International Association
for Cryptologic Research

Most of certificateless signature schemes without random oracles can not resist key replacement attack. To overcome this security weakness, Yu et al. recently propose a new certificateless signature scheme and claimed that their scheme is provably secure in the standard model. However, in this paper, we show their scheme is still insecure against key replacement attack where an adversary who replaces the public key of a signer can forge valid signatures on any messages for that signer without knowing the signer\'s partial secret key. Moreover, we show Yu et al.\'s certificateless signature scheme is vulnerable to ``malicious-but-passive\'\' KGC attack where a malicious KGC can forge valid signatures by embedding extra trapdoors in the system parameter.