Cryptanalysis and improvement of three certificateless aggregate signature schemes (Q1720502)

Summary: The certificateless aggregate signature (CLAS) scheme is a very important data aggregation technique that compresses a large number of signatures from different users into a short signature. CLAS can reduce the total length of a signature and the computational overhead of signature verification and is therefore highly suitable for resource-constrained network environments. Many CLAS schemes have been proposed in recent years, but the construction of a secure and efficient CLAS scheme remains important. In 2018, Li et al. found that the CLAS scheme proposed by He et al. could not resist malicious-but-passive KGC attacks, and they presented an improved CLAS scheme. Du et al. proposed a CLAS scheme with the constant aggregate signature length and claimed that their scheme was resistant to forgery attacks. Chen et al. designed a CLAS scheme with efficient verification and proved that their CLAS scheme was secure in the random oracle model. In this paper, we demonstrate that Li et al.'s CLAS scheme, Du et al.'s CLAS scheme, and Chen et al.'s CLAS scheme are insecure against coalition attacks and present concrete examples. That is, an attacker can forge a valid aggregate signature using some illegal single signatures. To withstand suck attacks, we propose an improved CLAS scheme based on Chen et al.'s CLAS scheme.