Paper 2007/225

On the Forgeability of Wang-Tang-Li's ID-Based Restrictive Partially Blind Signature

Shengli Liu, Xiaofeng Chen, and Fangguo Zhang

Abstract

Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID,msg,\mathbf{i}\mathbf{n}\mathbf{f}{\mathbf{o}}^{\prime },{\sigma }^{\prime })$ instead of the original one $(ID,msg,\mathbf{i}\mathbf{n}\mathbf{f}\mathbf{o},\sigma )$, where {\bf info} is the original common agreed information and ${\mathbf{i}\mathbf{n}\mathbf{f}\mathbf{o}}^{\prime }\ne \mathbf{i}\mathbf{n}\mathbf{f}\mathbf{o}$. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say 100, 000, 000, at his will.

Note: This paper shows how to make a forgery of Wang restrictive partially blind signature.