Forgeability of Wang-Tang-Li s ID-Based Restrictive Partially Blind Signature Scheme

Restrictive partially blind signature (RPBS) plays an important role indesigning secure electronic cash system. Very recently, Wang, Tang andLi proposed a new ID-based restrictive partially blind signature(ID-RPBS) and gave the security proof. In this paper, we present acryptanalysis of the scheme and show that the signature scheme does notsatisfy the property of unforgeability as claimed. More precisely, auser can forge a valid message-signature pair (\it ID, \it msg,\bf info', \sigma') instead of the original one (\it ID, \itmsg, \bf info, \sigma), where \bf info is the original commonagreed information and \bf info'\neq \bf info. Therefore, it willbe much dangerous if Wang-Tang-Li's ID-RPBS scheme is applied to theoff-line electronic cash system. For example, a bank is supposed toissue an electronic coin (or bill) of \100 to a user, while theuser can change the denomination of the coin (bill) to any value, say\100\,000\,000, at his will.