Breaking Two Provably-Secure Certificateless Signcryption Schemes for Internet of Things
preprint
OA: closed
Abstract
Abstract Recently, Gong et al. put forward a certificateless signcryption (CLSC) scheme suitable for Internet of things. The authors demonstrated that their scheme is confidential, unforgeable and forward secure, and it meets known session-specific temporary information security under the attacks of two Types of adversaries. More recently, Xu et al. constructed a CLSC mechanism suitable for edge computing on the basis of blockchain, and proved that their mechanism satisfies unforgeability and confidentiality. In this article, we first demonstrate Gong et al.’s scheme can be totally broken: every user can calculate the master secret key from the partial private key sent by Key Generation Center. Moreover, we prove that Gong et al.’s scheme is not confidential, unforgeable and forward secure, and it cannot enjoy known session-specific temporary information security, either. Next, we declare that Xu et al.'s mechanism is able to be universally forged by anyone, that is, everyone can forge valid signcryption ciphertexts of a sender on any message without knowing the sender’s secret information. Furthermore, Xu et al.’s mechanism is not CCA2 secure against two Types of adversaries.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.
Source provenance
- europepmc
- last seen: 2026-05-19T01:45:01.086888+00:00