Abstract
Certificateless cryptography solves the certificate management problem in public-key cryptography and the key-escrow problem in identity-based cryptography. Xie et al. proposed a certificateless signature scheme using NTRU lattices. They proved that their scheme was existential unforgeable for Type I and Type II adversaries under the intractability of the Small Integer Solution (SIS) problem on NTRU lattices in the random oracle model. Subsequently, Hung et al. proposed a revocable certificateless signature scheme on NTRU lattices that gave a revocation method via public channels to revoke illegal or compromised users. They also proved that their scheme was existential unforgeable for Type I, Type II and Type III adversaries under the intractability of the SIS problem. Recently, Wang et al. proposed a certificateless aggregate signature scheme from bilinear pairings and Rezaeibagha et al. proposed a new lightweight certificateless scheme for Industrial Internet of Things from bilinear pairings. The security of their schemes was proven for Type I and Type II adversaries under the intractability of some mathematical problems. In this paper, we show that the two schemes on NTRU lattices are insecure against Type I or Type II adversaries. We also point out invalidity of Wang et al. ’s scheme and vulnerability of Rezaeibagha et al. ’s scheme against Type I attacks. We then suggest some improvements to prevent our attacks.
Highlights
Public-key cryptography using a random string as a public key needs authentication of the public key
2) TYPE I ATTACK ON REZAEIBAGHA et al.’s SCHEME We show that Rezaeibagha et al.’s CLS scheme is vulnerable to Type I attacks, where the Type I adversary can replace the user public key and knows the secret key related to the public key
We showed that Huang et al.’s revocable CLS (RCLS) scheme and Xie et al.’s CLS scheme were insecure against Type I or Type II attacks
Summary
Public-key cryptography using a random string as a public key needs authentication of the public key. Huang et al [7] proposed a revocable CLS (RCLS) scheme on NTRU lattices that gave a revocation method via public channels to revoke illegal or compromised users Their scheme utilized a sampling algorithm of the key extraction algorithm in Ducas et al.’s ID-based encryption scheme [2] to generate users’ partial private keys and the rejection sampling technique in the ring variant of Lyubashevsky’s signature scheme [9] to generate signatures. Wang et al [17] proposed a certificateless aggregate signature (CLAS) scheme from bilinear pairings and Rezaeibagha et al [11] proposed a new lightweight CLS scheme for Industrial Internet of Things from bilinear pairings The security of their schemes was proven for Type I and Type II adversaries under the intractability of some mathematical problems.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
