Cryptanalysis and Improvement of Three Certificateless Aggregate Signature Schemes

The certificateless aggregate signature (CLAS) scheme is a very important data aggregation technique that compresses a large number of signatures from different users into a short signature. CLAS can reduce the total length of a signature and the computational overhead of signature verification and is therefore highly suitable for resource-constrained network environments. Many CLAS schemes have been proposed in recent years, but the construction of a secure and efficient CLAS scheme remains important. In 2018, Li et al. found that the CLAS scheme proposed by He et al. could not resist malicious-but-passive KGC attacks, and they presented an improved CLAS scheme. Du et al. proposed a CLAS scheme with the constant aggregate signature length and claimed that their scheme was resistant to forgery attacks. Chen et al. designed a CLAS scheme with efficient verification and proved that their CLAS scheme was secure in the random oracle model. In this paper, we demonstrate that Li et al.’s CLAS scheme, Du et al.’s CLAS scheme, and Chen et al.’s CLAS scheme are insecure against coalition attacks and present concrete examples. That is, an attacker can forge a valid aggregate signature using some illegal single signatures. To withstand suck attacks, we propose an improved CLAS scheme based on Chen et al.’s CLAS scheme.

[1]  Jianhua Chen,et al.  Insecurity of an efficient certificateless aggregate signature with constant pairing computations , 2014, Inf. Sci..

[2]  Jianfeng Ma,et al.  A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks , 2017, IEEE Internet of Things Journal.

[3]  Baoyuan Kang,et al.  A secure Certificateless Aggregate Signature Scheme , 2016 .

[4]  Gwoboa Horng,et al.  Certificateless aggregate signature with efficient verification , 2015, Secur. Commun. Networks.

[5]  Zhi Guan,et al.  An efficient certificateless aggregate signature with constant pairing computations , 2013, Inf. Sci..

[6]  He Liu,et al.  A Secure and Efficient Certificateless Aggregate Signature Scheme , 2014, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[8]  G. P. Biswas,et al.  Provably secure and pairing-free certificateless digital signature scheme using elliptic curve cryptography , 2013, Int. J. Comput. Math..

[9]  Hong Yuan,et al.  Cryptanalysis and Improvement for Certificateless Aggregate Signature , 2018, Fundam. Informaticae.

[10]  Jian Shen,et al.  Cryptanalysis of a certificateless aggregate signature scheme with efficient verification , 2016, Secur. Commun. Networks.

[11]  Jian Shen,et al.  Insecurity of a Certificateless Aggregate Signature Scheme , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[13]  Chen Hu,et al.  Certificateless Aggregate Signature Scheme , 2010, 2010 International Conference on E-Business and E-Government.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[15]  Kefei Chen,et al.  A Modified Efficient Certificateless Signature Scheme without Bilinear Pairings , 2015, 2015 International Conference on Intelligent Networking and Collaborative Systems.

[16]  Limin Shen,et al.  Notes on the security of certificateless aggregate signature schemes , 2014, Inf. Sci..

[17]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[18]  Yi Mu,et al.  Certificateless Signature Revisited , 2007, ACISP.

[19]  Qiaoyan Wen,et al.  Efficient and provably-secure certificateless short signature scheme from bilinear pairings , 2009, Comput. Stand. Interfaces.

[20]  He Liu,et al.  New Construction of Efficient Certificateless Aggregate Signatures , 2014 .

[21]  Kuo-Hui Yeh,et al.  Cryptanalysis of Wang et al's Certificateless Signature Scheme without Bilinear Pairings , 2017, IACR Cryptol. ePrint Arch..

[22]  Liming Zhou,et al.  Cryptanalysis and improvement of a certificateless aggregate signature scheme , 2015, Inf. Sci..