In 2004, Libert and Quisquater proposed an identity based undeniable signature scheme using pairings over elliptic curves. In this article, we show that the scheme is not secure. In particular, if a valid message-signature pair has been revealed, an adversary can forge the signer’s signature for any arbitrary message for which the signer has no way to deny it. More importantly, through this example, we illustrate that the bilinear property of pairings, although is useful for the design of cryptographic schemes, is also a source for security flaws.
Zichen Li, C. F. Chong, Lucas Chi Kwong Hui, Siu-M