Security Analysis of the Unrestricted Identity-Based Aggregate Signature Scheme

TL;DR

This paper critically examines a recent identity-based aggregate signature scheme, revealing a security flaw and demonstrating that its claimed security proof is flawed, thus questioning its reliability.

Contribution

The paper identifies a security vulnerability in Yuan et al.'s IBAS scheme and exposes flaws in their security proof, challenging prior claims of security in the random oracle model.

Findings

Existence of an efficient forgery attacker on the scheme

Flaw in the original security proof

Questions the scheme's security claims

Abstract

Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a single short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan {\it et al.} proposed an IBAS scheme with full aggregation in bilinear maps and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there exists an efficient forgery attacker on their IBAS scheme and their security proof has a serious flaw.