Recently, Chang, Lin and Lam proposed an ID-based multisignature scheme without reblocking and predetermined signing order. Their scheme adopts usersid information as the public keys instead of random integers. They has claimed it is computationally infeasible to derive the private key of Key Authentication Center (KAC) from the private keys of the authorized users, and the scheme has the property of resistance against collaboration attacks. However, we observed that their scheme cannot be applied in real world, for there are two defects in their scheme and the scheme doesnt satisfy with what they has claimed. The two drawbacks are: (1) not having an efficient verification algorithm (the signature almost can not be verified for the exponent is too large). (2) Even if the signature can be verified, there would exist an forger within the same computation complexity of verification algorithm who can break the scheme (In other words, any one of the signing group can forge on any message for the whole signing group).
展开▼
