Comments on “verifiable outsourced attribute-based signature scheme”

Ren and Jiang recently published a “verifiable outsourced attribute-based signature scheme” in Multimedia Tools and Applications. In this note, we first provide two attacks on the verifiability of the semi-signatures of this scheme by showing that a malicious signing-cloud service provider (S-CSP) can always cheat the signer unlike the authors’ claim. Moreover, one of these attacks also implies that an untrusted S-CSP can always forge signatures contrary to the claimed unforgeability against chosen message attacks. Therefore, this scheme unfortunately does not satisfy the main security properties for a delegated signature scheme.