Abstract: The security of the Xue et al.’s threshold proxy signature scheme using self-certified public key is analyzed.Two forgery attacks against this scheme are proposed.A malicious original signer can generate a new valid signature after he gets a valid signature，and a malicious proxy signer can derive a valid signature on message[m′]in the signature generation procedure for message m.The causes of the attacks existing in this scheme are analyzed and an improvement which can resolve these security deficiencies is further proposed.

Key words: self-certified public key, threshold signature, proxy signature, threshold proxy signature

摘要： 对Xue等提出的基于自认证公钥的门限代理签名方案进行了安全性分析。指出了该方案存在的两种伪造攻击：恶意的原始签名者在获得一个有效签名后，能够伪造出一个新的有效签名;恶意的代理签名者在对一个消息m的签名过程中，能够伪造出对另一个消息[m′]的有效签名。分析了攻击产生的原因，并给出了改进方案以弥补该方案的安全性缺陷。

关键词: 自认证公钥, 门限签名, 代理签名, 门限代理签名