摘要
The digital signature is a very important subject for network security.Considering multiple signers and multiple verifiers,Xie and Yu(2004) pointed out that the multisignature scheme of Laih and Yen(1996) is vulnerable to a harmful attack.An attack can occur when a specified group of verifiers cooperate to forge a multisignature by secret key substitution following the leak of a secret key or by group public key adjustment during the process of renewing membership.Xie and Yu proposed an improvement of Laih and Yen's multisignature scheme.In this paper,we show that Xie and Yu's scheme is vulnerable to clerk and rogue-key attacks.We propose an improved multisignature scheme to resist such attacks.In the proposed scheme,multiple signers can generate a multisignature for the message with the signers' secret keys,and the specified group of verifiers can cooperate to verify the validity of the multisignature with the signers' public keys and the verifiers' secret key.The proposed scheme for a special verifier group not only has the advantages of Xie and Yu's scheme,but also is secure against clerk and rogue-key attacks.
The digital signature is a very important subject for network security. Considering multiple signers and multiple verifiers, Xie and Yu (2004) pointed out that the multisignature scheme of Laih and Yen (1996) is vulnerable to a harmful attack. An attack can occur when a specified group of verifiers cooperate to forge a multisignature by secret key substitution following the leak of a secret key or by group public key adjustment during the process of renewing membership. Xie and Yu proposed an improvement of Laih and Yen's multisignature scheme. In this paper, we show that Xie and Yu's scheme is vulnerable to clerk and rogue-key attacks. We propose an improved multisignature scheme to resist such attacks. In the proposed scheme, multiple signers can generate a multisignature for the message with the signers' secret keys, and the specified group of verifiers can cooperate to verify the validity of the multisignature with the signers' public keys and the verifiers' secret key. The proposed scheme for a special verifier group not only has the advantages of Xie and Yu's scheme, but also is secure against clerk and rogue-key attacks.
基金
supported in part by the National Science Council (Nos.NSC 97-2745-P-001-001-,NSC 98-2219-E-011-001-,NSC 98-2221-E-011-073-MY3,and NSC 98-2218-E-011-018-)
