Lu Rong-bo, He Da-ke, Wang Chang-ji. Cryptanalysis of an Identity-Based Threshold Proxy Signature Scheme with Known Signers[J]. Journal of Electronics & Information Technology, 2008, 30(1): 100-103. doi: 10.3724/SP.J.1146.2006.01218
Citation:
Lu Rong-bo, He Da-ke, Wang Chang-ji. Cryptanalysis of an Identity-Based Threshold Proxy Signature Scheme with Known Signers[J]. Journal of Electronics & Information Technology, 2008, 30(1): 100-103. doi: 10.3724/SP.J.1146.2006.01218
Lu Rong-bo, He Da-ke, Wang Chang-ji. Cryptanalysis of an Identity-Based Threshold Proxy Signature Scheme with Known Signers[J]. Journal of Electronics & Information Technology, 2008, 30(1): 100-103. doi: 10.3724/SP.J.1146.2006.01218
Citation:
Lu Rong-bo, He Da-ke, Wang Chang-ji. Cryptanalysis of an Identity-Based Threshold Proxy Signature Scheme with Known Signers[J]. Journal of Electronics & Information Technology, 2008, 30(1): 100-103. doi: 10.3724/SP.J.1146.2006.01218
In TAMC' 06, Bao et al. proposed a new identity-based threshold proxy signature with known signers from the bilinear pairings (denoted as BCW scheme) for the first time. As for the security, they claimed their scheme satisfies the security requirements of proxy signature such as strong unforgeability and their scheme need not the secure channel for the delivery of the signed warrant and etc.. In this paper, however, an attack against their scheme is presented. That is, based on the proxy signature generated by proxy signers on a message on behalf of an original signer, an attacker can forge a valid threshold proxy signature on the same message which seemed generated by proxy signers on behalf of this attacker himself. After production a forged proxy signature, the attacker has the same authority with the original signer to the proxy signer, and the verifier cannot distinguish that which one is the real original signer. To thwart this attack, an improvement measure is further proposed, which can resolve the security problem existing in this scheme.
Mambo M,Usuda K and Okamoto E. Proxy signature: Delegation to sign messages. IEICE Trans. on Fundatamentals, 1996, E79-A(9): 1338-1354.[2]Lal S and Awasthi A K. Proxy blind signature scheme. Available at http:/eprint.iacr. org /2003.[3]Yi Lijiang, Bai Guoqiang, and Xiao Guozhen. Proxy multi- signature scheme[J].Electron.Lett.2000, 36(6):527-528[4]Zhang K. Threshold proxy signature schemes[J].In: Proc of the 1st Intl Information Security Workshop (ISW97), Springer- Verlag.1997, LNCS 1396:191-197[5]Shamir A. How to share a secret[J].Communication of the ACM.1979, 22(11):612-613[6]Boneh D and Franklin M. Identity-based encryption from the Weil pairing, Advances in Cryptology-Crypto01, Springer- Verlag, 2001, LNCS 2139: 213-229.[7]Bao Haiyong, Cao Zhenfu, and Wang Shengbao. Indentity- based threshold proxy signature scheme with knows signers[J].The 3nd Annual Conference in Theory and Applications of Models of Computation-TAM06, Springer-Verlag.2006, LNCS 3959:538-546[8]Boneh D, Lynn B, and Shacham H. Short signatures from the Weil pairing[J].In: Boyd C. ed.. Advances in Cryptology- Asiacrypt2001. Springer-Verlag.2001, LNCS 2248:514-532
DownLoad: