[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]

Journal of Information Science and Engineering, Vol. 37 No. 6, pp. 1449-1466

A New Attack for Self-Certified Digital Signatures for E-commerce Applications

1Department of Computer Science
National Tsing Hua University
Hsinchu, 300 Taiwan
E-mail: sun.chin.yu@gmail.com; {hmsun; tingting}@cs.nthu.edu.tw

2Department of Information Management
Chaoyang University of Technology
Taichung, 413 Taiwan
E-mail: wuhsiaoling590@gmail.com

“Self-certified digital signature with message recovery” allows a specific receiver to restore the meaningful message from a digital signature and simultaneously confirms the validity of a signature and a signer’s public key. This method greatly improves message confidentiality, solves the certificate management problem, and reduces the communica-tion costs. Due to those benefits, this signature scheme has been widely adopted for e-commerce applications. However, in recent years, this method has attracted attackers’ at-tention; hence, a series of schemes were proposed to counter different attack scenarios. In this paper, we will first present a new attack scenario that can break the security of all the “self-certified digital signature with message recovery” schemes. Then, we will propose a scheme to solve the security issues. Compared with this type of signature scheme, our scheme can satisfy the essential security requirement of a digital signature without sacri-ficing the cost-effectiveness of the original design. The security and performance analyses demonstrate that our proposed scheme is secure, efficient, and well suited for practical use in e-commerce.

Keywords: digital signature, self-certified, message recovery, provable security, E-commerce

  Retrieve PDF document (JISE_202106_15.pdf)