机构地区:[1]Department of Computer Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China State Key Laboratory of Information Security,Institute of Software,Chinese Academy of Sciences Beijing 100080,China [2]Department of Computer Science,School of Information Science and Technology,Sun Yat-Sen University Guangzhou 510275,China [3]Department of Electronics and Communication Engineering,School of Information Science and Technology Sun Yat-Sen University,Guangzhou 510275,China
出 处:《Journal of Computer Science & Technology》2008年第2期265-269,共5页计算机科学技术学报(英文版)
基 金:This work is supported by the National Natural Science Foundation of China under Grant Nos.60673077, 60503006, 60773202,and 60633030;the National Natural Science Foundation of China-Korea Science and Engineering Foundation Joint Research Project(Grant No.60611140543);the National Grand Fundamental Research 973 Program of China(Grant No.2006CB303104).
摘 要:Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system Very recently, Wang, Tang and Li proposed a neW ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of unforgeability as claimed. More precisely, a user can forge a valid message-signature pair (ID, msg, info', σ') instead of the original one (ID, msg, info, σ), where info is the original common agreed information and info'≠info. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say $100 000 000, at his will.Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system Very recently, Wang, Tang and Li proposed a neW ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of unforgeability as claimed. More precisely, a user can forge a valid message-signature pair (ID, msg, info', σ') instead of the original one (ID, msg, info, σ), where info is the original common agreed information and info'≠info. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say $100 000 000, at his will.
关 键 词:UNFORGEABILITY restrictive partially blind signature ID-based cryptography electronic cash
分 类 号:TN918[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
