TY - GEN
T1 - Cryptanalysis of Chang-Lin-Lam's ID-based multisignature scheme
AU - Haifeng, Qian
AU - Zhenfu, Cao
AU - Licheng, Wang
AU - Sheng, Guo
PY - 2006
Y1 - 2006
N2 - Recently, Chang, Lin and Lam proposed an ID-based multisignature scheme without reblocking and predetermined signing order. Their scheme adopts users 'id information as the public keys instead of random integers. They has claimed it is computationally infeasible to derive the private key of Key Authentication Center (KAC) from the private keys of the authorized users, and the scheme has the property of resistance against collaboration attacks. However, we observed that their scheme cannot be applied in real world, for there are two defects in their scheme and the scheme doesn't satisfy with what they has claimed. The two drawbacks are: (1) not having an efficient verification algorithm (the signature almost can not be verified for the exponent is too large). (2) Even if the signature can be verified, there would exist an forger within the same computation complexity of verification algorithm who can break the scheme (In other words, any one of the signing group can forge on any message for the whole signing group).
AB - Recently, Chang, Lin and Lam proposed an ID-based multisignature scheme without reblocking and predetermined signing order. Their scheme adopts users 'id information as the public keys instead of random integers. They has claimed it is computationally infeasible to derive the private key of Key Authentication Center (KAC) from the private keys of the authorized users, and the scheme has the property of resistance against collaboration attacks. However, we observed that their scheme cannot be applied in real world, for there are two defects in their scheme and the scheme doesn't satisfy with what they has claimed. The two drawbacks are: (1) not having an efficient verification algorithm (the signature almost can not be verified for the exponent is too large). (2) Even if the signature can be verified, there would exist an forger within the same computation complexity of verification algorithm who can break the scheme (In other words, any one of the signing group can forge on any message for the whole signing group).
UR - https://www.scopus.com/pages/publications/33845597054
U2 - 10.1109/IMSCCS.2006.252
DO - 10.1109/IMSCCS.2006.252
M3 - 会议稿件
AN - SCOPUS:33845597054
SN - 0769525814
SN - 9780769525815
T3 - First International Multi- Symposiums on Computer and Computational Sciences, IMSCCS'06
SP - 113
EP - 116
BT - First International Multi- Symposiums on Computer and Computational Sciences, IMSCCS'06
T2 - First International Multi- Symposiums on Computer and Computational Sciences, IMSCCS'06
Y2 - 20 April 2006 through 24 April 2006
ER -