Cryptanalysis of Zuhua Shao key Authentication Scheme

In public key cryptosystem, the protecting of public keys against intruders is very important. Usually, key authentication schemes are required to preserve public keys. Most of the key authentication schemes require one or more authorities to authenticate public keys. Some other key authentication schemes require no authorities to authenticate public keys. The Zuhua Shao proposed a new scheme to overcome the drawbacks of existing schemes, but it has some vulnerabilities. This scheme relies only on key server for certificate generation. In a distributed network, the server can easily impersonate other legitimate users and listen the messages directed to them. Moreover, in this scheme, users’ passwords are stored in the form of plaintext. In this paper, slight modifications are pointed out to overcome these severe drawbacks.