Cryptanalysis to a Certificateless Threshold Signature Scheme

Certificateless public key cryptography is a new paradigm with two interesting features. On one hand, it keeps the certificate free property of identity-based public key cryptography (ID-PKC), while on the other hand, it gets rid of the inherent key escrow problem of ID-PKC. These two distinctive features make certificateless threshold signature schemes more applicable in practice as it removes the cost of transmitting and verifying the public key certificates of the participants who are involved in signing, and yet without the fear of key escrow. In this paper, we analyze the security of an existing certificateless threshold signature (CLTHS) scheme recently proposed by Zhong et al.[26]. We show it is insure by demonstrating its three security drawbacks. Especially, we present a kind of public key replacement attack against it. Our attack reveals that it is subject to universal forgeries of type I adversaries.