Recently, Hwang and Shi proposed an efficient proxy signature scheme without using one-way hash functions. In their scheme, an original signer needn't send a proxy certificate to a proxy signer through secure channels. However, there are two public key substitution methods that can be used to attack their scheme. In this article, we show that their scheme is vulnerable to the public key substitution attacks.
Proceedings of National Information Security Conference 2001