A note on an identity-based ring signature scheme with signer verifiability (Q627180): Difference between revisions

\textit{J. Herranz} [Theor. Comput. Sci. 389, No.~1--2, 100--117 (2007; Zbl 1143.94015)] proposed an identity-based ring signature scheme where a valid signature can be given by any member of a set of signers without revealing the identity of the signer. Furthermore, the scheme has the convertibility or signer verifiability property, i.e., a signer from the ring can prove his authorship of a signature by revealing some random numbers that were used for the signature. The author Jung Yeon Hwang shows in the paper under review that the scheme is vulnerable to a key recovery attack. The knowledge of two valid ring signatures together with their authorship proofs can be used to recover a secret key with high probability. The author shows that a small modification, and even simplification, of the original scheme leads to an unforegable scheme. The author provides formal definitions of the unforgeability. He distinguishes two kinds of unforgeability of the modified scheme. The first one is the usal existential unforgeability of a ring signature. The second one considers the unforgeability of the authorship proof. This second notion is further split in two kinds of forgery. The first one deals with a forger who wants to reveal an authorship proof and a signing key. In the second one the forger knows a private key and want to forge an authorship proof of a valid signature.