Recently, Hashimoto and Ogata proposed a constant-size certificateless aggregate signature scheme based on bilinear pairings. Karati et al. constructed a new certificateless signature scheme without bilinear pairings. The schemes were proven secure against both Type I and Type II adversaries in the random oracle model under the hardness assumptions of the Elliptic Curve discrete logarithm problem and the Computational Diffie?Hellman problem. In this paper, we first show that Hashimoto and Ogata is insecure against a Super-Type I adversary who knows the user secret key associated to the replaced public key and suggest its improvement to prevent our attack.
