Security Analysis of Two Signature Schemes and Their Improved Schemes

Unforgeabilty is a primitive property of a secure digital signature. As two extensions of digital signature, signcryption and certificateles signature play an important role in the sensitive transmission. In this work, we analyze the security of two signature schemes, one is the certificateless signature scheme[17] which was proposed by Gorantla et al in CIS 2005, the other is an efficient short signcryption scheme[8] which was proposed by Ma et al in Inscrypto 2006. Then, we show that the two schemes were insecure. In Ma et al's scheme, if the recipient is dishonest, then he can produce any forgery on an arbitrary message and convince the trusted third party that the forgeable signcrytion comes from the signer. While, in Gorantla et al's scheme, any one can forge a signature on an arbitrary message in the name of the others. Finally, we give the corresponding improved scheme, respectively.

[1]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[2]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[3]  Wenfei Fan,et al.  Keys with Upward Wildcards for XML , 2001, DEXA.

[4]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[5]  Chik How Tan Security Analysis of Signcryption Scheme from q-Diffie-Hellman Problems , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Jean-Jacques Quisquater,et al.  Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups , 2004, Public Key Cryptography.

[7]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[8]  Changshe Ma,et al.  Efficient Short Signcryption Scheme with Public Verifiability , 2006, Inscrypt.

[9]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[10]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[11]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[12]  Yuliang Zheng,et al.  Identification, Signature and Signcryption Using High Order Residues Modulo an RSA Composite , 2001, Public Key Cryptography.

[13]  Yuliang Zheng,et al.  Efficient Signcryption Schemes on Elliptic Curves , 1998 .

[14]  Bok-Min Goi,et al.  An Efficient Certificateless Signature Scheme , 2006, IACR Cryptol. ePrint Arch..

[15]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[16]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[17]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[18]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[19]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[20]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[21]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[22]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[23]  Siu-Ming Yiu,et al.  Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity , 2003, ICISC.

[24]  Sebastian Maneth,et al.  Efficient Memory Representation of XML Documents , 2005, DBPL.

[25]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[26]  Ron Steinfeld,et al.  A Signcryption Scheme Based on Integer Factorization , 2000, ISW.

[27]  Jean-Jacques Quisquater,et al.  Improved Signcryption from q-Diffie-Hellman Problems , 2004, SCN.

[28]  Ashutosh Saxena,et al.  An Efficient Certificateless Signature Scheme , 2005, CIS.

[29]  Pil Joong Lee,et al.  New Signcryption Schemes Based on KCDSA , 2001, ICISC.

[30]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[31]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[32]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[33]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[34]  Yuliang Zheng,et al.  Signcryption and Its Applications in Efficient Public Key Solutions , 1997, ISW.

[35]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[36]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[37]  Antoine Joux,et al.  Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.