论文信息 - Key Replacement Attack Against a Generic Construction of Certificateless Signature

Key Replacement Attack Against a Generic Construction of Certificateless Signature

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we show that the security requirements of their generic building blocks are insufficient to support some security claim stated in their paper. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.

[1] Alfred Menezes,et al. Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol , 1999, Public Key Cryptography.

[2] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3] Jacques Stern,et al. Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[4] Pil Joong Lee,et al. Generic Construction of Certificateless Signature , 2004, ACISP.

[5] Chanathip Namprempre,et al. Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[6] Kenneth G. Paterson,et al. Certificateless Public Key Cryptography , 2003 .

[7] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8] Taher ElGamal,et al. A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[9] Reihaneh Safavi-Naini,et al. An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.

[10] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[12] Yi Mu,et al. On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.