| Digital signature provides authentication similar to handwritten signature, using cryptographic techniques. Aggregate signature is a special digital signature with aggregation property, which the signatures on many different messages generated by many different users can be compressed, and the verifier only need to verify an aggregate signature once. By this way, aggregate signature can greatly reduce the storage capacity, communication overhead and the computational complexity. Hence, aggregate signature has extensive application prospects in resource-constrained communication environment.Ever since certificateless public key cryptography (CL-PKC) was introduced in 2003, it has attracted attentions from the cryptographic researchers at home and abroad. On the one hand, the public key of a user is generated by the user himself without using public key certificate in CL-PKC, avoiding the storage and management problems of the public key certificate in traditional public key infrastructure; On the other hand, it also needs a third party called Key Generation Center (KGC) to help a user to generate his private key, eliminateing the problem of key escrow in identity-based public key cryptosystems.The paper mainly discusses the certificateless aggregate signature scheme from the follow aspects:In 2005, Zhang Yulei et. al. studied the security model of certificateless aggregate signature scheme (CLAS) with universal designated verifier, and then presented a new CLAS with universal designated verifier based on bilinear mapping. In this paper, cryptanalysis of the scheme which is proposed by zhang et al. shows that the scheme exists security flaws. First of all, after obtaining a valid aggregation signature, an attacker can claim that the signature is aggregation signature signed on n messages which are selected randomly. Besides, in the initial phase, the second type of adversary, namely malicious KGC, can generate partial public parameters nonrandomly, and then, the malicious KGC can forge signature of any message after getting the user’s public key. According to these security flaws, an improved security of aggregate signature scheme is proposed. The improved scheme is existentially unforgeable against adaptive chosen message and identity attack in the random oracle model.In the same year, Zhang Yulei et al. gave forgery attack on CLAS which the length of signature is independent of the number of signers, and then proposed two improved schemes. In this paper, through the security analysis of the second type of improved schemes which is proposed by Zhang et al., it shows that the scheme still can’t resist malicious KGC attacks.In 2016, Chen Ming proposed an improved certificateless aggregate signature with constant length. In this paper, according to the security analysis of the scheme, it showes that malicious KGC can forge signature. When the malicious KGC obtains a valid signature, it can counterfeit original signer to sign any message successfully. And then, it can also forge aggregation signature. An improved scheme is presented and its correctness and security are also proved. |
PDF Full Text Request