Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2014, Article ID 429271, 13 pages
http://dx.doi.org/10.1155/2014/429271
Research Article

Cryptanalytic Performance Appraisal of Improved CCH2 Proxy Multisignature Scheme

Department of Computer Science and Engineering, DAV Institute of Engineering and Technology, Jalandhar, Punjab 144004, India

Received 28 August 2013; Revised 7 November 2013; Accepted 10 February 2014; Published 27 April 2014

Academic Editor: Wang Xing-yuan

Copyright © 2014 Raman Kumar and Nonika Singla. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Many of the signature schemes are proposed in which the out of threshold schemes are deployed, but they still lack the property of security. In this paper, we have discussed implementation of improved CCH1 and improved CCH2 proxy multisignature scheme based on elliptic curve cryptosystem. We have represented time complexity, space complexity, and computational overhead of improved CCH1 and CCH2 proxy multisignature schemes. We have presented cryptanalysis of improved CCH2 proxy multisignature scheme and showed that improved CCH2 scheme suffered from various attacks, that is, forgery attack and framing attack.

1. Introduction

During the last decade there has been an exponential growth in the number of handheld devices being used all over the world. Devices with limited processing capability such as PDA and smart cards also exchange information over the networks. To provide the confidentiality and authenticity of information is a challenging task in a network environment which consists of constrained devices. The security of public key systems is based on the relative complexity of the underlying mathematical problem. For example, the security of RSA depends on integer factorizing systems and that of DSA depends on discrete logarithm systems [1]. Proxy signatures are very useful tools when one needs to delegate his/her signing capability to another party. Relatively longer key lengths are required to maintain the security of a cryptosystem, because the computational power for cryptanalysis increases. This increases the need for higher computational power in devices to achieve reasonable security. But handheld devices like PDAs, smart cards, and so forth have limited processing capability and therefore the overheads associated with communication must be minimal.

1.1. Various Terms

(i)Proxy signature: proxy signature, as a variant of ordinary digital signature, allows one party (original signer) to delegate his/her signing capability to another party (proxy signer) such that the proxy signer can sign messages on behalf of the original signer [2].(ii)Proxy multisignature: in proxy multisignature, one proxy signer can create signature on behalf of group of original signers.(iii)Multiproxy signature: in multiproxy signature, multiple proxy signers can create signature on behalf of one original signer.(iv)Multiproxy multisignature: in multiproxy multisignature, multiple proxy signers can create signature on behalf of multiple original signers.(v)Proxy unprotected proxy signature: in proxy unprotected, the proxy signer generates proxy signatures only with the proxy signing key given by the original signer. So the original signer can also generate the same proxy signatures.(vi)Proxy protected proxy signature: in proxy protected, the proxy signer generates proxy signature not only with the proxy signing key given by the original signer but also with his own private key. Therefore, anyone else, including the original signer, cannot generate the same proxy signatures.According to authenticated degree, Mambo et al. [4] give a classification, that is, full delegation, partial delegation, and delegation by warrant.

In full delegation, the original signer gives the same secret key(s) to proxy signer that he has, so that proxy signer can create the same signature as original signer creates. In partial delegation, a proxy signer has proxy private key, which is different from original signer’s private key. Proxy signer can sign range of messages. In delegation by warrant, warrant is added that specifies what kinds of messages are delegated, the delegation period, IDs of original signers and proxy signer, and so forth.

1.2. Elliptic Curve over Finite Field GF ()

In 1985, elliptic curve cryptography was introduced by Miller [5] and Koblitz [6]. ECC is an attractive public key cryptosystem due to small key size and low computational overhead.

Equation of the elliptic curve on a prime field GF () is where mod . Here the elements of the finite field are integers between 0 and , where is a large prime number and greater than 3. The operations are performed using modular arithmetic. Modular arithmetic works like ordinary arithmetic except that the answers of the calculation are reduced to its remainder on division by . The variables and coefficients all take values in set of integers from 0 through . The prime number is chosen such that there is finitely large number of points on the elliptic curve to make the cryptosystem secure. Point multiplication is calculated by two elliptic curve operations, that is, point addition and point doubling (Figure 2). The rules for point addition and point doubling over GF () are explained below and see Figure 1.

fig1
Figure 1: Point addition [3].
fig2
Figure 2: Point doubling [3].

1.3. Point Addition

The elliptic curve addition is different from simple addition. and are two distinct points on the elliptic curve; that is, and [3].

Let be obtained through the following rules: where mod is the slope of the line through and . (i)If , that is, , then , where is the point at infinity.(ii)If , then ; then point doubling equations are used.

1.4. Point Doubling

Consider a point such that , where [3]. Let where . Then where mod is the tangent at point and is one of the parameters chosen with the elliptic curve.(i)If , then , where is the point at infinity.

1.5. Domain Parameters for Elliptic Curve over GF () Are (, , , , )

is the prime number defined for finite field GF (). , are the two coefficients defining the curve . is the generator point and is the order of .

1.6. Various Security Parameters

A proxy signature should have security properties [4] and they are as follows.(1)Strong unforgeability: proxy signatures can be created only by designated proxy signer. Original signer or any other party cannot generate proxy signatures.(2)Verifiability: a verifier can be convinced of the original signer’s agreement on the signed message from the proxy signature.(3)Strong identifiability: from the proxy signature, anyone can determine the identity of corresponding proxy signer.(4)Strong undeniability: once valid proxy signature is created by proxy signer, he/she cannot repudiate signature creation.(5)Distinguishability: proxy signatures are distinguishable from ordinary signature created by original signer.

1.7. Various Attacks

(i)Public key substitution attack: in this attack, original signer can generate proxy multisignature by updating his own public key [7].(ii)Original signer’s forgery attack: in this attack, original signers can generate valid proxy multisignature without agreement of proxy signer and verifier will be convinced that any proxy multisignature generated by using forged signing key is generated by agreement of all, original signer and proxy signer [8]. Under the name of proxy signer, original signer can forge valid proxy multisignature.(iii)Framing attack: in this attack, any user is framed by malicious users . User does not receive any delegation from the users , but the malicious users can forge a proxy multisignature for message by user on behalf of users [9].

2. Review of Existing Schemes

Mambo et al. [4] define the different types of delegations like full delegation, partial delegation, and delegation by warrant. They have proposed a proxy signature scheme that is based on discrete logarithm problem. They have compared different proxy signature schemes like Schnorr scheme, Elgamal scheme, and Okamoto scheme on the basis of message length and amount of computational work. In all the above schemes, the amount of computational work in partial delegation is smaller than that with delegation by warrant. In partial delegation, a proxy signer can create proxy signature forever because valid period is not specified. In this case the original signer can revoke the signing capability of the proxy signer by two ways, that is, (1) to make revocation list publicly seen and (2) to change the public key of original signer and all proxies of honest proxy signers are updated accordingly.

Mambo et al. [10] proposed a new type of proxy signature scheme based on discrete logarithm problem. Scheme that is proposed by Mambo et al.’s [4] holds sufficient properties if original signer is trustworthy and never cheats. If the original signer is not trustworthy then proxy protected proxy signature scheme is important and they have introduced proxy protected proxy signature scheme based on discrete logarithm problem.

Kim et al. [11] have introduced two new types of proxy signature schemes based on discrete logarithm problem, that is, partial delegation with warrant and threshold delegation. Partial delegation with warrant combines the benefits of partial delegation and delegation with warrant. Valid period can be specified in proxy signature for partial delegation with warrant, so their new scheme does not require an additional proxy revocation protocol. In threshold delegation, the original signer delegates the power to sign message in such a way that from the designated group of n proxy signers, or more proxy signers can create signature and or less proxy signers cannot create signature on behalf of original signer.

Yi et al. [12] proposed a new type of proxy signature scheme, that is, proxy multisignature scheme in which a proxy signer can create signature on behalf of two or more original signers. They give the overview of proxy monosignature schemes, that is, Mambo et al.’s [4] and Kim et al.’s [11]. They have introduced Mambo-like proxy multisignature scheme and Kim-like proxy multisignature scheme. Their schemes are proxy unprotected schemes; that is, original signer can also create proxy signature.

Sun [7] analyzes the proxy signature and proxy multisignature schemes and their analysis indicates that these schemes suffer from the public key substitution attack and direct forgery attack. They analyzes Yi et al.’s [12] proxy multisignature schemes and shows that these schemes suffer from public key substitution attack (an original signer can forge proxy multisignature by updating his own public key) and direct forgery attack (one original signer can generate forged proxy multisignature on arbitrary message for multiple original signers). They proposed a new proxy protected and proxy unprotected proxy multisignature schemes which do not suffer from these attacks.

Lee et al. [13] provide new classifications of proxy signature scheme, that is, strong and weak proxy signature, designated and nondesignated proxy signature, and self-proxy signature. They proposed a strong nondesignated proxy signature scheme. The proposed scheme does not specify proxy signer so it can be applied to multiproxy signature in which multiple original signers can delegate their signing capabilities to proxy signers.

Chen et al. [14] proposed a new proxy protected proxy signature scheme which is based on elliptic curve discrete logarithm problem. They analyze the performance of Sun [7] and the proposed scheme on the basis of time complexity.

Chen et al. [1] proposed an improved scheme in which the exponential operations are changed into elliptic curve multiplicative ones. Sun [7] improvement increases security but requires complex operations to derive the proxy public key that is required to verify the proxy multisignature. ECC has lower computational overhead and a smaller key size than that of RSA or DSA and ECC can achieve a level of security equal to that of the RSA or DSA. This proposed scheme is called CCH1 scheme. They compared the Sun [7] and proposed proxy multisignature schemes. The time complexity of proposed scheme is reduced and performance is enhanced without loss of security.

Chen et al. [15] introduced a traceable proxy multisignature scheme. This scheme makes size of proxy signature independent of number of original signers, so computation overhead means none of operations required for verification is greatly reduced. This proposed scheme is called CCH2 scheme. They compare the Sun [7] and proposed proxy multisignature schemes on the basis of time complexity.

Hwang et al. [16] proposed a generalized version of the proxy signature scheme based on elliptic curve discrete logarithm problem. In a generalized proxy signature scheme with known signers, any or more original signers out of original signers can represent the original group to delegate the signing capability, and or more proxy signers out of proxy signers can represent the proxy group to sign message on behalf of the group of original signers. They have discussed special cases, namely, the proxy signature (proxy multisignature) scheme, proxy signature scheme (multiproxy signature), and proxy signature scheme.

Wang et al. [17] present security analysis of some proxy signature schemes, that is, Mambo et al.’s [10] and Lee et al.’s [13]. By identifying several attacks, they show that all these schemes are insecure.

Wang et al. [2] review Chen et al.’s [14] proxy protected proxy signature scheme based on elliptic curve cryptosystem and they show that it is vulnerable to an original signer forgery attack. They present an improved scheme which is secure against the proposed attack.

Park et al. [8] show that proxy multisignature schemes proposed by Chen et al. [1, 15] are insecure against the malicious original signer(s). They review the CCH1 and CCH2 schemes and analyze their security. These schemes are vulnerable to proxy signing forgery attack by one or all original signers.

Chang et al. [18] proposed a proxy protected signature scheme based on ECDSA which satisfies security properties. They show that the time complexity of proxy signature is similar in both proxy signature based on ECDSA and ECDSA.

Li and Xue [19] have reviewed CCH1 and CCH2 proxy multisignature schemes based on elliptic curve cryptography. Park et al. [8] show that these schemes suffer from forgery attack by one or all original signers. They have proposed improved CCH1 and improved CCH2 schemes that do not suffer from forgery attack.

Tutanescu et al. [3] examine that ECC is more attractive cryptosystem than conventional cryptosystem (RSA/DSA) for mobile devices, which are limited in terms of their CPU, power, and network connectivity. ECC is fast and can be implemented with less hardware, because of shorter key length. They have presented the application of ECC, that is, internet, smart cards, PDAs, and PCs. Their opinion is that ECC could become the next generation of PKC.

Wang and Yu [20] have discussed two fatal flaws of the cryptosystem which are based on the logistic map and proposed by Wang and Xiang are pointed out. According to this, cryptanalysts could recover the plaintext by the chosen plaintext attacked in a short time. Authors proposed a remedial improvement which can avoid the flaws and enhance the security of the cryptosystem.

In this paper [21], have analyzed the security of a parallel keyed hash function based on chaotic neural network proposed by Wang and Zhao recently. Weak keys and forgery attacks against Wang and Zhao’s scheme are demonstrated. Both theoretical analysis and experimental results show that the parallel keyed hash function is not security. Besides, some improvement measures are presented to enhance the security of the parallel keyed hash function.

Wang and He [22] have introduced a novel image encryption method based on a skew tent map that is proposed recently. In this paper, some flaws of this algorithm are pointed out and then a chosen plaintext attack against it is presented. Both theoretical analysis and experimental simulation indicate that the plain image can be recovered exactly from the cipher image without the secret key. So it can be seen that this algorithm is not secure enough to be applied in network communication.

Wang and Liu [23] have cryptanalysis of a parallel subimage encryption method with high-dimensional chaos.

3. Estimation of Time, Space, and Computational Overhead of Improved CCH1 and CCH2 Schemes

3.1. Implementation of Improved CCH1 Proxy Multisignature Scheme

There are four phases—the system initialization phase, the key generation phase, the proxy multisignature generation phase, and the proxy multisignature verification phase [19].

Phase 1. System initialization phase: before the whole scheme can be initialized, the following parameters over the elliptic curve domain must be known:(i)a field size , which is odd prime;(ii)two parameters , to define the equation of elliptic curve over (i.e., ()), where ();(iii)a finite point whose order is a large prime number in , where is a point in , where , because denotes an infinity point;(iv)the order of .

Phase 2. Key generation phase: this phase can be further divided into two parts.

Part 1. Personal public key generation phase: all original signers and the designated proxy signer are authorized to select their own individual secret keys.(i)For each , the original signer secretly selects a random number as his private key and computes the corresponding public key , where “” indicates the multiplication of a number by an elliptic curve point.(ii)The proxy signer is provided with a private key and a corresponding public key . All public keys and must be certified by the CA.

Part 2. Proxy-signature secret key generation phase.

Step  1 (secret key generation). For each , the original signer selects a random number as secret key.

Step  2 (group commitment value generation). They then computes If , then return to step 1; otherwise broadcasts to other original signers.

Step  3 (subdelegation parameter generation). For each , the original signer uses his own secret keys , and the group commitment value to compute the following: where is a hash function and the warrant contains information such as the IDs of all original signers and proxy signer. Then, the subdelegation parameter for is .

Step  4 (subdelegation parameter verification). After the proxy signer has received the subdelegation parameters, then the proxy signer computes and checks whether it holds. If it holds then the proxy signer accepts as a valid subdelegation parameter; otherwise, he can reject it and requests a valid one or terminate this protocol.

Step  5 (proxy multisignature secret key generation). He then computes the proxy multisignature secret key as follows:

Phase 3. Proxy multisignature generation phase: the proxy multisignature affixed to the is in the form of , where is the signature generated by a designated signature scheme (EC-Schnorr signature scheme) using the proxy signing key and is message.

Step  1. Proxy signer chooses random number where and calculates .

Step  2. Compute where is hash function. If , then go to step 1.

Step  3. Compute and the output .

Phase 4. Proxy multisignature verification phase: when the verifier verifies the signature, he or she calculates the proxy public value corresponding to the proxy signature key as With the value, the verifier can confirm the validity of by validating the verification equality of the designated signature scheme.

Step  1. Compute .

Step  2. And compute . Then check that and if this equation satisfies then valid signature generated otherwise not.

3.2. Implementation of Improved CCH2 Proxy Multisignature Scheme

There are four phases—the system initialization phase, the key generation phase, the proxy multisignature generation phase, and the proxy multisignature verification phase [19].

Phase 1. System initialization phase: before the whole scheme can be initialized, the following parameters over the elliptic curve domain must be known:(i)a field size , which is an odd prime;(ii)two parameters , to define the equation of elliptic curve over (i.e., , where ;(iii)a finite point whose order is a large prime number in , where is a point in , where , because denotes an infinity point;(iv)the order of .

Phase 2. Key generation phase: this phase can be further divided into two parts.

Part 1. Personal public key generation phase: all original signers and the designated proxy signer are authorized to select their own individual secret keys.(i)For each , the original signer secretly selects a random number as his private key and computes the corresponding public key , where “” indicates the multiplication of a number by an elliptic curve point.(ii)The proxy signer is provided with a private key and a corresponding public key . All public keys and must be certified by the CA.

Part 2. Proxy-signature secret key generation phase.

Step  1 (secret key generation). For each , the original signer selects a random number as secret key.

Step  2 (group commitment value generation). Then computes . If , then return to step 1; otherwise broadcasts to other original signers. On receiving ,  , calculates

Step  3 (subdelegation parameter generation). For each , the original signer uses his own secret keys , and the group commitment value to compute the following: where is a hash function and the warrant contains information such as the IDs of all original signers and proxy signer. Then, the subdelegation parameter for is .

Step  4 (subdelegation parameter verification). After the proxy signer has received the subdelegation parameters then the proxy signer computes and checks whether it holds. If it holds then the proxy signer accepts as a valid subdelegation parameter; otherwise, he can reject it and requests a valid one or terminate this protocol.

Step  5 (proxy multisignature secret key generation). They then computes the proxy multisignature secret key as follows:

Phase 3. Proxy multisignature generation phase: the proxy multisignature affixed to the is in the form of , where is the signature generated by a designated signature scheme (EC-Schnorr signature scheme) using the proxy signing key and is message.

Step  1. Proxy signer chooses random number where and calculates .

Step  2. Compute where is hash function. If , then go to step 1.

Step  3. Compute and the output .

Phase 4. Proxy multisignature verification phase. When the verifier verifies the signature, he or she calculates the proxy public value corresponding to the proxy signature key as With the value, the verifier can confirm the validity of by validating the verification equality of the designated signature scheme.

Step  1. Compute .

Step  2. And compute . Then check that and if this equation satisfies then valid signature generated otherwise not.

4. Performance Analysis of the Proposed Scheme

The analysis reports of the proposed scheme are given below.

4.1. Entropy

In this case, the value of entropy is the measure of the tendency of a process, to be entropically favored, or to proceed in a particular direction. Moreover, entropy provides an indication for a specific encryption method. We have analyzed our hypothesis on the basis of entropy generated [24].

Figure 3 shows the entropy for the proposed scheme. The Figure 4 shows that compression ratio required in each scheme. Table 1 lists the name and compression ratio required in each scheme.

tab1
Table 1: Compression ratio (in %) in each scheme.
429271.fig.003
Figure 3: Entropy for the proposed scheme.
429271.fig.004
Figure 4: Radar chart showing compression ratio required in each scheme.
4.2. Floating Frequencies/Intuitive Synthesis

Floating frequencies/intuitive synthesis in its completed three part entirety which takes full advantage of the time complexity, space complexity, and communication overhead provided by the digital medium. We have calculated floating frequency of threshold proxy signature scheme [24]. Figure 5 shows floating frequencies/intuitive synthesis for the proposed scheme.

429271.fig.005
Figure 5: Floating frequencies/intuitive synthesis for the proposed scheme.
4.3. ASCII Histogram

The ASCII histogram proved to be very useful since it helped enormously in debugging code involving probability calculations with simple print statements. Probabilistic simulations are extremely hard to test because the results of a given operation are never strictly the same. However, they should have the same probability distribution, so by looking at the rough shape of the histogram, you tell if your calculations are going in the right direction. In this context, we have calculated ASCII histogram for our threshold proxy signature scheme [24]. Figure 6 shows ASCII histogram for the proposed scheme.

429271.fig.006
Figure 6: ASCII histogram for the proposed scheme.
4.4. Autocorrelation

A mathematical representation of the degree of similarity between a given time series and a lagged version of itself over successive time intervals. It is the same as calculating the correlation between two different time series, except that the same time series is used twice—once in its original form and once lagged one or more time periods. The term can also be referred to as “lagged correlation” or “serial correlation.” In this, we have calculated autocorrelation for threshold proxy signature scheme [24]. Figure 7 shows autocorrelation for the proposed scheme.

429271.fig.007
Figure 7: Autocorrelation for the proposed scheme.
4.5. Histogram Analysis

A histogram is a graphical representation showing a visual impression of the distribution of data. We have analyzed histogram for all schemes. Table 2 lists the histogram analysis for overall threshold proxy signature schemes [24]. Figure 8 shows radar chart showing overall analysis for all schemes.

tab2
Table 2
429271.fig.008
Figure 8: Radar chart showing overall analysis for all schemes.

5. Graphical Representation of Time, Space, and Computational Overhead of Improved CCH1 Scheme

5.1. Time Complexity, Space Complexity, and Computational Overhead

When determining the time complexity of an algorithm, we measure how fast the computing requirements grow as the size of the input grows. We generate graphs to analyze the time complexity of the schemes. The space complexity of a program is the number of elementary objects that this program needs to store during its execution. We generate graphs to analyze the space complexity of the schemes. The computational overhead includes two types of communication in the schemes: number of transmissions and number of broadcasts. We generate graphs to analyze the computational overhead of the schemes [24]. Figures 9, 10, 11, 12, 13, 14, 15 and 16 show time complexity, space complexity, and computational overhead for the CCH1 and CCH2 schemes.

429271.fig.009
Figure 9: Time complexity of improved CCH1 scheme with varying value of field size ().
429271.fig.0010
Figure 10: Time complexity of improved CCH2 scheme with varying value of field size ().
429271.fig.0011
Figure 11: Space complexity of improved CCH1 scheme with varying value of field size ().
429271.fig.0012
Figure 12: Space complexity of improved CCH2 scheme with varying value of field size ().
429271.fig.0013
Figure 13: Computational overhead of improved CCH1 scheme with varying value of field size ().
429271.fig.0014
Figure 14: Computational overhead of improved CCH2 scheme with varying value of field size ().
429271.fig.0015
Figure 15: Time complexity of improved CCH1 scheme with varying value of field size ().
429271.fig.0016
Figure 16: Time complexity of improved CCH2 scheme with varying value of field size ().

6. Cryptanalysis of Improved CCH2 Proxy Multisignature Scheme

See Figures 15, 16, 17, 18, 19, 20, 21, 22, and 23.

429271.fig.0017
Figure 17: Time complexity of enhanced scheme with varying value of field size ().
429271.fig.0018
Figure 18: Space complexity of improved CCH1 scheme with varying value of field size ().
429271.fig.0019
Figure 19: Space complexity of improved CCH2 scheme with varying value of field size ().
429271.fig.0020
Figure 20: Space complexity of enhanced scheme with varying value of field size ().
429271.fig.0021
Figure 21: Computational overhead of improved CCH1 scheme with varying value of field size ().
429271.fig.0022
Figure 22: Computational overhead of improved CCH2 scheme with varying value of field size ().
429271.fig.0023
Figure 23: Computational overhead of enhanced scheme with varying value of field size ().

In improved CCH2 proxy multisignature scheme, elliptic curve based Schnorr signature scheme is used to generate and verify the signature.

6.1. Forge a Proxy Multisignature

Suppose proxy signer signed a message with his private key ; the signature is where and . Upon receiving the signature the malicious original signers can forge a valid proxy signature as follows.(i)Compute .(ii)Compute .

Finally, the malicious original signers can forge a valid proxy signature . The following shows why the proxy signature is valid.

Proof. Consider the following:
Proxy multisignature verification: when the verifier verifies the signature, he or she calculates the proxy public value corresponding to the proxy signature key as With the value, the verifier can confirm the validity of by validating the verification equality of the designated signature scheme.
Step  1. Compute .
Step  2. And compute . Then check that and if this equation satisfies then valid signature generated otherwise not.

6.2. Forge the Proxy Signer’s Signature

After getting signature where and (), the original signer can forge proxy signer ’s signature on message as follows.(i)Each computes where .(ii)Compute .(iii)Compute .(iv) is valid signature on message .

The malicious original signers can forge a valid signature on message with respect to proxy signer ’s private key .

The following shows why the signature is valid.

Proof. Consider the following:
Proxy multisignature verification: when the verifier verifies the signature, he or she uses proxy public value corresponding to the proxy signature key . With the value, the verifier can confirm the validity of by validating the verification equality of the designated signature scheme.
Step  1. Compute .
Step  2. And compute . Then check that and if this equation satisfies then valid signature generated otherwise not.

6.3. Framing Attack

In this attack, malicious users also can forge a proxy multisignature for message by some user on behalf of users , such that user was never designated by users . Suppose proxy signer signed a message with his private key ; the signature is where and ().

Upon receiving the signature , then the malicious original signers can forge a valid proxy signature as follows.(i)The malicious users pretend to produce a forged warrant , which records the delegation information such as identities of the malicious users and user .(ii)For each , the malicious user selects a random number and then computes and broadcasts to other users.(iii)On receiving , calculates

Note that user does not receive any information from the malicious users .(i)Compute ;(ii)Compute .

Finally the malicious users can forge a valid signature on message by some user on behalf of users , such that user was never designated by users . The following shows why the signature is valid.

Proof. Consider the following:
From above we can see that an innocent user is framed by the malicious users .
Proxy multisignature verification phase: when the verifier verifies the signature, he or she calculates the proxy public value corresponding to the proxy signature key as With the value, the verifier can confirm the validity of   by validating the verification equality of the designated signature scheme.
Step  1. Compute .
Step  2. And compute . Then check that and if this equation satisfies then valid signature generated otherwise not.

7. Conclusion

In this paper, we have discussed implementation of improved CCH1 and improved CCH2 proxy multisignature scheme based on elliptic curve cryptosystem. We have represented time complexity, space complexity, and computational overhead of improved CCH1 and CCH2 proxy multisignature schemes. We have presented cryptanalysis of improved CCH2 proxy multisignature scheme and showed that improved CCH2 scheme suffers from various attacks, that is, forgery attack and framing attack.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

The authors also wish to thank many anonymous referees for their suggestions to improve this paper.

References

  1. T. S. Chen, Y. F. Chung, and G. S. Huang, “Efficient proxy multisignature schemes based on the elliptic curve cryptosystem,” Computers and Security, vol. 22, no. 6, pp. 527–534, 2003. View at Publisher · View at Google Scholar · View at Scopus
  2. S. Wang, G. Wangt, F. Bao, and J. Wang, “Cryptanalysis of a proxy-protected proxy signature scheme based on elliptic curve cryptosystem,” in Proceedings of the IEEE 60th Vehicular Technology Conference, VTC2004-Fall: Wireless Technologies for Global Security, pp. 3240–3243, September 2004. View at Scopus
  3. I. Tutanescu, C. Anton, L. Ionescu, and D. Caragata, “Elliptic curves cryptosystems approaches,” in Proceedings of the International Conference on Information Society (i-Society '12), pp. 357–362, 2012.
  4. M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures for delegating signing operation,” in Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp. 48–57, March 1996. View at Scopus
  5. V. S. Miller, “Use of elliptic curves in cryptography,” in Advances in Cryptology-Crypo '85, vol. 218 of Lecture Notes in Computer Science, pp. 417–426, 1986. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  6. N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  7. H. M. Sun, “On proxy multisignature schemes,” in Proceedings of the International Computer Symposium, pp. 65–72, 2000.
  8. J. H. Park, B. G. Kang, and S. Park, Cryptanalysis of Some Group-Oriented Proxy Signature Schemes, vol. 3786 of Lecture Notes in Computer Science, 2006.
  9. C. Feng and C. Zhenfu, “Cryptanalysis on a proxy multi-signature scheme,” in Proceedings of the 1st International Multi- Symposiums on Computer and Computational Sciences (IMSCCS '06), vol. 2, pp. 117–120, IEEE, April 2006. View at Publisher · View at Google Scholar · View at Scopus
  10. M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures: delegation of the power to sign messages,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E79-A, no. 9, pp. 1338–1353, 1996. View at Google Scholar · View at Scopus
  11. S. Kim, S. Park, and D. Won, “Proxy signatures, revisited,” in Proceedings of the Information and Communications Security (ICICS '97), vol. 1334 of Lecture Notes in Computer Science, pp. 223–232, 1997.
  12. L. Yi, G. Bai, and G. Xiao, “Proxy multi-signature scheme: a new type of proxy signature scheme,” Electronics Letters, vol. 36, no. 6, pp. 527–528, 2000. View at Publisher · View at Google Scholar · View at Scopus
  13. B. Lee, H. Kim, and K. Kim, “Strong proxy signature and its application,” in Proceedings of the World Multiconference on Systemics, Cybernetics and Informatics (SCIS '01), pp. 603–608, 2001.
  14. T. S. Chen, T. P. Liu, and Y. F. Chung, “A proxy-protected proxy signature scheme based on elliptic curve cryptosystem,” in Proceedings of the IEEE TENCOM Region 10 Conference on Computers, Communications, Control and Power Engineering, pp. 184–187, October 2002. View at Scopus
  15. T. S. Chen, Y. F. Chung, and G. S. Huang, “A traceable proxy multisignature scheme based on the elliptic curve cryptosystem,” Applied Mathematics and Computation, vol. 159, no. 1, pp. 137–145, 2004. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  16. M. S. Hwang, S. F. Tzeng, and C. S. Tsai, “Generalization of proxy signature based on elliptic curves,” Computer Standards and Interfaces, vol. 26, no. 2, pp. 73–84, 2004. View at Publisher · View at Google Scholar · View at Scopus
  17. G. L. Wang, F. Bao, J. Y. Zhou, and R. H. Deng, “Security analysis of some proxy signatures,” in Information Security and Cryptology, vol. 2971 of Lecture Notes in Computer Science, pp. 305–319, 2004. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  18. M. H. Chang, I. T. Chen, and M. T. Chen, “Design of proxy signature in ECDSA,” in Proceedings of the 8th International Conference on Intelligent Systems Design and Applications (ISDA '08), pp. 17–22, November 2008. View at Publisher · View at Google Scholar · View at Scopus
  19. F. Li and Q. Xue, “Two improved proxy multi-signature schemes based on the elliptic curve cryptosystem,” Communications in Computer and Information Science, vol. 234, no. 4, pp. 101–109, 2011. View at Publisher · View at Google Scholar · View at Scopus
  20. X. Wang and C. Yu, “Cryptanalysis and improvement on a cryptosystem based on a chaotic map,” Computers and Mathematics with Applications, vol. 57, no. 3, pp. 476–482, 2009. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  21. X. Wang and J. Zhao, “Cryptanalysis on a parallel keyed hash function based on chaotic neural network,” Neurocomputing, vol. 73, no. 16–18, pp. 3224–3228, 2010. View at Publisher · View at Google Scholar · View at Scopus
  22. X. Wang and G. He, “Cryptanalysis on a novel image encryption method based on total shuffling scheme,” Optics Communications, vol. 284, no. 24, pp. 5804–5807, 2011. View at Google Scholar
  23. X. Wang and L. Liu, “Cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos,” Nonlinear Dynamics, vol. 73, no. 1-2, pp. 795–800, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  24. R. Kumar, H. K. Verma, and R. Dhir, “Cryptanalysis and performance evaluation of enhanced threshold proxy signature scheme based on RSA for known signers,” Mathematical Problems in Engineering, vol. 2013, Article ID 790257, 24 pages, 2013. View at Publisher · View at Google Scholar · View at MathSciNet