Cryptanalysis and improvements of an efficient certificate-based proxy signature scheme for IIoT environments (Q2234800)

The paper presents an attack on the pairing-free certificate-based proxy signature scheme proposed by \textit{G. K. Verma} et al. [``Short certificate-based proxy signature scheme from pairings'', Trans. Emerg. Telecommun. Technol. 28, No. 12, Article ID e3214, 15 p. (2017; \url{doi:10.1002/ett.3214})]. After discussing the motivation and related work on certificated-based signature schemes as-well as recalling the scheme presented by Verma et al., the authors show that the scheme is not secure against a signature forgery attack performed by a malicious proxy signer under standard cryptographic assumptions (ECDLP) in the random oracle model. The paper is clear, and the arguments are easy to follow as they rely on algebraic calculation. But the description of the certificate-based certification algorithm contains a minor error. The (trivial) classification of adversaries into six types instead of two is helpful to specify the concrete adversary. The authors' observation that an adversary can use the algebraic relations used in the protocol to calculate a forged signature is interesting. Moreover, the authors present a modified protocol fixing the vulnerability.