TAILIEUCHUNG - Attacking M&M Collective Signature Scheme

A collective signature scheme aims to solve the problem ofsigning a message by multiple signers. Recently, Moldovyan and Moldo-vyan proposed a scheme for collective signatures based on Schnorrsignatures. We show some security weaknesses of the scheme. | Attacking M M Collective Signature Scheme Michal Rjasko and Martin Stanek Department of Computer Science Comenius University Slovak Republic rjasko stanek @ Abstract. A collective signature scheme aims to solve the problem of signing a message by multiple signers. Recently Moldovyan and Moldo-vyan 1 proposed a scheme for collective signatures based on Schnorr signatures. We show some security weaknesses of the scheme. 1 Introduction Digital signature schemes are important cryptographic constructions with wide and diverse applications. A collective signature scheme aims to solve the problem of signing a message by multiple signers in a more efficient manner than concatenating individual signatures of the signers . Various constructions of such schemes are known often satisfying additional requirements . threshold signatures blind signatures etc. Recently Moldovyan and Moldovyan 1 proposed a scheme we denote it as M M scheme for collective signatures and its variants - blind collective signature scheme and multi-signature scheme for simultaneous signing a package of contracts. The scheme is based on well known Schnorr digital signature scheme 2 . The authors of M M scheme claim the security of their construction assuming the security of Schnorr s signatures. Results. We analyze the security and show several security weaknesses of M M scheme. In particular we demonstrate how two or more participants can add themselves to any collective signature without a consent or participation of the original signers how malicious participants can in what we call a related public key attack include arbitrary party in a collective signature using just the knowledge of his her public key. We discuss how these weaknesses affect variants of M M scheme blind signatures and simultaneous contract signing . In addition we propose possible modifications of the scheme that fix identified vulnerabilities. Research supported by VEGA grant No. 1 0266 09. 2 M M Scheme Let p .

• An ninh - Bảo mật
• Collective Signature Scheme
• Security Problems of M&M Scheme
• Helated Public Key Attack
• Impact on M&M Variants
• Security weaknesses of the scheme
• Attacking M&M Collective Signature Scheme
• Blind Signature Protocols
• Based on Russian Standards
• Digital Signature Standards
• Correctness proof of the protocol
• Blind Collective Signature Scheme
• Russian DS Stan dards