Certificateless Signature Revisited

摘要

In this paper we revisit the security models of certificateless signatures and propose two new constructions which are provably secure in the random oracle model. We divide the potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type Ⅰ Adversary and Type Ⅱ Adversary in certificateless system, we then define the security of certificateless signatures in different attack scenarios. Our new models, together with the others in the literature, will enable us to better understand the security of certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proved secure against Normal Type Ⅰ and Super Type Ⅱ Adversary, enjoys the shortest signature length among all the known certificateless signature schemes. The second scheme is secure against Super Type Ⅰ and Type Ⅱ adversary. Compared with the scheme in ACNS 2006 which has a similar security level, our second scheme requires lower operation cost but a little longer signature length.