Cryptanalysis and Improvement of a Certificateless Proxy Signature Scheme from Bilinear Pairings

Due to avoiding the inherent escrow of identity- based cryptography and yet not requiring certificates to guarantee the authenticity of public keys, Li et al. proposed a certificateless proxy signature scheme from bilinear pairings. As for the security, they claimed their scheme satisfies the security requirements of proxy signature such as strong identifiability, verifiability ,strong undeniabilty, preventions of misuse, and strong unforgeability; and any third party who can even get the signed warrant generated by the original signer can not forge a proxy signature. In this paper, however, we successfully identify a forgery attack against their scheme. That is, based on the proxy signature generated by a proxy signer on a message on behalf of an original signer, an adversary can forge a valid proxy signature on the same message which seemed generated by the proxy signer on behalf of this adversary himself. After production a forged proxy signature, the adversary has the same authority with the original signer to the proxy signer, and the verifier cannot distinguish which one is the real original signer. To thwart this attacks, an improvement is further proposed.