Security of ZLYH-key authentication scheme

Abstract

In public key cryptosystem, it is very important to protect and authenticate a user's public key. In the past, many schemes have been proposed. However, most of the schemes require one or more authorities to authenticate the public key. In the authority-based scheme, since an authority can know user's private keys or generate false certificates, we can impersonate any user at any time. Therefore, it is required such a scheme as an authority cannot know the secret information of users and a security of system does not wholly depend on an authority. In recent years, Zhan et al. proposed a new key authentication scheme, called ZLYH-scheme, which is requires no authority to authenticate a user's public key. However, it still has a weakness that can guess password. We show that ZLYH-scheme has some weakness. To overcome this disadvantage, we propose an improved key authentication scheme. In our scheme, it does not require the secret password table and an attacker cannot guess the password.