Abstract :
For the original article see ibid., vol. 29, no. 24, p. 2094-5 (1993). In the afore-mentioned article L. Harn introduced a digital signature scheme, based on a discrete logarithm problem, which enabled any t of the n verifiers to verify the validity of the signature; in other words, the proposed scheme not only preserves the properties of regular digital signature schemes previously, where a single user in possession of the secret key can generate a digital signature, but also contains the following properties: (i) any t of the n verifiers can verify the validity of the signature, (ii) any t-l or fewer verifiers cannot verify the validity of the signature. The commenters show that the proposed digital signature is vulnerable; that is, given a valid signature of a known message it is feasible to generate a valid signature of another known message without knowing the secret keys held by the signer. In reply, the author agrees with the comment that the original signature scheme is insecure and presents a description which demonstrates this vulnerability
