Abstract
Recently, Lee et al. used their new group signature with the function of authenticated encryption to design a sealed-bid auction scheme, and they claimed that their schemes are secure. In this paper, we show that if the group manager has a valid group signature of a member, without the member’s secret key, he can forge a group signature on arbitrary message on behalf of the member; then, if the registration manager (RM) and the auction manager (AM) conspired (with each other) in their auction scheme, they can forge a new bid on any goods on behalf of the bidder who has sent his/her bid to AM. Therefore, their group signature and auction scheme are insecure. Finally, we improve Lee et al.’s group signature scheme to overcome the modification attack and achieve the security requirements.
Similar content being viewed by others
Notes
Authenticated encryption is the digital signature with a message recovery function. It can combine with the functions of digital signature and encryption.
References
Chang, C. C., & Chang, Y. F. (2003). Efficient anonymous auction protocols with freewheeling bids. Computers & Security, 22(8), 728–734.
Chaum, D., & Heyst, E. (1991). Group signatures. In Advances in cryptology, Eurocrypt’91 (pp. 257–265).
Chung, Y. F., Huang, K. H., Lee, H. H., Lai, F. P., & Chen, T. S. (2008). Bidder-anonymous English auction scheme with privacy and public verifiability. The Journal of Systems and Software, 81(1), 113–119.
Juang, W. S., Liaw, H. T., Lin, P. C., & Lin, C. K. (2005). The design of a secure and fair sealed-bid auction service. Mathematical and Computer Modelling, 41(8–9), 973–985.
Kudo, M. (1998). Secure electronic sealed-bid auction protocol with public key cryptography. IEICE Transactions on Fundamentals, E81-A(1), 20–27.
Lee, C. C., Ho, P. F., & Hwang, M. S. (2009). A secure e-aution scheme based on group signatures. Information Systems Frontiers, 11(3), 335–343.
Lee, B., Kim, K., & Ma, J. (2001). Efficient public auction with one-time registration and public verifiabiltiy. In Progress in cryptology, INDOCRYPT 2001 (pp. 16–20). Chennai, India: Madras.
Omote, K., & Miyaji, A. (2001). A practical english auction with one-time registration. In Proceedings of Australasian conference on information security and privacy, ACISP2001 (pp. 221–234).
Wu, T. C., Chen, K. Y., & Lin, Z. Y. (2002). An English auction mechanism for Internet environment. In Proceedings of ISC 2002 (pp. 331–337).
Acknowledgements
This work supported by the National Grand Fundamental Research 973 Program of China under Grand No.2007CB310704; the National Natural Science Foundation of China under Grant No.60970135, 61003285, 60821001; the 111 Project (No. B08004).
We thank the anonymous referees for their careful review and constructive suggestions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sun, Y., Sun, Y., Luo, M. et al. Comment on Lee et al.’s group signature and e-auction scheme. Inf Syst Front 15, 133–139 (2013). https://doi.org/10.1007/s10796-011-9312-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-011-9312-2