Comment on New Construction of Efficient Certificateless Aggregate Signatures

Aggregate signature can combine n signatures on n messages from n users into single signature, and the verifier should be convinced by the aggregate signature that n users indeed sign n messages. Since aggregate signature can greatly reduce the length of total signature and the cost of verification, it is widely used in environments with low bandwidth communication, low storage and low computability. Recently, Liu et al. [H Liu, S Wang, M Liang and Y Chen, “New Construction of Efficient Certificateless Aggregate Signatures”, International Journal of Security and Its Applications Vol.8, No.1 (2014), pp. 411-422] proposed an efficient certificateless aggregate signature scheme which is proven existentially unforgeable against adaptive chosen-message attacks. Unfortunately, Liu et al.’s new certificateless signature scheme is insecure. In this paper, giving concrete and simple attacks, we demonstrate that type II adversary key generation center can make ordinary-passive attack and malicious-active attack to forge legal certificateless signatures and certificateless aggregate signatures on any messages. Furthermore, we analyze possible reasons why key generation center succeeds in ordinary-passive attack and malicious-active attack.