On the Forgeability of Wang-Tang-Li\u27s ID-Based Restrictive Partially Blind Signature

Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID, msg, {\bf info\u27}, \sigma\u27)$ instead of the original one $(ID, msg, {\bf info}, \sigma)$, where {\bf info} is the original common agreed information and ${\bf info}\u27\neq {\bf info}$. Therefore, it will be much dangerous if Wang-Tang-Li\u27s ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of \$100 to a user, while the user can change the denomination of the coin (bill) to any value, say \$100, 000, 000, at his will