Study on a Provably Secure Certificateless Aggregate Signature Scheme

The certificateless signature has become one of the hotspots of cryptography research owing to its successful resolution of problems between traditional public key cryptography and identity-based cryptography. Because of the calculation characteristics of the certificateless signature scheme, it is more suitable to be applied in certain network environment in which the resource is constrained, such as wireless sensor networks and so on. This paper analyzes the security of Du et al.'s certificateless aggregate signature scheme. The analysis shows that Du et al.'s certificateless aggregate signature scheme does not have the security property of unforgeability. A malicious KCG(Key Generation Center) can forge a valid aggregate signature on any designated message even without the signer's private key. In order to overcome this problem, this paper adopts a method of adding a hash function to the improved certificateless aggregate signature scheme. Our improved scheme is capable of resisting the forgery attack without increasing the computational cost.