Vulnerability of a non-membership proof scheme

An accumulator system used for a special application of anonymous credential is extended by Li et al to a much wider range of applications: membership proof and non-membership proof. Given a committed secret integer and a public finite set of prime integers, two proof protocols, membership proof and non-membership proof are proposed in the extended scheme. The former proves that the integer is in the set when it is really in, while the latter proves that the integer is not in the set when it is really not in. Although the original accumulator technique works well in its appointed special application, the extension is insecure and vulnerable to attacks. Several attacks against membership proof and non-membership proof in the extended work is proposed in this paper to show its vulnerability in security. The attacks show that an attacker can employ various methods to give membership proof to an integer not in the set and non-membership proof to an integer in the set.