On the security of a certificateless short signature scheme

Certificateless cryptography has attracted much attention due to its distinctive features. By eliminating the certification costs in traditional public key cryptography and addressing the private key escrow problem in identity-based cryptography, certificateless cryptography has become a mesmeric paradigm for developing various cryptographic primitives. Digital signatures with short signature length have always been an attractive area given their applications in handheld devices which are operating with limited computational power in restricted communication bandwidth. However, there has always been a trade-off between the shortness and efficiency of the signatures and their security. In 2012, Tso et al. proposed a new short certificateless signature scheme which claimed to be more secure than the existing signature schemes by being secure against the strongest type adversary in certificateless paradigm (i.e. super adversary). In this paper, we mount a public key replacement attack on their scheme and show that their scheme is insecure against a Type I strong adversary which is much weaker than a super adversary.