Forgeability Of Wang-tang-li's Id-based Restrictive Partially Blind Signature Scheme

摘要

Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of unforgeability as claimed. More precisely, a user can forge a valid message-signature pair (ID, msg, info', σ') instead of the original one (ID, msg, info, σ), where info is the original common agreed information and info' ≠ info. Therefore, it will be much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of $100 to a user, while the user can change the denomination of the coin (bill) to any value, say $100 000 000, at his will.