Delegateable signatures based on non-interactive witness indistinguishable and non-interactive witness hiding proofs

A delegateable signature scheme (DSS) which was first introduced by Barak is mainly based on the non-interactive zero-knowledge proof (NIZK) for preventing the signing verifier from telling which witness (i.e., restricted subset) is being used. However, the scheme is not significantly efficient due to the difficulty of constructing NIZK. We first show that a non-interactive witness indistinguishable (NIWI) proof system and a non-interactive witness hiding (NIWH) proof system are easier and more efficient proof models than NIZK in some cases. Furthermore, the witnesses employed in these two protocols (NIWI and NIWT) cannot also be distinguished by the verifiers. Combined with the Σ-protocol, we then construct NIWI and NIWH proofs for any NP statement under the existence of one-way functions and show that each proof is different from those under the existence of trapdoor permutations. Finally, based on our NIWI and NIWH proofs, we construct delegateable signature schemes under the existence of one-way functions, which are more efficient than Barak’s scheme under the existence of trapdoor permutations.