The digital signature provides the function of integration, authentication, and non-repudiation for the signing message. In ordinary digital signature schemes, anyone can verify the signatures with signer’s public key. However it is not necessary for anyone to be convinced a justification of signer’s dishonorable message such as a bill. It is enough for a receiver only to prove a justification of the signature if the signer does not execute a contract. The undeniable signature schemes [2] [3] and the limited verifier signature scheme[1] can solve this problem. There exists a message such as official documents which will be first treated as limited verifier signatures but after a few years as ordinary digital signatures. So the limited verifier signature scheme should be convertible. In 1999, Araki et al. [1] proposed a convertible limited verifier signature scheme. In this paper, we show that Araki et al.’s scheme is universally forgeable, that is, any one can forge a valid signature of a user UA on an arbitrary message.
[1]
David Chaum,et al.
Undeniable Signatures
,
1989,
CRYPTO.
[2]
David Chaum,et al.
Convertible Undeniable Signatures
,
1990,
CRYPTO.
[3]
R. A. Rueppel,et al.
Message recovery for signature schemes based on the discrete logarithm problem
,
1994,
EUROCRYPT.
[4]
Rainer A. Rueppel,et al.
Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem
,
1996,
Des. Codes Cryptogr..
[5]
Kaisa Nyberg,et al.
Advances in Cryptology — EUROCRYPT'98
,
1998
.
[6]
S. Araki,et al.
The Limited Verifier Signature and Its Application
,
1999
.