Improvement of digital signature with message recovery using self-certified public keys and its variants

摘要

By combining the concepts of self-certified public key and signature with message recovery, Tseng et al. proposed a self-certified public key signature scheme with message recovery. The proposed scheme has two properties that the signer's public key can simultaneously be authenticated in verifying the signature and the receiver also obtains the message. Based on the proposed scheme, they further presented two variants: one is an authenticated encryption scheme that only allows a specified receiver to verify and recover the message. The other scheme is the authenticated encryption scheme with message linkages, which is used to transmit large message. In this paper, we first propose an insider forgery attack, which means that the security of the authenticated encryption scheme is not as good as the Girault schemes. Then we point out that these schemes do not have nonrepudiation. In a case of dispute, neither the sender nor the receiver can convince arbiters if the signature is valid, unless they reveal their Diffie–Hellman key, which would destroy forward security. Finally we propose an improvement to these schemes to overcome the weakness.