Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
A collective signature scheme aims to solve the problem ofsigning a message by multiple signers. Recently, Moldovyan and Moldo-vyan proposed a scheme for collective signatures based on Schnorrsignatures. We show some security weaknesses of the scheme. | Attacking M M Collective Signature Scheme Michal Rjasko and Martin Stanek Department of Computer Science Comenius University Slovak Republic rjasko stanek @dcs.fmph.uniba.sk Abstract. A collective signature scheme aims to solve the problem of signing a message by multiple signers. Recently Moldovyan and Moldo-vyan 1 proposed a scheme for collective signatures based on Schnorr signatures. We show some security weaknesses of the scheme. 1 Introduction Digital signature schemes are important cryptographic constructions with wide and diverse applications. A collective signature scheme aims to solve the problem of signing a message by multiple signers in a more efficient manner than concatenating individual signatures of the signers . Various constructions of such schemes are known often satisfying additional requirements e.g. threshold signatures blind signatures etc. Recently Moldovyan and Moldovyan 1 proposed a scheme we denote it as M M scheme for collective signatures and its variants - blind collective signature scheme and multi-signature scheme for simultaneous signing a package of contracts. The scheme is based on well known Schnorr digital signature scheme 2 . The authors of M M scheme claim the security of their construction assuming the security of Schnorr s signatures. Results. We analyze the security and show several security weaknesses of M M scheme. In particular we demonstrate how two or more participants can add themselves to any collective signature without a consent or participation of the original signers how malicious participants can in what we call a related public key attack include arbitrary party in a collective signature using just the knowledge of his her public key. We discuss how these weaknesses affect variants of M M scheme blind signatures and simultaneous contract signing . In addition we propose possible modifications of the scheme that fix identified vulnerabilities. Research supported by VEGA grant No. 1 0266 09. 2 M M Scheme Let p .
