhang, B. Yang, S. Zhu, and W. Zhang, “Efficient Secret Authenticatable Anonymous Signcryption Scheme with Identity Privacy,” Intelligence and Security Informatics, LNCS 5075, Berlin: Springer-Verlag, 2008, pp. 126-137.
[21]	F. Li, H. Xiong, and Y. Yu, “An Efficient Id-based Ring Signcryption Scheme,” in Communications, Circuits and Systems, 2008, Fujian, P. R.O.C., May, 2008, pp. 483-487.
[22]	F. Li, M. Shirase, and T. Takagi, “Analysis and Improvement of Authenticatable Ring Signcryption Scheme,” In Journal of Shanghai Jiaotong University (Science), vol. 13, no. 6, 2008, pp. 679-683.
[23]	L. Zhun and F. Zhang, “Efficient Identity Based Ring Signature and Ring Signcryption Schemes,” in 2008 International Conference on Computational Intelligence and Security, vol. 2, Dec., 2008, pp. 303-307.
[24]	S. Sharmila Deva Selvi, S. Sree Vivek, and C. Pandu Rangan, “On the Security of Identity Based Ring Signcryption Scheme,” in Information Security, LNCS 5735, Berlin: Springer-Verlag, 2009, pp. 310-325.
[25]	X. Huang, W. Susilo, Y. Mu and F. Zhang, “Identity-Based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in The Ubiquitous World,” in Proceedings of Advanced Information Networking and Applications, AINA 2005, Taipei, Taiwan, Mar. 2005, pp. 649-654.
[26]	S. Han, H. Wang, and X. Wang, “A Strong Designated Verifier Ring Signcryption Scheme,” in Proceedings of the 5th International Conference on Wireless Communications, Networking and Mobile Computing, 2009, Sep. 2009, pp. 4450-4453.
[27]	G. Ateniese, “Efficient Verifiable Encryption (and Fair Exchange) of Digital Signature,” in Proc. of ACM Conference on Computer and Communications Security (CCS’ 99), ACM Press, New York, U.S.A., 1999, pp. 138-146.