Attack on Digital Multi-Signature Scheme Based on Elliptic Curve Cryptosystem

The concept of multisignature, in which multiple signers can cooperateto sign the same message and any verifier can verify the validity of themulti-signature, was first introduced by Itakura and Nakamura. Severalmultisignature schemes have been proposed since. Chen \it et al.proposed a new digital multi-signature scheme based onthe elliptic curve cryptosystem recently. In this paper, we show thattheir scheme is insecure, for it is vulnerable to the so-called activeattacks, such as the substitution of a "false" public key to a "true"one in a key directory or during transmission. And then the attacker cansign a legal signature which other users have signed and forge asignature himself which can be accepted by the verifier.