Security of self-certified signatures

A digital signature provides the authenticity of a signed message with respect to a public key, while the authenticity of the public key with respect to a signer lies on a certificate provided by a certificate authority. Whenever a verifier wants to verify a signature, he has first to verify the corresponding certificate. To reduce this burden, Lee and Kim proposed a new digital signature scheme called self-certified signature (SCS). In this scheme, verifiers can validate both the signature on the message and the related certificate information simultaneously. Then they extended the proposed self-certified signature scheme to a multi-certificate signature scheme (MCS), in which multiple certificate information need to be verified. In this paper, we show that their multi-certificate signature scheme does not satisfy certification as Lee and Kim claimed.