In this paper, we propose the concept of identity-based anonymous designated ring signature. This concept extends the existing notion of ring signatures in two ways: firstly, it allows a member from the ring to sign a message directed to a designated verifier, but secondly, we would like to have an anonymous designated verifier. At a glance, these two additional properties seem contradictory, but we shall show an example of situation where this kind of primitive is required. We present a formal model of such a scheme, and proceed with a construction based on bilinear pairings. Our scheme is provably secure under the random oracle model.
Available at: http://works.bepress.com/ymu/36/