Cryptanalysis on Two Certificateless Signature Schemes

Futai Zhang, Sujuan Li, Songqin Miao, Yi Mu, Willy Susilo, Xinyi Huang


Certificateless cryptography has attracted a lot of attention from the research community, due to its applicability in information security. In this paper, we analyze two recently proposed certificateless signature schemes and point out their security flaws. In particular, we demonstrate universal forgeries against these schemes with known message attacks.


certificateless cryptography, certificateless signature, public key replacement, universal forgery

Full Text:



S. Al-Riyami, K. Paterson. Certificateless public key cryptography. Proceedings of Asiacrypt 2003, Lecture Notes in Computer Science 2894, Springer-Verlag, 452-473, 2003.

A. Shamir. Identity based cryptosystems and signature schemes. Proceedings of Crypto'84, 47-53, 1984.

X. Huang, W. Susilo, Y. Mu, F. Zhang. On the security of a certificateless signature scheme. Proceedings of ACISP 2005, 13-25, 2005.

Z. Xu, X. Liu, G. Zhang,W. He, G. Dai,W. Shu. A Certificateless Signature Scheme for MobileWireless Cyber-Physical Systems. The 28th International Conference on Distributed Computing Systems Workshops, 489-494, 2009.

Z. Xu, X. Liu, G. Zhang, W. He. McCLS: Certificateless Signature Scheme for Emergency Mobile Wireless Cyber-Physical Systems. International Journal of Computers, Communications & Control (IJCCC), 3(4): 395-411, 2008.

W. Yap, S. Heng, B. Goi1. An efficient certificateless signature scheme. Proceedings of EUC Workshops 2006, Lecture Notes in Computer Science 4097, Springer-Verlag, 322-331, 2006.

J. Park. An attack on the certificateless signature scheme from EUC Workshops 2006. Cryptology ePrint Archive, Report 442, 2006.

Z. Zhang, D. Feng. Key replacement attack on a certificateless signature scheme. Cryptology ePrint Archive, Report 453, 2006.

K. Choi, J. Park, J. Hwang, D. Lee. Efficient certificateless signature schemes. Proceedings of ACNS 2007, Lecture Notes in Computer Science 4521, Springer-Verlag, 443-458, 2007.

R. Castro, R. Dahab. Two notes on the security of certificateless signatures. Proceedings of ProvSec 2007, Lecture Notes in Computer Science 4784, Springer-Verlag, 85-102, 2007.

Z. Zhang, D. Wong, J. Xu, D. Feng. Certificateless public-key signature: security model and efficient construction. Proceedings of ACNS 2006, Lecture Notes in Computer Science 3989, Springer- Verlag, 293-308, 2006.

B. Hu, D. Wong, Z. Zhang, X. Deng. Key replacement attack against a generic construction of certificateless signature. Proceedings of ACISP 2006, Lecture Notes in Computer Science 4058, Springer-Verlag, 235-346, 2006.

X. Huang, Y. Mu, W. Susilo, D. Wong, W. Wu. Certificateless signature revisited. Proceedings of ACISP 2007, Lecture Notes in Computer Science 4586, Springer-Verlag, 308-322, 2007.

L. Zhang, F. Zhang, F. Zhang. New efficient certificateless signature scheme. Proceedings of EUC Workshops 2007, Lecture Notes in Computer Science 4809, Springer-Verlag, 692-703, 2007.


Copyright (c) 2017 Futai Zhang, Sujuan Li, Songqin Miao, Yi Mu, Willy Susilo, Xinyi Huang

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]

INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.


 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2);

SCImago Journal & Country Rank

Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.