• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.109-114
• /
• 2005

On the research for constructing secure group-oriented proxy signature schemes, there are several proposals of threshold proxy signature schemes which combine the notions of proxy signature with threshold signature. Recently, Hsu and Wu proposed a threshold proxy signature scheme which uses a self-certified public key based on discrete logarithm problem. In this paper, we show that this scheme is vulnerable to original signer's forgery attack. So our attack provides the evidence that this scheme does not satisfy nonrepudiation property.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.249-262
• /
• 2016

In 2004, Yang et al. proposed a threshold proxy signature scheme that efficiently reduced the computational complexity of previous schemes. In 2009, Hu and Zhang presented some security leakages of Yang's scheme and proposed an improvement to eliminate the security leakages that had been pointed out. In this paper, we will point out that both Yang and Hu's schemes still have some security weaknesses, which cannot resist warrant attacks where an adversary can forge valid proxy signatures by changing the warrant $m_w$. We also propose two secure improvements for these schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.81-92
• /
• 2002

In some practical circumstances, the ability of a signer should be restricted. In group signature schemes, a group member of a group may be allowed to generate signatures up to a certain number of times according to his/her position in the group. In proxy signature schemes, an original signer may want to allow a proxy signer to generate a certain number of signatures on behalf of the original signer. In the paper, we present signature schemes, called c-times signature schemes, that restrict the signing ability of a signer up to c times for pre-defined value c at set-up. The notion of c-times signature schemes are formally defined, and generic transformation from a signature scheme to a c-times signature scheme is suggested. The proposed scheme has a self-enforcement property such that if a signer generates c+1 or more signatures, his/her signature is forged. As a specific example, we present a secure c-times signature scheme $^c$DSA based on the DSA (Digital Signature Algorithm) by using a threshold scheme. Our transformation can be applied to other ElGamal-like signature schemes as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.55-67
• /
• 2007

In ad hoc network, especially in the environment which the system authority only exists at the beginning of the network, it is very important problem how to issue the certificates in self-initialized public key scheme that a node generates its certificate with public and private key pair and is signed that by the system authority. In order to solve this problem, early works present some suggestions; remove the system authority itself and use certificate chain, or make nodes as system authorities for other nodes' certificates. In this paper, we suggest another solution, which can solve many problem still in those suggestions, using proxy signature and threshold signature, and prove its performance using simulation and analyse its security strength in many aspects.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.79-82
• /
• 2006

다중 사용자 환경에서 안전한 대리서명을 설계하는 연구의 하나로, threshold 서명 방식을 대리서명에 적용한 threshold 대리서명 기법들이 최근 많이 제안되고 있다. Xue와 Cao가 2004년 발표한 threshold 대리서명 기법은 Hsu-Wu 자체인증 공개키 방식 (Self-certified public key)을 기반으로 설계된 것으로 WISA 2005, CISC 2005, ICCSA 2006에서 각각 다른 취약성이 밝혀진 바 있다. 특히 CISC 2005, ICCSA 2006에서는 각각의 공격방법에 내성을 가질 수 있도록 Xue-Cao 기법을 개선하는 방안을 같이 제시하였다. 본 논문에서는 이러한 개선안이 적용된 Xue-Cao 기법에 대해 두 가지 종류의 원서명자 위조 공격이 가능함을 보인다. 하나는 Hsu-Wu 자체인증 공개키 방식의 취약성을 이용하는 것이고 다른 하나는 Xue-Cao 기법의 서명 생성 방식의 취약성에 기반한 것이다. 이러한 공격을 통해 개선된 Xue-Cao 기법 또한 대리자 보호, 부인방지와 같은 안전성 조건을 만족하지 않음을 확인한다.