The insecurity of two proxy signcryption schemes: proxy credential forgery attack and how to prevent it

Securing different online e-business activities usually requires applying different cryptographic algorithms. The proxy signcryption algorithms are designed for applications such as online proxy auction or online proxy signatures on business contracts, which require a proxy agent to sign on confidential messages. This paper proposes a proxy credential forgery attack to two recent proxy signcryption schemes in the literature. Using the attack, a malicious proxy signer can create a fake proxy credential from his original credential to extend his signing power. Simple modifications to these two schemes are also provided in this paper to prevent the attack without adding too much computational complexity. In addition to the contribution of introducing a new type of attacks to signcryption schemes, the paper also points out that, while designing a secure proxy signcryption scheme, not only the unforgeability of proxy signatures is important, but also that of proxy credentials as well.