Cryptanalysis and Modification of an Improved Self-Certified Digital Signature Scheme with Message Recovery

  • Mahshid Sadeghpour Iran University of Science and Technology, Tehran, Iran
Keywords: Authenticated encryption, Digital signature, Message recovery, Self-certified public key.

Abstract

Digital signature plays a key role in bringing authenticity to cryptographic communications. A signature scheme with message recovery has two characteristics. The public key of the signer can be authenticated while verifying the signature, and the receiver is able to obtain the message. In 2013, Wu and Xu presented a self-certified digital signature scheme with message recovery by combining the two concepts of digital signature with message recovery and self-certified public key. They also claimed that their scheme provides provable security against man-in-the-middle attack, forgery attack, and message leakage. This paper first reviews the scheme of Wu and Xu, and then presents an insider forgery attack to this scheme. It will be shown that this scheme is not secure against insider forgery attack. A modification is proposed in order to overcome this weakness.

References

[1] M. Girault, “Self-certified public-keys”, Advances in Cryptology —EUROCRYPT’91, Berlin: Springer, 1991, pp. 491-497. 

[2] K. Neyberg and R. Ruppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Advances in CryptologyErocryt’94, LNCS 950, Berlin: Springer, 1994, pp. 175-190. 

[3] P. Horster and M. Michels and H. Petersen, (1994, Jul.), “Authenticated encryption schemes with low communication costs.”, Electronic Letters, [On-line], 30(15), pp. 1212-1213. Available: http://ieeexplore.ieee.org/document/311896 [Aug. 2, 2002].
[4] Y.-M. Tseng and J.-K. Jan and H.-Y. Chien, (2003, Mar.), “Digital signature with message recovery using self- 
certified public keys and its variant.”, Applied Mathematics and Computation, [On-line], 136(2-3), pp.203-214. Available: http://www.sciencedirect.com/science/article/pii/S0096300302000103 .
[5] Z. Shao, “Improvement of digital signature with message recovery using self-certified public keys and 
its variants”, Applied Mathematics and Computation, vol. 159, pp.391-399, Dec. 2004.
[6] Y.-H. Chen and J.-K. Jan, “An authenticated encryption scheme for securely signing a signature with message linkages”, International Conference on Innovative Computing, Information and Control, in Proc ICICIC, 2007, pp. 77-80. 

[7] Y.F. Chang, C.C. Chang, F.F. Huang, (2005, Feb.). “Digital signature with message recovery using self-certified public keys without trustworthy system authority.” Applied Mathematics and Computation. [On-line]. 161(1), pp. 211–227. Available: http://www.sciencedirect.com/science/article/pii/S0096300303012220.
[8] E.J. Yoon and K.Y. Yoo, “An improved digital signature with message recovery using self-certified public keys without trustworthy system authority”, Theory and Practice of Computer Science, Czech Republic: Merin, 2006, pp. 548–555. 

[9] F. Wu, L. Xu, (2013, Sep.). “An improved and provable self-certified digital signature scheme with message recovery”, International Journal of Communication Systems. [On-line]. 28(2), pp. 344-357. Available: http://onlinelibrary.wiley.com/wol1/doi/10.1002/dac.2673/full .
Published
2017-03-04
Section
Articles