Cryptanalysis of Chang-Lin-Lam´s ID-based Multisignature Scheme

Recently, Chang, Lin and Lam proposed an ID-based multisignature scheme without reblocking and predetermined signing order. Their scheme adopts users´ id information as the public keys instead of random integers. They have claimed that it is computationally infeasible to derive the private key of Key Authentication Center (KAC) from the private keys of the authorized users, and the scheme has the property of resistance against collaboration attacks. However, we observed that their scheme cannot be applied in real world, for there are two defects in their scheme and the scheme doesn´t satisfy with what they has claimed. The two drawbacks are: (1) not having an efficient verification algorithm (the signature almost cannot be verified for the exponent is too large). (2) Even if the signature can be verified, there would exist a forger within the same computation complexity of verification algorithm who can break the scheme (in other words, any one of the signing group can forge on any message for the whole signing group)