Review on multisignature schemes based upon DLP

In digital signature schemes a user is allowed to sign a document by using a public key infrastructure (PKI). For signing a document, the sender encrypts the hash of the document by using his private key. Then, the verifier uses the signer’s public key to decrypt the received signature and to check if it matches the document hash. Generally a digital signature scheme demands only one signer to sign a message so that the validity of the signature can be checked later. But under some situations a group of signers is required to sign a message cooperatively, so that a single verifier or a group of verifiers can check the validity of the given signature. This scheme is known as a multisignature. A multisignature scheme is one of the tools in which plural entities can sign a document more efficiently than they realize it by trivially constructing single signatures. In general, in a multisignature scheme, the total signature size and the verification cost are smaller than those in the trivially constructed scheme. Thus, plural signers can collectively and efficiently sign an identical message. There are different base primitives describing the type of numerical problems upon which the underlying security scheme is based on. In this thesis, some of the most important DLP based multisignature schemes are presented. A categorization between these different existing schemes has been shown, along with their pros and cons

Security of a multisignature scheme for specified group of verifiers

A multisignature scheme for specified group of verifiers needs a group of signers’ cooperation to sign a message to a specified group of verifiers that must cooperate to check the signature’s validity later. Recently, Zhang et al. proposed a new multisignature scheme for specified group of verifiers. However, we find that Zhang et al.’s scheme cannot prevent a dishonest clerk of signing group from changing the signing message to another message of his choice while he is cooperating with the signers to produce a multisignature. Therefore, their scheme is insecure