A certificateless aggregate signature scheme for VANETs with privacy protection properties

Aggregate signatures are excellent in simultaneously verifying the validity of multiple signatures, which renders them highly suitable for bandwidth-constrained environments. The certificateless public key system is among the most advanced public key cryptosystems at present. Scholars have combined their advantages to develop certificateless aggregate signature schemes, which are applicable to the secure communication of Vehicular Ad-hoc Networks (VANETs). Recently, Cahyadi E F et al. put forward a certificateless aggregate signature scheme specifically designed for use in VANETs. Regrettably, through our strict security analysis, we discovered at least two major vulnerabilities in the signature scheme: a public key replacement attack and a malicious KGC (Key Generation Center) attack. To tackle these vulnerabilities, our article not only presents the methods of these attacks but also explores the fundamental reasons for their feasibility. Additionally, we propose specific improvement measures and show that the enhanced scheme retains its security under the random oracle model. The stability of the improved scheme depends on the computational complexity of the Diffie-Hellman problem. Finally, a comprehensive assessment involving security, computational cost, communicational cost, and calculational efficiency overhead highlights the excellent performance of our proposed solution.