Browse > Article

Cryptanalysis and Improvement of an Efficient Certificateless Signature Scheme  

Li, Jiguo (College of Computer and Information Engineering, Hohai University)
Huang, Xinyi (School of Computer Science & Software Engineering, University of Wollongong)
Mu, Yi (School of Computer Science & Software Engineering, University of Wollongong)
Wu, Wei (School of Computer Science & Software Engineering, University of Wollongong)
Publication Information
Journal of Communications and Networks / v.10, no.1, 2008 , pp. 10-17 More about this Journal
Abstract
In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. The advantage of certificateless public key cryptography successfully eliminates the necessity of certificates in the traditional public key cryptography and simultaneously solves the inherent key escrow problem suffered in identity-based cryptography. Recently, Yap et al. proposed an efficient certificateless signature scheme and claimed that their scheme is existentially unforgeable in the random oracle model. In this paper, we show that the certificateless signature scheme proposed by Yap et al. is insecure against public key replacement attacks. Furthermore, we propose an improved certificateless signature scheme, which is existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model and provide the security proof of the proposed scheme.
Keywords
Certificateless cryptography; certificateless signature; public key replacement attack; security analysis;
Citations & Related Records

Times Cited By Web Of Science : 2  (Related Records In Web of Science)
Times Cited By SCOPUS : 5
연도 인용수 순위
1 A. Shamir, 'Identity-based cryptosystems and signature schemes,' in Proc. Advances in Cryptology-Crypto'84, Lecture Notes in Computer Science 196, Aug. 1984, pp. 47-53
2 Z. F. Zhang, D. S.Wong, J. Xu, and D. G. Feng, 'Certificateless public-key signature: Security model and efficient construction,' in Proc. ACNS2006, Lecture Notes in Computer Science 3989, June 2006, pp. 293-308
3 S. S. Al-Riyami and K. G. Paterson, 'CBE from CLPKE: A generic construction and efficient schemes,' in Proc. Public Key Cryptography, PKC2005, Lecture Notes in Computer Science 3386, Jan. 2005, pp. 398- 415
4 Z. Cheng and R. Comley, 'Efficient certificateless public key encryption,' Cryptology ePrint Archive. [Online]. Available: http://eprint.iacr.org/2005/012
5 X. Y. Huang, W. Susilo, Y. Mu, and F. T. Zhang, 'On the security of certificateless signature schemes from asiacrypt 2003,' in Proc. CANS2005, Lecture Notes in Computer Science 3810, Dec. 2005, pp. 13-25
6 B. C. Hu, D. S. Wong, Z. F. Zhang, and X. T. Deng, 'Key replacement attack against a generic construction of certificateless signature,' in Proc. ACISP2006, Lecture Notes in Computer Science 4058, July 2006, pp. 235-246
7 M. Bellare and P. Rogaway, 'Random oracles are practical: A paradigm for designing efficient protocols,' in Proc. ACM CCS'93, Nov. 1993, pp. 62-73
8 Z. F. Zhang, and D. G. Feng, 'Key replacement attack on a certificateless signature scheme,' Cryptology ePrint Archive. [Online]. Available: http//eprint.iacr.org/2006/453
9 L. C. Wang, Z. F. Cao, X. X. Li, and H. F. Qian, 'Certificateless threshold signature schemes,' in Proc. CIS2005, Lecture Notes in Artifical Intelligence 3802, Dec. 2005, pp. 104-109
10 J.S. Coron, 'On the exact security of full domain hash,' in Proc. Advances in Cryptology- Crypto2000, Lecture Notes in Computer Science 1880, Aug. 2000, pp. 229-235
11 D. Pointcheval and J. Stern, 'Security proofs for signature schemes,' in Proc. Advanced in Cryptology-Eurocrypt'96, Lecture Notes in Computer Science 1070, 1996, pp. 387-398
12 X. Y. Huang, Y. Mu, W. Susilo, D. S. Wong, and W. Wu, 'Certificateless signature revisited,' in Proc. ACISP2007, Lecture Notes in Computer Science 4586, July 2007, pp. 308-322
13 S. S. Al-Riyami and K. G. Paterson, 'Certificateless public key cryptography,' in Proc. Advances in Cryptography-Asiacrypt2003, Lecture Notes in Computer Science 2894, Dec. 2003, pp. 452-473
14 J. Baek, R. Safavi-Naini, and W. Susilo,'Certificateless public key encryption without pairing,' in Proc. 8th Information Security Conference, ISC2005, Lecture Notes in Computer Science 3650, Sept. 2005, pp. 134- 148
15 W. S. Yap, S. H. Heng, and B. M. Goi, 'An efficient certificateless signature scheme,' in Proc. EUC Workshops2006, Lecture Notes in Computer Science 4097, Aug. 2006, pp. 322-331
16 D. Boneh, B. Lynn and H. Shacham, 'Short signatures from the weil pairing,' in Proc. Advances in Cryptology - Asiacrypt2001, Lecture Notes in Computer Science 2248, Dec. 2001, pp. 514-532
17 D. H. Yum and P. J. Lee,'Generic construction of certificateless encryption,' in Proc. ICCSA2004, Lecture Notes in Computer Science 3043, May 2004, pp. 802-811
18 D. H. Yum and P. J. Lee, 'Generic construction of certificateless signature,' in Proc. Information Security and Privacy, ACISP2004, Lecture Notes in Computer Science 3108, July 2004, pp. 200-211