Some basic principles for proxy signature schemes based on ECDLP

Abstract

Nowadays, most proxy signature schemes are based on the difficulty of DLP (Discrete Logarithm Problem) or ECDLP (Elliptical Curve Discrete Logarithm Problem). As though many proxy signature schemes based on DLP or ECDLP have been proposed, it makes us discouraged that some disadvantages can be found after a new or modified proxy signature scheme was designed after short time. How to solve the question? How to design secure and valid proxy signature scheme? How to prove them secure? Now, it is too difficult for us to prove one scheme secure, but if we can have some principles to conform to when designing some proxy signature schemes based on DLP or ECDLP, it will be helpful. It will be able to make the scheme designer to make few mistakes, that's to say, by these principles, they can judge their schemes meet basic secure conditions. If designers don't conform to these principles, it can easily be seen that their schemes are definitely insecure. It is all known by us that until now there are not these principles in the real life. By some hints from some attacks, especially forgery attacks, it seems to us that we have found three basic principles which should be conformed to when proxy signature schemes are proposed. The first principle is that the existent forms of public parameters in proxy signatures in the proxy signature verification congruence make a key role on the security property of unforgeability. The second principle is that any public parameter in the proxy signature can't lonely exist in the proxy signature verification congruence in the form of bases or exponents. The third principle is that any public parameter in the proxy signature should exist in the proxy signature verification equation in the form of not only exponents and bases, but also hashes. In addition, some examples are given.