SUN Ying,XU Chun-xiang,WU Huai,CHEN Ai-dong

DOI: https://doi.org/10.3969/j.issn.1001-0548.2011.04.029

2011-01-01

Abstract:The security of some proxy signature schemes including a simple proxy signature scheme,controlled delegation in e-checks using proxy signature and a forward secure proxy signature scheme due to Ref. is analyzed.It is shown that all the schemes are insecure.A forgery attack on these schemes is proposed in this paper.Using the forgery attack,a malicious adversary can forgery a valid proxy signing key on behalf of the original signer without his/her agreement and produce valid proxy signatures,which does harm to the benefits of the original signer and the proxy signer.The corresponding corrected algorithms are proposed to resist this kind of forgery attack.

Li-Hong Guo,Hai-Tao Wu,Qing Yang

DOI: https://doi.org/10.2991/icwcsn-16.2017.32

2016-01-01

Abstract:Proxy signature schemes have been suggested for use in a number of applications, so the security of proxy signature scheme is more and more important. However, at present, almost all the proxy signature schemas were proven secure in the random oracle model, which has received a lot of criticism. Recently, Yu et al. proposed a designated verifier proxy signature scheme without random oracles by using Waters hashing technique. The formal models and a strictly logical process were provided in this schema. But Kang et al. show some attacks on Yu et al.s scheme and offer its insecurity proof. In this paper, in order to overcome the weaknesses in Yu et al.s scheme we make supplements on it and make it secure resist Kang et al.s attacks.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Chaosheng Feng,Zhiguang Qin,Ding Yuan

DOI: https://doi.org/10.1109/ICMLC.2007.4370693

2007-01-01

Abstract:In 2003, Hsu et al. presented an improved proxy signature scheme based on Sun et al.'s scheme to effectively defeat its drawback that the threshold value can be changed by proxy signers. However, security analysis on the improved scheme shows that both the improved scheme and the original one can't stand the insider conspiracy attack and the forge attack. Moreover, the signature based on them is not identifiable or nonrepudiable. Aiming at these weaknesses, an improved scheme is proposed in this paper. Security analysis on the new improved scheme shows that it effectively overcomes those disadvantages of Hsu et al.' s scheme.

Hu Xiong,Fagen Li,Zhiguang Qin

DOI: https://doi.org/10.15388/informatica.2010.288

2010-01-01

Informatica

Abstract:A proxy signature scheme enables an original signer to delegate its signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we first present a security model for certificateless proxy signature schemes, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman problem in the random oracle with a tight reduction.

吴晨煌,陈智雄,王海明,沈毅军

DOI: https://doi.org/10.3724/sp.j.1087.2009.00944

2009-01-01

Journal of Computer Applications

Abstract:The certificateless proxy signature scheme proposed by Fan Rui etc.was analyzed and their scheme turned out to be insecure.Furthermore,a serious security flaw was discovered in the proxy key generation algorithm,because the private key of the original signer could be recovered by the proxy signer.Unfortunately,the same security flaw was also found out in other proxy signature schemes.Finally,a comprehensive and improved scheme was proposed,whose security was based on the Computational Diffie-Hellman Problem(CDHP).

夏琦,许春香,高建彬

DOI: https://doi.org/10.3724/sp.j.1087.2009.00353

2009-01-01

Journal of Computer Applications

Abstract:The security of the Fu-Kou-Xiao's proxy signature scheme with proxy signer's privacy anonymity was analyzed,and it was shown that the scheme did not possess the property of strong unforgeability.A forgery attack was given.Using this attack,a dishonest original signer can forge a proxy signing key and produce valid proxy signatures.The reason why the attack can work was analyzed and an improved scheme was proposed to remove the attack.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Miaomiao Tian,Wei Yang,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2013-976

2014-01-01

Fundamenta Informaticae

Abstract:Certificateless cryptography is a new type of public key cryptography, which removes the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based public key cryptography. Multi-proxy signature is an extension of proxy signature, which allows an original signer authorizing a group of proxy signers and only the cooperation of all proxy signers in the group can create valid proxy signatures on behalf of the original signer. Recently, Jin and Wen combined certificateless cryptography with multi-proxy signature, and proposed a model as well as a concrete scheme of certificateless multi-proxy signature. They claimed that their scheme is provably secure in their security model. Unfortunately, in this paper by giving two attacks, we will show that their certificateless multi-proxy signature scheme can be broken. The first attack indicates their security model is flawed and the second attack indicates their certificateless multi-proxy signature scheme is insecure. Possible improvements are also suggested to prevent these attacks.

FU Xiao-tong,LU Ming-xin,XIAO Guo-zhen

DOI: https://doi.org/10.3969/j.issn.1001-2400.2005.05.026

2005-01-01

Journal of Xidian University

Abstract:We propose a forgery attack on a proxy blind signature scheme proposed by Tan et al.By using the forgery attack,a dishonest original signer can forge the proxy signing key and produce valid proxy blind signatures.By successfully identifying the forgery attack,we show that their scheme is insecure.Furthermore,to improve Tan et al's scheme,we propose an improved proxy blind signature scheme.

Zhong-mei Wan,Xue-jia Lai,Jian Weng,Xuan Hong,Yu Long,Wei-wei Jia

DOI: https://doi.org/10.1007/s12204-008-0692-5

2008-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A. The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B. Recently many identity-based (ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting. Certificateless cryptography can overcome the key escrow problem. In this paper, we present a general security model for certificateless proxy signature scheme. Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.

Song Han,Elizabeth Chang,Jie Wang,Wanquan Liu

2005-01-01

Abstract:Proxy signature helps the proxy signer to sign messages on behalf of the original signer. It is very useful when the original signer (e.g. the president of a company) is not available to sign a specific document. If the original signer can not forge valid proxy signatures through impersonating the proxy signer, it will be robust in a virtual environment; thus the original signer can not shift any illegal action initiated by herself to the proxy signer. In this paper, we propose a new proxy signature scheme. The new scheme can prevent the original signer from impersonating the proxy signer to sign messages. The proposed scheme is based on the regular ElGamal signature. In addition, the fair privacy of the proxy signer is maintained. That means, the privacy of the proxy signer is preserved; and the privacy can be revealed when it is necessary.

QS Xue,ZF Cao

DOI: https://doi.org/10.1109/cit.2004.1357236

2004-01-01

Abstract:In this paper, the authors first review lin et al.'s multi-proxy signature scheme for partial delegation with cheater identification and point out its disadvantages. Then we further propose a modified multi-proxy signature scheme based on Lin et al.'s scheme to eliminate the drawback. The improved multi-proxy signature scheme can provide all security properties mentioned in some literatures. Furthermore, the computational overhead of the modified one is less than Lin et al.'s scheme and some other multi-proxy signature schemes. The improved scheme is simple, efficient and practical.

Y Wu,YP Zhang,TJ Cao

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.05.007

2005-01-01

Abstract:In a secure proxy signature scheme, only the designated proxy signer could create a valid proxy signature on behalf of the original signer. Based on the elliptic curve discrete logarithm problem, Ji and Li proposed a proxy signature scheme and a proxy multi-signature scheme and Chen et al. proposed two proxy multi-signature schemes. However, in their schemes, the original signer can forge proxy secret key. To eliminate the original signers forgery attacks, a modification of the proxy key generation stage is proposed. Security analysis of the improved scheme is also presented.

Li Fagen,Hu Yupu,Chen Jie

DOI: https://doi.org/10.1007/bf02831843

2006-01-01

Abstract:In 2006, Bao et al proposed an identity-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al 's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al 's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.

Tj Cao,Dd Lin,R Xue

DOI: https://doi.org/10.1007/978-3-540-30483-8_25

2004-01-01

Abstract:The proxy signature allows a proxy signer to sign on behalf of an original signer and can be verified by anyone with access to the original signer's public key. Recently, Dai et al. proposed a privacy-protecting proxy signature scheme. In this scheme, the messages the original signer entrust to the proxy signer to sign on behalf of him are kept secret from the proxy signer during the generation of the proxy signature except the receiver designated by the original signer. Therefore, the privacy of the original signer is protected. Unfortunately, Dai et al.'s scheme is insecure and inefficient. Particularly, the receiver can cheat the proxy signer and obtain a proxy signature on any message. To eliminate these weaknesses, we propose an improved scheme based on Nyberg-Rueppel signature.

Qs Xue,Zf Cao

2004-01-01

Abstract:We review Hsu et al's threshold proxy signature scheme with known signers, describe the Tsai et al's attack to Hsu et al's scheme and point out that their attack can't work. We also review Hsu et al's another scheme with unknown signers, analyze its security and point out that it can not resist the public key substitution attack. Based on Hsu et al's second scheme, an improved version which can resist the weakness is proposed.

Xiaoming Hu,Zhe Zhang,Tong Wang

DOI: https://doi.org/10.1109/ICFN.2010.63

2010-01-01

Abstract:Recently, Liu et al. (Liu YC, Wen HA, Lin CL, Hwang T. Proxy-protected signature secure against the undelegated proxy signature attack. Computers and Electrical Engineering 2007; 33: 177-85) proposed one proxy signature scheme that is the improvement of Zhou et al.'s (Zhou Y, Cao Z, Lu R. Provably secure proxy-protected signature schemes based on factoring. Appl Math Comput2005; 164(1):83-98) proxy signature scheme based on the hard problem of integer factorization. In this paper, however,we show that Liu et al.'s scheme and Zhou et al.'s scheme are insecure against the replaced warrant attack: the original signer can prepare a new warrant and then remove the original warrant from the proxy signature to forge a new and valid proxy signature with the new warrant. To avoid the problem, an improved proxy signature scheme is proposed and its security is analyzed.

Ying Sun,Chunxiang Xu,Qi Xia,Yong Yu

DOI: https://doi.org/10.1109/IAS.2009.167

2009-01-01

Abstract:Proxy blind signature is a cryptographic research hotspot, and has been applied in many occasions. Many proxy blind signature schemes were proposed, however, all the schemes rely on secure channels to transmit proxy secret key. Therefore, Lu, Cao and Zhou proposed a new proxy blind multi-signature scheme recently, which does not need a secure channel and is provably secure under the random oracle model. In this letter, however, we show that their scheme is not secure against the original signer's forgery attack. Moreover, we give four improved proxy key generation algorithms to counter this attack.

Sun Mei

Abstract:This paper puts forward an efficient construction of certificateless proxy signature scheme using bilinear maps.The security of this scheme is based on the infeasibility of the computational Diffie-Hellman problem and is formally proven in the strongest security model of certificateless proxy signature schemes.The analysis shows that this new scheme satisfies the security requirements such as verifiability,strong undeniability,strong identifiability and prevention of misuse for a proxy signature scheme.Due to its security,high efficiency and free of certificate management,it may have practical applications in electronic commerce and mobile agent systems,etc.

Mathematics,Computer Science