New Identity-based Sequential Aggregate Signature Scheme from RSA

An identity-based sequential aggregate signature (IBSAS) scheme provides a shorter aggregate signature for multiple signers in which each signer has signed his/her own message and all generated signatures are aggregated in sequence. During aggregate signature verification process, a verifier can identify the generated order and the validity of signatures. In 2012, Dou et al. first proposed two new IBSAS schemes based on RSA. One scheme is non-interactive and the other is interactive. This study discovers that the non-interactive IBSAS scheme of Dou et al. is vulnerable to a forgery attack. In our attack, a legal but malicious signer is capable to forge an IBSAS without knowing the other signers' private keys. In order to overcome the weakness, we propose a non-interactive IBSAS scheme based on the identity-based signature scheme of Qian and Cao. We then show that our non-interactive IBSAS scheme is secure against proposed forgery attack.