With the development and maturity of new technologies such as blockchain,5G network,artificial intelligence,and the Internet of Things,information security becomes more and more important.Digital signature is an important branch of information security,which can ensure the integrity,identity authentication and non-repudiation of information during transmission.As one of the core technologies of digital signature,certificateless signature can not only avoid certificate management,but also solve key escrow.There are many variations of certificateless signature to meet the practical application requirements,among which certificateless generalized signcryption and certificateless aggregate signature are two important ones.The certificateless generalized signcryption scheme can be used as both signature scheme,encryption scheme and signcryption scheme,but it is worth challenging to consider the security of the three schemes at the same time.The certificateless aggregate signature scheme can not only reduce the verifier’s computation,but also reduce the transmission cost and storage space of the signature.At present,researchers in the world have proposed a large number of certificateless signature schemes,certificateless generalized signcryption schemes and certificateless aggregate signature schemes,but most of these schemes cannot resist forgery attack.Therefore,it is of great practical significance to summarize the reasons why the proposed scheme cannot resist forgery attack and to construct a provably secure certificateless signature scheme.This paper focuses on the analysis and research of certificateless signature schemes,certificateless generalized signcryption schemes and certificateless aggregate signature schemes,and obtains the following three research results:(1)In order to solve the problem that the certificateless signature scheme cannot resist public key replacement.First,we point out that Jia et al.’s certificateless signature scheme cannot resist public key replacement attacks,and give a series of reasons why related schemes cannot resist public key substitution attacks.To resist the public key replacement attack,a new certificateless signature scheme is proposed.The new scheme needs necessary parameters to the hash function when generating the information digest,so that the adversary can not forge the legal signature by replacing the public key.In the random oracle model,it is proved that the new scheme is safe based on elliptic curve discrete logarithm problem.The results of performance analysis show that the new scheme has certain advantages in computional cost and communication overhead.Compared with other related schemes,since the bilinear pairing operation is not used,the new scheme chieves better performance while having higher computational efficiency.(2)In order to solve the problem that the existing certificateless generalized signcryption(CLGSC)scheme cannot satisfy the unforgeability and confidentiality at the same time.Firstly,concrete attacks are given to prove that Karati et al.’s scheme could not resist forgery attacks.This paper analyzes the essential reason why the adversaries can forge a valid signature or signcryption in CLGSC schemes.Then,a new certificateless generalized signcryption scheme without bilinear pairing is proposed.Security analysis shows that the new scheme can meet confidentiality and unforgeability.Finally,the performance evaluation and comparison prove that the proposed scheme outperforms other CLGSC schemes in terms of computation cost,communication overhead,and security functionalities.Therefore,the proposed scheme can provide the service of secure data transmission among resource-limited IoT devices(3)The development of healthcare wireless medical sensor network(HWMSN)technology boosts the awareness of guaranteeing the privacy and security of data in e-healthcare system.To efficiently authenticate messages uploaded by medical sensor nodes without revealing sensitive information of patients,many certificateless aggregate signature(CLAS)schemes have been proposed.Unfortunately,most of them were either found to be insecure or unable to achieve the robustness of the system.To address this challenge,in this paper we demonstrate that two typical CLAS schemes cannot resist forgery attacks and give out the essential reasons why these schemes are insecure.Then,a new certificateless anonymous aggregate signature(CLAAS)scheme which overcomes the problem mentioned above is proposed.Moreover,we note that the partial secret key can be transmitted through public channels in our CLAAS scheme.Performance evaluation shows that our CLAAS scheme outperforms other CLAS schemes in terms of computation cost,and communication overhead,which makes it more suitable for resource-constrained HWMSN environment. |