On the Security of Online/Offline Signatures and Multisignatures from ACISP΄06.

Efficient authentication in routing protocols is one of the most important problems for security of ad hoc networks. In ACISP΄06, Xu, Mu, and Susilo proposed an identity-based online/offline signature scheme for authentication in the AODV protocol and then transformed this scheme to an identity-based multisignature scheme which is suitable for the DSR protocol. In this paper, we show that their schemes cannot achieve the claimed security by demonstrating a forgery attack. In this attack, an adversary can forge a valid signature on any messages. Therefore, their signature schemes cannot guarantee the security of AODV and DSR protocols. We also show that their generic construction of identity-based multisignature from identity-based online/offline signature is not secure. [ABSTRACT FROM AUTHOR]