On Zhang's nonrepudiable proxy signature schemes
In 1997, Zhang proposed two new nonrepudiable proxy signature schemes to delegate signing capability. Both schemes claimed to have a property of knowing that a proxy signature is generated by either the original signer or a proxy signer. However, this paper will show that Zhang's second scheme fails to possess this property. Moreover, we shall show that the proxy signer can cheat to get the original signer's signature, if Zhang's scheme is based on some variants of ElGamal-type signature schemes. We modify Zhang's nonrepudiable proxy signature scheme to avoid the above attacks. The modified scheme also investigates a new feature for the original signer to limit the delegation time to a certain period.
Unable to display preview. Download preview PDF.
- 1.M. Mambo, K. Usuda, and E. Okamoto: “Proxy signatures for delegating signing operation,” Proc. 3rd ACM Conference on Computer and Communications Security, 1996.Google Scholar
- 2.K. Zhang: “Nonrepudiable proxy signature schemes based on discrete logarithm problem,” Manuscript, 1997.Google Scholar
- 3.K.Zhang: “Threshold proxy signature schemes,” 1997 Information Security Workshop, Japan, Sep., 1997, pp. 191–197.Google Scholar
- 4.S. M. Yen and C. S. Laih: “New digital signature scheme based on discrete logarithm,” Electronics Letters, 1993, 29, (12), pp. 1120–1121.Google Scholar
- 6.J. L. Camenisch, J-M. Piveteau, and M.A. Stadler: “Blind signatures based on the discrete logarithm problem,” Proc. EvroCrypt'94, 1994, pp. 428–432.Google Scholar
- 8.C.P. Schnorr: “Efficient identification and signatures for smart cards,” Advances in Cryptology Crypto'89, 1989, pp. 239–252.Google Scholar
- 9.K. Nyberg and R.A. Rueppel: “A new signature scheme based on the DSA giving message recovery,” Proc. 1st ACM conference on Computer and Communications Security, Number 3–5, Fairfax, Virginia, 1993.Google Scholar
- 11.R. Rivest, “The MD5 message digest algorithm,” RFC 1321, Apr 1992.Google Scholar