In ASIACCS 2007, Liu et al proposed a certificateless signature scheme which is provably secure in the standard model. However, as we will show in this paper, the proposed scheme is insecure against a malicious-but-passive KGC attack. This implies that the malicious-but-passive KGC, which generates system parameters based on the information of the target user, can forge valid signatures for that signer without being detected. Furthermore, we propose an improved scheme that remedies the weakness of Liu et al's scheme. The improved scheme can be proven secure against malicious-but-passive KGC attack in the standard model.

• 出版日期2008
• 单位电子科技大学