近幾年為了保護簽章者的匿名性，有許多關於擁有指定驗證者的環簽章法的研究陸續被提出。在這些研究中，只有黃和鄭的簽章法提供了對指定驗證者以外的人，簽章者最大的匿名性。此簽章法也提供了真正簽章者能證明環簽章是由自己簽署這特性，但是為了這特性導致較繁重的計算量。所以為了改善其效能和保留黃和鄭的簽章法的特性，我們提出一個新的具有指定驗證者的環簽章法。這新的環簽章法不僅減少計算量，也擁有和黃和鄭的簽章法特性。另外，提出的簽章法也擁有簽章者坦白此特性並且其簽章長度較短。然而，訊息有可能透露出一些關於真實簽章者的秘密資訊。所以，我們提出一個新的具指定驗證者的環簽密文法。此提出的方法對於指定驗證者以外的任何人提供了最大的真正簽章者的匿名保護。相較於其他的環簽密文法，我們的方法提供較強的簽章者匿名保護並且所要加密的訊息長度不設限。

Many ring signature schemes with designated verifiers are proposed to protect signers’ identity privacy recently.  Among those schemes, only Hwang and Cheng proposed their scheme to provide 1-out-of-infinite signer anonymity for anyone except designated verifiers.  Moreover, to protect signers’ benefit, their scheme provides the signer admission.  However, their signer admission cause the heavy computation cost to keep 1-out-of-infinite signer anonymity.  To improve their performance with the same 1-out-of-infinite signer anonymity, our efficient ring signature scheme with strong designated verifier is proposed.  Our scheme also reduces the size of the ring signature with strong designated verifiers and also provides the signer admission with the same 1-out-of-infinite signer anonymity.  Since messages may reveal some sensitive information about the actual signer, our ring signcryption scheme with strong designated verifiers is proposed to 1-out-of-infinite signer anonymity for anyone, except the designated verifiers.  Being compared with the other ring signcryption schemes, our scheme provides strongest signer anonymity to protect signers’ privacy.  Our scheme is also free from the message length restriction while the other schemes are not.

Chapter 1 Introduction P. 1
Chapter 2 Review P. 5
2.1 Hwang and Cheng’s Scheme P. 5
2.2 Underlying Hard Problems P. 8
Chapter 3 Our Strong Designated Verifier Ring Signature Scheme P. 9
3.1 Our SDV-RS Scheme P. 9
3.2 Security Analysis P. 12
3.3 Performance Analysis and Discussion P. 22 
Chapter 4 Our Strong Designated Verifier Ring Signcryption Scheme P. 25
4.1 Our SDV-RSC Scheme P. 25
4.2 Security Analysis P. 28
4.3 Comparsion P. 43
Chapter 5 Conclusions P. 46
References P. 47
Appendix P. 50

Table 1: Computation Cost Comparison between Hwang and Cheng's and Our Schemes P. 24
Table 2: Communication Cost Comparison between Hwang and Cheng's and Our Schemes P. 24
Table 3: Security Property Comparison P. 45
Table 4: Computation Cost of Our SDV-RSC Scheme P. 45

[1] W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. 22, Issue 6, pp. 644-654, Nov. 1976.
[2] R. L. Rivest, A. Shamir, and Y. Tauman, “How to Leak a Secret,” Advances in Cryptology-ASIACRYPT 2001, LNCS 2248, Berlin: Springer-Verlag, 2001, pp. 552-565. 
[3] F. Zhang and K. Kim, “ID-Based Blind Signature and Ring Signature from Pairings,” Advance in Cryptology-ASIACRYPT 2002, LNCS 2501, Berlin: Springer-Verlag, 2002, pp. 629-637.
[4] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Advance in Croptology-Crypto’84, LNCS 196, New-York: Springer-Verlag, 1985, pp. 47-53.
[5] J. K. Liu, V. K. Wei, and D. S. Wong, “Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups,” Information Security and Privacy, LNCS 3108, Berlin: Springer-Verlag, 2004, pp. 325-335.
[6] E. Bresson, J. Stern, and M. Szydlo “Threshold Ring Signatures and Applications to Ad-hoc Groups,” Advances in Cryptology-CRYPTO’02, LNCS 2442, Berlin: Springer-Verlag, 2002, pp. 465-480.
[7] J. Ren and L. Harn, “Generalized Ring Signature,” IEEE Transactions on Dependable and Secure Computing, Vol. 5, Issue 3, pp. 155-163, 2008.
[8] H. Wang, S. Han, C. Deng, and F. Zhang, “Cryptanalysis and Improvement of a Ring Signature Based on ElGamal Signature,” WCSE’09, WRI World Congress on Software Engineering, 2009, Vol. 3, pp. 397-401, May 2009.
[9] M. Jakobsson, K. Sako and R. Impagliazzo, “Designated Verifier Proofs and Their Applications,” Advances in Cryptology-Eurocrypt’96, LNCS 1070, Berlin: Springer-Verlag, 1996, pp.143-154.
[10] S. Saeednia , S. Kremer and O. Markowitch, “An Efficient Strong Designated Verifier Signature Scheme,” Information Security and Cryptology-INCISC 2003, LNCS 2971, Berlin: Springer-Verlag, 2003, pp. 40-54.
[11] J. S. Lee and J. H. Chang, “Strong Designated Verifier Ring Signature Scheme,” Innovations and Advanced Techniques in Computer and Information Sciences and Engineering, Netherlands: Springer-Verlag, 2007, pp.543-547.
[12] L. Wu and D. Li, “Strong Designated Verifier ID-Based Ring Signature Scheme,” Information Science and Engineering, 2008, ISISE’08, International Symposium, Vol. 1, Shanghai, P. R. O. C., Dec. 20-22, 2008, pp. 294-298.
[13] S. J. Hwang and K. L. Cheng, “A Ring Signature Scheme with Strong Designated Verifiers to Provide Signer Anonymity,” in Workshop on Cryptography and Information Security, NCS 2009, Sanshia, Taipei, Taiwan, R. O. C., Dec. 2009, pp. 58-69.
[14] Y. Zheng, “Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption),” Advances in Cryptology — CRYPTO'97, LNCS 1294, New York: Springer-Verlag, 1997, pp. 165-179.
[15] X. Huang, W. Susilo, Y. Mu and F. Zhang, “Identity-Based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in The Ubiquitous World,” in Proceedings of Advanced Information Networking and Applications, AINA 2005, Taipei, Taiwan, Mar. 2005, pp. 649-654.
[16] S. Han, H. Wang, and X. Wang, “A Strong Designated Verifier Ring Signcryption Scheme,” in Proceedings of the 5th International Conference on Wireless Communications, Networking and Mobile Computing, 2009, Sep. 2009, pp. 4450-4453.
[17] S. Sharmila Deva Selvi, S. Sree Vivek, and C. Pandu Rangan, “On the Security of Identity Based Ring Signcryption Scheme,” in Information Security, LNCS 5735, Berlin: Springer-Verlag, 2009, pp. 310-325.
[18] Y. Yu, F. Li, C. Xu, and Y. Sun, “An Efficient Identity-based Anonymous Signcryption Scheme,” Wuhan University Journal of Natural Sciences, Vol. 13, No. 6, pp. 670-674, 2008.
[19] Z.-C. Zhu, Y.-Z. Zhang, and F. Wang, “An Efficient and Provable Secure Identity Based Ring Signcryption Scheme,” Computer Standards & Interfaces, Vol. 31, Issue 6, Nov. pp. 1092-1097, 2009.
[20] M. Zhang, B. Yang, S. Zhu, and W. Zhang, “Efficient Secret Authenticatable Anonymous Signcryption Scheme with Identity Privacy,” Intelligence and Security Informatics, LNCS 5075, Berlin: Springer-Verlag, 2008, pp. 126-137.
[21] F. Li, H. Xiong, and Y. Yu, “An Efficient Id-based Ring Signcryption Scheme,” in Communications, Circuits and Systems, 2008, Fujian, P. R.O.C., May, 2008, pp. 483-487.
[22] F. Li, M. Shirase, and T. Takagi, “Analysis and Improvement of Authenticatable Ring Signcryption Scheme,” In Journal of Shanghai Jiaotong University (Science), vol. 13, no. 6, 2008, pp. 679-683.
[23] L. Zhun and F. Zhang, “Efficient Identity Based Ring Signature and Ring Signcryption Schemes,” in 2008 International Conference on Computational Intelligence and Security, vol. 2, Dec., 2008, pp. 303-307.
[24] G. Ateniese, “Efficient Verifiable Encryption (and Fair Exchange) of Digital Signatures,” Proceedings of 6th ACM Conference on Computer and Communications Security, New York: ACM, 1999, pp. 138-146.