1-6hit |
In 2004, Menezes and Smart left an open problem that is whether there exists a realistic scenario where message and key substitution (MKS) attacks can have damaging consequences. In this letter, we show that MKS attacks can have damaging consequences in practice, by pointing out that a verifiably encrypted signature (VES) scheme is not opaque if MKS attacks are possible.
Bennian DOU Hong ZHANG Chun-Hua CHEN Chungen XU
In this letter, we point out that key substitution attacks should be taken into account for multisignature schemes, which implies that the existing security notions for multisignature schemes are not sufficient. As an example, we show that the multisignature scheme proposed by Boldyreva at PKC'03 is susceptible to key substitution attacks.
Bennian DOU Chun-Hua CHEN Hong ZHANG
At Asiacrypt'2001, Courtois, Finiasz and Sendrier proposed the first coding-based signature scheme which is also known as the CFS signature. The CFS signature is seen as one of the candidates of quantum immune signatures. In this letter, we show that the CFS signature is susceptible to both strong-key substitution attacks and weak-key substitution attacks. We also discuss potential countermeasures.
Recently, Waters proposed a provably secure signature schemes in the standard model. In this letter, we analyse the security of this signature scheme. We found that the signature scheme is subjected to key substitution attack and is malleable.
Recently, Boneh et al. proposed provably secure short signature schemes in the standard model and in the random oracle model respectively. In this letter, we propose strong-key substitution attacks on these signature schemes. In one of the attacks, we show that an adversary can generate a new public key satisfying all legitimate signatures created by the legitimate signer.
Recently, Camenisch et al. and Fischlin proposed provably secure signature schemes in the standard models respectively. In this letter, we propose key substitution attacks on these two signature schemes. We show that an adversary can generate a valid public key corresponding to a legitimate signature.