This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Comments on "A Practical (t,n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem'
October 2004 (vol. 16 no. 10)
pp. 1309-1311
In a (t,n) threshold proxy signature scheme, the original signer can delegate his/her signing capability to n proxy signers such that any t or more proxy signers can sign messages on behalf of the former, but t-1 or less of them cannot do the same thing. Such schemes have been suggested for use in a number of applications, particularly, in distributed computing where delegation of rights is quite common. Based on the RSA cryptosystem, Hwang et al. [7] recently proposed an efficient (t,n) threshold proxy signature scheme. In this paper, we identify several security weaknesses in their scheme and show that their scheme is insecure.

[1] A. Boldyreva, A. Palacio, and B. Warinschi, Secure Proxy Signature Schemes for Delegation of Signing Rights available athttp://eprint.iacr. org/2003096/, 2003.
[2] Y. Desmedt and Y. Frankel, Threshold Cryptosystems Proc. Advance in Cryptology (CRYPTO '89), pp. 307-315, 1989.
[3] Y. Dodis and L. Reyzin, Breaking and Repairing Optimistic Fair Exchange from PODC 2003 Proc. ACM Workshop Digital Rights Management (DRM '03), pp. 47-54, 2003.
[4] T. ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms IEEE Trans. Information Theory, vol. 31, no. 4, pp. 469-472, 1985.
[5] C.-L. Hsu, T.-S. Wu, and T.-C. Wu, New Nonrepudiable Threshold Proxy Signature Scheme With Known Signers The J. Systems and Software, vol. 58, no. 5, pp. 119-124, 2001.
[6] M.-S. Hwang, I.-C. Lin, and E.J.-L. Lu, A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers Int'l J. Informatica, vol. 11, no. 2, pp. 1-8, 2000.
[7] M.-S. Hwang, E.J.-L. Lu, and I.-C. Lin, A Practical$(t,n)$Threshold Proxy Signature Scheme Based on the RSA Cryptosystem IEEE Trans. Knowledge and Data Eng., vol. 15, no. 6, pp. 1552-1560, 2003.
[8] S. Kim, S. Park, and D. Won, Proxy Signatures, Revisited Proc. Information and Comm Security (ICICS '97), pp. 223-232, 1997.
[9] N. Koblitz, A Course in Number Theory and Cryptography. Springer-Verlag, 1994.
[10] B. Lee, H. Kim, and K. Kim, Secure Mobile Agent Using Strong Non-Designated Proxy Signature Proc. Information Security and Privacy (ACISP '01), pp. 474-486, 2001.
[11] J.-Y. Lee, J.H. Cheon, and S. Kim, An Analysis of Proxy Signatures: Is a Secure Channel Necessary? Proc. Topics in Cryptology (CT-RSA '03), pp. 68-79, 2003.
[12] M. Mambo, K. Usuda, and E. Okamoto, Proxy Signature: Delegation of the Power to Sign Messages IEICE Trans. Fundamentals, vol. E79-A, no. 9, pp. 1338-1353, Sept. 1996.
[13] M. Mambo, K. Usuda, and E. Okamoto, Proxy Signatures for Delegating Signing Operation Proc. Third ACM Conf. Computer and Comm. Security (CCS '96), pp. 48-57, 1996.
[14] J.M. Park, E. Chong, and H. Siegel, Constructing Fair Exchange Protocols for E-Commerce via Distributed Computation of RSA Signatures Proc. 22nd Ann. ACM Symp. Principles of Distributed Computing (PODC '03), pp. 172-181, 2003.
[15] T.P. Pedersen, Distributed Provers with Applications to Undeniable Signatures Proc. Workshop Theory and Application of of Cryptographic Techniques (EUROCRYPT '91), pp. 221-242, 1991.
[16] T.P. Pedersen, A Threshold Cryptosystem without a Trusted Party Proc. Workshop Theory and Application of of Cryptographic Techniques (EUROCRYPT '91,) pp. 522-526, 1991.
[17] R.L. Rivest, A. Shamir, and L.M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Comm. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
[18] H.-M. Sun, An Efficient Nonrepudiable Threshold Proxy Signature Scheme with Known Signers Computer Comm., vol. 22, no. 8, pp. 717-722, 1999.
[19] H.-M. Sun, Threshold Proxy Signatures IEE Proc.-Computers&Digital Techniques, vol. 146, no. 5, pp. 259-263, Sept. 1999.
[20] C. Schnorr, Efficient Signature Generation by Smart Cards J. Cryptology, vol. 4, no. 3, pp. 161-174, 1991.
[21] A. Shamir, How to Share a Secret Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.
[22] V. Shoup, Practical Threshold Signatures Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '00), pp. 207-220, 2000.
[23] C.-S. Tsai, S.-F. Tseng, and M.-S. Hwang, Improved Non-Repudiable Threshold Proxy Signature Scheme with Known Signers Int'l J. Informatica, vol. 14, no. 3, pp. 393-402, 2003.
[24] G. Wang, F. Bao, J. Zhou, and R.H. Deng, Security Analysis of Some Proxy Signatures Proc. Int'l Conf. Information Security and Cryptology (ICISC '03), pp. 305-319, 2004, preliminary version is available athttp://eprint.iacr.org/2003196.
[25] K. Zhang, Threshold Proxy Signature Schemes Proc. Information Security Workshop (ISW '97), pp. 282-290, 1997.

Index Terms:
Proxy signature, digital signature, public key cryptosystem, data security.
Citation:
Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng, "Comments on "A Practical (t,n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem'," IEEE Transactions on Knowledge and Data Engineering, vol. 16, no. 10, pp. 1309-1311, Oct. 2004, doi:10.1109/TKDE.2004.52
Usage of this product signifies your acceptance of the Terms of Use.