Attack on Chen et al.'s certificateless aggregate signature scheme

Certificateless aggregate signature can provide an efficient way to verify a large amount of signatures from different users. This feature makes it very useful in the environments with low bandwidth communication, low storage, and low computability. Recently, Chen et al. proposed a new certificateless aggregate signature scheme. They claim that their scheme is provably secure under the computational Diffie-Hellman problem. Unfortunately, this paper shows that Chen et al.'s scheme is insecure, it cannot resist Type I and Type II adversaries, and the corresponding attacks are given. Furthermore, we also show their scheme exists a more powerful attack, namely, anyone can forge a certificateless signature on an arbitrary message in this attack. Finally, we discuss the reason to produce such attacks and give the corresponding suggestions to resist such attacks. Copyright (C) 2015 John Wiley & Sons, Ltd.