Security pitfalls of an efficient threshold proxy signature scheme for mobile agents

A (t,n) threshold proxy signature scheme enables an original signer to delegate his/her signing power to n proxy signers such that any t or more proxy signers can sign messages on behalf of the original signer, but t−1 or less of them cannot produce a valid proxy signature. Based on the RSA cryptosystem, Hong proposed an efficient (t,n) threshold proxy signature for mobile agents. Cai et al. found that the scheme due to Hong is proxy-unprotected, meaning that the original signer can generate a valid proxy signature by himself. However, it is unclear whether the scheme can be used in reality after fixing the security problem discovered by Cai et al. In this letter, we provide a detailed analysis on Hongʼs scheme and show that the scheme fails to achieve the properties of secrecy, proxy protected, undeniability, identifiability and even time constraint and thus adopted of this efficient construction in practice is not recommended.