| Summary: | Certificateless cryptography does not require any certificate for the public key authentication and users' public keys are transmitted with ciphertext/signatures or by making them available in the IoT-based public directory in a proper way. Due to these features, certificateless cryptosystems are considered as fundamental cryptographic buildingblocks to provide authenticity, integrity and non-repudiation suitable for IoT applications. Yeh proposed a transaction scheme based on a certificateless signature scheme for IoT-based mobile payments implementing on Android Pay. He showed that the CLS scheme was unforgeable against Type I and Type II adversaries under the intractability of the mathematical problem. Despite the security proofs, we show that Yeh's scheme is still insecure against both Type I and Type II adversaries. Recently, Gayathri et al. constructed a compact certificateless aggregate signature scheme for Healthcare Wireless Medical Sensor Networks. Their aggregate signatures are constant-size independent of the number of signers. In this paper, we show that anyone can forge certificateless aggregate signatures of their scheme on any sets of messages and identities from only publicly known information, i.e. their scheme is entirely broken. We then discuss some improvements.
|
|---|
