Cryptanalysis of Two Identity-Based Signcryption Schemes and an Identity-Based Multi-signcryption Scheme

In 2006, LI Fagen et al. proposed an efficient identity based signcryption scheme and declared that this scheme had the attributes of privacy, unforgeability, public verifiability, repudiation and forward security. After detailed analysis, we find that scheme does not meet the attributes which the author´s declared. Actually, an active attacker with the capacity of controlling the communication channel can replace the public key of the sender to forge a cipher text which can pass the unsigncrypt phase but don´t need to steal the private key of the sender. In 2009, LI Xiao et al. also found a method to forge a cipher text on the scheme of LI Fagan et al. Further, they proposed an improved identity-based signcryption scheme and declared their improved scheme had the attributes mentioned above. However we find a forged cipher text still can be constructed using the public key replacement attack. Finally, we point out the flaws in their schemes which our attack based on. In additional, we show that the Identity-Based Multi-Signcryption Scheme proposed by MENG Tao et al. in 2007 is insecure against the key replacement attack as well. In their scheme, an active attacker can replace the signcrypter´s public key and forge a valid cipher text to pass the examination of the receiver without knowledge of the signcrypter´s private key. we point out the flaws which lead to our attack succeeding to forge the valid cipher text and public key and illustrate protecting the signcrypter´s public key in the signcryption phase is very important as the message to be signcryption.