Comment fail-stop blind signature scheme design based on pairings

Abstract

Fail-stop signature schemes provide security for a signer against forgeries of an enemy with unlimited computational power by enabling the signer to provide a proof of forgery when a forgery happens. Changet al proposed a robust fail-stop blind signature scheme based on bilinear pairings. However, in this paper, it will be found that there are several mistakes in Changet al' s fail-stop blind signature scheme. Moreover, it will be pointed out that this scheme doesn't meet the property of a fail-stop signature: unconditionally secure for a signer. In Changet al' s scheme, a forger can forge a valid signature that can't be proved by a signer using the “proof of forgery”. The scheme also doesn't possess the unlinkability property of a blind signature.