Security analysis of the certificateless signature scheme proposed at SecUbiq 2006

Authors:
Je Hong Park;Bo Gyeong Kang
Affiliations:
ETRI, Network & Communication Security Division;Samsung Electronics Co., LTD.
Venue:
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Year:
2007

Citing 13
Cited 3

Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Certificateless Designated Verifier Signature Schemes

AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 02
Certificateless signature: a new security model and an improved generic construction

Designs, Codes and Cryptography
Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Malicious KGC attacks in certificateless cryptography

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Certificateless signature revisited

ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Security analysis of two signature schemes and their improved schemes

ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
An efficient certificateless signature scheme

CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
On the security of certificateless signature schemes from asiacrypt 2003

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
An efficient certificateless signature scheme

EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Efficient revocation of security capability in certificateless public key cryptography

KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Certificateless public-key signature: security model and efficient construction

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Key replacement attack against a generic construction of certificateless signature

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Efficient and provably-secure certificateless short signature scheme from bilinear pairings

Computer Standards & Interfaces
An efficient and provably-secure certificateless signature scheme without bilinear pairings

International Journal of Communication Systems
Cryptanalysis and improvement of a certificateless threshold signature secure in the standard model

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we show that the certificateless signature scheme proposed by Yap, Heng and Goi at SecUbiq 2006 is insecure against a key replacement attack and a malicious-but-passive KGC attack, respectively. The former implies that anyone who replaces a signer's public key can forge valid signatures for that signer without knowledge of the signer's private key. The latter supposes the malicious-but-passive KGC, which generates system parameters based on the information of the target user to impersonate. Our results are based on the fact that the private key of the YHG scheme has the form of a BLS multisignature generated by the KGC and the user. Finally, we review the vulnerability of several certificateless signature schemes under theses attacks.