Abstract
Proxy signature is a useful cryptographic primitive that has been widely used in many applications. It has attracted a lot of attention since it was introduced. There have been lots of works in constructing efficient and secure proxy signature schemes. In this paper, we identify a new attack that has been neglected by many existing proven secure proxy signature schemes. We demonstrate this attack by launching it against an identity-based proxy signature scheme which is proven secure. We then propose one method that can effectively prevent this attack. The weakness in some other proxy signature schemes can also be fixed by applying the same method.
Highlights
Proxy signature is a special type of digital signature which allows one user to delegate his/her signing right to another signer
It is worth noticing that proxy signature can serve as a useful tool in Internet of things (IoT), since most of the RFID tags in IoT only have limited storage and computing ability
We show that a malicious adversary can create a proxy signature on a message, if he has access to the standard signature of the original signer and proxy signer, which is as defined in the security models in [13, 18]
Summary
Proxy signature is a special type of digital signature which allows one user (original signer) to delegate his/her signing right to another signer (proxy signer). We show that a malicious adversary can create a proxy signature on a message, if he has access to the standard signature of the original signer and proxy signer, which is as defined in the security models in [13, 18] These proxy signature schemes [13, 18,19,20,21], which we believe is not a complete list, are not secure. The authors in [22] suggested to add two different prepositive tags “00” and “11” to distinguish the signatures generated by the original signer and proxy signer This simple solution cannot prevent the attack proposed in this paper according to the original security model in [13].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have