Improvement of efficient proxy signature schemes using self-certified public keys

摘要

Elaborating on the merits of self-certified public key systems and message recovery signature schemes, Hsu and Wu recently proposed a proxy signature scheme based on discrete logarithms and its variant based on elliptic curve discrete logarithms. They claimed that the proposed schemes are efficient in the terms of communication overheads and computational efforts due to the following reasons: (i) The signed message is unnecessary to transmit, since verifiers can recover it from the proxy signature. (ii) The tasks of verifying the authenticity of public keys, validating the proxy signature, and recovering the signed message are carried out simultaneously in a single step. (iii) No certificates are required for validating the public keys. In this paper, we show that the proposed schemes are not secure. A malicious signer can cheat the certificate authority CA into extracting a proxy signature key without the permission of the original signer. Meanwhile, a malicious original signer can also cheat the certificate authority CA into extracting a proxy signature key without the permission of the proxy signer. Then we propose an improvement to overcome this security flaw. Moreover, the improvement is more efficient than the previous works.