• certificateless signature;
  • malicious-but-passive KGC attack;
  • random oracle;
  • lattice


In identity-based signatures, the key generation center (KGC) always knows user private key, and thus, it can always impersonate the user. Certificateless signatures were introduced by Al-Riyami and Paterson to solve this key escrow problem of identity-based signatures in 2003. In certificateless signatures, the private key is determined by neither the user nor the KGC. In 2007, Huang et al. revisited the security models of certificateless signatures. They divided potential adversaries according to their attack power into normal, strong and super adversaries. On the other hand, Au et al. introduced a new attack called malicious-but-passive KGC attack in the same year. In the new attack, KGC that holds the master secret key is assumed malicious at the very beginning of the setup phase of the system. The previous schemes that can be proven secure against malicious-but-passive KGC attack provided only the security against strong adversaries. In this paper, we construct the first certificateless signature scheme that can be proven secure against malicious-but-passive KGC attack of super adversaries. Moreover, our scheme is still secure when the adversary is allowed to obtain valid signatures on the target identity and message. Our construction is based on the hard lattice problems in the random oracle model.Copyright © 2014 John Wiley & Sons, Ltd.