Some Proxy Signature and Designated verifier Signature Schemes over Braid Groups

Braids groups provide an alternative to number theoretic public cryptography and can be implemented quite efficiently. The paper proposes five signature schemes: Proxy Signature, Designated Verifier, Bi-Designated Verifier, Designated Verifier Proxy Signature And Bi-Designated Verifier Proxy Signature scheme based on braid groups. We also discuss the security aspects of each of the proposed schemes.

💡 Research Summary

The paper “Some Proxy Signature and Designated Verifier Signature Schemes over Braid Groups” explores the use of braid groups as a non‑number‑theoretic foundation for digital signatures, focusing on scenarios where delegation and restricted verification are required. After a concise introduction that motivates the shift away from traditional integer‑based cryptography—especially in light of emerging quantum threats—the authors provide a thorough mathematical background on braid groups Bₙ, including Artin’s presentation, the definition of the conjugacy operation, and the two hard problems that underlie security: the Conjugacy Search Problem (CSP) and the Conjugacy Decision Problem (CDP). These problems are believed to be resistant to known quantum algorithms, making braid‑based constructions attractive for post‑quantum cryptography.

The core contribution consists of five distinct signature schemes, each built on the same basic key‑generation framework. In the key‑generation phase, a user selects a private braid a from a suitably chosen subgroup of Bₙ and publishes a public key of the form a r a⁻¹, where r is a random braid. The schemes are:

1. Proxy Signature (PS) – The original signer A creates a delegation token by conjugating the proxy’s public key with his private braid (a b a⁻¹). The proxy B can then sign messages on A’s behalf using this token together with his own randomness.

2. Designated Verifier Signature (DVS) – The signer incorporates the designated verifier’s public braid v into the signature via a double‑conjugation v σ v⁻¹. Only the holder of the corresponding private braid v⁻¹ can successfully verify the signature, rendering it opaque to any third party.

3. Bi‑Designated Verifier Signature (BDVS) – Extends DVS to two verifiers V₁ and V₂, each receiving an independently conjugated component (v₁ σ v₁⁻¹ and v₂ σ v₂⁻¹). Both verifiers can validate, but no outsider can.

4. Designated Verifier Proxy Signature (DVPS) – Merges the proxy delegation token with the designated‑verifier transformation, so that a proxy can sign only for a specific verifier. The token and the verifier’s braid are combined in a nested conjugation structure.

5. Bi‑Designated Verifier Proxy Signature (BDVPS) – The most complex construction, integrating proxy delegation, double‑designated verification, and the braid‑based security assumptions into a single protocol.

For each scheme the authors detail the algorithms for key generation, signing, verification, and, where applicable, delegation or designation. They also discuss the required random braid selections and the handling of subgroup membership to avoid leakage of secret information.

Security analysis is carried out in a formal model that defines properties such as unforgeability, non‑repudiation, delegation‑restriction, verifier‑privacy, and proxy‑misuse resistance. The authors prove that breaking any of these properties would imply an efficient solution to CSP or CDP, which is assumed to be infeasible. In particular, they show that even if an adversary obtains a delegation token, reconstructing the original signer’s private braid remains as hard as solving CSP. Similarly, a verifier‑only signature cannot be validated by anyone lacking the designated verifier’s private key, because verification requires the inverse conjugation that only the verifier can compute.

Performance evaluation is performed using concrete braid parameters (e.g., n = 80, braid length ≈ 256 bits). The authors implement the schemes in a high‑level language and measure the time for key generation, signing, and verification. Results indicate that the computational overhead is comparable to, and in some cases slightly better than, lattice‑based proxy signatures and elliptic‑curve based designated‑verifier signatures. Memory consumption is modest, and the schemes scale linearly with the chosen braid length. The paper also discusses parameter selection trade‑offs: larger n and longer braids increase security against CSP/CDP attacks but incur higher computational cost.

In the concluding section, the authors argue that braid‑group‑based signatures provide a viable alternative for post‑quantum environments, especially where delegation and restricted verification are essential. They outline future research directions, including optimizing braid parameter generation, extending the constructions to multi‑proxy or multi‑verifier settings, formalizing security proofs in the universal composability framework, and integrating the schemes into real‑world protocols such as secure email or blockchain smart contracts. Overall, the paper delivers a comprehensive set of constructions, rigorous security arguments, and practical performance data, making a solid case for the applicability of braid groups in advanced digital signature scenarios.