Paper 2014/496

Security Pitfalls of a Provably Secure Identity-based Multi-Proxy Signature Scheme

Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh, and Willy Susilo

Abstract

An identity-based multi-proxy signature is a type of proxy signatures in which the delegation of signing right is distributed among a number of proxy signers. In this type of cryptographic primitive, cooperation of all proxy signers in the proxy group generates the proxy signatures of roughly the same size as that of standard proxy signatures on behalf of the original signer, which is more efficient than transmitting individual proxy signatures. Since identity-based multi-proxy signatures are useful in distributed systems, grid computing, presenting a provably secure identity-based multi-proxy scheme is desired. In 2013, Sahu and Padhye proposed the first provably secure identity-based multi-proxy signature scheme in the random oracle model, and proved that their scheme is existential unforgeable against adaptive chosen message and identity attack. Unfortunately, in this paper, we show that their scheme is insecure. We present two forgery attacks on their scheme. Furthermore, their scheme is not resistant against proxy key exposure attack. As a consequence, there is no provably secure identity-based multi-proxy signature scheme secure against proxy key exposure attack to date.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
asaar @ ee sharif edu
History
2014-06-26: received
Short URL
https://ia.cr/2014/496
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/496,
      author = {Maryam Rajabzadeh Asaar and Mahmoud Salmasizadeh and Willy Susilo},
      title = {Security Pitfalls of a Provably Secure Identity-based Multi-Proxy Signature Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/496},
      year = {2014},
      url = {https://eprint.iacr.org/2014/496}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.