Abstract

Certificateless cryptography does not require any certificate for the public key authentication and users' public keys are transmitted with ciphertext/signatures or by making them available in the IoT-based public directory in a proper way. Due to these features, certificateless cryptosystems are considered as fundamental cryptographic buildingblocks to provide authenticity, integrity and non-repudiation suitable for IoT applications. Yeh proposed a transaction scheme based on a certificateless signature scheme for IoT-based mobile payments implementing on Android Pay. He showed that the CLS scheme was unforgeable against Type I and Type II adversaries under the intractability of the mathematical problem. Despite the security proofs, we show that Yeh's scheme is still insecure against both Type I and Type II adversaries. Recently, Gayathri et al. constructed a compact certificateless aggregate signature scheme for Healthcare Wireless Medical Sensor Networks. Their aggregate signatures are constant-size independent of the number of signers. In this paper, we show that anyone can forge certificateless aggregate signatures of their scheme on any sets of messages and identities from only publicly known information, i.e. their scheme is entirely broken. We then discuss some improvements.

Highlights

  • Public-key cryptography requires the public key authentication by a trusted third party called ‘Certificate Authority’

  • We show that Gayathri et al.’s certificateless aggregate signature (CLAS) scheme is insecure against universal forgery attacks

  • UNIVERSAL FORGERY ATTACKS ON GAYATHRI et al.’s SCHEMES we show that anyone can forge certificateless signatures and aggregate signatures of Gayathri et al.’s schemes on any messages for any identities using only publicly known information, i.e. their CLS and CLAS schemes are vulnerable to universal forgery attacks

Read more

Summary

INTRODUCTION

Public-key cryptography requires the public key authentication by a trusted third party called ‘Certificate Authority’. AI succeeds in forging a certificateless signature on any message m for {IDi, PKi } without knowing the partial private key for IDi generated by the master secret key s. Suppose that a Type II adversary AII , who knows the master secret s, intends to forge a signature on any message m for a user with a user public key PKi and an identity IDi. Ri = ID−i 1 · (aP − PKi), hi = H (IDi, Ri, PKKGC ), Ti = tP, ki = H (m, Ti, PKi, hi), τi = ti + ki · (a + hi · s) mod n. Algebraic relations in the underlying group allow the adversary to generate specific values for removing the master secret key and the user secret key that results in forging signatures and aggregate signatures of the schemes. It is trivial that Gayathri et al.’s CLS and CLAS schemes are insecure against both Type I and Type II adversaries with special abilities

DISCUSSIONS AND SOME IMPROVEMENTS
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.