An enhanced (t,n) threshold directed signature scheme

A directed signature scheme is devised to achieve directivity for verification such that only a designated verifier can check the validity of a signature and, in times of trouble, any third party can verify the signature with the help of the signer or the designated verifier. A threshold directed signature scheme distributes responsibility and authority for generating a directed signature to several users via a threshold mechanism. Lu et al. recently proposed a novel (t,n) threshold directed signature scheme. In this paper, we show that the scheme is vulnerable to a rogue-key attack which is mounted by an adversary who can arbitrarily select his or her public key. Through the rogue-key attack, the adversary can forge a signature on any message for a set of signers. In order to thwart such a rogue-key attack, we propose an enhanced (t,n) threshold directed signature scheme with a reliable key registration protocol. The protocol guarantees that a user should have access to the secret key corresponding to the user's public key. Under the computational Diffie-Hellman assumption, we prove that the improved scheme is secure, that is, it achieves existential unforgeability under the chosen message attack, invisibility, and transitivity in the registered key model. We stress that the security of our improved scheme does not depend on a specific broadcast channel for synchronous message transmission.