Improvement of digital signature with message recovery and its variants based on elliptic curve discrete logarithm problem

摘要

Based on the concepts of elliptic curve cryptosystem and self-certified public key, Tzeng and Hwang recently published a digital signature scheme with message recovery and its variants based on elliptic curve discrete logarithm problems (ECDLP). The public key and the identity of users can be authenticated simultaneously in recovering messages. In this paper, we first show that the proposed schemes are only applicable for messages with enough redundancy. We also propose an insider forgery attack, which means that the security of the proposed authenticated encryption scheme is not as good as the Girault's self-certified public key scheme. Second, we show that the proposed schemes do not satisfy forward security. Then we point out that these schemes do not have nonrepudiation. In a case of dispute, neither the sender nor the receiver can convince arbiters if the signature is valid, unless they reveal their Diffie-Hellman key, which would also destroy the forward security. Finally, we propose an improvement to these schemes to overcome these weaknesses and analyse of the security of the improvement.