Cryptanalysis of an ID-based proxy signature scheme with message recovery

ID-based message recovery signature is a kind of lightweight signature. In such a signature scheme, a complicated certification system is discarded and the total length of the message and the appended signature is also shortened. Proxy signature allows an original signer to delegate a proxy signer to sign messages on its behalf, which has found numerous practical applications such as grid computing and mobile agent systems. Recently, Singh and Verma proposed the first ID-based proxy signature scheme with message recovery. They proved that their scheme is secure in the random oracle model and believed that it can be used widely. Unfortunately, by giving two concrete attacks, we demonstrate that their ID-based message recovery proxy signature scheme is not secure. The result implies that the security for ID-based message recovery proxy signature schemes needs to be carefully examined.