"Recently, Hwang and Shi proposed an e cient proxy signature scheme without
using one-way hash functions. In their scheme, an original signer needn't send a proxy
certi cate to a proxy signer through secure channels. However, there are two public key
substitution methods can be used to attack their scheme. In this article, we show that their
scheme is vulnerable to the public key substitution attacks."