Abstract
Certificateless PKC and self-certified PKC are two new public key systems. They remove the necessity of certificate to ensure the authentication of the user's public key in CB-PKC and also overcome the inherent key escrow problem in IB-PKC. Recently, Zhang et.al proposed a self-certified signcryption scheme, and Wu et.al gave a certificateless signcryption scheme. However, in this paper, we analyze the security of Zhang\emph{ et.al}'s self-certified signcryption scheme and Wu \emph{et.al} certificateless signcryption scheme, and show that the two signcryption schemes are insecure though the two schemes were proven to be secure under the random oracle model in \cite{mu} and \cite{wu}. In the self-certified signcryption scheme, a malicious user can forge a signcryption on an arbitrary message m without CA's authentication. In Wu\emph{et.al}'s certificateless signcryption scheme, confidentiality of signcryption is not satisfied. Namely, the scheme is not against chosen ciphertext attack. Finally, we give the corresponding attack,and to overcome the above flaws, we also discuss the corresponding improved method, respectively.