Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles


Article Preview

Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.



Key Engineering Materials (Volumes 439-440)

Edited by:

Yanwen Wu






Q. Xia et al., "Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles", Key Engineering Materials, Vols. 439-440, pp. 1606-1611, 2010

Online since:

June 2010




[1] S.S. Al-Riyami, K. G. Paterson. Certificateless public key cryptography. Proc. of Asiacrypt 2003, LNCS 2894, pp.452-473. Springer, Heidelberg, (2003).

DOI: 10.1007/978-3-540-40061-5_29

[2] A. Shamir. Identity-based cryptosystems and signature schemes. Proc. of CRYPTO 1984. LNCS 196, pp.47-53. Springer, Heidelberg, (1984).

[3] D. Boneh, M. Franklin. Identity-based encryption from the Weil pairings, Proc. of Advances in Cryptology-Crypto 2001, LNCS 3494, Springer-Verlag, Berlin, 2001, pp.213-229.

DOI: 10.1007/3-540-44647-8_13

[4] X. Huang, W. Susilo, Y. Mu, F. Zhang. On the security of certificateless signature schemes from asiacrypt 2003. Proc. of CANS 2005, LNCS 3810, pp.13-25. Springer, Heidelberg, (2005).

DOI: 10.1007/11599371_2

[5] D. H. Yum, P. J. Lee. Generic construction of certificateless signature. Proc. of ACISP 2004, LNCS 3108, pp.200-211, Springer-Verlag, (2004).

[6] B.C. Hu, D.S. Wong, Z. Zhang, X. Deng. Key replacement attack against a generic construction of certificateless signature. Proc. of ACISP 2006. LNCS 4058, pp.235-246, Springer-Verlag, (2006).

DOI: 10.1007/11780656_20

[7] M.C. Gorantla, A. Saxena. An efficient certificateless signature scheme. Proc. of CIS 2005. LNCS 3802, pp.110-116, Springer-Verlag, (2005).

[8] X. Cao, K.G. Paterson, W. Kou, An Attack on a Certificateless Signature Scheme. In: Cryptography ePrint Archive. Available online: http: /eprint. iacr. org/2006/367.

[9] J. Zhang, J. Mao. Security analysis of two signature schemes and their improved schemes. Proc. of ICCSA 2007, LNCS 4705, Part I, pp.589-602, Springer-Verlag, (2007).

DOI: 10.1007/978-3-540-74472-6_48

[10] X. Huang, Y. Mu, W. Susilo, D.S. Wong, W. Wu. Certificateless signature revisited. Proc. of ACISP 2007, LNCS 4586, pp.308-322, Springer-Verlag, (2007).

[11] K. Shim. Breaking the short certificateless signature scheme. Information Science, 179 (2009) 303-306.

DOI: 10.1016/j.ins.2008.08.024

[12] M. Bellare, P. Rogaway. The exact security of digital signatures -how to sign with RSA and Rabin. Ptroc. of Eurocrypt'96, LNCS 950, pp.399-416, Springer-Verlag, (1996).

DOI: 10.1007/3-540-68339-9_34

[13] R. Canetti, O. Goldreich, S. Halevi. The random oracle methodology, revisited. Proc. of the 30th Annual Symposium on the Theory of Computing (STOC'98), pp.209-218, (1998).

DOI: 10.1145/276698.276741

[14] J.K. Liu, M.H. Au et al. Self-Generated-Certificate Public Key Cryptography and certificateless signature/ encryption scheme in the standard model. Proc. of 2007 ACM symposium on Information, computer and communications security-ASIACCS'2007, pp.273-283, (2007).

[15] H. Xiong, Z. Qin, F. Li. An improved certificateless signature scheme secure in the standard model. Fundamenta Informaticae, 88 (2008) 193-206.

[16] Y. Yuan, D. Li, L. Tian, H. Zhu. Certificateless signature scheme without random oracles. Proc. of ISA 2009, LNCS 5576, pp.31-40, Springer-Verlag, (2009).

DOI: 10.1007/978-3-642-02617-1_4

In order to see related information, you need to Login.