On the Security of a Designated-Verifier Proxy Signature Scheme and its Improved Scheme (Revisited)

Abstract

As a special signature, proxy signature allows a entity called original signer to delegate his signing capability to another entity to produce signature on behalf of him. By combining the ideas of proxy signatures and designated-verifier signatures, Q.Wang et.al. proposed an identity-based strong designated-verifier proxy signature scheme (for short DVP) and claimed that their scheme satisfied all of the security requirements for strong designated verifier proxy signature scheme. Unfortunately, in the paper, we give security analysis of Wang et.al's strong designated-verifier proxy signature scheme and show that their scheme is forgeable. Namely, an adversary can forge a DVP signature on arbitrary message m without the knowledge of the proxy secret key sP or the designated verifier's secret key sC. At the same time, we give the corresponding attacks on the strong designated-verifier proxy signature scheme. Finally, we give an improved scheme to overcome the above forgery attacks, and show the scheme is secure in random oracle model.