OPEN ACCESS
The aggregate signer outputs one signature through the aggregate signature algorithm, and the aggregate signature verifier confirms that multiple users have signed through the aggregate signature verification algorithm. Due to the high signature efficiency and low requirements for broadband, the aggregate signature scheme is widely studied and applied. For most aggregate signature schemes based on the traditional cryptography, key escrow is very complicated, while for identity-based aggregate signature schemes, there is a problem with certificate management. The certificateless public key cryptosystem can effectively solve these two drawbacks, but most certificateless aggregate signature schemes are of low computation efficiency and have security problems. Regarding the scheme proposed by He et al., in this paper, we construct a concrete attack method to prove it cannot meet the unforgeability requirement and analyze the reason for the successful attack, which is that during the signature process, the attack scheme can solve the definite value composed of the user’s secret value and the generator. Therefore, by bonding the hash function with the public key information, we design two improved certificateless aggregate signature schemes with strong security. One is to break the composition relations between the secret value and other parameters, and the other is to make the composition relations of the definite value unsolvable. In the random oracle model, we prove the second improved scheme to be unforgeable and its security is equivalent to solving hard mathematical problems. Compared with the current similar schemes, the second improved scheme requires less computation. We take the aggregate signature for the smart grid as an example and introduce the improved scheme into the aggregate signature scenario. The test results show that the scheme can ensure security and at the same time achieve real-time data transmission.
Certificateless cryptosystem, Aggregate signature, Bilinear pairing, Random oracle model, Smart grid
[1] D. Bonen, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, 2003, Lecture Notes in Computer Science, vol. 2656, no. 1, pp. 416-432.
[2] A. Lysyanskaya, S. Micali, L. Reyzin, H. Shacham, Sequential aggregate signatures from trapdoor permutations, 2004, International Conference on Advances in Cryptology-eurocrypt, vol. 3027, no. 2-6, pp. 74-90.
[3] Z. Shao, Enhanced aggregate signatures from pairings, 2005, Information Security and Cryptology, vol. 3822, pp. 140-149.
[4] A. Shamir, Identity-Based Cryptosystems and Signature Schemes, 1984, Lecture Notes in Computer Science, vol. 21, no. 2, pp. 47-53.
[5] H.J. Yoon, J.H. Cheon, Y. Kim, Batch verifications with ID-based signatures, 2004, International Conference on Information Security and Cryptology, vol. 3506, pp. 233-248.
[6] K.A. Shim, An ID-based aggregate signature scheme with constant pairing computations, 2010, IEEE Journal on Selected Areas in Communications, vol. 83, no. 10, pp. 1873-1880.
[7] H. Wang, Z. Liu, Z. Liu, D.S. Wong, Identity-based aggregate signcryption in the standard model from multilinear maps, 2016, Frontiers of Computer Science, vol. 10, no. 4, pp. 741-754.
[8] S.S. Al-Riyami, K.G. Paterson, Certificateless public key cryptography, 2003, International Conference on the Theory and Application of Cryptology, vol. 2894, no. 2, pp. 452-473.
[9] Z. Gong, Y. Long, X. Hong, K. Chen, Two certificateless aggregate signatures from bilinear maps, 2007, Eighth Acis International Conference on Software Engineering, vol. 3, pp. 188-193.
[10] X.Y. Yu, D.K. He, A new certificateless aggregate signature scheme, 2009, Computer Communications, vol. 32, no. 6, pp. 1079-1085.
[11] L. Zhang, B. Qin, Q. Wu, F. Zhang, Efficient many-to-one authentication with certificateless aggregate signatures, 2010, Computer Networks, vol. 54, no. 14, pp. 2482-2491.
[12] H. Xiong, Z. Guan, Z. Chen, F. Li, An efficient certificateless aggregate signature with constant pairing computations, 2013, Information Sciences, vol. 219, no. 10, pp. 225-235.
[13] K.A. Shim, On the security of a certificateless aggregate signature scheme, 2011, IEEE Communications Letters, vol. 5, no. 3, pp. 358-367.
[14] Y.L. Zhang, C.Y. Li, C.F. Wang, Y.J. Zhang, Security analysis and improvements of certificateless aggregate signature schemes, 2015, Dianzi Yu Xinxi Xuebao/journal of Electronics & Information Technology, vol. 37, no. 8, pp. 1994-1999.
[15] A.W. An, D.L. Xia, Z.F. Yang, Security analysis on two certificateless aggregate signature schemes, 2016, Journal of Electronics & Information Technology, vol. 38, no. 10, pp. 2695-2700.
[16] D. He, M. Tian, J. Chen, Insecurity of an efficient certificateless aggregate signature with constant pairing computations, 2014, Information Sciences An International Journal, vol. 268, no. 2, pp. 458-462.
[17] Y. Xu, L.S. Huang, M.M. Tian, H. Zhong, J. Cui. A provably secure and compact certificateless aggregate signature scheme, 2016, Acta Electronica Sinica, vol. 44, no. 8, pp. 1845-1850.
[18] H.Z. Du, M. Huang, Q. Wen, Efficient and provably-secure certificateless aggregate signature scheme, 2013, Tien Tzu Hsueh Pao/acta Electronica Sinica, vol. 41, no. 1, pp. 72-76.
[19] M. Zhou, M. Zhang, C. Wang, B. Yang, CCLAS: A practical and compact certificateless aggregate signature with share extraction, 2014, International Journal of Network Security, vol. 16, no. 3, pp. 174-181.
[20] H. Chen, S.M. Wei, C.J. Zhu, Y. Yang, Secure certificateless aggregate signature scheme, 2015, Ruan Jian Xue Bao/Journal of Software, vol. 26, no. 5, pp. 1173-1180.