Comment: Security of digital signature with one-time pair of keys

Abstract

Recently, Yi et al. [see ibid., vol. 36, no. 2, p. 130-1 (2000)] proposed a digital signature scheme using a one-time pair of keys that provides the signer with anonymity with respect to the verifier but not to the certification authority. In this comment, we show that Yi et al.'s scheme is insecure against forgery because any malicious attacker can generate valid signatures for any message without knowing the legal user's secret keys. That is, even the certification authority cannot identify the identity of the real signer. Therefore, Yi et al.'s signature scheme is not secure enough to withstand a forgery attack.