1-out-of-n Oblivious Signatures: Security Revisited and a Generic Construction with an Efficient Communication Cost

1-out-of-n oblivious signature by Chen (ESORIC 1994) is a protocol between the user and the signer. In this scheme, the user makes a list of n messages and chooses the message that the user wants to obtain a signature from the list. The user interacts with the signer by providing this message list and obtains the signature for only the chosen message without letting the signer identify which messages the user chooses. Tso et al. (ISPEC 2008) presented a formal treatment of 1-out-of-n oblivious signatures. They defined unforgeability and ambiguity for 1-out-of-n oblivious signatures as a security requirement. In this work, first, we revisit the unforgeability security definition by Tso et al. and point out that their security definition has problems. We address these problems by modifying their security model and redefining unforgeable security. Second, we improve the generic construction of a 1-out-of-n oblivious signature scheme by Zhou et al. (IEICE Trans 2022). We reduce the communication cost by modifying their scheme with a Merkle tree. Then we prove the security of our modified scheme.