| Summary: | As an extremely significant cryptographic primitive, certificateless signature (CLS) schemes can provide message authentication with no use of traditional digital certificates. High efficiency and provable security without random oracle are challensges in designing a CLS scheme. Recently, Karati <italic>et al.</italic> proposed an efficient pairing-based CLS scheme with no use of map-to-point hash function and random oracle model to provide data authenticity in Industrial Internet of Things (IIoT) systems. The security proof was given under several hardness assumptions. However, we notice that both public key replacement attack and known message attack are existing in Karati <italic>et al.</italic>’s scheme. Any adversary without knowledge of signer’s private key is capable of forging valid signatures. This leads to several serious consequences. For example, anybody can sign IIoT data on behalf of IIoT data owner without being detected.
|
|---|
