Research Article Cryptanalytic Performance Appraisal of...
14
Research Article Cryptanalytic Performance Appraisal of Improved CCH2 Proxy Multisignature Scheme Raman Kumar and Nonika Singla Department of Computer Science and Engineering, DAV Institute of Engineering and Technology, Jalandhar, Punjab 144004, India Correspondence should be addressed to Raman Kumar; [email protected] Received 28 August 2013; Revised 7 November 2013; Accepted 10 February 2014; Published 27 April 2014 Academic Editor: Wang Xing-yuan Copyright © 2014 R. Kumar and N. Singla. is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Many of the signature schemes are proposed in which the out of threshold schemes are deployed, but they still lack the property of security. In this paper, we have discussed implementation of improved CCH1 and improved CCH2 proxy multisignature scheme based on elliptic curve cryptosystem. We have represented time complexity, space complexity, and computational overhead of improved CCH1 and CCH2 proxy multisignature schemes. We have presented cryptanalysis of improved CCH2 proxy multisignature scheme and showed that improved CCH2 scheme suffered from various attacks, that is, forgery attack and framing attack. 1. Introduction During the last decade there has been an exponential growth in the number of handheld devices being used all over the world. Devices with limited processing capability such as PDA and smart cards also exchange information over the networks. To provide the confidentiality and authenticity of information is a challenging task in a network environment which consists of constrained devices. e security of public key systems is based on the relative complexity of the underlying mathematical problem. For example, the security of RSA depends on integer factorizing systems and that of DSA depends on discrete logarithm systems [1]. Proxy signatures are very useful tools when one needs to delegate his/her signing capability to another party. Relatively longer key lengths are required to maintain the security of a cryp- tosystem, because the computational power for cryptanalysis increases. is increases the need for higher computational power in devices to achieve reasonable security. But handheld devices like PDAs, smart cards, and so forth have limited processing capability and therefore the overheads associated with communication must be minimal. 1.1. Various Terms (i) Proxy signature: proxy signature, as a variant of ordinary digital signature, allows one party (origi- nal signer) to delegate his/her signing capability to another party (proxy signer) such that the proxy signer can sign messages on behalf of the original signer [2]. (ii) Proxy multisignature: in proxy multisignature, one proxy signer can create signature on behalf of group of original signers. (iii) Multiproxy signature: in multiproxy signature, multi- ple proxy signers can create signature on behalf of one original signer. (iv) Multiproxy multisignature: in multiproxy multisigna- ture, multiple proxy signers can create signature on behalf of multiple original signers. (v) Proxy unprotected proxy signature: in proxy unpro- tected, the proxy signer generates proxy signatures only with the proxy signing key given by the original Hindawi Publishing Corporation Mathematical Problems in Engineering Volume 2014, Article ID 429271, 13 pages http://dx.doi.org/10.1155/2014/429271
Transcript of Research Article Cryptanalytic Performance Appraisal of...
![Page 1: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/1.jpg)
Research ArticleCryptanalytic Performance Appraisal of Improved CCH2 ProxyMultisignature Scheme
Raman Kumar and Nonika Singla
Department of Computer Science and Engineering DAV Institute of Engineering and Technology Jalandhar Punjab 144004 India
Correspondence should be addressed to Raman Kumar erramankumaraolin
Received 28 August 2013 Revised 7 November 2013 Accepted 10 February 2014 Published 27 April 2014
Academic Editor Wang Xing-yuan
Copyright copy 2014 R Kumar and N Singla This is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in any medium provided the original work is properlycited
Many of the signature schemes are proposed in which the 119905 out of 119899 threshold schemes are deployed but they still lack theproperty of security In this paper we have discussed implementation of improvedCCH1 and improvedCCH2 proxymultisignaturescheme based on elliptic curve cryptosystemWe have represented time complexity space complexity and computational overheadof improved CCH1 and CCH2 proxy multisignature schemes We have presented cryptanalysis of improved CCH2 proxymultisignature scheme and showed that improved CCH2 scheme suffered from various attacks that is forgery attack and framingattack
1 Introduction
During the last decade there has been an exponential growthin the number of handheld devices being used all over theworld Devices with limited processing capability such asPDA and smart cards also exchange information over thenetworks To provide the confidentiality and authenticity ofinformation is a challenging task in a network environmentwhich consists of constrained devices The security of publickey systems is based on the relative complexity of theunderlying mathematical problem For example the securityof RSA depends on integer factorizing systems and thatof DSA depends on discrete logarithm systems [1] Proxysignatures are very useful tools when one needs to delegatehisher signing capability to another party Relatively longerkey lengths are required to maintain the security of a cryp-tosystem because the computational power for cryptanalysisincreases This increases the need for higher computationalpower in devices to achieve reasonable security But handhelddevices like PDAs smart cards and so forth have limitedprocessing capability and therefore the overheads associatedwith communication must be minimal
11 Various Terms
(i) Proxy signature proxy signature as a variant ofordinary digital signature allows one party (origi-nal signer) to delegate hisher signing capability toanother party (proxy signer) such that the proxysigner can sign messages on behalf of the originalsigner [2]
(ii) Proxy multisignature in proxy multisignature oneproxy signer can create signature on behalf of groupof original signers
(iii) Multiproxy signature in multiproxy signature multi-ple proxy signers can create signature on behalf of oneoriginal signer
(iv) Multiproxymultisignature inmultiproxymultisigna-ture multiple proxy signers can create signature onbehalf of multiple original signers
(v) Proxy unprotected proxy signature in proxy unpro-tected the proxy signer generates proxy signaturesonly with the proxy signing key given by the original
Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2014 Article ID 429271 13 pageshttpdxdoiorg1011552014429271
2 Mathematical Problems in Engineering
signer So the original signer can also generate thesame proxy signatures
(vi) Proxy protected proxy signature in proxy protectedthe proxy signer generates proxy signature not onlywith the proxy signing key given by the original signerbut also with his own private key Therefore anyoneelse including the original signer cannot generate thesame proxy signatures
According to authenticated degree Mambo et al [4] give aclassification that is full delegation partial delegation anddelegation by warrant
In full delegation the original signer gives the same secretkey(s) to proxy signer that he has so that proxy signer cancreate the same signature as original signer creates In partialdelegation a proxy signer has proxy private key which isdifferent from original signerrsquos private key Proxy signer cansign range of messages In delegation by warrant warrant isadded that specifies what kinds of messages are delegated thedelegation period IDs of original signers and proxy signerand so forth
12 Elliptic Curve over Finite Field GF (119901) In 1985 ellipticcurve cryptography was introduced by Miller [5] and Koblitz[6] ECC is an attractive public key cryptosystem due to smallkey size and low computational overhead
Equation of the elliptic curve on a prime field GF (119901) is
y2 (mod119901) = 1199093 + 119886119909 + 119887 (mod119901) (1)
where 41198863 + 271198872 mod 119901 = 0 Here the elements of the finitefield are integers between 0 and 119901minus1 where 119901 is a large primenumber and greater than 3 The operations are performedusing modular arithmetic Modular arithmetic works likeordinary arithmetic except that the answers of the calculationare reduced to its remainder on division by 119901 The variablesand coefficients all take values in set of integers from 0through 119901minus 1 The prime number 119901 is chosen such that thereis finitely large number of points on the elliptic curve tomakethe cryptosystem secure Point multiplication is calculated bytwo elliptic curve operations that is point addition and pointdoubling (Figure 2) The rules for point addition and pointdoubling over GF (119901) are explained below and see Figure 1
13 Point Addition The elliptic curve addition is differentfrom simple addition 119869 and 119870 are two distinct points on theelliptic curve that is 119869 = (1199091 1199101) and119870 = (1199092 1199102) [3]
Let 119871 = 119869 + 119870 = (1199093 1199103) be obtained through thefollowing rules
1199093 = 1205822 minus 1199091 minus 1199092 (mod119901)
1199103 = 120582 (1199091 minus 1199093) minus 1199101 (mod119901) (2)
where 120582 = (1199102 minus 1199101)(1199092 minus 1199091)mod 119901 is the slope of the linethrough 119869 and119870
(i) If119870 = minus119869 that is119870 = (1199091 minus1199101 mod 119901) then 119869+119870 =
119874 where 119874 is the point at infinity(ii) If 119870 = 119869 then 119869 + 119870 = 2119869 then point doubling
equations are used
14 PointDoubling Consider a point 119869 such that 119869 = (1199091 1199101)where 1199101 = 0 [3] Let 119871 = 2119869 where 119871 = (1199092 1199102) Then
1199092 = 1205822 minus 21199091 (mod119901)
1199102 = 120582 (1199091 minus 1199092) minus 1199101 (mod119901) (3)
where 120582 = ((3times12+119886)(21199101))mod 119901 is the tangent at point 119869and 119886 is one of the parameters chosen with the elliptic curve
(i) If 1199101 = 0 then 2119869 = 119874 where119874 is the point at infinity
15 Domain Parameters for Elliptic Curve over GF (119901) Are (119901119886 119887 119861 119905) 119901 is the prime number defined for finite field GF(119901) 119886 119887 isin GF (119901) are the two coefficients defining the curve1199102 mod 119901 = (1199093 + 119886119909 + 119887) mod 119901 119861 is the generator point(119883119861 119884119861) and 119905 is the order of 119861
16 Various Security Parameters A proxy signature shouldhave security properties [4] and they are as follows
(1) Strong unforgeability proxy signatures can be createdonly by designated proxy signer Original signer orany other party cannot generate proxy signatures
(2) Verifiability a verifier can be convinced of the originalsignerrsquos agreement on the signed message from theproxy signature
(3) Strong identifiability from the proxy signature any-one can determine the identity of correspondingproxy signer
(4) Strong undeniability once valid proxy signature iscreated by proxy signer heshe cannot repudiatesignature creation
(5) Distinguishability proxy signatures are distinguish-able from ordinary signature created by originalsigner
17 Various Attacks
(i) Public key substitution attack in this attack originalsigner can generate proxy multisignature by updatinghis own public key [7]
(ii) Original signerrsquos forgery attack in this attack orig-inal signers can generate valid proxy multisignaturewithout agreement of proxy signer and verifier willbe convinced that any proxymultisignature generatedby using forged signing key is generated by agreementof all original signer and proxy signer [8] Under thename of proxy signer original signer can forge validproxy multisignature
(iii) Framing attack in this attack any user 119875 is framedby malicious users 119860
1 1198602 119860
119899 User 119875 does not
receive any delegation from the users 1198601 1198602 119860
119899
but the malicious users 1198601 1198602 119860
119899can forge a
proxy multisignature for message 119898 by user 119875 onbehalf of users 119860
1 1198602 119860
119899[9]
Mathematical Problems in Engineering 3
J + K = L minusL
K
J
L
x
y
(a)
minusJO is the point at infinity
J
x
y
J + (minusJ) = O
where
(b)
Figure 1 Point addition [3]
y
x
L
minusL
J
2J = L
(a)
y
xJ
=
2J =
O is the point at infinity
yJ 0 hence
O
where
(b)
Figure 2 Point doubling [3]
2 Review of Existing Schemes
Mambo et al [4] define the different types of delegationslike full delegation partial delegation and delegation bywarrant They have proposed a proxy signature schemethat is based on discrete logarithm problem They havecompared different proxy signature schemes like Schnorrscheme Elgamal scheme and Okamoto scheme on the basisof message length and amount of computational work Inall the above schemes the amount of computational workin partial delegation is smaller than that with delegation bywarrant In partial delegation a proxy signer can create proxysignature forever because valid period is not specified In thiscase the original signer can revoke the signing capability ofthe proxy signer by two ways that is (1) to make revocationlist publicly seen and (2) to change the public key of originalsigner and all proxies of honest proxy signers are updatedaccordingly
Mambo et al [10] proposed a new type of proxy signaturescheme based on discrete logarithm problem Scheme thatis proposed by Mambo et alrsquos [4] holds sufficient propertiesif original signer is trustworthy and never cheats If theoriginal signer is not trustworthy then proxy protected proxysignature scheme is important and they have introducedproxy protected proxy signature scheme based on discretelogarithm problem
Kim et al [11] have introduced two new types of proxysignature schemes based on discrete logarithm problem thatis partial delegation with warrant and threshold delegationPartial delegation with warrant combines the benefits ofpartial delegation and delegation with warrant Valid periodcan be specified in proxy signature for partial delegation withwarrant so their new scheme does not require an additionalproxy revocation protocol In threshold delegation the orig-inal signer delegates the power to sign message in such a way
4 Mathematical Problems in Engineering
that from the designated group of n proxy signers 119905 or moreproxy signers can create signature and 119905 minus 1 or less proxysigners cannot create signature on behalf of original signer
Yi et al [12] proposed a new type of proxy signaturescheme that is proxy multisignature scheme in which aproxy signer can create signature on behalf of two or moreoriginal signers They give the overview of proxy monosig-nature schemes that is Mambo et alrsquos [4] and Kim et alrsquos[11]They have introducedMambo-like proxy multisignaturescheme and Kim-like proxy multisignature scheme Theirschemes are proxy unprotected schemes that is originalsigner can also create proxy signature
Sun [7] analyzes the proxy signature and proxy mul-tisignature schemes and their analysis indicates that theseschemes suffer from the public key substitution attack anddirect forgery attack They analyzes Yi et alrsquos [12] proxymultisignature schemes and shows that these schemes sufferfrom public key substitution attack (an original signer canforge proxy multisignature by updating his own public key)and direct forgery attack (one original signer can generateforged proxy multisignature on arbitrary message for multi-ple original signers) They proposed a new proxy protectedand proxy unprotected proxy multisignature schemes whichdo not suffer from these attacks
Lee et al [13] provide new classifications of proxy sig-nature scheme that is strong and weak proxy signaturedesignated and nondesignated proxy signature and self-proxy signature They proposed a strong nondesignatedproxy signature scheme The proposed scheme does notspecify proxy signer so it can be applied to multiproxysignature inwhichmultiple original signers can delegate theirsigning capabilities to proxy signers
Chen et al [14] proposed a new proxy protected proxysignature scheme which is based on elliptic curve discretelogarithm problemThey analyze the performance of Sun [7]and the proposed scheme on the basis of time complexity
Chen et al [1] proposed an improved scheme in whichthe exponential operations are changed into elliptic curvemultiplicative ones Sun [7] improvement increases securitybut requires complex operations to derive the proxy publickey that is required to verify the proxy multisignature ECChas lower computational overhead and a smaller key sizethan that of RSA or DSA and ECC can achieve a level ofsecurity equal to that of the RSA or DSA This proposedscheme is called CCH1 scheme They compared the Sun[7] and proposed proxy multisignature schemes The timecomplexity of proposed scheme is reduced and performanceis enhanced without loss of security
Chen et al [15] introduced a traceable proxy multisig-nature scheme This scheme makes size of proxy signatureindependent of number of original signers so computationoverhead means none of operations required for verificationis greatly reduced This proposed scheme is called CCH2scheme They compare the Sun [7] and proposed proxymultisignature schemes on the basis of time complexity
Hwang et al [16] proposed a generalized version of the(11990511198991minus11990521198992)proxy signature scheme based on elliptic curvediscrete logarithm problem In a generalized proxy signaturescheme with known signers any 1199051 or more original signers
out of 1198991 original signers (1 le 1199051 le 1198991) can represent theoriginal group to delegate the signing capability and 1199052 ormore proxy signers out of 1198992 proxy signers (1 le 1199052 le 1198992) canrepresent the proxy group to sign message on behalf of thegroup of original signers They have discussed special casesnamely the (11990511198991minus1)proxy signature (proxymultisignature)scheme (1 minus 11990521198992) proxy signature scheme (multiproxysignature) and (1 minus 1) proxy signature scheme
Wang et al [17] present security analysis of some proxysignature schemes that is Mambo et alrsquos [10] and Lee et alrsquos[13] By identifying several attacks they show that all theseschemes are insecure
Wang et al [2] review Chen et alrsquos [14] proxy protectedproxy signature scheme based on elliptic curve cryptosystemand they show that it is vulnerable to an original signerforgery attack They present an improved scheme which issecure against the proposed attack
Park et al [8] show that proxy multisignature schemesproposed by Chen et al [1 15] are insecure against themalicious original signer(s) They review the CCH1 andCCH2 schemes and analyze their security These schemesare vulnerable to proxy signing forgery attack by one or alloriginal signers
Chang et al [18] proposed a proxy protected signaturescheme based on ECDSA which satisfies security propertiesThey show that the time complexity of proxy signatureis similar in both proxy signature based on ECDSA andECDSA
Li and Xue [19] have reviewed CCH1 and CCH2 proxymultisignature schemes based on elliptic curve cryptographyPark et al [8] show that these schemes suffer from forgeryattack by one or all original signers They have proposedimproved CCH1 and improved CCH2 schemes that do notsuffer from forgery attack
Tutanescu et al [3] examine that ECC is more attractivecryptosystem than conventional cryptosystem (RSADSA)for mobile devices which are limited in terms of their CPUpower and network connectivity ECC is fast and can beimplemented with less hardware because of shorter keylength They have presented the application of ECC that isinternet smart cards PDAs and PCs Their opinion is thatECC could become the next generation of PKC
Wang and Yu [20] have discussed two fatal flaws ofthe cryptosystem which are based on the logistic map andproposed by Wang and Xiang are pointed out Accordingto this cryptanalysts could recover the plaintext by thechosen plaintext attacked in a short time Authors proposeda remedial improvement which can avoid the flaws andenhance the security of the cryptosystem
In this paper [21] have analyzed the security of a parallelkeyed hash function based on chaotic neural network pro-posed by Wang and Zhao recently Weak keys and forgeryattacks against Wang and Zhaorsquos scheme are demonstratedBoth theoretical analysis and experimental results show thatthe parallel keyed hash function is not security Besides someimprovement measures are presented to enhance the securityof the parallel keyed hash function
Wang andHe [22] have introduced a novel image encryp-tion method based on a skew tent map that is proposed
Mathematical Problems in Engineering 5
recently In this paper some flaws of this algorithm arepointed out and then a chosen plaintext attack against itis presented Both theoretical analysis and experimentalsimulation indicate that the plain image can be recoveredexactly from the cipher image without the secret key So it canbe seen that this algorithm is not secure enough to be appliedin network communication
Wang and Liu [23] have cryptanalysis of a parallelsubimage encryption method with high-dimensional chaos
3 Estimation of Time Space andComputational Overhead of ImprovedCCH1 and CCH2 Schemes
31 Implementation of Improved CCH1 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in 119864(119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 sdot sdot sdot 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation) They thencomputes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) (4)
If 119909119877119894= 0 then return to step 1 otherwise119860
119894broadcasts 119877
119894to
other original signers
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast 119909119876119894lowast ℎ (119872
119908 119877119894) minus 119896119894lowast 119909119877119894(mod119905) (5)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers andproxy signer Then the subdelegation parameter for 119860
119894is
(119872119908 119877119894 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119878119894times 119861 = (119909
119876119894lowast ℎ (119872
119908 119877119894)) lowast 119876
119894minus 119909119877119894119877119894
(6)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119877119894 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) He thencomputes the proxy multisignature secret key as follows
119889 = 119889119901lowast 119909119876119875+
119899
sum
119894=1
119904119894(mod119905) (7)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 lowast 119890 (mod119905) (8)
and the output sign119889(119898) = (119890 119910)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 2: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/2.jpg)
2 Mathematical Problems in Engineering
signer So the original signer can also generate thesame proxy signatures
(vi) Proxy protected proxy signature in proxy protectedthe proxy signer generates proxy signature not onlywith the proxy signing key given by the original signerbut also with his own private key Therefore anyoneelse including the original signer cannot generate thesame proxy signatures
According to authenticated degree Mambo et al [4] give aclassification that is full delegation partial delegation anddelegation by warrant
In full delegation the original signer gives the same secretkey(s) to proxy signer that he has so that proxy signer cancreate the same signature as original signer creates In partialdelegation a proxy signer has proxy private key which isdifferent from original signerrsquos private key Proxy signer cansign range of messages In delegation by warrant warrant isadded that specifies what kinds of messages are delegated thedelegation period IDs of original signers and proxy signerand so forth
12 Elliptic Curve over Finite Field GF (119901) In 1985 ellipticcurve cryptography was introduced by Miller [5] and Koblitz[6] ECC is an attractive public key cryptosystem due to smallkey size and low computational overhead
Equation of the elliptic curve on a prime field GF (119901) is
y2 (mod119901) = 1199093 + 119886119909 + 119887 (mod119901) (1)
where 41198863 + 271198872 mod 119901 = 0 Here the elements of the finitefield are integers between 0 and 119901minus1 where 119901 is a large primenumber and greater than 3 The operations are performedusing modular arithmetic Modular arithmetic works likeordinary arithmetic except that the answers of the calculationare reduced to its remainder on division by 119901 The variablesand coefficients all take values in set of integers from 0through 119901minus 1 The prime number 119901 is chosen such that thereis finitely large number of points on the elliptic curve tomakethe cryptosystem secure Point multiplication is calculated bytwo elliptic curve operations that is point addition and pointdoubling (Figure 2) The rules for point addition and pointdoubling over GF (119901) are explained below and see Figure 1
13 Point Addition The elliptic curve addition is differentfrom simple addition 119869 and 119870 are two distinct points on theelliptic curve that is 119869 = (1199091 1199101) and119870 = (1199092 1199102) [3]
Let 119871 = 119869 + 119870 = (1199093 1199103) be obtained through thefollowing rules
1199093 = 1205822 minus 1199091 minus 1199092 (mod119901)
1199103 = 120582 (1199091 minus 1199093) minus 1199101 (mod119901) (2)
where 120582 = (1199102 minus 1199101)(1199092 minus 1199091)mod 119901 is the slope of the linethrough 119869 and119870
(i) If119870 = minus119869 that is119870 = (1199091 minus1199101 mod 119901) then 119869+119870 =
119874 where 119874 is the point at infinity(ii) If 119870 = 119869 then 119869 + 119870 = 2119869 then point doubling
equations are used
14 PointDoubling Consider a point 119869 such that 119869 = (1199091 1199101)where 1199101 = 0 [3] Let 119871 = 2119869 where 119871 = (1199092 1199102) Then
1199092 = 1205822 minus 21199091 (mod119901)
1199102 = 120582 (1199091 minus 1199092) minus 1199101 (mod119901) (3)
where 120582 = ((3times12+119886)(21199101))mod 119901 is the tangent at point 119869and 119886 is one of the parameters chosen with the elliptic curve
(i) If 1199101 = 0 then 2119869 = 119874 where119874 is the point at infinity
15 Domain Parameters for Elliptic Curve over GF (119901) Are (119901119886 119887 119861 119905) 119901 is the prime number defined for finite field GF(119901) 119886 119887 isin GF (119901) are the two coefficients defining the curve1199102 mod 119901 = (1199093 + 119886119909 + 119887) mod 119901 119861 is the generator point(119883119861 119884119861) and 119905 is the order of 119861
16 Various Security Parameters A proxy signature shouldhave security properties [4] and they are as follows
(1) Strong unforgeability proxy signatures can be createdonly by designated proxy signer Original signer orany other party cannot generate proxy signatures
(2) Verifiability a verifier can be convinced of the originalsignerrsquos agreement on the signed message from theproxy signature
(3) Strong identifiability from the proxy signature any-one can determine the identity of correspondingproxy signer
(4) Strong undeniability once valid proxy signature iscreated by proxy signer heshe cannot repudiatesignature creation
(5) Distinguishability proxy signatures are distinguish-able from ordinary signature created by originalsigner
17 Various Attacks
(i) Public key substitution attack in this attack originalsigner can generate proxy multisignature by updatinghis own public key [7]
(ii) Original signerrsquos forgery attack in this attack orig-inal signers can generate valid proxy multisignaturewithout agreement of proxy signer and verifier willbe convinced that any proxymultisignature generatedby using forged signing key is generated by agreementof all original signer and proxy signer [8] Under thename of proxy signer original signer can forge validproxy multisignature
(iii) Framing attack in this attack any user 119875 is framedby malicious users 119860
1 1198602 119860
119899 User 119875 does not
receive any delegation from the users 1198601 1198602 119860
119899
but the malicious users 1198601 1198602 119860
119899can forge a
proxy multisignature for message 119898 by user 119875 onbehalf of users 119860
1 1198602 119860
119899[9]
Mathematical Problems in Engineering 3
J + K = L minusL
K
J
L
x
y
(a)
minusJO is the point at infinity
J
x
y
J + (minusJ) = O
where
(b)
Figure 1 Point addition [3]
y
x
L
minusL
J
2J = L
(a)
y
xJ
=
2J =
O is the point at infinity
yJ 0 hence
O
where
(b)
Figure 2 Point doubling [3]
2 Review of Existing Schemes
Mambo et al [4] define the different types of delegationslike full delegation partial delegation and delegation bywarrant They have proposed a proxy signature schemethat is based on discrete logarithm problem They havecompared different proxy signature schemes like Schnorrscheme Elgamal scheme and Okamoto scheme on the basisof message length and amount of computational work Inall the above schemes the amount of computational workin partial delegation is smaller than that with delegation bywarrant In partial delegation a proxy signer can create proxysignature forever because valid period is not specified In thiscase the original signer can revoke the signing capability ofthe proxy signer by two ways that is (1) to make revocationlist publicly seen and (2) to change the public key of originalsigner and all proxies of honest proxy signers are updatedaccordingly
Mambo et al [10] proposed a new type of proxy signaturescheme based on discrete logarithm problem Scheme thatis proposed by Mambo et alrsquos [4] holds sufficient propertiesif original signer is trustworthy and never cheats If theoriginal signer is not trustworthy then proxy protected proxysignature scheme is important and they have introducedproxy protected proxy signature scheme based on discretelogarithm problem
Kim et al [11] have introduced two new types of proxysignature schemes based on discrete logarithm problem thatis partial delegation with warrant and threshold delegationPartial delegation with warrant combines the benefits ofpartial delegation and delegation with warrant Valid periodcan be specified in proxy signature for partial delegation withwarrant so their new scheme does not require an additionalproxy revocation protocol In threshold delegation the orig-inal signer delegates the power to sign message in such a way
4 Mathematical Problems in Engineering
that from the designated group of n proxy signers 119905 or moreproxy signers can create signature and 119905 minus 1 or less proxysigners cannot create signature on behalf of original signer
Yi et al [12] proposed a new type of proxy signaturescheme that is proxy multisignature scheme in which aproxy signer can create signature on behalf of two or moreoriginal signers They give the overview of proxy monosig-nature schemes that is Mambo et alrsquos [4] and Kim et alrsquos[11]They have introducedMambo-like proxy multisignaturescheme and Kim-like proxy multisignature scheme Theirschemes are proxy unprotected schemes that is originalsigner can also create proxy signature
Sun [7] analyzes the proxy signature and proxy mul-tisignature schemes and their analysis indicates that theseschemes suffer from the public key substitution attack anddirect forgery attack They analyzes Yi et alrsquos [12] proxymultisignature schemes and shows that these schemes sufferfrom public key substitution attack (an original signer canforge proxy multisignature by updating his own public key)and direct forgery attack (one original signer can generateforged proxy multisignature on arbitrary message for multi-ple original signers) They proposed a new proxy protectedand proxy unprotected proxy multisignature schemes whichdo not suffer from these attacks
Lee et al [13] provide new classifications of proxy sig-nature scheme that is strong and weak proxy signaturedesignated and nondesignated proxy signature and self-proxy signature They proposed a strong nondesignatedproxy signature scheme The proposed scheme does notspecify proxy signer so it can be applied to multiproxysignature inwhichmultiple original signers can delegate theirsigning capabilities to proxy signers
Chen et al [14] proposed a new proxy protected proxysignature scheme which is based on elliptic curve discretelogarithm problemThey analyze the performance of Sun [7]and the proposed scheme on the basis of time complexity
Chen et al [1] proposed an improved scheme in whichthe exponential operations are changed into elliptic curvemultiplicative ones Sun [7] improvement increases securitybut requires complex operations to derive the proxy publickey that is required to verify the proxy multisignature ECChas lower computational overhead and a smaller key sizethan that of RSA or DSA and ECC can achieve a level ofsecurity equal to that of the RSA or DSA This proposedscheme is called CCH1 scheme They compared the Sun[7] and proposed proxy multisignature schemes The timecomplexity of proposed scheme is reduced and performanceis enhanced without loss of security
Chen et al [15] introduced a traceable proxy multisig-nature scheme This scheme makes size of proxy signatureindependent of number of original signers so computationoverhead means none of operations required for verificationis greatly reduced This proposed scheme is called CCH2scheme They compare the Sun [7] and proposed proxymultisignature schemes on the basis of time complexity
Hwang et al [16] proposed a generalized version of the(11990511198991minus11990521198992)proxy signature scheme based on elliptic curvediscrete logarithm problem In a generalized proxy signaturescheme with known signers any 1199051 or more original signers
out of 1198991 original signers (1 le 1199051 le 1198991) can represent theoriginal group to delegate the signing capability and 1199052 ormore proxy signers out of 1198992 proxy signers (1 le 1199052 le 1198992) canrepresent the proxy group to sign message on behalf of thegroup of original signers They have discussed special casesnamely the (11990511198991minus1)proxy signature (proxymultisignature)scheme (1 minus 11990521198992) proxy signature scheme (multiproxysignature) and (1 minus 1) proxy signature scheme
Wang et al [17] present security analysis of some proxysignature schemes that is Mambo et alrsquos [10] and Lee et alrsquos[13] By identifying several attacks they show that all theseschemes are insecure
Wang et al [2] review Chen et alrsquos [14] proxy protectedproxy signature scheme based on elliptic curve cryptosystemand they show that it is vulnerable to an original signerforgery attack They present an improved scheme which issecure against the proposed attack
Park et al [8] show that proxy multisignature schemesproposed by Chen et al [1 15] are insecure against themalicious original signer(s) They review the CCH1 andCCH2 schemes and analyze their security These schemesare vulnerable to proxy signing forgery attack by one or alloriginal signers
Chang et al [18] proposed a proxy protected signaturescheme based on ECDSA which satisfies security propertiesThey show that the time complexity of proxy signatureis similar in both proxy signature based on ECDSA andECDSA
Li and Xue [19] have reviewed CCH1 and CCH2 proxymultisignature schemes based on elliptic curve cryptographyPark et al [8] show that these schemes suffer from forgeryattack by one or all original signers They have proposedimproved CCH1 and improved CCH2 schemes that do notsuffer from forgery attack
Tutanescu et al [3] examine that ECC is more attractivecryptosystem than conventional cryptosystem (RSADSA)for mobile devices which are limited in terms of their CPUpower and network connectivity ECC is fast and can beimplemented with less hardware because of shorter keylength They have presented the application of ECC that isinternet smart cards PDAs and PCs Their opinion is thatECC could become the next generation of PKC
Wang and Yu [20] have discussed two fatal flaws ofthe cryptosystem which are based on the logistic map andproposed by Wang and Xiang are pointed out Accordingto this cryptanalysts could recover the plaintext by thechosen plaintext attacked in a short time Authors proposeda remedial improvement which can avoid the flaws andenhance the security of the cryptosystem
In this paper [21] have analyzed the security of a parallelkeyed hash function based on chaotic neural network pro-posed by Wang and Zhao recently Weak keys and forgeryattacks against Wang and Zhaorsquos scheme are demonstratedBoth theoretical analysis and experimental results show thatthe parallel keyed hash function is not security Besides someimprovement measures are presented to enhance the securityof the parallel keyed hash function
Wang andHe [22] have introduced a novel image encryp-tion method based on a skew tent map that is proposed
Mathematical Problems in Engineering 5
recently In this paper some flaws of this algorithm arepointed out and then a chosen plaintext attack against itis presented Both theoretical analysis and experimentalsimulation indicate that the plain image can be recoveredexactly from the cipher image without the secret key So it canbe seen that this algorithm is not secure enough to be appliedin network communication
Wang and Liu [23] have cryptanalysis of a parallelsubimage encryption method with high-dimensional chaos
3 Estimation of Time Space andComputational Overhead of ImprovedCCH1 and CCH2 Schemes
31 Implementation of Improved CCH1 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in 119864(119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 sdot sdot sdot 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation) They thencomputes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) (4)
If 119909119877119894= 0 then return to step 1 otherwise119860
119894broadcasts 119877
119894to
other original signers
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast 119909119876119894lowast ℎ (119872
119908 119877119894) minus 119896119894lowast 119909119877119894(mod119905) (5)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers andproxy signer Then the subdelegation parameter for 119860
119894is
(119872119908 119877119894 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119878119894times 119861 = (119909
119876119894lowast ℎ (119872
119908 119877119894)) lowast 119876
119894minus 119909119877119894119877119894
(6)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119877119894 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) He thencomputes the proxy multisignature secret key as follows
119889 = 119889119901lowast 119909119876119875+
119899
sum
119894=1
119904119894(mod119905) (7)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 lowast 119890 (mod119905) (8)
and the output sign119889(119898) = (119890 119910)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 3: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/3.jpg)
Mathematical Problems in Engineering 3
J + K = L minusL
K
J
L
x
y
(a)
minusJO is the point at infinity
J
x
y
J + (minusJ) = O
where
(b)
Figure 1 Point addition [3]
y
x
L
minusL
J
2J = L
(a)
y
xJ
=
2J =
O is the point at infinity
yJ 0 hence
O
where
(b)
Figure 2 Point doubling [3]
2 Review of Existing Schemes
Mambo et al [4] define the different types of delegationslike full delegation partial delegation and delegation bywarrant They have proposed a proxy signature schemethat is based on discrete logarithm problem They havecompared different proxy signature schemes like Schnorrscheme Elgamal scheme and Okamoto scheme on the basisof message length and amount of computational work Inall the above schemes the amount of computational workin partial delegation is smaller than that with delegation bywarrant In partial delegation a proxy signer can create proxysignature forever because valid period is not specified In thiscase the original signer can revoke the signing capability ofthe proxy signer by two ways that is (1) to make revocationlist publicly seen and (2) to change the public key of originalsigner and all proxies of honest proxy signers are updatedaccordingly
Mambo et al [10] proposed a new type of proxy signaturescheme based on discrete logarithm problem Scheme thatis proposed by Mambo et alrsquos [4] holds sufficient propertiesif original signer is trustworthy and never cheats If theoriginal signer is not trustworthy then proxy protected proxysignature scheme is important and they have introducedproxy protected proxy signature scheme based on discretelogarithm problem
Kim et al [11] have introduced two new types of proxysignature schemes based on discrete logarithm problem thatis partial delegation with warrant and threshold delegationPartial delegation with warrant combines the benefits ofpartial delegation and delegation with warrant Valid periodcan be specified in proxy signature for partial delegation withwarrant so their new scheme does not require an additionalproxy revocation protocol In threshold delegation the orig-inal signer delegates the power to sign message in such a way
4 Mathematical Problems in Engineering
that from the designated group of n proxy signers 119905 or moreproxy signers can create signature and 119905 minus 1 or less proxysigners cannot create signature on behalf of original signer
Yi et al [12] proposed a new type of proxy signaturescheme that is proxy multisignature scheme in which aproxy signer can create signature on behalf of two or moreoriginal signers They give the overview of proxy monosig-nature schemes that is Mambo et alrsquos [4] and Kim et alrsquos[11]They have introducedMambo-like proxy multisignaturescheme and Kim-like proxy multisignature scheme Theirschemes are proxy unprotected schemes that is originalsigner can also create proxy signature
Sun [7] analyzes the proxy signature and proxy mul-tisignature schemes and their analysis indicates that theseschemes suffer from the public key substitution attack anddirect forgery attack They analyzes Yi et alrsquos [12] proxymultisignature schemes and shows that these schemes sufferfrom public key substitution attack (an original signer canforge proxy multisignature by updating his own public key)and direct forgery attack (one original signer can generateforged proxy multisignature on arbitrary message for multi-ple original signers) They proposed a new proxy protectedand proxy unprotected proxy multisignature schemes whichdo not suffer from these attacks
Lee et al [13] provide new classifications of proxy sig-nature scheme that is strong and weak proxy signaturedesignated and nondesignated proxy signature and self-proxy signature They proposed a strong nondesignatedproxy signature scheme The proposed scheme does notspecify proxy signer so it can be applied to multiproxysignature inwhichmultiple original signers can delegate theirsigning capabilities to proxy signers
Chen et al [14] proposed a new proxy protected proxysignature scheme which is based on elliptic curve discretelogarithm problemThey analyze the performance of Sun [7]and the proposed scheme on the basis of time complexity
Chen et al [1] proposed an improved scheme in whichthe exponential operations are changed into elliptic curvemultiplicative ones Sun [7] improvement increases securitybut requires complex operations to derive the proxy publickey that is required to verify the proxy multisignature ECChas lower computational overhead and a smaller key sizethan that of RSA or DSA and ECC can achieve a level ofsecurity equal to that of the RSA or DSA This proposedscheme is called CCH1 scheme They compared the Sun[7] and proposed proxy multisignature schemes The timecomplexity of proposed scheme is reduced and performanceis enhanced without loss of security
Chen et al [15] introduced a traceable proxy multisig-nature scheme This scheme makes size of proxy signatureindependent of number of original signers so computationoverhead means none of operations required for verificationis greatly reduced This proposed scheme is called CCH2scheme They compare the Sun [7] and proposed proxymultisignature schemes on the basis of time complexity
Hwang et al [16] proposed a generalized version of the(11990511198991minus11990521198992)proxy signature scheme based on elliptic curvediscrete logarithm problem In a generalized proxy signaturescheme with known signers any 1199051 or more original signers
out of 1198991 original signers (1 le 1199051 le 1198991) can represent theoriginal group to delegate the signing capability and 1199052 ormore proxy signers out of 1198992 proxy signers (1 le 1199052 le 1198992) canrepresent the proxy group to sign message on behalf of thegroup of original signers They have discussed special casesnamely the (11990511198991minus1)proxy signature (proxymultisignature)scheme (1 minus 11990521198992) proxy signature scheme (multiproxysignature) and (1 minus 1) proxy signature scheme
Wang et al [17] present security analysis of some proxysignature schemes that is Mambo et alrsquos [10] and Lee et alrsquos[13] By identifying several attacks they show that all theseschemes are insecure
Wang et al [2] review Chen et alrsquos [14] proxy protectedproxy signature scheme based on elliptic curve cryptosystemand they show that it is vulnerable to an original signerforgery attack They present an improved scheme which issecure against the proposed attack
Park et al [8] show that proxy multisignature schemesproposed by Chen et al [1 15] are insecure against themalicious original signer(s) They review the CCH1 andCCH2 schemes and analyze their security These schemesare vulnerable to proxy signing forgery attack by one or alloriginal signers
Chang et al [18] proposed a proxy protected signaturescheme based on ECDSA which satisfies security propertiesThey show that the time complexity of proxy signatureis similar in both proxy signature based on ECDSA andECDSA
Li and Xue [19] have reviewed CCH1 and CCH2 proxymultisignature schemes based on elliptic curve cryptographyPark et al [8] show that these schemes suffer from forgeryattack by one or all original signers They have proposedimproved CCH1 and improved CCH2 schemes that do notsuffer from forgery attack
Tutanescu et al [3] examine that ECC is more attractivecryptosystem than conventional cryptosystem (RSADSA)for mobile devices which are limited in terms of their CPUpower and network connectivity ECC is fast and can beimplemented with less hardware because of shorter keylength They have presented the application of ECC that isinternet smart cards PDAs and PCs Their opinion is thatECC could become the next generation of PKC
Wang and Yu [20] have discussed two fatal flaws ofthe cryptosystem which are based on the logistic map andproposed by Wang and Xiang are pointed out Accordingto this cryptanalysts could recover the plaintext by thechosen plaintext attacked in a short time Authors proposeda remedial improvement which can avoid the flaws andenhance the security of the cryptosystem
In this paper [21] have analyzed the security of a parallelkeyed hash function based on chaotic neural network pro-posed by Wang and Zhao recently Weak keys and forgeryattacks against Wang and Zhaorsquos scheme are demonstratedBoth theoretical analysis and experimental results show thatthe parallel keyed hash function is not security Besides someimprovement measures are presented to enhance the securityof the parallel keyed hash function
Wang andHe [22] have introduced a novel image encryp-tion method based on a skew tent map that is proposed
Mathematical Problems in Engineering 5
recently In this paper some flaws of this algorithm arepointed out and then a chosen plaintext attack against itis presented Both theoretical analysis and experimentalsimulation indicate that the plain image can be recoveredexactly from the cipher image without the secret key So it canbe seen that this algorithm is not secure enough to be appliedin network communication
Wang and Liu [23] have cryptanalysis of a parallelsubimage encryption method with high-dimensional chaos
3 Estimation of Time Space andComputational Overhead of ImprovedCCH1 and CCH2 Schemes
31 Implementation of Improved CCH1 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in 119864(119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 sdot sdot sdot 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation) They thencomputes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) (4)
If 119909119877119894= 0 then return to step 1 otherwise119860
119894broadcasts 119877
119894to
other original signers
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast 119909119876119894lowast ℎ (119872
119908 119877119894) minus 119896119894lowast 119909119877119894(mod119905) (5)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers andproxy signer Then the subdelegation parameter for 119860
119894is
(119872119908 119877119894 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119878119894times 119861 = (119909
119876119894lowast ℎ (119872
119908 119877119894)) lowast 119876
119894minus 119909119877119894119877119894
(6)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119877119894 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) He thencomputes the proxy multisignature secret key as follows
119889 = 119889119901lowast 119909119876119875+
119899
sum
119894=1
119904119894(mod119905) (7)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 lowast 119890 (mod119905) (8)
and the output sign119889(119898) = (119890 119910)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 4: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/4.jpg)
4 Mathematical Problems in Engineering
that from the designated group of n proxy signers 119905 or moreproxy signers can create signature and 119905 minus 1 or less proxysigners cannot create signature on behalf of original signer
Yi et al [12] proposed a new type of proxy signaturescheme that is proxy multisignature scheme in which aproxy signer can create signature on behalf of two or moreoriginal signers They give the overview of proxy monosig-nature schemes that is Mambo et alrsquos [4] and Kim et alrsquos[11]They have introducedMambo-like proxy multisignaturescheme and Kim-like proxy multisignature scheme Theirschemes are proxy unprotected schemes that is originalsigner can also create proxy signature
Sun [7] analyzes the proxy signature and proxy mul-tisignature schemes and their analysis indicates that theseschemes suffer from the public key substitution attack anddirect forgery attack They analyzes Yi et alrsquos [12] proxymultisignature schemes and shows that these schemes sufferfrom public key substitution attack (an original signer canforge proxy multisignature by updating his own public key)and direct forgery attack (one original signer can generateforged proxy multisignature on arbitrary message for multi-ple original signers) They proposed a new proxy protectedand proxy unprotected proxy multisignature schemes whichdo not suffer from these attacks
Lee et al [13] provide new classifications of proxy sig-nature scheme that is strong and weak proxy signaturedesignated and nondesignated proxy signature and self-proxy signature They proposed a strong nondesignatedproxy signature scheme The proposed scheme does notspecify proxy signer so it can be applied to multiproxysignature inwhichmultiple original signers can delegate theirsigning capabilities to proxy signers
Chen et al [14] proposed a new proxy protected proxysignature scheme which is based on elliptic curve discretelogarithm problemThey analyze the performance of Sun [7]and the proposed scheme on the basis of time complexity
Chen et al [1] proposed an improved scheme in whichthe exponential operations are changed into elliptic curvemultiplicative ones Sun [7] improvement increases securitybut requires complex operations to derive the proxy publickey that is required to verify the proxy multisignature ECChas lower computational overhead and a smaller key sizethan that of RSA or DSA and ECC can achieve a level ofsecurity equal to that of the RSA or DSA This proposedscheme is called CCH1 scheme They compared the Sun[7] and proposed proxy multisignature schemes The timecomplexity of proposed scheme is reduced and performanceis enhanced without loss of security
Chen et al [15] introduced a traceable proxy multisig-nature scheme This scheme makes size of proxy signatureindependent of number of original signers so computationoverhead means none of operations required for verificationis greatly reduced This proposed scheme is called CCH2scheme They compare the Sun [7] and proposed proxymultisignature schemes on the basis of time complexity
Hwang et al [16] proposed a generalized version of the(11990511198991minus11990521198992)proxy signature scheme based on elliptic curvediscrete logarithm problem In a generalized proxy signaturescheme with known signers any 1199051 or more original signers
out of 1198991 original signers (1 le 1199051 le 1198991) can represent theoriginal group to delegate the signing capability and 1199052 ormore proxy signers out of 1198992 proxy signers (1 le 1199052 le 1198992) canrepresent the proxy group to sign message on behalf of thegroup of original signers They have discussed special casesnamely the (11990511198991minus1)proxy signature (proxymultisignature)scheme (1 minus 11990521198992) proxy signature scheme (multiproxysignature) and (1 minus 1) proxy signature scheme
Wang et al [17] present security analysis of some proxysignature schemes that is Mambo et alrsquos [10] and Lee et alrsquos[13] By identifying several attacks they show that all theseschemes are insecure
Wang et al [2] review Chen et alrsquos [14] proxy protectedproxy signature scheme based on elliptic curve cryptosystemand they show that it is vulnerable to an original signerforgery attack They present an improved scheme which issecure against the proposed attack
Park et al [8] show that proxy multisignature schemesproposed by Chen et al [1 15] are insecure against themalicious original signer(s) They review the CCH1 andCCH2 schemes and analyze their security These schemesare vulnerable to proxy signing forgery attack by one or alloriginal signers
Chang et al [18] proposed a proxy protected signaturescheme based on ECDSA which satisfies security propertiesThey show that the time complexity of proxy signatureis similar in both proxy signature based on ECDSA andECDSA
Li and Xue [19] have reviewed CCH1 and CCH2 proxymultisignature schemes based on elliptic curve cryptographyPark et al [8] show that these schemes suffer from forgeryattack by one or all original signers They have proposedimproved CCH1 and improved CCH2 schemes that do notsuffer from forgery attack
Tutanescu et al [3] examine that ECC is more attractivecryptosystem than conventional cryptosystem (RSADSA)for mobile devices which are limited in terms of their CPUpower and network connectivity ECC is fast and can beimplemented with less hardware because of shorter keylength They have presented the application of ECC that isinternet smart cards PDAs and PCs Their opinion is thatECC could become the next generation of PKC
Wang and Yu [20] have discussed two fatal flaws ofthe cryptosystem which are based on the logistic map andproposed by Wang and Xiang are pointed out Accordingto this cryptanalysts could recover the plaintext by thechosen plaintext attacked in a short time Authors proposeda remedial improvement which can avoid the flaws andenhance the security of the cryptosystem
In this paper [21] have analyzed the security of a parallelkeyed hash function based on chaotic neural network pro-posed by Wang and Zhao recently Weak keys and forgeryattacks against Wang and Zhaorsquos scheme are demonstratedBoth theoretical analysis and experimental results show thatthe parallel keyed hash function is not security Besides someimprovement measures are presented to enhance the securityof the parallel keyed hash function
Wang andHe [22] have introduced a novel image encryp-tion method based on a skew tent map that is proposed
Mathematical Problems in Engineering 5
recently In this paper some flaws of this algorithm arepointed out and then a chosen plaintext attack against itis presented Both theoretical analysis and experimentalsimulation indicate that the plain image can be recoveredexactly from the cipher image without the secret key So it canbe seen that this algorithm is not secure enough to be appliedin network communication
Wang and Liu [23] have cryptanalysis of a parallelsubimage encryption method with high-dimensional chaos
3 Estimation of Time Space andComputational Overhead of ImprovedCCH1 and CCH2 Schemes
31 Implementation of Improved CCH1 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in 119864(119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 sdot sdot sdot 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation) They thencomputes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) (4)
If 119909119877119894= 0 then return to step 1 otherwise119860
119894broadcasts 119877
119894to
other original signers
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast 119909119876119894lowast ℎ (119872
119908 119877119894) minus 119896119894lowast 119909119877119894(mod119905) (5)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers andproxy signer Then the subdelegation parameter for 119860
119894is
(119872119908 119877119894 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119878119894times 119861 = (119909
119876119894lowast ℎ (119872
119908 119877119894)) lowast 119876
119894minus 119909119877119894119877119894
(6)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119877119894 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) He thencomputes the proxy multisignature secret key as follows
119889 = 119889119901lowast 119909119876119875+
119899
sum
119894=1
119904119894(mod119905) (7)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 lowast 119890 (mod119905) (8)
and the output sign119889(119898) = (119890 119910)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 5: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/5.jpg)
Mathematical Problems in Engineering 5
recently In this paper some flaws of this algorithm arepointed out and then a chosen plaintext attack against itis presented Both theoretical analysis and experimentalsimulation indicate that the plain image can be recoveredexactly from the cipher image without the secret key So it canbe seen that this algorithm is not secure enough to be appliedin network communication
Wang and Liu [23] have cryptanalysis of a parallelsubimage encryption method with high-dimensional chaos
3 Estimation of Time Space andComputational Overhead of ImprovedCCH1 and CCH2 Schemes
31 Implementation of Improved CCH1 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in 119864(119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 sdot sdot sdot 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation) They thencomputes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) (4)
If 119909119877119894= 0 then return to step 1 otherwise119860
119894broadcasts 119877
119894to
other original signers
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast 119909119876119894lowast ℎ (119872
119908 119877119894) minus 119896119894lowast 119909119877119894(mod119905) (5)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers andproxy signer Then the subdelegation parameter for 119860
119894is
(119872119908 119877119894 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119878119894times 119861 = (119909
119876119894lowast ℎ (119872
119908 119877119894)) lowast 119876
119894minus 119909119877119894119877119894
(6)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119877119894 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) He thencomputes the proxy multisignature secret key as follows
119889 = 119889119901lowast 119909119876119875+
119899
sum
119894=1
119904119894(mod119905) (7)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 lowast 119890 (mod119905) (8)
and the output sign119889(119898) = (119890 119910)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 6: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/6.jpg)
6 Mathematical Problems in Engineering
Phase 4 Proxy multisignature verification phase when theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875lowast 119909119876119901+
119899
sum
119894=1
(ℎ (119872119908 119877119894) lowast 119876119894minus 119909119877119894times 119877119894) (9)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
32 Implementation of Improved CCH2 Proxy MultisignatureScheme There are four phasesmdashthe system initializationphase the key generation phase the proxy multisignaturegeneration phase and the proxy multisignature verificationphase [19]
Phase 1 System initialization phase before the whole schemecan be initialized the following parameters over the ellipticcurve domain must be known
(i) a field size 119901 which is an odd prime
(ii) two parameters 119886 119887 isin 119865119901to define the equation of
elliptic curve 119864 over 119865119901(ie 1199102 = 119909
3+ 119886119909 + 119887 (mod
119901)) where 41198863 + 271198872 = 0 (mod119901)
(iii) a finite point119861 = (119909119861 119910119861)whose order is a large prime
number in (119865119901) where 119861 is a point in 119864(119865
119901) where
119861 =119874 because 119874 denotes an infinity point
(iv) the order of 119861 = 119905
Phase 2 Key generation phase this phase can be furtherdivided into two parts
Part 1 Personal public key generation phase all originalsigners and the designated proxy signer are authorized toselect their own individual secret keys
(i) For each 1 le 119894 le 119899 the original signer 119860119894secretly
selects a random number 1 le 119889119894le 119905 minus 1 as his
private key and computes the corresponding publickey 119876
119894= 119889119894times 119861 = (119909
119876119894 119910119876119894) where ldquotimesrdquo indicates the
multiplication of a number by an elliptic curve point
(ii) The proxy signer is provided with a private key 1 le
119889119901le 119905 minus 1 and a corresponding public key 119876
119901= 119889119901times
119861 = (119909119876119901 119910119876119901) All public keys 119876
119894and 119876
119901must be
certified by the CA
Part 2 Proxy-signature secret key generation phase
Step 1 (secret key generation) For each 1 le 119894 le 119899 the originalsigner 119860
119894selects a random number 119896
119894isin 1 2 119905 minus 1119889
119894as
secret key
Step 2 (group commitment value generation)Then computes119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) If 119909
119877119894= 0 then return to step
1 otherwise 119860119894broadcasts 119877
119894to other original signers On
receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119894= (119909119877 119910119877) (10)
Step 3 (subdelegation parameter generation) For each 1 le
119894 le 119899 the original signer119860119894uses his own secret keys 119889
119894 119896119894and
the group commitment value 119909119877to compute the following
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877(mod119905) (11)
where ℎ( ) is a hash function and the warrant 119872119908contains
information such as the IDs of all original signers and proxysigner Then the subdelegation parameter for 119860
119894is (119872119908 119904119894)
Step 4 (subdelegation parameter verification)After the proxysigner has received the subdelegation parameters then theproxy signer 119875 computes
119904119894lowast 119861 = ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) lowast 119876
119894minus 119909119877times 119877119894
(12)
and checks whether it holds If it holds then the proxysigner accepts (119872
119908 119904119894) as a valid subdelegation parameter
otherwise he can reject it and requests a valid one 119860119894or
terminate this protocol
Step 5 (proxy multisignature secret key generation) Theythen computes the proxymultisignature secret key as follows
119889 = 119889119901+
119899
sum
119894=1
119904119894(mod119905) (13)
Phase 3 Proxy multisignature generation phase theproxy multisignature affixed to the 119898 is in the formof (119898119898
119908 119877 Sig
119889(119898)) where Sig
119889(119898) is the signature
generated by a designated signature scheme (EC-Schnorrsignature scheme) using the proxy signing key 119889 and 119898 ismessage
Step 1 Proxy signer 119875 chooses random number 119895 where 1 le119895 le 119905 minus 1 and calculates 119869 = 119895 times 119861 = (119869
119909 119869119910)
Step 2 Compute 119890 = ℎ(119898 119869119909)where ℎ(119869
119909 119898) is hash function
If 119890 = 0 then go to step 1
Step 3 Compute
119910 = 119895 minus 119889 times 119890 (mod119905) (14)
and the output sign119889(119898) = (119890 119910)
Phase 4 Proxy multisignature verification phase When theverifier verifies the signature he or she calculates the proxypublic value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (15)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 7: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/7.jpg)
Mathematical Problems in Engineering 7
Figure 3 Entropy for the proposed scheme
Table 1 Compression ratio (in ) in each scheme
Schemes Compression ratio (in )CCH1 75CCH2 89The proposed scheme 75
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ(119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
4 Performance Analysis ofthe Proposed Scheme
The analysis reports of the proposed scheme are given below
41 Entropy In this case the value of entropy is the measureof the tendency of a process to be entropically favored or toproceed in a particular directionMoreover entropy providesan indication for a specific encryption method We haveanalyzed our hypothesis on the basis of entropy generated[24]
Figure 3 shows the entropy for the proposed schemeThe Figure 4 shows that compression ratio required in eachscheme Table 1 lists the name and compression ratio requiredin each scheme
42 Floating FrequenciesIntuitive Synthesis Floating fre-quenciesintuitive synthesis in its completed three partentirety which takes full advantage of the time complexityspace complexity and communication overhead provided bythe digital medium We have calculated floating frequency ofthreshold proxy signature scheme [24] Figure 5 shows float-ing frequenciesintuitive synthesis for the proposed scheme
43 ASCII Histogram The ASCII histogram proved to bevery useful since it helped enormously in debugging codeinvolving probability calculations with simple print state-ments Probabilistic simulations are extremely hard to test
90
85
80
75
70
65
CCH1
CCH2
Theproposedscheme
Compression ratio ()
Compression ratio ()
Figure 4 Radar chart showing compression ratio required in eachscheme
30
25
20
15
10
1 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Section offset
Floating frequency of ⟨NewTechPhase4cs⟩
Diff
eren
t cha
ract
ers
per6
4by
te b
lock
Figure 5 Floating frequenciesintuitive synthesis for the proposedscheme
because the results of a given operation are never strictly thesame However they should have the same probability dis-tribution so by looking at the rough shape of the histogramyou tell if your calculations are going in the right directionIn this context we have calculated ASCII histogram for ourthreshold proxy signature scheme [24] Figure 6 showsASCIIhistogram for the proposed scheme
44 Autocorrelation A mathematical representation of thedegree of similarity between a given time series and a laggedversion of itself over successive time intervals It is the same ascalculating the correlation between two different time seriesexcept that the same time series is used twicemdashonce in itsoriginal form and once lagged one or more time periodsThe term can also be referred to as ldquolagged correlationrdquo orldquoserial correlationrdquo In this we have calculated autocorrelationfor threshold proxy signature scheme [24] Figure 7 showsautocorrelation for the proposed scheme
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 8: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/8.jpg)
8 Mathematical Problems in Engineering
Table 2
Number Substring CCH1 Frequency1 CCH2 Frequency2 Proposed technology Frequency3Frequency (in ) Frequency Frequency (in ) Frequency Frequency (in ) Frequency
1 N 109477 201 109477 201 109477 2012 I 10512 193 10512 193 10512 1933 T 93137 171 93137 171 93137 1714 E 85512 157 85512 157 85512 1575 S 69172 127 69172 127 69172 1276 R 53377 98 53377 98 53377 987 A 43028 79 43028 79 43028 798 O 4085 75 4085 75 4085 759 C 38126 70 38126 70 38126 7010 D 38126 70 38126 70 38126 7011 U 35403 65 35403 65 35403 6512 F 3268 60 3268 60 3268 6013 P 3268 60 3268 60 3268 6014 G 32135 59 32135 59 32135 5915 L 32135 59 32135 59 32135 5916 H 3159 58 3159 58 3159 5817 Y 29412 54 29412 54 29412 5418 M 20697 38 20697 38 20697 3819 X 19063 35 19063 35 19063 3520 V 16885 31 16885 31 16885 3121 W 13617 25 13617 25 13617 2522 J 0817 15 0817 15 0817 1523 B 0817 15 0817 15 0817 1524 K 05447 10 05447 10 05447 1025 Q 04902 9 04902 9 04902 926 Z 01089 2 01089 2 01089 2
10987654321
A C E G I K M O Q S U W YValue
Freq
uenc
y (
)
ASCII histogram of ⟨NewTechPhase4cs⟩[1836 characters]
Figure 6 ASCII histogram for the proposed scheme
200
180
160
140
120
100
80
60
1 20 40 60 80 100 120 140 160 180
Offset
Autocorrelation of ⟨NewTechPhase4cs⟩
Num
ber o
f cha
ract
ers
that
agre
e
Figure 7 Autocorrelation for the proposed scheme
45 Histogram Analysis A histogram is a graphical repre-sentation showing a visual impression of the distribution ofdataWehave analyzed histogram for all schemes Table 2 liststhe histogram analysis for overall threshold proxy signatureschemes [24] Figure 8 shows radar chart showing overallanalysis for all schemes
5 Graphical Representation ofTime Space and Computational Overheadof Improved CCH1 Scheme
51 Time Complexity Space Complexity and ComputationalOverhead When determining the time complexity of analgorithm we measure how fast the computing requirementsgrow as the size of the input grows We generate graphsto analyze the time complexity of the schemes The spacecomplexity of a program is the number of elementary objectsthat this program needs to store during its execution Wegenerate graphs to analyze the space complexity of theschemes The computational overhead includes two types ofcommunication in the schemes number of transmissionsand number of broadcasts We generate graphs to analyzethe computational overhead of the schemes [24] Figures9 10 11 12 13 14 15 and 16 show time complexity space
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 9: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/9.jpg)
Mathematical Problems in Engineering 9
250
200
150
100
50
0
12
3
4
5
6
7
8
9
10
11
1213
14
15
16
17
18
19
20
21
22
23
24
25
26 ZQ
K
B
J
W
V
X
M
Y
HL
GP
FU
D
C
O
A
R
S
E
TI
N
CCH2Proposed technology
CCH1
Frequency1Frequency2
Frequency3
Number
Figure 8 Radar chart showing overall analysis for all schemes
18501800175017001650160015501500145014001350
Tim
e (m
s)
Field size
CCH1
5 7 111317192329313741434753596167717379838997
Time complexity of CCH1
(p)
Figure 9 Time complexity of improved CCH1 scheme with varyingvalue of field size (119901)
complexity and computational overhead for the CCH1 andCCH2 schemes
6 Cryptanalysis of Improved CCH2Proxy Multisignature Scheme
See Figures 15 16 17 18 19 20 21 22 and 23In improved CCH2 proxy multisignature scheme elliptic
curve based Schnorr signature scheme is used to generate andverify the signature
61 Forge a Proxy Multisignature Suppose proxy signer 119875signed a message with his private key 119889
119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast
160015501500145014001350130012501200
5 7 111317192329313741434753596167717379838997
Field size (p)
CCH2
Tim
e (m
s)
Time complexity of CCH2
Figure 10 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
2500
2000
1500
1000
500
05 7 111317192329313741434753596167717379838997
Field size (p)
CCH1
Spac
e (by
tes)
Space complexity of CCH1
Figure 11 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 10: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/10.jpg)
10 Mathematical Problems in Engineering
2000180016001400120010008006004002000
Field size (p)
CCH2
5 7 111317192329313741434753596167717379838997
Spac
e (by
tes)
Space complexity of CCH2
Figure 12 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
195
200
205
210
215
220
225
5 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
Computational overhead of CCH1
CCH1
Figure 13 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
119890 (mod 119905) Upon receiving the signature (119898119898119908 119877 119890 119910
10158401015840) the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840minus 1199101015840
Finally the malicious original signers 1198601 119860
119899can
forge a valid proxy signature (119898119898119908 119877 119890 119910) The following
shows why the proxy signature (119898119898119908 119877 119890 119910) is valid
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(16)
190
185
180
175
170
165
160
1555 7 111317192329313741434753596167717379838997
Num
ber o
f ope
ratio
ns
Field size (p)
CCH2
Computational overhead of CCH2
Figure 14 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH1
Time complexity of CCH1
Figure 15 Time complexity of improvedCCH1 schemewith varyingvalue of field size (119901)
Proxy multisignature verification when the verifier veri-fies the signature he or she calculates the proxy public value119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (17)
With the value the verifier can confirm the validity of Sig119889(119898)
by validating the verification equality of the designatedsignature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
62 Forge the Proxy Signerrsquos Signature After getting signature(119898119898
119908 119877 119890 119910) where 119890 = ℎ(119898 119895
119909) and 119910 = 119895 minus 119889 lowast 119890 (mod
119905) the original signer 1198601 119860
119899can forge proxy signer 119875rsquos
signature on message119898 as follows
(i) Each 119860119894computes 119904
119894lowast 119890 where 119894 = 1 2 119899
(ii) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(iii) Compute 11991010158401015840 = 119910 + 1199101015840(iv) (119898119898
119908 119877 119890 119910
10158401015840) is valid signature on message119898
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 11: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/11.jpg)
Mathematical Problems in Engineering 11
0
200
400
600
800
1000
1200
14005 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)CCH2
Time complexity of CCH2
Figure 16 Time complexity of improved CCH2 scheme withvarying value of field size (119901)
0
200
400
600
800
1000
1200
1400
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Tim
e (m
s)
Field size (p)Enhanced technique
Time complexity of enhanced technique
Figure 17 Time complexity of enhanced scheme with varying valueof field size (119901)
The malicious original signers can forge a valid signature(119898119898
119908 119877 119890 119910
10158401015840) on message 119898 with respect to proxy signer
119875rsquos private key 119889119901
The following shows why the signature (119898119898119908 119877 119890 119910
10158401015840)
is valid
Proof Consider the following
11991010158401015840= 119910 + 119910
1015840
= 119895 minus 119889 lowast 119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 +
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
11991010158401015840= 119895 minus 119889
119901lowast 119890 (mod119905)
(18)
Proxy multisignature verification when the verifier ver-ifies the signature he or she uses proxy public value 119876
119901
corresponding to the proxy signature key 119889119901 With the value
2000180016001400120010008006004002000
Field size (p)CCH1
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH1
Figure 18 Space complexity of improved CCH1 scheme withvarying value of field size (119901)
2000180016001400120010008006004002000
Field size (p)CCH2
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Spac
e (by
tes)
Space complexity of CCH2
Figure 19 Space complexity of improved CCH2 scheme withvarying value of field size (119901)
the verifier can confirm the validity of Sig119889(119898) by validating
the verification equality of the designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876119875= (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
63 Framing Attack In this attack malicious users1198601 1198602 119860
119899also can forge a proxy multisignature
for message 119898 by some user 119875 on behalf of users1198601 1198602 119860
119899 such that user 119875 was never designated
by users 1198601 1198602 119860
119899 Suppose proxy signer 119875 signed
a message with his private key 119889119901 the signature is
(119898119898119908 119877 119890 119910
10158401015840) where 119890 = ℎ(119898 119895
119909) and 11991010158401015840 = 119895 minus 119889
119901lowast 119890
(mod119905)Upon receiving the signature (119898119898
119908 119877 119890 119910
10158401015840) then the
malicious original signers 1198601 119860
119899can forge a valid proxy
signature as follows
(i) The malicious users 1198601 1198602 119860
119899pretend to pro-
duce a forged warrant 119898119908 which records the delega-
tion information such as identities of the malicioususers 119860
1 1198602 119860
119899and user 119875
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 12: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/12.jpg)
12 Mathematical Problems in Engineering
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
2000180016001400120010008006004002000
Enhanced technique
Spac
e (by
tes)
Space complexity of enhanced technique
Figure 20 Space complexity of enhanced scheme with varyingvalue of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH1
Computational overhead of CCH1
Figure 21 Computational overhead of improved CCH1 schemewith varying value of field size (119901)
(ii) For each 1 le 119894 le 119899 the malicious user 119860119894selects a
random number 1 le 119896119894le 119905 minus 1 and then computes
119877119894= 119896119894times 119861 = (119909
119877119894 119910119877119894) and broadcasts 119877
119894to other
users
(iii) On receiving 119877119895(1 le 119895 le 119899 119895 = 119894) 119860
119894calculates
119877 =
119899
sum
119894=1
119877119894= (119909119877 119910119877)
119904119894= 119889119894lowast ℎ (119872
119908 119909119876119901 119909119876119894 119909119877) minus 119896119894lowast 119909119877minus (mod119905)
(19)
Note that user 119875 does not receive any information fromthe malicious users 119860
1 1198602 119860
119899
(i) Compute 1199101015840 = sum119899119894=1119904119894lowast 119890 (mod119905)
(ii) Compute 119910 = 11991010158401015840 minus 1199101015840
Finally the malicious users can forge a valid signature(119898119898
119908 119877 119890 119910) on message 119898 by some user 119875 on behalf
of users 1198601 119860
119899 such that user 119875 was never designated
by users 1198601 119860
119899 The following shows why the signature
(119898119898119908 119877 119890 119910) is valid
2500
2000
1500
1000
500
0
Field size (p)
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
CCH2
Computational overhead of CCH2
Figure 22 Computational overhead of improved CCH2 schemewith varying value of field size (119901)
2500
2000
1500
1000
500
0
Field size (p)Enhanced technique
5 17 314767 83 103
127
149
167
191
211
239
263
281
311337
359
383409433
457
479
Num
ber o
f ope
ratio
ns
Computational overhead of enhanced technique
Figure 23 Computational overhead of enhanced scheme withvarying value of field size (119901)
Proof Consider the following
119910 = 11991010158401015840minus 1199101015840
= 119895 minus 119889119901lowast 119890 (mod119905) minus
119899
sum
119894=1
119904119894lowast 119890 (mod119905)
= 119895 minus (119889119901+
119899
sum
119894=1
119904119894)119890 (mod119905)
119910 = 119895 minus 119889 lowast 119890 (mod119905)
(20)
From above we can see that an innocent user 119875 is framedby the malicious users 119860
1 119860
119899
Proxymultisignature verification phase when the verifierverifies the signature he or she calculates the proxy publicvalue 119876 corresponding to the proxy signature key 119889 as
119876 = 119876119875+
119899
sum
119894=1
ℎ (119872119908 119909119876119901 119909119876119894 119909119877) times 119876
119894minus 119877 times 119909
119877 (21)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 13: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/13.jpg)
Mathematical Problems in Engineering 13
With the value the verifier can confirm the validityof Sig
119889(119898) by validating the verification equality of the
designated signature scheme
Step 1 Compute 119869 = 119910 times 119861 + 119890 times 119876 = (119869119909 119869119910)
Step 2 And compute 1198901015840 = ℎ (119869119909 119898) Then check that 1198901015840 = 119890
and if this equation satisfies then valid signature generatedotherwise not
7 Conclusion
In this paper we have discussed implementation of improvedCCH1 and improved CCH2 proxy multisignature schemebased on elliptic curve cryptosystem We have representedtime complexity space complexity and computational over-head of improved CCH1 and CCH2 proxy multisignatureschemesWehave presented cryptanalysis of improvedCCH2proxy multisignature scheme and showed that improvedCCH2 scheme suffers from various attacks that is forgeryattack and framing attack
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgment
The authors also wish to thank many anonymous referees fortheir suggestions to improve this paper
References
[1] T S Chen Y F Chung and G S Huang ldquoEfficient proxy mul-tisignature schemes based on the elliptic curve cryptosystemrdquoComputers and Security vol 22 no 6 pp 527ndash534 2003
[2] S Wang G Wangt F Bao and J Wang ldquoCryptanalysis ofa proxy-protected proxy signature scheme based on ellipticcurve cryptosystemrdquo in Proceedings of the IEEE 60th VehicularTechnology Conference VTC2004-Fall Wireless Technologies forGlobal Security pp 3240ndash3243 September 2004
[3] I Tutanescu C Anton L Ionescu and D Caragata ldquoEllipticcurves cryptosystems approachesrdquo inProceedings of the Interna-tional Conference on Information Society (i-Society rsquo12) pp 357ndash362 2012
[4] M Mambo K Usuda and E Okamoto ldquoProxy signatures fordelegating signing operationrdquo in Proceedings of the 3rd ACMConference on Computer and Communications Security pp 48ndash57 March 1996
[5] V SMiller ldquoUse of elliptic curves in cryptographyrdquo inAdvancesin Cryptology-Crypo rsquo85 vol 218 of Lecture Notes in ComputerScience pp 417ndash426 1986
[6] N Koblitz ldquoElliptic curve cryptosystemsrdquo Mathematics ofComputation vol 48 no 177 pp 203ndash209 1987
[7] H M Sun ldquoOn proxy multisignature schemesrdquo in Proceedingsof the International Computer Symposium pp 65ndash72 2000
[8] J H Park B G Kang and S ParkCryptanalysis of SomeGroup-Oriented Proxy Signature Schemes vol 3786 of Lecture Notes inComputer Science 2006
[9] C Feng and C Zhenfu ldquoCryptanalysis on a proxy multi-signature schemerdquo in Proceedings of the 1st InternationalMulti- Symposiums on Computer and Computational Sciences(IMSCCS rsquo06) vol 2 pp 117ndash120 IEEE April 2006
[10] M Mambo K Usuda and E Okamoto ldquoProxy signaturesdelegation of the power to sign messagesrdquo IEICE Transactionson Fundamentals of Electronics Communications and ComputerSciences vol E79-A no 9 pp 1338ndash1353 1996
[11] S Kim S Park and D Won ldquoProxy signatures revisitedrdquo inProceedings of the Information and Communications Security(ICICS rsquo97) vol 1334 of Lecture Notes in Computer Science pp223ndash232 1997
[12] L Yi G Bai andG Xiao ldquoProxymulti-signature scheme a newtype of proxy signature schemerdquo Electronics Letters vol 36 no6 pp 527ndash528 2000
[13] B Lee H Kim and K Kim ldquoStrong proxy signature and itsapplicationrdquo in Proceedings of the World Multiconference onSystemics Cybernetics and Informatics (SCIS rsquo01) pp 603ndash6082001
[14] T S Chen T P Liu and Y F Chung ldquoA proxy-protectedproxy signature scheme based on elliptic curve cryptosystemrdquoin Proceedings of the IEEE TENCOM Region 10 Conference onComputers Communications Control and Power Engineeringpp 184ndash187 October 2002
[15] T S Chen Y F Chung and G S Huang ldquoA traceable proxymultisignature scheme based on the elliptic curve cryptosys-temrdquo Applied Mathematics and Computation vol 159 no 1 pp137ndash145 2004
[16] M S Hwang S F Tzeng and C S Tsai ldquoGeneralization ofproxy signature based on elliptic curvesrdquo Computer Standardsand Interfaces vol 26 no 2 pp 73ndash84 2004
[17] G L Wang F Bao J Y Zhou and R H Deng ldquoSecurityanalysis of some proxy signaturesrdquo in Information Security andCryptology vol 2971 of Lecture Notes in Computer Science pp305ndash319 2004
[18] M H Chang I T Chen and M T Chen ldquoDesign of proxysignature in ECDSArdquo in Proceedings of the 8th InternationalConference on Intelligent Systems Design and Applications (ISDArsquo08) pp 17ndash22 November 2008
[19] F Li andQXue ldquoTwo improved proxymulti-signature schemesbased on the elliptic curve cryptosystemrdquo Communications inComputer and Information Science vol 234 no 4 pp 101ndash1092011
[20] XWang andC Yu ldquoCryptanalysis and improvement on a cryp-tosystem based on a chaotic maprdquo Computers and Mathematicswith Applications vol 57 no 3 pp 476ndash482 2009
[21] X Wang and J Zhao ldquoCryptanalysis on a parallel keyed hashfunction based on chaotic neural networkrdquo Neurocomputingvol 73 no 16ndash18 pp 3224ndash3228 2010
[22] XWang andGHe ldquoCryptanalysis on a novel image encryptionmethod based on total shuffling schemerdquo Optics Communica-tions vol 284 no 24 pp 5804ndash5807 2011
[23] X Wang and L Liu ldquoCryptanalysis of a parallel sub-imageencryption method with high-dimensional chaosrdquo NonlinearDynamics vol 73 no 1-2 pp 795ndash800 2013
[24] R Kumar H K Verma and R Dhir ldquoCryptanalysis andperformance evaluation of enhanced threshold proxy signaturescheme based on RSA for known signersrdquo Mathematical Prob-lems in Engineering vol 2013 Article ID 790257 24 pages 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
![Page 14: Research Article Cryptanalytic Performance Appraisal of ...downloads.hindawi.com/journals/mpe/2014/429271.pdf · Lee et al. [ ] provide new classi cations of proxy sig-nature scheme,](https://reader034.fdocuments.us/reader034/viewer/2022052011/6027108a5a3b656d3f798bcd/html5/thumbnails/14.jpg)
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
