{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T01:03:54Z","timestamp":1772240634730,"version":"3.50.1"},"reference-count":60,"publisher":"International Association for Cryptologic Research","license":[{"start":{"date-parts":[[2024,7,8]],"date-time":"2024-07-08T00:00:00Z","timestamp":1720396800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["803096"],"award-info":[{"award-number":["803096"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004836","name":"Danmarks Frie Forskningsfon","doi-asserted-by":"publisher","award":["DFF-2064-00016B,DFF-2032-00122B,DFF-0165-00107B"],"award-info":[{"award-number":["DFF-2064-00016B,DFF-2032-00122B,DFF-0165-00107B"]}],"id":[{"id":"10.13039\/501100004836","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,9,2]]},"abstract":"<jats:p>We study signatures well suited for sensitive applications (e.g. whistleblowing) where both the signer's anonymity and deniability are important. Two independent lines of work have tackled these two goals: ring signatures ensure the signer's anonymity (within a set of signers, called a ring), and \u2014 separately \u2014 multi designated verifier signatures ensure that all the intended recipients agree on whether a signature is valid, while maintaining the signer's deniability by preventing the intended recipients from convincing an outsider of the validity of the signature. In this paper, we introduce multi designated verifier ring signatures (MDVRS), which simultaneously offer both signer anonymity and deniability. This makes MDVRS uniquely suited for sensitive scenarios.<\/jats:p>\n          <jats:p>Following the blueprint of Damg\u00e5rd et al (TCC'20) for multi designated verifier signatures, we introduce provably simulatable designated verifier ring signatures (PSDVRS) as an intermediate building block which we then compile into an MDVRS. We instantiate PSDVRS in a concretely efficient way from discrete logarithm based sigma protocols, encryption and commitments.<\/jats:p>","DOI":"10.62056\/a33zivrzn","type":"journal-article","created":{"date-parts":[[2024,10,7]],"date-time":"2024-10-07T15:13:33Z","timestamp":1728314013000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":3,"title":["Multi Designated Verifier Ring Signatures"],"prefix":"10.62056","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-3228-7194","authenticated-orcid":false,"given":"Sebastian","family":"Kolby","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/01aj84f44","id-type":"ROR","asserted-by":"publisher"}],"name":"Aarhus University","place":["Aarhus, Denmark"],"department":["Computer Science"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7804-6696","authenticated-orcid":false,"given":"Elena","family":"Pagnin","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/040wg7k59","id-type":"ROR","asserted-by":"publisher"}],"name":"Chalmers University of Technology and University of Gothenburg","place":["Gothenburg, Sweden"],"department":["Computer Science and Engineering"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7958-8537","authenticated-orcid":false,"given":"Sophia","family":"Yakoubov","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/01aj84f44","id-type":"ROR","asserted-by":"publisher"}],"name":"Aarhus University","place":["Aarhus, Denmark"],"department":["Computer Science"]}]}],"member":"48349","published-online":{"date-parts":[[2024,10,7]]},"reference":[{"key":"ref1:AC:SBWP03","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-540-40061-5_33","article-title":"Universal Designated-Verifier Signatures","volume":"2894","author":"Ron Steinfeld","year":"2003"},{"key":"ref2:EC:JakSakImp96","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-68339-9_13","article-title":"Designated Verifier Proofs and Their Applications","volume":"1070","author":"Markus Jakobsson","year":"1996"},{"key":"ref3:INDOCRYPT:CamKho21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1007\/978-3-030-92518-5_27","article-title":"Succinct Publicly-Certifiable Proofs - Or, Can a Blockchain\n  Verify a Designated-Verifier Proof?","volume":"13143","author":"Matteo Campanelli","year":"2021"},{"key":"ref4:AC:RivShaTau01","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/3-540-45682-1_32","article-title":"How to Leak a Secret","author":"Ronald L. Rivest","year":"2001"},{"key":"ref5:EC:ChaVan91","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/3-540-46416-6_22","article-title":"Group Signatures","volume":"547","author":"David Chaum","year":"1991"},{"key":"ref6:PKC:AHNPY22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-030-97131-1_13","article-title":"Count Me In! Extendability for Threshold Ring Signatures","volume":"13178","author":"Diego F. Aranha","year":"2022"},{"key":"ref7:ICICS:LagVer04","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-540-30191-2_38","article-title":"Multi-designated Verifiers Signatures","volume":"3269","author":"Fabien Laguillaumie","year":"2004"},{"key":"ref8:TCC:DHMNOY20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/978-3-030-64378-2_9","article-title":"Stronger Security and Constructions of Multi-designated\n  Verifier Signatures","volume":"12551","author":"Ivan Damg\u00e5rd","year":"2020"},{"key":"ref9:balla2022designated","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-031-19685-0_5","article-title":"Designated-Verifier Linkable Ring Signatures with\n  Unconditional Anonymity","author":"Danai Balla","year":"2022"},{"key":"ref10:C:AttCra20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/978-3-030-56877-1_18","article-title":"Compressed $\\varSigma$-Protocol Theory and Practical\n  Application to Plug & Play Secure Algorithmics","volume":"12172","author":"Thomas Attema","year":"2020"},{"key":"ref11:C:AttCraFeh21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-030-84259-8_3","article-title":"Compressing Proofs of k-Out-Of-n Partial Knowledge","volume":"12828","author":"Thomas Attema","year":"2021"},{"key":"ref12:EC:BGLS03","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/3-540-39200-9_26","article-title":"Aggregate and Verifiably Encrypted Signatures from Bilinear\n  Maps","volume":"2656","author":"Dan Boneh","year":"2003"},{"key":"ref13:AC:ZhaKim02","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1007\/3-540-36178-2_33","article-title":"ID-Based Blind Signature and Ring Signature from\n  Pairings","volume":"2501","author":"Fangguo Zhang","year":"2002"},{"key":"ref14:EC:DKNS04","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"609","DOI":"10.1007\/978-3-540-24676-3_36","article-title":"Anonymous Identification in Ad Hoc Groups","volume":"3027","author":"Yevgeniy Dodis","year":"2004"},{"key":"ref15:TCC:BenKatMor06","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/11681878_4","article-title":"Ring Signatures: Stronger Definitions, and Constructions\n  Without Random Oracles","volume":"3876","author":"Adam Bender","year":"2006"},{"key":"ref16:C:BreSteSzy02","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/3-540-45708-9_30","article-title":"Threshold Ring Signatures and Applications to Ad-hoc\n  Groups","volume":"2442","author":"Emmanuel Bresson","year":"2002"},{"key":"ref17:PKC:FujSuz07","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-71677-8_13","article-title":"Traceable Ring Signature","volume":"4450","author":"Eiichiro Fujisaki","year":"2007"},{"key":"ref18:ESORICS:SALY17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-319-66399-9_25","article-title":"RingCT 2.0: A Compact Accumulator-Based (Linkable Ring\n  Signature) Protocol for Blockchain Cryptocurrency Monero","volume":"10493","author":"Shi-Feng Sun","year":"2017"},{"key":"ref19:chow2005identity","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11533733_10","article-title":"Identity based ring signature: Why, how and what next","author":"Sherman SM Chow","year":"2005"},{"key":"ref20:PKC:SteWanPie04","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-540-24632-9_7","article-title":"Efficient Extension of Standard Schnorr\/RSA Signatures\n  into Universal Designated-Verifier Signatures","volume":"2947","author":"Ron Steinfeld","year":"2004"},{"key":"ref21:AC:BonLynSha01","doi-asserted-by":"publisher","first-page":"514","DOI":"10.1007\/3-540-45682-1_30","article-title":"Short Signatures from the Weil Pairing","author":"Dan Boneh","year":"2001"},{"key":"ref22:JC:Joux04","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/s00145-004-0312-y","article-title":"A One Round Protocol for Tripartite Diffie\u2013Hellman","volume":"17","author":"Antoine Joux","year":"2004","journal-title":"Journal of Cryptology"},{"key":"ref23:chow2008multi","doi-asserted-by":"publisher","first-page":"348","DOI":"10.6633\/IJNS.200811.7(3).06","article-title":"Multi-Designated Verifiers Signatures Revisited","volume":"7","author":"Sherman S. M. Chow","year":"2008","journal-title":"International Journal of Network Security"},{"key":"ref24:chow2006identity","doi-asserted-by":"publisher","DOI":"10.1007\/11774716_23","article-title":"Identity-Based Strong Multi-Designated Verifiers\n  Signatures","author":"Sherman S. M. Chow","year":"2006"},{"key":"ref25:ICISC:SaeKreMar03","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-540-24691-6_4","article-title":"An Efficient Strong Designated Verifier Signature Scheme","volume":"2971","author":"Shahrokh Saeednia","year":"2004"},{"key":"ref26:ACISP:SusZhaMu04","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-540-27800-9_27","article-title":"Identity-Based Strong Designated Verifier Signature\n  Schemes","volume":"3108","author":"Willy Susilo","year":"2004"},{"key":"ref27:li2007designated","doi-asserted-by":"publisher","first-page":"1191","DOI":"10.1007\/978-3-540-73549-6_116","article-title":"Designated verifier signature: definition, framework and new\n  constructions","author":"Yong Li","year":"2007"},{"key":"ref28:behrouz2022designated","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-031-08896-4_3","article-title":"Designated-verifier linkable ring signatures","author":"Pourandokht Behrouz","year":"2022"},{"key":"ref29:STOC:BluFelMic88","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1145\/62212.62222","article-title":"Non-Interactive Zero-Knowledge and Its Applications\n  (Extended Abstract)","author":"Manuel Blum","year":"1988"},{"key":"ref30:C:Pedersen91","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-46766-1_9","article-title":"Non-Interactive and Information-Theoretic Secure Verifiable\n  Secret Sharing","volume":"576","author":"Torben P. Pedersen","year":"1992"},{"key":"ref31:C:GroMal17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"581","DOI":"10.1007\/978-3-319-63715-0_20","article-title":"Snarky Signatures: Minimal Signatures of Knowledge from\n  Simulation-Extractable SNARKs","volume":"10402","author":"Jens Groth","year":"2017"},{"key":"ref32:EC:GKOPTT23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-031-30617-4_11","article-title":"Witness-Succinct Universally-Composable SNARKs","volume":"14005","author":"Chaya Ganesh","year":"2023"},{"key":"ref33:C:FiaSha86","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","article-title":"How to Prove Yourself: Practical Solutions to\n  Identification and Signature Problems","volume":"263","author":"Amos Fiat","year":"1987"},{"key":"ref34:C:CraDamSch94","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","article-title":"Proofs of Partial Knowledge and Simplified Design of Witness\n  Hiding Protocols","volume":"839","author":"Ronald Cramer","year":"1994"},{"key":"ref35:JC:AttFehKlo23","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s00145-023-09478-y","article-title":"Fiat-Shamir Transformation of Multi-Round Interactive Proofs\n  (Extended Version)","volume":"36","author":"Thomas Attema","year":"2023","journal-title":"Journal of Cryptology"},{"key":"ref36:ACISP04","series-title":"LNCS","volume-title":"ACISP 04","volume":"3108","year":"2004"},{"key":"ref37:AC03","series-title":"LNCS","volume-title":"ASIACRYPT\u00a02003","volume":"2894","year":"2003"},{"key":"ref38:AC02","series-title":"LNCS","volume-title":"ASIACRYPT\u00a02002","volume":"2501","year":"2002"},{"key":"ref39:C21-4","series-title":"LNCS","volume-title":"CRYPTO\u00a02021, Part\u00a0IV","volume":"12828","year":"2021"},{"key":"ref40:C20-3","series-title":"LNCS","volume-title":"CRYPTO\u00a02020, Part\u00a0III","volume":"12172","year":"2020"},{"key":"ref41:C17-2","series-title":"LNCS","volume-title":"CRYPTO\u00a02017, Part\u00a0II","volume":"10402","year":"2017"},{"key":"ref42:C02","series-title":"LNCS","volume-title":"CRYPTO\u00a02002","volume":"2442","year":"2002"},{"key":"ref43:C94","series-title":"LNCS","volume-title":"CRYPTO'94","volume":"839","year":"1994"},{"key":"ref44:C91","series-title":"LNCS","volume-title":"CRYPTO'91","volume":"576","year":"1992"},{"key":"ref45:C86","series-title":"LNCS","volume-title":"CRYPTO'86","volume":"263","year":"1987"},{"key":"ref46:ESORICS17-2","series-title":"LNCS","volume-title":"ESORICS\u00a02017, Part\u00a0II","volume":"10493","year":"2017"},{"key":"ref47:EC23-2","series-title":"LNCS","volume-title":"EUROCRYPT\u00a02023, Part\u00a0II","volume":"14005","year":"2023"},{"key":"ref48:EC04","series-title":"LNCS","volume-title":"EUROCRYPT\u00a02004","volume":"3027","year":"2004"},{"key":"ref49:EC03","series-title":"LNCS","volume-title":"EUROCRYPT\u00a02003","volume":"2656","year":"2003"},{"key":"ref50:EC96","series-title":"LNCS","volume-title":"EUROCRYPT'96","volume":"1070","year":"1996"},{"key":"ref51:EC91","series-title":"LNCS","volume-title":"EUROCRYPT'91","volume":"547","year":"1991"},{"key":"ref52:ICICS04","series-title":"LNCS","volume-title":"ICICS 04","volume":"3269","year":"2004"},{"key":"ref53:ICISC03","series-title":"LNCS","volume-title":"ICISC 03","volume":"2971","year":"2004"},{"key":"ref54:INDOCRYPT21","series-title":"LNCS","volume-title":"INDOCRYPT\u00a02021","volume":"13143","year":"2021"},{"key":"ref55:PKC22-2","series-title":"LNCS","volume-title":"PKC\u00a02022, Part\u00a0II","volume":"13178","year":"2022"},{"key":"ref56:PKC07","series-title":"LNCS","volume-title":"PKC\u00a02007","volume":"4450","year":"2007"},{"key":"ref57:PKC04","series-title":"LNCS","volume-title":"PKC\u00a02004","volume":"2947","year":"2004"},{"key":"ref58:STOC88","volume-title":"20th ACM STOC","year":"1988"},{"key":"ref59:TCC20-2","series-title":"LNCS","volume-title":"TCC\u00a02020, Part\u00a0II","volume":"12551","year":"2020"},{"key":"ref60:TCC06","series-title":"LNCS","volume-title":"TCC\u00a02006","volume":"3876","year":"2006"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T21:28:29Z","timestamp":1733866109000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/3\/28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,7]]},"references-count":60,"URL":"https:\/\/doi.org\/10.62056\/a33zivrzn","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,7]]},"assertion":[{"value":"2024-07-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-3-82"}}