Security Analysis of Some Proxy Signatures

A proxy signature scheme allows an entity to delegate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former. Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite common. Followed by the first schemes introduced by Mambo, Usuda and Okamoto in 1996, a number of new schemes and improvements have been proposed. In this paper, we present a security analysis of four such schemes newly proposed in [14, 15]. By successfully identifying several interesting forgery attacks, we show that these four schemes all are insecure. Consequently, the fully distributed proxy scheme in [11] is also insecure since it is based on the (insecure) LKK scheme [13, 14]. In addition, we point out the reasons why the security proofs provided in [14] are invalid.

[1]  Hung-Min Sun,et al.  Threshold proxy signatures , 1999 .

[2]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[3]  Patrick Horster,et al.  Self-certified keys — Concepts and Applications , 1997 .

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[6]  Takeshi Okamoto,et al.  Extended Proxy Signatures for Smart Cards , 1999, ISW.

[7]  David J. Goodman,et al.  Personal Communications , 1994, Mobile Communications.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[10]  Kan Zhang,et al.  Threshold Proxy Signature Schemes , 1997, ISW.

[11]  Zuhua Shao,et al.  Proxy signature schemes based on factoring , 2003, Inf. Process. Lett..

[12]  Andrew S. Tanenbaum,et al.  Disallowing Unauthorized State Changes of Distributed Shared Objects , 2000, SEC.

[13]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.

[14]  Jung Hee Cheon,et al.  An Analysis of Proxy Signatures: Is a Secure Channel Necessary? , 2003, CT-RSA.

[15]  Andrew S. Tanenbaum,et al.  A law-abiding peer-to-peer network for free-software distribution , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[16]  Huaxiong Wang,et al.  Efficient One-Time Proxy Signatures , 2003, ASIACRYPT.

[17]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[18]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[19]  Tzonelih Hwang,et al.  On Zhang's Nonrepudiable Proxy Signature Schemes , 1998, ACISP.

[20]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[21]  Hung-Min Sun,et al.  On the Security of Some Proxy Signature Schemes , 2003, IACR Cryptol. ePrint Arch..

[22]  Byoungcheon Lee,et al.  Secure Mobile Agent Using Strong Non-designated Proxy Signature , 2001, ACISP.

[23]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[24]  Germán Sáez,et al.  Verifiable Secret Sharing for General Access Structures, with Application to Fully Distributed Proxy Signatures , 2003, Financial Cryptography.

[25]  Byoungcheon Lee,et al.  Strong Proxy Signature and its Applications , 2000 .

[26]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[27]  Hossein Ghodosi,et al.  Repudiation of Cheating and Non-repudiation of Zhang's Proxy Signature Schemes , 1999, ACISP.

[28]  Anton Cerný,et al.  Proxy and Threshold One-Time Signatures , 2003, ACNS.