关键词: 密钥生成中心, 公钥基础设施, 公钥替换攻击, 双线性对

Abstract: The Certificateless Signature (CLS) scheme simplifies the need of certificates in the Public Key Infrastructure (PKI), thus the CLS scheme is vulnerable to key replacement attacks. The schemes proposed by Ming-Wang, Li-Cheng-Sun and Cao-Paterson-Kou were analyzed. It is shown that these schemes are insecure because of an adversary who replaces the public key of a signer can forge valid signatures. Then the schemes were improved by binding technology, which satisfied a definition of Rafael-Ricardo’s certificateless general mode. Finally, it was shown that the identity-based cryptosystem signature scheme cannot be applied to CLS directly when a CLS scheme is designed.

Key words: Key Generation Center (KGC), Public Key Infrastructure (PKI), public key substitution attack, bilinear pairing