Abstract
The constant privilege misuse of the signers is one of the most common problems of the schemes of proxy blind signatures. In 2008, Liu et al. proposed a proxy signature scheme capable of revoking proxy privileges. In this method, the original signer can terminate the proxy privilege at any time without needing to go through a commonly trusted third party. However, this scheme is unable to provide untraceability, and is vulnerable to counterfeit signature attacks. This study reviews Liu et al.’s scheme and its security loopholes, and proposes a proxy partially blind signature scheme. The proposed scheme not only retains the revocation functions in Liu et al.’s approach, but also meets the security requirements of proxy blind signatures.
Similar content being viewed by others
References
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. Presented at the Proceedings of the 1st ACM Conference on Computer and Communications Security CCS’93, Virginia, pp 62–73
Carmenisch J, Piveteau J, Stadler M (1994) Blind signatures based on the discrete logarithm problem. Presented at the proceedings of EUROCRYPT 1994, LNCS 950, Perugia, pp 428–432
Chaum D (1983) Blind signature for untraceable payments. Presented at the proceedings of CRYPTO 1982, California, pp 199–203
Chaum D (1987) Blinding for unanticipated signatures. Presented at the proceedings of EUROCRYPT 1987, Amsterdam, pp 227–233
Chaum D, Pedersen T (1992) Wallet databases with observers. Presented at the proceedings of CRYPTO 1992, California, pp 89–105
Chaum D, Fiat A, Naor M (1988) Untraceable electronic cash. Presented at the proceedings of CRYPTO 1988, LNCS 403, California, pp 319–327
Chiang FP, Lin YM, Chang YF (2008) Comments on the security flaw of Hwang et al.’s blind signature scheme. Int J Netw Security 6(2):185–189
Chien HY, Jan JK, Tseng YM (2001) RSA-based partially blind signature with low computation. Presented at the proceedings of parallel and Distributed Systems ICPADS 2001, Kyongju, pp 385–389
Das ML, Saxena A, Gulati VP (2004) An efficient proxy signature scheme with revocation. Informatica 15(4):455–464
Goldwasser S, Micali S, Rivest V (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308
Horster P, Michels M, Petersen H (1995) Comment cryptanalysis of the blind signatures based on the discrete logarithm. Electron Lett 31(21):1827–1827
Lee CC, Hwang MS, Yang WP (2005) A new blind signature based on the discrete logarithm problem for untraceability. Appl Math Comput 164:837–842
Liu WY, Tong F, Wang BW, Wang YD (2008) A new proxy blind signature scheme with proxy revocation. J Electorn Inform Technol 30(10):2468–2471
Lu EJL, Hwang MS, Huang CJ (2005) A new proxy signature scheme with revocation. Appl Math Comput 161:799–806
Mambo M, Usuda K, Okamoto E (1996) Proxy signatures—delegation of the power to sign messages. IEICE Transac Fundamentals E79-A(9):1338–1354
Park JH, Kim YS, Chang JH (2007) A proxy blind signature scheme with proxy revocation. Presented at the proceedings of Computational Intelligence and Security Workshops CISW 2007, Harbin, pp 761–764
Pointcheval D, Stern J (2000) Security arguments for digital signatures and blind signatures. J Cryptology 13(3):361–396
Schnorr CP (1991) Efficient signature generation for smart cards. J Cryptology 4:161–174
Schnorr CP (2001) Security of blind discrete log signatures against interactive attacks. Presented at the Proceedings of International Conference on Information and Communication Security ICICS 2001, LNCS 2229, Xian, pp 1–12
Seo SH, Shim KH, Lee SH (2005) A mediated proxy signatures scheme with fast revocation for electronic transactions. Presented at the Proceedings of the 2nd Conference on Trust, Privacy and Security in Digital Business TrustBus 2005, LNCS 3592, Copenhagen, pp 216–225
Sun HM (2000) Design of time-stamped proxy signatures with traceable receivers. IEE Proc Comp Digit Tech 147(6):462–466
Tan ZW, Liu ZJ, Tang CM (2003) A proxy blind signature scheme basedon DLP. J Software 14(11):1931–1935
Wu T, Wang JR (2005) Comment: a new blind signature based on the discrete logarithm problem for untraceability. Appl Math Comput 170:999–1005
Wu LC, Yeh YS (2005) Comment on traceability on RSA-based partially signature with low computation. Appl Math Comput 170:1344–1348
Pointcheval D, Stern J (1997) New blind signatures equivalent to factorization. Presented at the Proceedings of the 4th ACM Conference on Computer and Communications Security CCS 1997, Zurich, pp 92–99
Yang FY, Jan JK (2004) A secure scheme for restrictive partially blind signatures. Presented at the proceedings of the sixth international conference on information integration and web-based applications and services IIWAS 2004, Jakarta, pp 541–548
Acknowledgments
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This work was partially supported by the I-Services project funded by the Ministry of Education, Taiwan.
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A: Review of Liu et al.’s scheme
Liu et al. suggested a new proxy blind signature scheme capable of revoking the privileges of proxy signers. The participants in their scheme include an original signer, a proxy signer, a signature receiver, and an authenticator. The scheme contains five phases: proxy key generation, proxy blind signature generation, signature extraction, signature authentication, and proxy privilege revocation. The appendix first introduces the scheme’s parameter settings and then describes the details of every phase.
1.1 System parameter settings
-
p, q : two large prime numbers generated by the system that satisfy q | p − 1. In addition, p is the common modulus used in future calculations.
-
g : g is an element of Z p * whose order is q
-
x A , y A : private and public keys that belong to the original signer, and \( y_{A} = g^{{x_{A} }} \bmod\, p \)
-
x B , y B : private and public keys that belong to the proxy signer, \( y_{B} = g^{{x_{B} }} \bmod\, p \)
-
x P , y P : private and public keys of the proxy signature, and \( y_{P} = g^{{x_{P} }} \bmod\, p \)
-
m w : warrant message (certificate) of the proxy signature, including identification information of the original signer and proxy signer, proxy privileges, and the proxy period
-
H(·): secure one-way, collision-free hash function
1.2 Proxy key generation phase
The original signer executes the following steps when delegating the signing power to the proxy signer.
(a) The original signer selects a random number k A ∈ Z q *, and generates an authorization signature SA on messages (mw, yA, yB). The calculations are as follows:
The original signer then sends the triplet (m w , r A , S A ) to the proxy singer.
(b) After receiving the authorization message (r A , S A ) and authorization letter m w , the proxy signer calculates the hash value and verifies whether the authorization signature S A is legal.
If the equation holds, the proxy signer accepts the proxy request. Through an effective authorization message, the proxy signer generates a private proxy signing key x P and its associated public key y P using the following equations:
The proxy signer broadcasts the public key y P after calculations. Figure 4 shows the pictorial description of the proxy key generation phase.
Proxy blind signature generation phase
Assume that a signature receiver requests the proxy signer to sign a signature blindly. The proxy signer and signature receiver must cooperatively execute the following steps.
(a) The proxy signer chooses three random numbers u, s, d ∈ Z q * and calculates parameters a and b using the following equations:
The symbol T is the timestamp taken during the computations of a, b. Subsequently, the proxy signer sends (a, b, m w , r A , T) to the signature receiver.
(b) After receiving the message, the signature receiver calculates the hash value and verifies whether the authorization message is legal using the following equations:
If the authorization message is valid, the signature receiver believes that the original signer has authorized the proxy signer. Next, the signature receiver verifies T to see if it is within effective time frame and within the proxy signature period authorized by the warrant m w . The signature receiver must also determine whether r A appears on the revocation list. If it is on the current list of revocation, the receiver terminates the communication with the proxy signer. Otherwise, the signature receiver produces four blind factors t 1, t 2, t 3, t 4 ∈ Z q *. Blinding the original message M yields a blind hash value e as follows.
The signature receiver then sends the blind hash value e to the proxy signer.
(c) When receiving the blind hash value e, the proxy signer signs on this blind hash value using the proxy signature private key x P authorized by both the original signer and proxy signer, and obtains a blind message r after signature. The following is the details of computations.
The proxy signer then returns the blind signature message (r, c, s, d) to the signature receiver. Figure 5 shows the phases of the partially blind signature generation and extraction.
Signature extraction phase
When receiving the blind message (r, c, s, d), the signature receiver un-blinds the message and calculates ρ, ϖ, σ, δ as follows:
Finally, the signature receiver obtains the complete proxy blind signature, i.e. (M, ρ, ϖ, σ, δ, r A , m w , T). The details of the extraction phase are shown in the Fig. 5.
Signature authentication phase
After receiving the public signature document (M, ρ, ϖ, σ, δ, r A , m w , T) sent by the signature receiver, the authenticator verifies whether the signature is legal using the following equations:
If the signature is legal, the signature receiver knows that the legal original signer has delegated signing power to the proxy signer and the proxy signer has signed and sent the signature document. Figure 6 shows the detail of the authentication phase.
Proxy revocation phase
In traditional proxy blind signatures, the letter of authorization m w indicates the proxy privileges expiration time: the original signer revokes proxy privileges at this time. In Liu et al.’s scheme, if proxy signers abuse their authorization privileges, original signers have the ability to prematurely revoke proxy privileges by adding r A to the public revocation list. Anyone can determine whether the proxy privilege is still effective by reviewing this list. Because any signatures made by the proxy signer before revocation are still effective, signed documents must always include the time of signing. Consequently, this time determines whether the signature is still effective. To reduce the system overhead, at the time of proxy privilege expiration, the system automatically removes r A from the revocation list to prevent unlimited growing of the database.
Rights and permissions
About this article
Cite this article
Yang, FY., Liang, LR. A proxy partially blind signature scheme with proxy revocation. J Ambient Intell Human Comput 4, 255–263 (2013). https://doi.org/10.1007/s12652-011-0071-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-011-0071-1