IACR News item: 20 February 2013
Lin Cheng, Qiaoyan Wen, Zhengping Jin, Hua Zhang, Liming Zhou
ePrint Report
Aggregate signature can combinensignatures on nmessages fromnusers into a single short signature, and the resulting signature can convince the verifier that thenusers indeed signed
the ncorresponding messages. This feature makes aggregate signature very useful especially in environments with low bandwidth communication, low storage and low computability since it
greatly reduces the total signature length and verification cost. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They proved that their scheme is secure in a strengthened security model, where the \"malicious-but-passive\" KGC attack was considered. In this paper, we show that Xiong et al.\'s certificateless aggregate signature scheme is not secure
even in a weaker security model called \"honest-but-curious\" KGC attack model.
Additional news items may be found on the IACR news page.