Forgery Attack onaSignature SchemewithMessage Recovery

withmessage recovery inreference [1], whichissupposed toprotect theidentity ofthesigner. Theideaforthis protoRecently, M.Sekhar gaveadigital signature scheme with colistoallow only aspecific verifier tocheck thevalidity of message recovery, whereonly aspecific verifier candirectlythesignature, andthis verifier canprove toathird party that check thevalidity ofthesignature. A third party candis- thesignature isvalid. Also, ithasalowexpansion rate and tinguish avalid signature through azero-knowledge proof lowcomputation costs while maintaining thesimpler speciprotocol. However wefindthat theproposed scheme isin- fication. Butwefind that M.Sekhar's scheme isnotsecure. secure. Aforgery attack strategy onM.Sekhar's scheme Inthis paper, wepropose aforgery attack; anyone whohasa hasbeendesigned; anyone whohasavalid signature can valid signature canforge asignature onanymessage. Also, forge asignature onanarbitrary message. Animprovedweproposed anewsignature scheme withmessage recovsignature scheme, which canresist theforgery attack anda erythat hasthesameadvantages ofM.Sekhar's scheme, zero-knowledge proof protocol withwhich athird party can andweshowthat ourproposed signature scheme canresist distinguish avalid signature arepresented. Also,the secu- theforgery attack. rity oftheimproved scheme isanalyzed. 2.ReviewofM.Sekhar's scheme