An Enhanced Certificateless Aggregate Signature Without Pairings for E-Healthcare System
Wenjie Yang, Shangpeng Wang, Yi Mu
Abstract
Recently, Gayathri et al. introduced an efficient certificateless aggregate signature (CLAS) for e-healthcare system and claimed that it can achieve efficient aggregation to different signatures on different messages from different medical sensors. In this article, we analyze it and find that the CLAS scheme and the underlying certificateless signature (CLS) scheme in it are not secure. Anyone can forge a valid aggregate/individual signature replacing the legitimate medical sensor only based on the public parameters set in Gayathri et al.'s CLAS scheme. Moreover, the malicious medical sensors can deny a valid aggregate signature (AS) by offering false individual signatures aggregated into this AS. We also present a secure CLAS scheme by aggregating an existing lightweight CLS scheme. The aggregation algorithm adopted in our new scheme is proven sound against inside attacks.