par Cao, Zhengjun ;Liu, Lihua;Markowitch, Olivier
Référence International journal of network security, 18, 6, page (1054-1059), 6
Publication Publié, 2016-01-01
Article révisé par les pairs
Résumé : At Asiacrypt'05, Girault and Lefranc introduced the primitive of server-aided verification (SAV). In the proposed model, the server is assumed to be untrusted but is supposed to not collude with the legitimate prover. At ProvSec'08, Wu et al. have generalized the Girault- Lefranc SAV model by allowing the server to collude with the legitimate prover, and presented two corresponding SAV signature schemes, SAV-BLS-1 and SAV-BLS-2. In this paper, we argue that the SAV-BLS-1 scheme is somewhat artificial because the computational gain in the scheme is at the expense of additional communication costs. This is a common aw in most outsourcing computation proposals which have neglected the comparisons between the computational gain and the incurred communication costs. We show also that the SAV-BLS-2 scheme is insecure against collusion attacks. It is another common aw to have the verifier delegate most computations to the server in a way that prevent the verifier to confirm that the returned values are really bound to the signer's public key.