Secure Undeniable Threshold Proxy Signature Scheme

—The threshold proxy signature scheme allows the original signer to delegate a signature authority to the proxy group to cooperatively sign message on behalf of an original signer. In this paper, we propose a new scheme which includes the features and benefits of the RSA scheme. Also, we will evaluate the security of undeniable threshold proxy signature scheme with known signers. We find that the existing threshold proxy scheme is insecure against the original signer forgery. In this paper, we show the cryptanalysis of an existed scheme. Additional, we propose the secure, undeniable and known signers threshold proxy signature scheme which answers the drawback of an existed scheme. We also demonstrate that a threshold proxy signature suffers from a conspiracy of an original signer and a secret share dealer, that the scheme is commonly forgeable, and cannot offer undeniable. We claim that the proposed scheme offers the undeniable characteristic.


I. INTRODUCTION
The proxy signature scheme is a method which allows original signer delegates his works to a designated person with a proxy signature key.The proxy signature key is generated by the original signer signature key which cannot be computed from the proxy signature key.The proxy signer can generate the proxy signature in a message on behalf of an original signer.Since Mambo et al. presented an idea of a proxy signature [1], various proxy signature schemes are suggested [2].Based-on the type of delegation, a proxy signature is categorized into full delegation, partial delegation and delegation by warrant.
In full delegation, an original signer passes its private key as a proxy signature key to a proxy signer over a secure channel.In partial delegation, a proxy signer has the proxy signature key from a proxy signer secret key and a delegation key passed by an original singer.A delegation key is created by an original with the trap-door permutation of an original signer secret key.A proxy signature is dissimilar from an original and a proxy typical signature.In delegation by certificate, an original signer employs its typical signature to sign the warrant that records a kind of information delegated, an original signer and a proxy signer identities and a period of delegation.The signature of a warrant is a certificate that stops a passing of proxy power to a trusted authority.
The partial delegation can be altered into the partial delegation by warrant.A partial delegation by warrant can offer sufficient security and efficiency.For simplicity, we denote that a partial delegation by warrant a proxy signature.Mambo et al. proxy signature scheme satisfy a characteristic of no one except an original signer and a proxy signer can generate the valid proxy signature on behalf of an original signer.In 2001, Lee et al. [3] enhanced a security characteristic of a proxy signature by create a valid proxy signature and someone else, even an original signer, cannot create a valid proxy signature.So, for a valid proxy signature, a proxy signer cannot repudiate signed a message and an original signer cannot repudiate delegated a signing authority to a proxy signer.Namely, a proxy signature scheme has a security characteristic of undeniable.
The present proxy signature systems have two drawbacks.First, a declaration of the valid delegation in a warrant is not practical since a proxy signer can generate the proxy signature and claim that the signing was released through a delegation phase.Second, even if a signer key is compromised and the delegated rights are misused; and an original signer needs to revoke a delegation before his strategy, he can make anything.Therefore, a revocation of delegated rights is the important matter of a proxy signature system.To solve the above difficulties, some proxy signature systems have been suggested.Sun indicated that time-stamp proxy signature system and its enhancement [4].But Sun scheme cannot solve the second drawback.Seo et al. [5] suggested a proxy signature system to solve a fast revocation difficulty.The scheme uses the third trusted entity, entitled Security Mediator which is the online partially trusted server.

II. RELATED WORKS
Based on a Shamir secret sharing scheme in 1979 [6].Zhang et al., in 1997 suggested a threshold proxy signature scheme [7].In their scheme, the proxy signature key is shared among a subset of n proxy signers where at least t proxy signers can cooperatively sign documents on behalf of an original signer.To avoid argument regarding who is a proxy signer, Sun in 1999 [8] suggested the undeniable threshold proxy signature scheme with known signers.Sun scheme reduces Kim et al. scheme [2] drawbacks that a verifier is incapable to verify if a proxy group key is created by an authorized proxy group.In 2001 Hsu et al. [9] illustrated that Sun scheme is weak since any t proxy signers can get the private keys of other proxy signers.In 2003, Yang et al. [10] proposed an enhancement on Hsu et al. scheme.Yang et al. scheme is more efficient regarding the communication cost www.ijacsa.thesai.organd timing complexity.In 2004, Tzeng et al. [11] found that Hwang et al. scheme; malicious original signer can forge a threshold proxy signature without an agreement of the proxy signers.Tzeng et al. also built the undeniable threshold proxy signature scheme with known signers and claimed the suggested scheme enhanced a security of Hwang et al. scheme.In 2006, Yuan Yumin [12] introduced a threshold proxy signature scheme with non-repudiation and anonymity.Yuan Yumin claims that the scheme with any verifier can check if authors of a proxy signature belong to designated proxy group by the original signer, while outsiders cannot find the actual signers.In 2007, Qi Xie et al., [13] claims that their scheme made an improvement of undeniable threshold multiproxy threshold scheme with shared verification.In 2009, Hu and Zhang [14] presented a cryptanalysis and improvement of a threshold proxy signature scheme with undeniable.In 2012, Hwang et al., proposed a scheme and claimed that its scheme eliminate the security leaks.But, in its scheme the improvement, a malicious original or proxy signer can forge a valid threshold proxy signature for any message by different ways.In this paper, we show the vulnerabilities of the Hwang et al., scheme and proposed a new system that solves the existed problems.
The remainder of this paper is organized as follows.In Section 3, we will provide some notations and reconsider Pedersen threshold distributed key generation protocol [15].In Section 4, we will analysis a security of Sun et al. threshold proxy signature scheme.In Section 5 we will describe the proposed scheme.Finally, conclusions are in Section 6.

III. PRELIMINARIES
In this Section, we will provide some notations used by this paper and also reconsider Pedersen threshold distributed key generation scheme.

A. Notaions Used
In this section, we provide the notations which are used by this paper.q p, : Two large prime numbers where A warrant which records information delegated an original signer and proxy signer.

B. Penderson Threshold Distributed Key Generation Protocol
Pedersen threshold distributed key generation scheme contains n Feldman ) , ( n t verifiable secret sharing schemes [16].Suppose ) ,..., , ( 21 n P P P are n players.Pedersen scheme includes the following three stages.

1) Every player i
P arbitrarily selects a polynomial . Then finds and passes where i j  in the secure channel.

2) Every j
P check a validity of a share are checked to be certified, j P finds as his share.
, and The validity of reconstructed private key w can be checked by the following formula holds: IV. SIGNATURE OF THRESHOLD PROXY SIGNATURE SCHEME We will describe two threshold proxy signature schemes which are follows:

Sun Scheme
The first scheme we will describe the Sun scheme as follows:

A. Description of Sum Scheme
First, we will describe Sun threshold proxy signature scheme as follows: www.ijacsa.thesai.org

2) Every player
3) The private key shared by a proxy group is

Proxy Share Generation Phase
In this phase, an original signer O creates a proxy share as follows. Step . 4) Allocate a proxy key k between a proxy groups by implementing Feldman scheme.
5) Selects an arbitrarily polynomial of degree as an actual proxy group signs a document m as follows: 1) The t proxy signer runs Pedersen threshold distributed key generation protocol for sharing value

B. Cryptanalysis of Sun Threshold Proxy Signature Scheme
In this subsection, we illustrate that Sun scheme is weak against an original signer forgery.Since the malicious original signer can create the proxy signature on every document and claim that any t proxy signers can be actual proxy signers of a proxy signature.Assume a message m ; an original signer O arbitrarily selects the proxy group (thus, O selects id ).

C. The Vulnerability of Sun Scheme
With Sun ) , ( n t threshold proxy signature system, the verifier checks a validity of a proxy signature and recognizes the real signers.Though, in this paragraph we illustrate that a proxy signer private key is not protected.The ) 1 (  n proxy signers in a group of n can present their private keys to conspire a private key of a residue one.We so-call this attack a collusion attack.www.ijacsa.thesai.orgp has never signed a document m , but cannot repudiate.Thus, in Sun scheme, a private key i x of a proxy signer i p can be compromised by collusion attack and hacker can masquerade authorized proxy signer i p to sign the document.

Hwang et al. Scheme
This is the second threshold proxy signature scheme we are going to describe which is the Hwang et al. scheme [17] is the same as Sun threshold proxy signature scheme.

D. Description of Hwang et al. Scheme
First, we will describe Hwang et al. threshold proxy signature scheme as follows:

Secret Share Generation Phase
In this phase, a proxy group should do the following:

1) Creates group of private and public key pair
. 3) The secret key shared by a proxy group is

Proxy Share Generation Phase
In the phase, an original signer O creates a proxy share as follows: Step 2) Selects arbitrarily polynomial of degree 2) When the formula holds, a proxy signature The suggested scheme combines theta ) (n


and an elimination of a computation of inverse in RSA scheme if we calculate a value of Lagrange coefficient.Also, we suggest an equation to find a result of message warrant w m .Suppose that ) ,..., 2 , 1

A. The Proxy Sharing Phase
The steps of the proxy sharing phase are as follows: Step 1: Proxy Generation The original signer O must do the following: 1) Find a group proxy signing key ) ( mod Step 2: Proxy Sharing The original signer O must do the following: , are an arbitrary integers. 2) Compute a proxy singer i P partial proxy signing key to proxy signer i P Step3: Proxy Share Generation.
The proxy signer i P must do the following:

VI. COMPARISONS
We compare the running of five schemes, Hwang et al. [17], Kim et al. [2], Hwang et al. [11], Sun et al [8] and Hsu et al [9] with a performance of the proposed scheme.The proposed scheme is efficient and secure anti-disreputable conspiracy attacks.Table 1 shows a comparison of threshold proxy signature schemes relied on proxy needs every scheme.

VII. CONCLUSION
In this paper, Sun threshold proxy signature scheme has been analysis.The scheme is based on discrete logarithm assumption.The security of Sun is undeniable threshold proxy signature scheme with known signers.We find that in Sun scheme, a malicious original signer can forge a valid proxy signature on any message without the agreement of the proxy group.We also suggest an efficient scheme which involves the characteristics and gains of the RSA cryptosystem which is a popular security scheme.
Every proxy signer in actual proxy group can creates