一个证实数字签名方案的安全缺陷

与普通的数字签名不同,验证者要知道一个证实数字签名的有效性,必须得到一个称为证实者的第三方的合作与帮助.但除了签名者,其他任何人(包括证实者)都不能以签名者的名义产生有效的证实签名.同时,只要参与了验证,证实者就不能欺骗验证者.进一步地,在必要的时候,证实者还可以将证实签名转化为普通的数字签名,从而使得任何人都可以验证这些签名的有效性.王尚平等学者提出了一个基于DSA和RSA的证实数字签名方案,并认为他们的方案是安全而高效的.与现有的具体方案相比,他们的方案确实是高效的.但是,这一方案存在严重的安全缺陷,从而使得他们的尝试是不成功的.

Security Flaws in a Confirmer Signature Scheme

Confirmer signatures are different from standard signatures in the sense that without the help and cooperation of a designated confirmer, a verifier cannot determine the validity of a confirmer signature. But except of the signer, anyone else (including the confirmer) can not generate a valid confirmer signature on behalf of the signer. At the same time, the confirmer cannot cheat verifiers once he is involved in the procedure of signature verification. Furthermore, if it is necessary, the confirmer could convert confirmer signatures into standard ones such that the validity of these converted signatures can be publicly validated. Wang et al. proposed an efficient new confirmer signature scheme based on DSA and RSA, and claimed that their scheme is secure. However, several serious security flaws in their scheme are identified so that their investigation does not succeed.