Certificateless cryptography does not need to use certificates and does not suffer from key-escrow problem.Therefore,certificateless cryptography has received much more attention.Recently,Some scholars proposed an efficient certificateless signature scheme respectively.In this paper,we analyse these two schemes and show that neither of them satisfies the property of being unforgeability.We also prove that these two schemes are insecure on replacement attacks against the public key.That is,an adversary could forge a signature for any message of any user by substituting the public key of the user.We also describe the attacking process in detail.%无证书密码学不需要使用证书,也没有密钥托管问题,是目前的一个研究热点.最近,有学者分别提出了一种高效的无证书签名方案.通过对这两个方案进行分析,指出这两个方案都不满足存在不可伪造性.证明这两个方案对于公钥替换攻击是不安全的,即敌手通过替换用户的公钥可以伪造该用户对任意消息的签名,并给出了详细的攻击过程.
展开▼
