Cryptanalysis and Improvement of Digital Multisignature Scheme Based on RSA  

作　　者：粟栗 崔国华 陈晶 袁隽 

机构地区：[1]School of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, China

出　　处：《Journal of Southwest Jiaotong University(English Edition)》2007年第1期8-11,共4页西南交通大学学报（英文版）

基　　金：The National Natural Science Foundation of China (No.60403027)

摘　　要：Zhang et al. proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low computation and communication costs, and so on. However, we find a problem in their scheme that the verifier can not distinguish whether the multisignature is signed by all the signers of the group or only by the last signer. Thus, any single signature created by the last signer can be used as a multisignaturr created by the whole group members. This paper proposes an improved scheme that can overcome the defect. In the new scheme, the identity messages of all the signers are added in the multisignature and used in verification phase, so that the verifier can know the signature is generated by which signers. Performance analysis shows that the proposed scheme costs less computation than the original scheme in both signature and verification phases. Furthermore, each partial signature is based on the signer＇s identity certificate, which makes the scheme more secure.Zhang et al. proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low computation and communication costs, and so on. However, we find a problem in their scheme that the verifier can not distinguish whether the multisignature is signed by all the signers of the group or only by the last signer. Thus, any single signature created by the last signer can be used as a multisignaturr created by the whole group members. This paper proposes an improved scheme that can overcome the defect. In the new scheme, the identity messages of all the signers are added in the multisignature and used in verification phase, so that the verifier can know the signature is generated by which signers. Performance analysis shows that the proposed scheme costs less computation than the original scheme in both signature and verification phases. Furthermore, each partial signature is based on the signer＇s identity certificate, which makes the scheme more secure.

关 键 词：Digital multisignature Sequential multisignature RSA cryptosystem CRYPTANALYSIS 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]