On the Security of a Novel Probabilistic Signature Based on Bilinear Square Diffie-Hellman Problem and Its Extension

Probabilistic signature scheme has been widely used in modern electronic commerce since it could provide integrity, authenticity, and nonrepudiation. Recently, Wu and Lin proposed a novel probabilistic signature (PS) scheme using the bilinear square Diffie-Hellman (BSDH) problem. They also extended it to a universal designated verifier signature (UDVS) scheme. In this paper, we analyze the security of Wu et al.’s PS scheme and UDVS scheme. Through concrete attacks, we demonstrate both of their schemes are not unforgeable. The security analysis shows that their schemes are not suitable for practical applications

A Strong Proxy Signature Scheme based on Partial Delegation

Proxy signature scheme is an extension of digital signature scheme first introduced by Mambo et al. in 1996, which allows a signer to delegate the signing capability to a designated person, called a proxy signer. There are three types of delegation, namely, full delegation, partial delegation, and delegation by warrant. In early proxy signature schemes, the identity of the proxy signer can be revealed by any trusted authority if needed. How- ever, a secured proxy signature scheme must satisfy various properties, such as, verifiability, strong un-forgeability, nonrepudiation, privacy, and strong identifiability. In this thesis, we propose a strong proxy signature scheme based on two computationally hard assumptions, namely, Discrete Logarithmic Problem (DLP) and Computational Die-Helmann (CDH) problem, which satisfies all the security properties of a standard proxy signature scheme. The property `strong' refers to the fact that only a designated person can only verify the authenticity of the proxy signature

Strong Designated Verifier Signature Schemes with Undeniable Property and Their Applications

Most of the strong designated verifier signature (SDVS) schemes cannot tell the real signature generator when the signer and the designated verifier dispute on a signature. In other words, most of the SDVS schemes do not have the undeniability property. In this paper, we propose two SDVS schemes which hold the undeniability property, namely, strong designated verifier signature with undeniability property (SDVSUP). Our two schemes are called SDVSUP-1 and SDVSUP-2. In our two SDVSUP schemes, the signer not only can designate a verifier but also can designate an arbiter who can judge the signature when the signer and the designated verifier dispute on the signature. What is more, the judgment procedure can be performed by the arbiter alone without help from the signer or the designated verifier, which increases the judgment efficiency and reduces the complexity of signature confirmation. We also demonstrate a real instance of applying our SDVSUP scheme to electronic bidding system

Attacks on One Designated Verifier Proxy Signature Scheme

In a designated verifier proxy signature scheme, there are three participants, namely, the original signer, the proxy signer, and the designated verifier. The original signer delegates his or her signing right to the proxy signer, then the proxy signer can generate valid signature on behalf of the original signer. But only the designated verifier can verify the proxy signature. Several designated verifier proxy signature schemes have been proposed. However, most of them were proven secure in the random oracle model, which has received a lot of criticism since the security proofs in the random oracle model are not sound with respect to the standard model. Recently, by employing Water's hashing technique, Yu et al. proposed a new construction of designated verifier proxy signature. They claimed that the new construction is the first designated verifier proxy signature, whose security does not rely on the random oracles. But, in this paper, we will show some attacks on Yu et al.'s scheme. So, their scheme is not secure

Attacks on One Designated Verifier Proxy Signature Scheme

In a designated verifier proxy signature scheme, there are three participants, namely, the original signer, the proxy signer, and the designated verifier. The original signer delegates his or her signing right to the proxy signer, then the proxy signer can generate valid signature on behalf of the original signer. But only the designated verifier can verify the proxy signature. Several designated verifier proxy signature schemes have been proposed. However, most of them were proven secure in the random oracle model, which has received a lot of criticism since the security proofs in the random oracle model are not sound with respect to the standard model. Recently, by employing Water's hashing technique, Yu et al. proposed a new construction of designated verifier proxy signature. They claimed that the new construction is the first designated verifier proxy signature, whose security does not rely on the random oracles. But, in this paper, we will show some attacks on Yu et al.'s scheme. So, their scheme is not secure

Nominative Proxy Signature Schemes

In a nominative proxy signature scheme, an original singer delegates his signing power to a proxy, who generates a nominative signature on behalf of the original signer. In a nominative proxy signature scheme, only the nominee can verify the signature and if necessary, only the nominee can prove its validity to the third party. In this paper, we first classify the nominative proxy signature into two types, original-nominative proxy signature and proxy-nominative proxy signature. Then we analyze the nominative proxy scheme proposed by Park and Lee. We show that the scheme suffers from universal verification. We also point out that the scheme presented by S.-H. Seo and S.-H. Lee is insecure and the scheme cannot provide non-repudiation. Finally we present our nominative proxy signature schemes which overcome the weakness mentioned above. Compared with the scheme recently proposed by G.-L. Wang, our scheme is more efficient