Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.3772/j.issn.1006-6748.2011.02.013

2011-01-01

Abstract:As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al.'s scheme, Gorantla, et al.'s scheme and Ming, et al.'s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting. © by HIGH TECHNOLOGY LETTERS PRESS.

Li-Hong Guo,Hai-Tao Wu,Qing Yang

DOI: https://doi.org/10.2991/icwcsn-16.2017.32

2016-01-01

Abstract:Proxy signature schemes have been suggested for use in a number of applications, so the security of proxy signature scheme is more and more important. However, at present, almost all the proxy signature schemas were proven secure in the random oracle model, which has received a lot of criticism. Recently, Yu et al. proposed a designated verifier proxy signature scheme without random oracles by using Waters hashing technique. The formal models and a strictly logical process were provided in this schema. But Kang et al. show some attacks on Yu et al.s scheme and offer its insecurity proof. In this paper, in order to overcome the weaknesses in Yu et al.s scheme we make supplements on it and make it secure resist Kang et al.s attacks.

QI Ya-ping,LIU Wen-hua,YU Yong

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.24.034

2007-01-01

Abstract:Recently,Willy、Zhang and Yi proposed an identity-based strong designated verifier signature scheme(noted as WZY scheme) and gave the security proof of the scheme.Unfortunately,We find that their security proof is improper:in the proof of the unforgeability of the scheme,they supposed that the adversary has the secret key of the designated verifier.Under a simple assumption that the hash function is considered as an oracle that on each valid input known to the adversary beforehand produces a random value,a new proof that the unforgeability of WZY scheme relies on the Bilinear Diffie-Hellman Problem is given.

Tianjie Cao,Dongdai Lin

DOI: https://doi.org/10.1007/11599548_20

2005-01-01

Abstract:Digital signature scheme allows a user to sign a message in such a way that anyone can verify the signature, but no one can forge the signature on any other message. In this paper, we show that Xie and Yu’s threshold signature scheme, Huang and Chang’s threshold proxy signature scheme, Qian, Cao and Xue’s pairing-based threshold proxy signature scheme, Xue and Cao’s multi-proxy signature scheme and Zhou et al.’s proxy multi-signature scheme are all insecure against the forgery attacks.

Xiangjun Xin,Qianqian He,Zhuo Wang,Qinglan Yang,Fagen Li

DOI: https://doi.org/10.1016/j.ijleo.2019.05.078

IF: 3.1

2019-01-01

Optik

Abstract:We analyze the security of Jiang et al.’s arbitrated quantum signature scheme based on local indistinguishability of orthogonal product states. First, Jiang et al.’s scheme cannot resist against the forgery attack. Second, it is insecure against disavowal attack. Then, an improved arbitrated quantum signature scheme is proposed. The new scheme overcomes the security drawbacks of Jiang et al.’s scheme and it is secure against forgery attack and disavowal attack. What is more, it is more efficient than the old scheme. On the other hand, our quantum signature scheme is based on product states, which can be obtained straightforwardly, thus our scheme is easier to implement than the schemes using cluster states.

Qi Xia,Chunxiang Xu

DOI: https://doi.org/10.1109/dasc.2009.144

2009-01-01

Abstract:Recently, Yu et al. proposed two identity based signcryption schemes, one is an identity based signcryption scheme for multiple receivers and the other is an identity based signcryption scheme without random oracles. They showed their former scheme is secure against adaptive chosen ciphertext attacks and unforgeable in the random oracle model, and the latter scheme is secure against adaptive chosen ciphertext attacks and unforgeable in the standard model. In this paper, however, we show that their first scheme is vulnerable to universal forgery attack and their second scheme is not secure against adaptive chosen ciphertext attack.

Zhiguang Qin,Yan Wu,Hu Xiong

DOI: https://doi.org/10.1109/tcc.2020.3000513

IF: 5.697

2021-10-01

IEEE Transactions on Cloud Computing

Abstract:Recently in IEEE Transactions on Cloud Computing (TCC), Yin et al. [5] designed a fine-grained query verification mechanism where a novel certificateless short signature scheme is proposed for validating the data of encrypted query results. Despite the authors alleged that their scheme achieves the existential unforgeability to ensure the authenticity of verification objects, we found that this scheme fails to resist the forgery attack. Specifically, through launching the concrete attacks, a malicious adversary can forge a signature on any verification object without being detected.

computer science, information systems, theory & methods

LI Xiang-xue,CHEN Ke-fei,LIU Sheng-li,LI Shi-qun,李祥学,陈克非,刘胜利,李世群

2006-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:Verifiably encrypted signatures are employed when a signer wants to sign a message for a verifier but does not want the verifier to possess his signature on the message until some certain requirements of his are satisfied. This paper presented new verifiably encrypted signatures from bilinear pairings. The proposed signatures share the properties of simplicity and efficiency with existing verifiably encrypted signature schemes. To support the proposed scheme, it also exhibited security proofs that do not use random oracle assumption. For existential unforgeability, there exist tight security reductions from the proposed verifiably encrypted signature scheme to a strong but reasonable computational assumption.

YANG Hao-Miao,SUN Shi-Xin,XU Ji-You

DOI: https://doi.org/10.3724/SP.J.1001.2009.00555

2009-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:This paper proposes an efficient verifiably encrypted signature scheme without random oracles. The scheme is constructed from the recent Gentry signature and can be rigorously proven to be secure in the standard model. The scheme has several advantages over previous systems such as, shorter public keys, lower computation overhead, and a tighter security reduction, therefore, it is a truly practical verifiably encrypted signature without random oracles, which can be used in online contract signing protocols. Additionally, the proof of our scheme, which depends on the Strong Diffie-Hellman assumption, may be of independent interest. © by Institute of Software, the Chinese Academy of Sciences.

Lei Niu,Changqing Zhang,Qi Xia,Yong Yu

DOI: https://doi.org/10.1504/ijics.2015.069212

2015-01-01

Abstract:Chang et al. proposed a new digital signature scheme with message recovery. However, several forgery attacks demonstrated that Chang et al.'s construction without using one-way hash functions and message redundancy is insecure. Nevertheless, it is unclear to see how to achieve the attacks. In this paper, more general forgery attacks are described to show clearly how to obtain these attacks. It is interesting that our general forgery covers all the known attacks.

Song-Kong Chong,Yi-Ping Luo,Tzonelih Hwang

DOI: https://doi.org/10.1103/PhysRevA.85.056301

2011-05-06

Abstract:Recently, Zou et al. [Phys. Rev. A 82, 042325 (2010)] pointed out that two arbitrated quantum signature (AQS) schemes are not secure, because an arbitrator cannot arbitrate the dispute between two users when a receiver repudiates the integrity of a signature. By using a public board, they try to propose two AQS schemes to solve the problem. This work shows that the same security problem may exist in their schemes and also a malicious party can reveal the other party's secret key without being detected by using the Trojan-horse attacks. Accordingly, two basic properties of a quantum signature, i.e. unforgeability and undeniability, may not be satisfied in their scheme.

Quantum Physics

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11556992_16

2005-01-01

Abstract:In PKC'04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.

Yuchen Xiao,Lei Zhang,Yafang Yang,Wei Wu,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1016/j.csi.2023.103819

IF: 3.721

2023-12-07

Computer Standards & Interfaces

Abstract:The multi-signature scheme plays a crucial role in addressing trust and authentication challenges in digital transactions and other scenarios by allowing multiple users to sign the same message. Among various signature schemes, the SM2 signature scheme stands out for its exceptional security and efficiency, making it widely adopted in numerous fields. In this paper, we propose the first provably secure multi-signature scheme based on the standard SM2 signature scheme, i.e., the scheme can be reduced to the standard SM2 signature scheme when there is only one signer. We prove that our scheme is existential unforgeability under chosen message attacks in the bijective random oracle model, based on the assumption that the elliptic curve discrete logarithm problem is hard. Compared with the existing multi-signature schemes based on the SM2 signature scheme in the same category, our scheme exhibits improved efficiency in terms of communication delay and computational cost.

computer science, software engineering, hardware & architecture

Tj Cao,Dd Lin,R Xue

DOI: https://doi.org/10.1007/978-3-540-30483-8_21

2004-01-01

Abstract:Blind signature schemes allow a person to get a message signed by another party without revealing any information about the message to the other party. To believe the message contains a certain form, cut and choose protocol and partially blind signature protocol are used to prevent cheating. In electronic cash system, unconditional anonymity may be misused for criminal activities such as blackmailing and money laundering. Fair electronic cash schemes are introduced for preventing these fraudulent activities. In this paper, we point out a weakness in Fan and Lei's user efficient blind signatures. Utilizing this weakness, a user can cheat the signer in cut and choose protocol, and the user can also break Fan and Lei's low-computation partially blind signature scheme and Yu et al.'s user efficient fair e-cash scheme.

Xiangjun Xin,Fagen Li

2006-01-01

Journal of Xidian University

Abstract:The security of several partial blind signature schemes based on the discrete logarithm proposed recently by Zhang et al.is analyzed,and it is found that the adversary can get rid of the partial blind property of the signature without being detected by multiplying the reverse of the partial blind factor to the blind message,and the adversary can forge the embedding parameter in the signature.Then,by using the factoring difficulty and covering the order of the generator of the finite field,the improved partial blind signature schemes not only have the partial blind property but also can withstand the forgery of the embedding parameter,and at the same time they have the same other security requirements as those of the schemes by Zhang et al.

He Li-Bao,Huang Liu-Sheng,Yang Wei,Xu Rui

DOI: https://doi.org/10.1088/1674-1056/21/3/030306

2012-01-01

Abstract:We investigate the fair quantum blind signature scheme proposed by Wang and Wen [Wang T Y and Wen Q Y 2010 Chin. Phys. B 19 060307], which uses the fundamental properties of quantum mechanics and the availability of a trusted arbitrator. However, in this paper, we find that the protocol cannot satisfy the property of non-forgeability even under the condition that the trusted arbitrator is totally credible. Moreover, a simple feasible suggestion for improving the protocol is proposed.

Duo Liu,Ping Luo,Yi-Qi Dai

DOI: https://doi.org/10.1007/s11390-007-9005-y

2007-01-01

Abstract:The concept of multisignature, in which multiple signers can cooperate to sign the same message and any verifier can verify the validity of the multi-signature, was first introduced by Itakura and Nakamura. Several multisignature schemes have been proposed since. Chen et al. proposed a new digital multi-signature scheme based on the elliptic curve cryptosystem recently. In this paper, we show that their scheme is insecure, for it is vulnerable to the so-called active attacks, such as the substitution of a “false” public key to a “true” one in a key directory or during transmission. And then the attacker can sign a legal signature which other users have signed and forge a signature himself which can be accepted by the verifier.

Ganglin Zhang,Yongjian Liao,Yu Fan,Yikuan Liang

DOI: https://doi.org/10.1109/access.2020.2964040

IF: 3.9

2020-01-01

IEEE Access

Abstract:Many sensitive data are generated by resource-limitation devices in the Vehicular ad hoc network (VANET). When these data are divulged, people 's life and property will be threatened. To solve these problems, Wei et al. proposed a lightweight privacy-preserving protocol based on RSA assumption for VANET and they claimed that their protocol was secure and low overhead. In this paper, first of all, we show that the basic signature scheme to be used in Wei et al.'s protocol is not secure, i.e., the user's private key will be revealed from the pairs of message-signatures, which causes the protocol to be insecure. We also show that our security analysis is feasible and effective in practice from the theory and experiments. Then we construct a new identity-based signature scheme based RSA assumption and prove it is existentially unforgeable under the chosen message attack without random oracle. Finally, we update the Wei et al.'s protocol and do some experiments to evaluate the efficiency of our scheme in the updated protocol.

Miaomiao Tian,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1504/ijict.2014.057968

2012-01-01

Abstract:Currently, short signature is receiving significant attention since it is particularly useful in low-bandwidth communication environments. However, most of the short signature schemes are only based on one intractable assumption. Recently, Su presented an identity-based short signature scheme based on knapsack and bilinear pairing. He claimed that the signature scheme is secure in the random oracle model. Unfortunately, in this paper, we show that his scheme is insecure. Concretely, an adversary can forge a valid signature on any message with respect to any identity in Su's scheme.

Fagen Li,Yupu Hu

2008-01-01

Fundamenta Informaticae

Abstract:In 2006, Pomykala and Barabasz [Fundamenta Informaticae 69 (2006) 411-425] proposed an elliptic curve based threshold proxy signature scheme which requires shorter cryptographic keys. They claimed that their scheme satisfies the secrecy, the proxy protected, the unforgeability, the non-repudiation, and the known signers. However, in this paper, we show that their scheme cannot achieve the proxy protected, the unforgeability and the non-repudiation by demonstrating a conspiracy attack. In this attack, any t malicious proxy signers can collusively impersonate some other proxy signers to generate proxy signatures.