Security of a multisignature scheme for specified group of verifiers

摘要

A multisignature scheme for specified group of verifiers needs a group of signers’ cooperation to sign a message to a specified group of verifiers that must cooperate to check the signature’s validity later. Recently, Zhang et al. proposed a new multisignature scheme for specified group of verifiers. However, we find that Zhang et al.’s scheme cannot prevent a dishonest clerk of signing group from changing the signing message to another message of his choice while he is cooperating with the signers to produce a multisignature. Therefore, their scheme is insecure.