In early 2000's, Rivest [1,2] and Micali  introduced the notion of transitive signature, which allows a third party with public key to generate a valid signature for a composed edge (vi,vk), from the signatures for two edges (vi,vj) and (vj,vk). Since then, a number of works, including [2,3,4,5,6], have been devoted on transitive signatures. Most of them address the undirected transitive signature problem, and the directed transitive signature is still an open problem. S. Hohenberger  even showed that a directed transitive signature implies a complex mathematical group, whose existence is still unknown. Recently, a few directed transitive signature schemes [7,8] on directed trees are proposed. The drawbacks of these schemes include: the size of composed signature increases linearly with the number of nested applications of composition and the creating history of composed edge is not hidden properly. This paper presents a RSA-Accumulator  based scheme DTTS—a Directed-Tree-Transitive Signature scheme, to address these issues. Like previous works [7,8], DTTS is designed only for directed trees, however, it features with constant (composed) signature size and privacy-preserving property. We prove that DTTS is transitively unforgeable under adaptive chosen message attack in the standard model.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 email@example.com
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 firstname.lastname@example.org