Existing nominative signature schemes only enforce verifier identity constraints and cannot simultaneously verify whether encrypted assets have actually been transferred, limiting their applicability in on-chain financial scenarios. To address this, we propose the first non-transferable signature system integrating nominative signatures with fund-state verification. Our approach extends the Hanaoka–Schuldt scheme to support asymmetric bilinear pairings and—novelty—leverages the invisibility property of nominative signatures for secure on-chain publication. We design an Ethereum smart contract that atomically verifies signatures and confirms asset transfer in a single transaction. Furthermore, we introduce a Gas-optimization algorithm that significantly reduces on-chain verification overhead. Experimental evaluation demonstrates practical feasibility: the system jointly enforces signature delegation control and real-time fund-state validation. This work establishes a new paradigm for decentralized credentials and programmable financial contracts.

Nominative signatures allow us to indicate who can verify a signature, and they can be employed to construct a non-transferable signature verification system that prevents the signature verification by a third party in unexpected situations. For example, this system can prevent IOU/loan certificate verification in unexpected situations. However, nominative signatures themselves do not allow the verifier to check whether the funds will be transferred in the future or have been transferred.It would be desirable to verify the fact simultaneously when the system involves a certain money transfer such as cryptocurrencies/cryptoassets. In this paper, we propose a smart contract-based non-transferable signature verification system using nominative signatures. We pay attention to the fact that the invisibility, which is a security requirement to be held for nominative signatures, allows us to publish nominative signatures on the blockchain. Our system can verify whether a money transfer actually will take place, in addition to indicating who can verify a signature. We transform the Hanaoka-Schuldt nominative signature scheme (ACNS 2011, IEICE Trans. 2016) which is constructed over a symmetric pairing to a scheme constructed over an asymmetric pairing, and evaluate the gas cost when a smart contract runs the verification algorithm of the modified Hanaoka-Schuldt nominative signature scheme.