On the Security of Some Nonrepudiable Threshold Proxy Signature Schemes

A (t,n) threshold proxy signature scheme enables an original signer or a group of original signers to delegate the signature authority to a proxy group of n members such that not less than t proxy signers can cooperatively sign messages on behalf of the original signer or the original signer group. In the paper, we show that Sun's and Yang et al.'s threshold proxy signature schemes are insecure against the original signer's forgery, and that Tzeng et al.'s threshold multi-proxy multi-signature scheme is vulnerable against the actual original signer group's forgery. We also show that Hsu et al.'s threshold proxy signature scheme suffers from the conspiracy of the original signer and the secret share dealer SA, and that Hwang et al.'s threshold proxy signature scheme is universally forgeable. In other words, none of the above-mentioned schemes holds the unforgeability and provides non-repudiation.

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Tzong-Chen Wu,et al.  New nonrepudiable threshold proxy signature scheme with known signers , 2001, J. Syst. Softw..

[3]  Byoungcheon Lee,et al.  Secure Mobile Agent Using Strong Non-designated Proxy Signature , 2001, ACISP.

[4]  Fuw-Yi Yang,et al.  Cryptanalysis of a threshold proxy signature with known signers , 2005, IACR Cryptol. ePrint Arch..

[5]  Kan Zhang,et al.  Threshold Proxy Signature Schemes , 1997, ISW.

[6]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[7]  Torben P. Pedersen Distributed Provers with Applications to Undeniable Signatures , 1991, EUROCRYPT.

[8]  Ji Jia A New Proxy Multi-Signature Scheme , 2004 .

[9]  Min-Shiang Hwang,et al.  A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers , 2000, Informatica.

[10]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[11]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[12]  Min-Shiang Hwang,et al.  An improvement of nonrepudiable threshold proxy signature scheme with known signers , 2004, Comput. Secur..

[13]  Robert H. Deng,et al.  Comments on "A Practical (t, n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem" , 2004, IEEE Trans. Knowl. Data Eng..

[14]  Min-Shiang Hwang,et al.  On the efficiency of nonrepudiable threshold proxy signature scheme with known signers , 2004, J. Syst. Softw..

[15]  Min-Shiang Hwang,et al.  A nonrepudiable threshold multi-proxy multi-signature scheme with shared verification , 2004, Future Gener. Comput. Syst..

[16]  Robert L. Glass Error detection: Which is better, reviews or testing? , 1993, J. Syst. Softw..

[17]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[18]  Satoshi Obana,et al.  The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures , 2004, EUROCRYPT.

[19]  Hung-Min Sun,et al.  An efficient nonrepudiable threshold proxy signature scheme with known signers , 1999, Comput. Commun..

[20]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Min-Shiang Hwang,et al.  A Practical (t, n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem , 2003, IEEE Trans. Knowl. Data Eng..

[23]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[24]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[25]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[26]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.