Informatica

A proxy signature scheme enables an original signer to delegate its signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we first present a security model for certificateless proxy signature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle with a tight reduction.

In 2001, Hsu et al. proposed a non‐repudiable threshold proxy signature with known signers. In their scheme, the proxy group cannot deny having signed the proxy signature if they did. However, Hsu et al.'s scheme is vulnerable to some attacks. A malicious original signer or malicious proxy signer can impersonate some other proxy signers to generate proxy signatures. In this article, we shall present our cryptanalysis of the Hsu et al.'s scheme. After that, we shall propose a new threshold proxy signature that can overcome the weaknesses.

Sun's nonrepudiation threshold proxy signature scheme is not secure against the collusion attack. In order to guard against the attack, Hwang et al. proposed another threshold proxy signature scheme. However, a new attack is proposed to work on both Hwang et al.'s and Sun's schemes. By executing this attack, one proxy signer and the original signer can forge any valid proxy signature. Therefore, both Hwang et al.'s scheme and Sun's scheme were insecure.

In the (t,n) proxy signature scheme, the signature, originally signed by a signer, can be signed by t or more proxy signers out of a proxy group of n members. Recently, an efficient nonrepudiable threshold proxy signature scheme with known signers was proposed by H.-M. Sun. Sun's scheme has two advantages. One is nonrepudiation. The proxy group cannot deny that having signed the proxy signature. Any verifier can identify the proxy group as a real signer. The other is identifiable signers. The verifier is able to identify the actual signers in the proxy group. Also, the signers cannot deny that having generated the proxy signature. In this article, we present a cryptanalysis of the Sun's scheme. Further, we propose a secure, nonrepudiable and known signers threshold proxy signature scheme which remedies the weakness of the Sun's scheme.

Recently, Harn proposed an efficient scheme that can batch verification multiple RSA digital signatures. His scheme can reduce signature verification time. However, there is a weakness in his scheme. In this study, we present two methods to against his scheme.