Abstract
Certificateless public key cryptography is a recently proposed attractive paradigm which combines advantages of both certificate-based and ID-based public key cryptosystems as it avoids usage of certificates and does not suffer from key escrow. Since it was firstly introduced by Al-Ryiami and Pater-son in Asiacrypt 2003, numerous certificateless encryption and signature schemes with additional properties have been proposed. In this paper, we present a security analysis of two such schemes: the Li et al.'s certificateless proxy signature scheme and the Ming et al.'s certificateless universal designated verifier signature scheme. Our results show that both schemes are insecure against public key replacement attack, which is one basic attack against a certificateless public key scheme. In this attack, an adversary can forge a valid signature on any message by replacing the public key of the signer. Finally, we give the corresponding improved measure respectively which can resolve the security problems existing in the original schemes.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
