On the Security of an Identity-Based Aggregate Signature Scheme

In ACISP 2006, Paterson and Schuldt proposed a provably secure identity-based signature scheme. Not long after that, the same authors claimed that their proposed scheme above also allows a form of aggregation in which the multiple signatures from the different signers on a single message can be aggregated into a single signature with a more efficient representation than the original set of signatures. The proposed identity-based signature scheme is provably secure in the standard model. In this paper, we show that the Paterson and Schuldt identity-based signature scheme does not support aggregation since the resulting identity-based aggregate signature scheme is vulnerable to both the insider and outsider attacks.