摘要:Self-certified public keys are proposed to eliminate the burden of verifying the public key before using. To alleviate reliance on system authority and strengthen the security of system, Chang et al propose a new digital signature schemes, no redundancy is needed to be embedded in the signed messages in this scheme. Moreover, Chang et al claimed that the schemes are still secure even without the trustworthy system authority, and only the specified recipient can recover the message in his authentication encryption schemes. Unfortunately, In this work, we analyze the security of Chang et al scheme and show that if the system authority is trustless, the scheme is insecure, namely, the system authority can recover the message without the private key of the recipient in Chang’ authentication encryption schemes. Finally, we propose an improved scheme to overcome the weakness of Chang et al scheme.
关键词:digital signature; message recovery; self-certified public key; improved scheme
