Key Substitution Attack and Malleability of a Short Signature Scheme with Batch Verification
At IWSEC 2008, F. Guo et al. proposed an efficient short signature scheme with batch verification based on C. Gentry’s scheme. In this paper, we firstly propose the key substitution attack on F. Guo et al.’s digital signature scheme and show that the malicious adversary can forge a valid signature, which can be verified with a substituted public key. Secondly, we prove that F. Guo et al.’s scheme is malleable and the attacker can produce a new valid signature on the message if he/she has known some valid signatures on the same message.
F. Y. Kong and J. Yu, "Key Substitution Attack and Malleability of a Short Signature Scheme with Batch Verification", Applied Mechanics and Materials, Vols. 55-57, pp. 1605-1608, 2011