Security Weaknesses in Two Proxy Signature Schemes

Allowing a proxy signer to generate a signature on behalf of an original signer, a proxy signature should satisfy the property of strong unforgeability: anyone except the designated proxy signer cannot create a valid proxy signature on behalf of the original signer. Since proxy signatures, as well as their derivatives, can be used in many applications in reality, such as secure mobile agent, e-commerce systems and etc., they have been receiving extensive research recently. In this paper, we show that the proxy signature scheme [14] from ISPA'04 will suffer from the original signer's forgery attack if the original signer once gets a valid proxy signature on a message, and a similar attack arises in the proxy signature scheme [1] from AWCC'04 if the verifier does not check the originality of the proxy signer's proxy public key before verifying a proxy signature. Therefore, in some degree, neither of these two schemes meets the property of strong unforgeability.