1-out-of-n oblivious signature by Chen (ESORIC 1994) is a protocol between the user and the signer. In this scheme, the user makes a list of n messages and chooses the message that the user wants to obtain a signature from the list. The user interacts with the signer by providing this message list and obtains the signature for only the chosen message without letting the signer identify which messages the user chooses. Tso et al. (ISPEC 2008) presented a formal treatment of 1-out-of-n oblivious signatures. They defined unforgeability and ambiguity for 1-out-of-n oblivious signatures as a security requirement. In this work, first, we revisit the unforgeability security definition by Tso et al. and point out that their security definition has problems. We address these problems by modifying their security model and redefining unforgeable security. Second, we improve the generic construction of a 1-out-of-n oblivious signature scheme by Zhou et al. (IEICE Trans 2022). We reduce the communication cost by modifying their scheme with a Merkle tree. Then we prove the security of our modified scheme.

翻译：由 Chen 提出的 1-out-of-n 不经意签名（ESORIC 1994）是一种用户与签名者之间的协议。在该方案中，用户生成一份包含 n 条消息的列表，并从列表中选择希望获取签名的那条消息。用户通过提供该消息列表与签名者进行交互，仅获得所选消息的签名，同时确保签名者无法识别用户所选择的具体消息。Tso 等人（ISPEC 2008）对 1-out-of-n 不经意签名进行了形式化处理，将不可伪造性和模糊性定义为其安全需求。本文首先重新审视了 Tso 等人提出的不可伪造性安全定义，指出其安全定义存在的问题，并通过修改其安全模型、重新定义不可伪造安全性来应对这些问题。其次，我们对 Zhou 等人（IEICE Trans 2022）的 1-out-of-n 不经意签名方案的通用构造进行了改进，通过引入 Merkle 树修改其方案，从而降低了通信成本，并证明了改进后方案的安全性。