Breaking Two Provably-Secure Certificateless Signcryption Schemes for Internet of Things

Abstract Recently, Gong et al. put forward a certificateless signcryption (CLSC) scheme suitable for Internet of things. The authors demonstrated that their scheme is confidential, unforgeable and forward secure, and it meets known session-specific temporary information security under the attacks of two Types of adversaries. More recently, Xu et al. constructed a CLSC mechanism suitable for edge computing on the basis of blockchain, and proved that their mechanism satisfies unforgeability and confidentiality. In this article, we first demonstrate Gong et al.’s scheme can be totally broken: every user can calculate the master secret key from the partial private key sent by Key Generation Center. Moreover, we prove that Gong et al.’s scheme is not confidential, unforgeable and forward secure, and it cannot enjoy known session-specific temporary information security, either. Next, we declare that Xu et al.'s mechanism is able to be universally forged by anyone, that is, everyone can forge valid signcryption ciphertexts of a sender on any message without knowing the sender’s secret information. Furthermore, Xu et al.’s mechanism is not CCA2 secure against two Types of adversaries.