UNIVERSAL FORGERY ON SEKHAR'S SIGNATURE SCHEME WITH MESSAGE RECOVERY

摘要

Owing to the abundance of electronic applications of digital signatures, many additional properties are needed. Recently, Sekhar [Sekhar, M. R. (2004). Signature scheme with message recovery and its application. Int. J. Comput. Math., 81(3), 285-289.] proposed three signature schemes with message recovery designed to protect the identity of the signer. In this setting, only a specific verifier can check the validity of a signature, and he can transmit this conviction to a third party. In this note, we show that this protocol is totally insecure, as it is universally forgeable under a no-message attack. In other words, we show that anyone can forge a valid signature of a user on an arbitrary message. The forged signatures are unconditionally indistinguishable (in an information theoretical sense) from properly formed signatures.