A New Attack for Self-Certified Digital Signatures for E-Commerce Applications

"Self-certified digital signature with message recovery" allows a specific receiver to restore the meaningful message from a digital signature and simultaneously confirms the validity of a signature and a signer's public key. This method greatly improves message confidentiality, solves the certificate management problem, and reduces the communication costs. Due to those benefits, this signature scheme has been widely adopted for e commerce applications. However, in recent years, this method has attracted attackers' attention; hence, a series of schemes were proposed to counter different attack scenarios. In this paper, we will first present a new attack scenario that can break the security of all the "self -certified digital signature with message recovery" schemes. Then, we will propose a scheme to solve the security issues. Compared with this type of signature scheme, our scheme can satisfy the essential security requirement of a digital signature without sacrificing the cost-effectiveness of the original design. The security and performance analyses demonstrate that our proposed scheme is secure, efficient, and well suited for practical use in e-commerce.