Comments on a Threshold Proxy Signature Scheme Based on the RSA Cryptosystem

In a (t, n) proxy signature scheme, the original signer can delegate his/her signing capability to n proxy signers such that any t or more proxy singers can sign messages on behalf of the former, but t − 1 or less of them cannot do the same thing. Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite common. Based on the RSA cryptosystem, Hwang et al. recently proposed an efficient (t, n) threshold proxy signature scheme. In this paper we identify several security weaknesses in their scheme and show that their scheme is insecure.

[1]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[2]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[3]  Min-Shiang Hwang,et al.  Improved Non-Repudiable Threshold Proxy Signature Scheme with Known Signers , 2003, Informatica.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Kan Zhang,et al.  Threshold Proxy Signature Schemes , 1997, ISW.

[6]  Hung-Min Sun,et al.  An efficient nonrepudiable threshold proxy signature scheme with known signers , 1999, Comput. Commun..

[7]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[8]  Edwin K. P. Chong,et al.  Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures , 2003, PODC '03.

[9]  Robert H. Deng,et al.  Security Analysis of Some Proxy Signatures , 2003, ICISC.

[10]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Min-Shiang Hwang,et al.  A Practical (t, n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem , 2003, IEEE Trans. Knowl. Data Eng..

[13]  Tzong-Chen Wu,et al.  New nonrepudiable threshold proxy signature scheme with known signers , 2001, J. Syst. Softw..

[14]  Hung-Min Sun,et al.  Threshold proxy signatures , 1999 .

[15]  Yevgeniy Dodis,et al.  Breaking and repairing optimistic fair exchange from PODC 2003 , 2003, DRM '03.

[16]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[17]  Min-Shiang Hwang,et al.  A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers , 2000, Informatica.

[18]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[19]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[20]  Byoungcheon Lee,et al.  Secure Mobile Agent Using Strong Non-designated Proxy Signature , 2001, ACISP.

[21]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[22]  Jung Hee Cheon,et al.  An Analysis of Proxy Signatures: Is a Secure Channel Necessary? , 2003, CT-RSA.

[23]  Torben P. Pedersen Distributed Provers with Applications to Undeniable Signatures , 1991, EUROCRYPT.

[24]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.