Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem
Designs, Codes and Cryptography - Special issue dedicated to Gustavus J. Simmons
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Convertible authenticated encryption scheme
Journal of Systems and Software
Hi-index | 0.00 |
In 2003, Tseng et al. proposed a self-certified public key signature with message recovery, which gives two advantages: one is that the signer's public key can simultaneously be authenticated in verifying the signature and the other one is that only the specified verifier can recover the message. Lately, Xie and YU proposed an attack to the Tseng et al.'s scheme under the cases: the specified verifier substitutes his secret key or two or more specified verifiers cooperatively forge the signer's signature. About the same time, Shao also proposed another insider forgery attack to break the Tseng et al.'s scheme. In addition, he claimed the Tseng et al.'s scheme without the properties of non-repudiation and forward security. Therefore, he proposed an improved scheme to overcome the weakness. In this paper, we will show that the Shao's improved scheme is still insecure against the insider forgery attack. A specified verifier can forge many different valid signatures with the same message to the other verifiers who cooperatively provide their secret keys. Furthermore, we give a small modification to overcome this weakness.