Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.6.17

Security Analysis of Two Certificateless Signature Schemes  

Lee, Ju-Hee (Ewha Womans University)
Shim, Kyung-Ah (National Institute for Mathematical Sciences)
Lee, Hyang-Sook (Ewha Womans University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.6, 2009 , pp. 17-22 More about this Journal
Abstract
Certificateless cryptography eliminates the need of certificacates in the public key crytosystems and solves the inherent key escrow problem in identity-based cryptosystems. This paper demonstrates that two certificateless signature schemes proposed by Guo et al. and Wang et al. respectively are insecure against key replacement attacks by a type I adversary. We show that the adversary who can replace a signer's public key can forge signatures under the replaced public key. We then make a suggestion to prevent the attacks.
Keywords
Certificateless cryptography; Digital signature; Key replacement attack; Forgery;
Citations & Related Records
연도 인용수 순위
  • Reference
1 X. Li, K. Chen, and L. Sun, "Certificateless signature and proxy signature schemes from bilinear pairings," Lithuanian Mathematical Journal, vol. 45, no. 1, pp. 95-103, Jan. 2005   DOI
2 A. Shamir, "Identity-base cryptosystems and signature schemes," Advances in Cryptology, CRYPTO 84, LNCS 196, pp. 47-53, 1985   DOI
3 J.K. Liu, M.H. Au, and W. Susilo, "Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model," ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007, pp. 273-283, Mar. 2007   DOI
4 C. Wang, H. Huang, and Y. Tang, "An efficient certificateless signature from pairings," International Symposium on Data, Privacy, and E-Commerce, IEEE ISDPE 2007, pp. 236-238, Jan. 2007   DOI
5 X. Huang, W. Susilo, Y. Mu, and F. Zhang, "On the security of certificateless signature scheme from ASIACRYPT 03," International Conference on Cryptology and Network Security, CANS 2005, LNCS 3810, pp. 13-25, 2005
6 M.H. Au, Y. Mu, D.S. Wong, J.K. Liu, J. Chen, and G. Yang, "Malicious KGC attack in certificateless cryptography," ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007, pp. 302-311, Mar. 2007   DOI
7 S. Al-Riyami and K. Paterson, "Certificateless public key cryptogaphy," Advances in Cryptology, ASIACRYPT 2003, LNCS 2894, pp. 452-473, 2003
8 K.Y. Choi, J.H. Park, J.K. Hwang, and D.H. Lee, "Efficient certificateless signature schemes," International Conference on Applied Cryptography and Network Security, ACNS 2007, LNCS 4521, pp. 443-458, 2007
9 D. Yum and P. Lee, "Generic construction of certificateless signature," Australasian Conference on Information Security and Privacy, ACISP 2004, LNCS 3108, pp. 200-211, 2004
10 M. Gorantla and A. Saxena, "An efficient certificateless signature scheme," International Conference on Computational Intelligence and Security, CIS 2005, LNCS 3802, pp. 110-116, 2005
11 Z. Zhang, D.S. Wong, J. Xu, and D. Feng, "Certificateless public-key signature : security model and efficient construction," International Conference on Applied Cryptography and Network Security, ACNS 2006, LNCS 3989, pp. 293-308, 2006
12 B. Hu, D. Wong, Z. Zhang, and X. Deng, "Key replacement attack against a generic construction of certificateless signature," Australasian Conference on Information Security and Privacy, ACISP 2006, LNCS 4058, pp. 235-246, 2006
13 L. Guo, L. Hu, and Y. Li, "A practical certificateless signature scheme," International Symposium on Data, Privacy, and E-Commerce, IEEE ISDPE 2007, pp. 248-253, Jan. 2007   DOI
14 M. Gorantla, R. Gangishetti, M. Das, and A. Saxena, "An effiective certificateless signature scheme based on bilinear pairings," International Workshop on Security in Information Systems, WOSIS 2005, pp. 31-39, May 2005