Security Analysis of Two Lightweight Certificateless Signature Schemes

Document Type: Original Article


Information Science Research Center, Iranian Research Institute for Information Science and Technology (IRANDOC), Tehran, Iran.


Certificateless cryptography can be considered as an intermediate solution to overcome the issues in traditional public key infrastructure (PKI) and identity-based public key cryptography (ID-PKC). There exist a vast number of certificateless signature (CLS) schemes in the literature; however, most of them are not efficient enough to be utilized in limited resources environments such as Internet of things (IoT) or Healthcare Wireless Sensor Networks (HWSN). Recently, two lightweight CLS schemes have been proposed by Karati et al. and Kumar et al. to be employed in IoT and HWSNs, respectively. While both schemes are claimed to be existentially unforgeable, in this paper, we show that both these signatures can easily be forged. More specifically, it is shown that 1)
in Karati et al.'s scheme, a type 1 adversary, considered in certificateless cryptography, can generate a valid partial private key corresponding to any user of its choice and as a consequence, it can forge any users' signature on any message of its choice, and 2) in Kumar et al.'s scheme, both types of adversaries which are considered in certificateless cryptography are able to forge any signer's signature on an arbitrary message.


Main Subjects

[1] N. Pakniat and B. A. Vanda. Cryptanalysis and Improvement of a Pairing-Free Certificateless Signature Scheme. In 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 1--5, Aug 2018. [ bib | DOI ]
[2] N. Pakniat and M. Noroozi. Cryptanalysis of a certificateless aggregate signature scheme. In the 9th Conference of Command, Control, Communications and Computer Intelligence, pages 1--5, 2016. [ bib ]
[3] Pankaj Kumar, Saru Kumari, Vishnu Sharma, Arun Kumar Sangaiah, Jianghong Wei, and Xiong Li. A certificateless aggregate signature scheme for healthcare wireless sensor network. Sustainable Computing: Informatics and Systems,, page in press, 2017. [ bib | DOI ]
[4] Liaojun Pang, Yufei Hu, Yi Liu, Kedong Xu, and Huixian Li. Efficient and secure certificateless signature scheme in the standard model. International Journal of Communication Systems, 30(5):e3041--n/a, 2017. [ bib | DOI ]
[5] Liangliang Wang, Kefei Chen, Yu Long, and Huige Wang. An efficient pairing-free certificateless signature scheme for resource-limited systems. Science China Information Sciences, 60(11):119102, Dec 2016. [ bib | DOI ]
[6] Yumin Yuan and Chenhui Wang. Certificateless signature scheme with security enhanced in the standard model. Information Processing Letters, 114(9):492 -- 499, 2014. [ bib | DOI ]
[7] Jianhong Zhang and Jane Mao. An efficient RSA-based certificateless signature scheme. Journal of Systems and Software, 85(3):638 -- 642, 2012. [ bib | DOI ]
[8] Xinyi Huang, Yi Mu, Willy Susilo, Duncan S. Wong, and Wei Wu. Certificateless Signature Revisited. In Information Security and Privacy, pages 308--322, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg. [ bib | DOI ]
[9] Yang Lu and Jiguo Li. Provably secure certificateless proxy signature scheme in the standard model. Theoretical Computer Science, 639:42 -- 59, 2016. [ bib | DOI ]
[10] Ziba Eslami and Nasrollah Pakniat. A certificateless proxy signature scheme secure in standard model. In International Conference on Latest Computational Technologies-ICLCT 2012, pages 81--84, Planetary Scientific Research Center: Bangkok, 2012. [ bib ]
[11] Seung-Hyun Seo, Kyu Young Choi, Jung Yeon Hwang, and Seungjoo Kim. Efficient certificateless proxy signature scheme with provable security. Information Sciences, 188:322 -- 337, 2012. [ bib | DOI ]
[12] C. Hu and D. Li. A New Type of Proxy Ring Signature Scheme with Revocable Anonymity. In Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007), volume 1, pages 866--868, 2007. [ bib ]
[13] Deng, Lunzhi. Certificateless ring signature based on rsa problem and dl problem. RAIRO-Theor. Inf. Appl., 49(4):307--318, 2015. [ bib | DOI ]
[14] Lijun Zhu and Futai Zhang. An efficient certificateless ring signature scheme. Wuhan University Journal of Natural Sciences, 13(5):567, 2008. [ bib | DOI ]
[15] Lin Cheng, Qiaoyan Wen, Zhengping Jin, Hua Zhang, and Liming Zhou. Cryptanalysis and improvement of a certificateless aggregate signature scheme. Information Sciences, 295:337 -- 346, 2015. [ bib | DOI ]
[16] Yu-Chi Chen, Raylin Tso, Masahiro Mambo, Kaibin Huang, and Gwoboa Horng. Certificateless aggregate signature with efficient verification. Security and Communication Networks, 8(13):2232--2243, 2015. [ bib | DOI ]
[17] Shi-Jinn Horng, Shiang-Feng Tzeng, Po-Hsian Huang, Xian Wang, Tianrui Li, and Muhammad Khurram Khan. An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. Information Sciences, 317:48 -- 66, 2015. [ bib | DOI ]
[18] Hu Xiong, Zhi Guan, Zhong Chen, and Fagen Li. An efficient certificateless aggregate signature with constant pairing computations. Information Sciences, 219:225 -- 235, 2013. [ bib | DOI ]
[19] Ziba Eslami and Nasrollah Pakniat. Certificateless aggregate signcryption: Security model and a concrete construction secure in the random oracle model. Journal of King Saud University - Computer and Information Sciences, 26(3):276 -- 286, 2014. [ bib | DOI ]
[20] Yang Chen, Yang Zhao, Hu Xiong, and Feng Yue. A Certificateless Strong Designated Verifier Signature Scheme with Non-delegatability. International Journal of Network Security, 19(4):573--582, 2017. [ bib | DOI ]
[21] Xinyi Huang, W. Susilo, Yi Mu, and Futai Zhang. Certificateless Designated Verifier Signature Schemes. In 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), volume 2, pages 15--19, 2006. [ bib ]
[22] Hong Yuan, Futai Zhang, Xinyi Huang, Yi Mu, Willy Susilo, and Lei Zhang. Certificateless threshold signature scheme from bilinear maps. Information Sciences, 180(23):4714 -- 4728, 2010. [ bib | DOI ]
[23] Licheng Wang, Zhenfu Cao, Xiangxue Li, and Haifeng Qian. Simulatability and security of certificateless threshold signatures. Information Sciences, 177(6):1382 -- 1394, 2007. [ bib | DOI ]
[24] Licheng Wang, Zhenfu Cao, Xiangxue Li, and Haifeng Qian. Certificateless Threshold Signature Schemes. In Yue Hao, Jiming Liu, Yu-Ping Wang, Yiu-ming Cheung, Hujun Yin, Licheng Jiao, Jianfeng Ma, and Yong-Chang Jiao, editors, Computational Intelligence and Security, pages 104--109, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg. [ bib | DOI ]
[25] Sattam S. Al-Riyami and Kenneth G. Paterson. Certificateless Public Key Cryptography. In Chi-Sung Laih, editor, Advances in Cryptology - ASIACRYPT 2003, pages 452--473, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg. [ bib | DOI ]
[26] Adi Shamir. Identity-Based Cryptosystems and Signature Schemes. In George Robert Blakley and David Chaum, editors, Advances in Cryptology, pages 47--53, Berlin, Heidelberg, 1985. Springer Berlin Heidelberg. [ bib | DOI ]
[27] A. Karati, S. H. Islam, and M. Karuppiah. Provably Secure and Lightweight Certificateless Signature Scheme for IIoT Environments. IEEE Transactions on Industrial Informatics, PP(99):in press, 2018. [ bib | DOI ]