Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2008, Vol. 31 ›› Issue (2): 64-67.doi: 10.13190/jbupt.200802.64.097

• Papers • Previous Articles     Next Articles

An Attack on a Certificateless Signature Scheme and Its Improvement

CAO Xue-fei1, Kenneth.G.Paterson2, KOU Wei-dong1   

  1. 1.State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China; 2. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK
  • Received:2007-06-11 Revised:1900-01-01 Online:2008-04-28 Published:2008-04-28
  • Contact: CAO Xue-fei

Abstract:

That a presented proposal of efficient certificateless signature scheme is insecure against public key replacement attack is demonstrated. It is shown that an adversary who replaces the public key of a signer can forge valid signatures for the signer without knowledge of the signer’s private key. Then the scheme is improved by replacing the original public key with a public key pair. It enables a verifier to check the validity of a signer’s public key pair by simplifying the signature construction. The improved scheme is proven secure against existential forgery under the random oracle model.

Key words: certificateless signature, public key replacement attack, key escrow

CLC Number: