Informatica

In 1995, Wu proposed a remote login authentication scheme based on geometric approach. However, Chien, Jan and Tseng presented a cryptanalysis of Wu’s scheme to show that it is not secure. Moreover, they proposed a modified version of Wu’s scheme. This paper presents there is a serious weakness in this modified remote login authentication scheme. We show that an illegal user can easily forge a valid login request in the modified version proposed previously.

This paper introduces a new concept of convertible user designating confirmer partially blind signature, in which only the designated confirmer (designated by the user) and the user can verify and confirm the validity of given signatures and convert given signatures into publicly verifiable ones. We give a formal definition for it and propose a concrete provably secure scheme with a proof of security and a brief analysis of efficiency. Assuming the intractabilities of the Discrete Logarithm Problem and the ROS-Problem, the proposed scheme is unforgeable under adaptive chosen-message attack.

In 2001, Hsu et al. proposed a non‐repudiable threshold proxy signature with known signers. In their scheme, the proxy group cannot deny having signed the proxy signature if they did. However, Hsu et al.'s scheme is vulnerable to some attacks. A malicious original signer or malicious proxy signer can impersonate some other proxy signers to generate proxy signatures. In this article, we shall present our cryptanalysis of the Hsu et al.'s scheme. After that, we shall propose a new threshold proxy signature that can overcome the weaknesses.

Smart card has been adopted to various applications. In 2000, Hwang and Li proposed a remote user authentication scheme, which is also using smart card. Nine months later, Chan and Cheng pointed out that there is a weakness in the remote authentication scheme proposed by Hwang and Li. In this paper, we show that Chan and Cheng's attack does not work well because they did not consider the format of user's identity. In addition, we propose several ways to solve the problem of Chan and Cheng's attack.

Sun's nonrepudiation threshold proxy signature scheme is not secure against the collusion attack. In order to guard against the attack, Hwang et al. proposed another threshold proxy signature scheme. However, a new attack is proposed to work on both Hwang et al.'s and Sun's schemes. By executing this attack, one proxy signer and the original signer can forge any valid proxy signature. Therefore, both Hwang et al.'s scheme and Sun's scheme were insecure.