{"title":"A lightweight certificateless aggregate signature scheme without pairing for VANETs.","authors":"Qiuling Yue, Weijian Jiang, Hong Lei","doi":"10.1038/s41598-025-08656-1","DOIUrl":null,"url":null,"abstract":"<p><p>In the secure vehicular ad-hoc networks (VANETs), certificateless aggregate signature schemes(CLAS) have attracted more and more attention because they can efficiently implement message aggregation and authentication without complex certificate management. Recently, Zheng et al. proposed an efficient and privacy-protecting certificateless aggregate signature scheme, which is applicable to VANETs. However, through in-depth analysis, we found that it is vulnerable to temporary rogue key attacks. That is, an adversary can exploit the random numbers in signatures to generate an ephemeral rogue key, enabling him/her to forge an aggregate signature using both this rogue key and his/her private key. Furthermore, the forged signature can pass the verification without being detected. This paper fixes this vulnerability and proposes a security-enhanced CLAS scheme for VANETs. Specifically, our improved solution incorporates an additional aggregator's signature into the original framework and implements simultaneous verification of both the aggregator's signature and the aggregate signature to effectively resist rogue key attacks. In terms of security, we conducted a rigorous analysis of the security-enhanced CLAS scheme. In addition, through performance evaluation experiments, we compare the computational complexity and communication overhead of the security-enhanced CLAS scheme and some other schemes. The experimental results show that the security-enhanced CLAS scheme demonstrates significant advantages in both computational efficiency and communication cost while maintaining security. Our method can provide valuable references for the design of security solutions in related fields.</p>","PeriodicalId":21811,"journal":{"name":"Scientific Reports","volume":"15 1","pages":"23663"},"PeriodicalIF":3.8000,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scientific Reports","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.1038/s41598-025-08656-1","RegionNum":2,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MULTIDISCIPLINARY SCIENCES","Score":null,"Total":0}
引用次数: 0
Abstract
In the secure vehicular ad-hoc networks (VANETs), certificateless aggregate signature schemes(CLAS) have attracted more and more attention because they can efficiently implement message aggregation and authentication without complex certificate management. Recently, Zheng et al. proposed an efficient and privacy-protecting certificateless aggregate signature scheme, which is applicable to VANETs. However, through in-depth analysis, we found that it is vulnerable to temporary rogue key attacks. That is, an adversary can exploit the random numbers in signatures to generate an ephemeral rogue key, enabling him/her to forge an aggregate signature using both this rogue key and his/her private key. Furthermore, the forged signature can pass the verification without being detected. This paper fixes this vulnerability and proposes a security-enhanced CLAS scheme for VANETs. Specifically, our improved solution incorporates an additional aggregator's signature into the original framework and implements simultaneous verification of both the aggregator's signature and the aggregate signature to effectively resist rogue key attacks. In terms of security, we conducted a rigorous analysis of the security-enhanced CLAS scheme. In addition, through performance evaluation experiments, we compare the computational complexity and communication overhead of the security-enhanced CLAS scheme and some other schemes. The experimental results show that the security-enhanced CLAS scheme demonstrates significant advantages in both computational efficiency and communication cost while maintaining security. Our method can provide valuable references for the design of security solutions in related fields.
期刊介绍:
We publish original research from all areas of the natural sciences, psychology, medicine and engineering. You can learn more about what we publish by browsing our specific scientific subject areas below or explore Scientific Reports by browsing all articles and collections.
Scientific Reports has a 2-year impact factor: 4.380 (2021), and is the 6th most-cited journal in the world, with more than 540,000 citations in 2020 (Clarivate Analytics, 2021).
•Engineering
Engineering covers all aspects of engineering, technology, and applied science. It plays a crucial role in the development of technologies to address some of the world''s biggest challenges, helping to save lives and improve the way we live.
•Physical sciences
Physical sciences are those academic disciplines that aim to uncover the underlying laws of nature — often written in the language of mathematics. It is a collective term for areas of study including astronomy, chemistry, materials science and physics.
•Earth and environmental sciences
Earth and environmental sciences cover all aspects of Earth and planetary science and broadly encompass solid Earth processes, surface and atmospheric dynamics, Earth system history, climate and climate change, marine and freshwater systems, and ecology. It also considers the interactions between humans and these systems.
•Biological sciences
Biological sciences encompass all the divisions of natural sciences examining various aspects of vital processes. The concept includes anatomy, physiology, cell biology, biochemistry and biophysics, and covers all organisms from microorganisms, animals to plants.
•Health sciences
The health sciences study health, disease and healthcare. This field of study aims to develop knowledge, interventions and technology for use in healthcare to improve the treatment of patients.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
