Abstract: This paper analyzes the security of a certificateless proxy blind signature scheme presented by Huang Juan et al. and shows that it is insecure against a key replacement attack and malicious-but-passive KGC attack. A detailed attack method is given in this paper. Meanwhile, an improved scheme is further proposed, which is not only securer but also has the same efficiency compared with the original scheme.

Key words: certificateless public key cryptography, proxy blind signature, public key replacement attack, malicious-but-passive KGC attack, bilinear pairings

摘要： 对黄隽等人提出的无证书代理盲签名方案进行安全分析，指出该方案不仅不能抵抗公钥替换攻击，而且也不能抵抗恶意但被动的KGC的攻击，给出了具体的攻击方法。针对此方案的安全缺陷，提出一种改进方案，使得改进后的方案具有更高的安全性，并且改进后方案的效率与原方案相同。

关键词: 无证书公钥密码体制, 代理盲签名, 公钥替换攻击, 恶意但被动的KGC攻击, 双线性对