Abstract
Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.
| Original language | English |
|---|---|
| Article number | e0128081 |
| Journal | PLoS One |
| Volume | 10 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2015 May 18 |
Fingerprint
ASJC Scopus subject areas
- Agricultural and Biological Sciences(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Medicine(all)
Cite this
Security analysis of the unrestricted identity-based aggregate signature scheme. / Lee, Kwangsu; Lee, Dong Hoon.
In: PLoS One, Vol. 10, No. 5, e0128081, 18.05.2015.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Security analysis of the unrestricted identity-based aggregate signature scheme
AU - Lee, Kwangsu
AU - Lee, Dong Hoon
PY - 2015/5/18
Y1 - 2015/5/18
N2 - Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.
AB - Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.
UR - http://www.scopus.com/inward/record.url?scp=84930619421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84930619421&partnerID=8YFLogxK
U2 - 10.1371/journal.pone.0128081
DO - 10.1371/journal.pone.0128081
M3 - Article
VL - 10
JO - PLoS One
JF - PLoS One
SN - 1932-6203
IS - 5
M1 - e0128081
ER -