Cryptanalysis and Improvement of a Blockchain-Based Certificateless Signature for IIoT Devices

Abstract

With the rapid development of the Industrial Internet of Things (IIoT), security and privacy issues have become increasingly prominent when the data from IIoT devices is shared across public networks. Very recently, Wang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et</i> <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">al.</i> presented a blockchain-based certificateless signature (CLS) scheme for IIoT devices in order to achieve secure and lightweight communication (IEEE Transactions on Industrial Informatics, DOI: 10.1109/TII.2021.3084753). Wang et al. claimed that their CLS scheme is secure under the assumption of the elliptic curve discrete logarithm problem. Unfortunately, by providing two attack methods to analyze the security of Wang et al.'s CLS scheme, we find that it is insecure against universal forgery attacks. Without knowing any information about the target user's private key, the two categories of attackers can successfully forge the valid signature of any message. Hence, Wang et al.'s CLS scheme fails to achieve the claimed security goals. To fix the security flaws, we propose an enhanced blockchain-based and pairing-free CLS scheme, and prove its security in the random oracle model. Furthermore, the analysis results demonstrate that our revised scheme has higher security while keeping the performance of the original scheme.