Attack on an Efficient Certificateless Aggregate Signature without Pairing

摘要

A Certificateless Aggregate Signature(CLAS) scheme was proposed by Qu and Mu recently, which was published in "Int J. Electronic Security and Digital Forensics, 2018, 10(2)". They used discrete logarithm to ensure the scheme's security. However,we show by formulating an attack that their CLAS scheme cannot defend against Type I adversary. Furthermore, we point out an error that exists in the signature simulation of their security proof.After that we give a correct signature simulation for the security proof. Finally, to resist the Type I attack, we present two methods for improving Qu et al's CLAS scheme. Moreover, the second improving method can elevate the trust level of Qu et al's CLAS scheme to the highest trust level: Level 3.