Lee Kwangsu, Lee Dong Hoon
Center for Information Security Technologies, Korea University, Seoul, Korea.
PLoS One. 2015 May 18;10(5):e0128081. doi: 10.1371/journal.pone.0128081. eCollection 2015.
Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.
聚合签名允许任何人将不同签名者针对不同消息所签署的不同签名组合成一个短签名。理想的聚合签名方案是一种支持完全聚合的基于身份的聚合签名(IBAS)方案,因为它可以通过使用身份字符串作为公钥来减少总传输数据量,并且任何人都可以自由地聚合不同的签名。在双线性映射中构建一个支持完全聚合的安全IBAS方案是一个重要的开放问题。最近,袁等人提出了这样一种方案,并在计算Diffie-Hellman假设下的随机预言模型中宣称了其安全性。在本文中,我们表明他们的IBAS方案存在一种有效的伪造方法,并且他们的安全证明存在严重缺陷。
