## Cryptology ePrint Archive: Report 2013/153

On the security of a certicateless signature scheme in the standard model

Lin Cheng and Qiaoyan Wen and Zhengping Jin and Hua Zhang

Abstract: Most of certificateless signature schemes without random oracles can not resist key replacement attack. To overcome this security weakness, Yu et al. recently propose a new certificateless signature scheme and claimed that their scheme is provably secure in the standard model. However, in this paper, we show their scheme is still insecure against key replacement attack where an adversary who replaces the public key of a signer can forge valid signatures on any messages for that signer without knowing the signer's partial secret key. Moreover, we show Yu et al.'s certificateless signature scheme is vulnerable to malicious-but-passive'' KGC attack where a malicious KGC can forge valid signatures by embedding extra trapdoors in the system parameter.

Category / Keywords: public-key cryptography /