On the Provable Security of Multi-Receiver Signcryption Schemes

2009

Signcryption is a cryptographic primitive that provides authentication and confidentiality simultaneously in a single logical step. It is often required that multiple senders have to signcrypt a single message to a certain receiver. Obviously, it is inefficient to signcrypt the messages separately. An efficient alternative is to go for multi-signcryption. The concept of multi-signcryption is similar to that of multi-signatures with the added property - confidentiality. Recently, Jianhong et al. proposed an identity based multi-signcryption scheme. They claimed that their scheme is secure against adaptive chosen ciphertext attack and it is existentially unforgeable. In this paper, we show that their scheme is not secure against chosen plaintext attack and is existentially forgeable, we also provide a fix for the scheme and prove formally that the improved scheme is secure against both adaptive chosen ciphertext attack and existential forgery.

2009

This paper puts forward a new efficient construction for Multi-Receiver Signcryption in the Identity-based setting. We consider a scenario where a user wants to securely send a message to a dynamically changing subset of the receivers in such a way that non-members of this subset cannot learn the message. One obvious solution is to signcrypt the message to each member of the subset and transmit it to each of them individually. This requires a very long transmission (the number of receivers times the length of the message) and high computation cost. Another simple solution is to provide a key for every possible subset of receivers. This requires every user to store a huge number of keys. In this case, the storage efficiency is compromised. The goal of this paper is to provide a solution which is efficient in all three measures i.e. transmission length, storage of keys and computation at both ends. We propose a new scheme that achieves both confidentiality and authenticity simultaneously in this setting and is the most efficient scheme to date, in the parameters described above. It breaks the barrier of ciphertext length of linear order in the number of receivers, and achieves constant sized ciphertext, independent of the size of the receiver set. This is the first Multi-receiver Signcryption scheme to do so. We support the scheme with security proofs in the random oracle model under precisely defined security model.

Certificateless cryptography aims at combining the advantages of identity based and public key cryptography, so as to avoid the key escrow problem inherent in the identity based system and cumbersome certificate management in public key infrastructure. Signcryption achieves confidentiality and authentication simultaneously in an efficient manner. Multi-receiver signcryption demands signcrypting the same message efficiently for a large number of receivers. In this note, we strengthen the security of the certificateless multi-receiver signcryption scheme in [23] by proposing suitable enhancement to the scheme.

Arxiv preprint arXiv:0909.1412, 2009

Multi-signcryption is used when different senders wants to authenticate a single message without revealing it. This paper proposes a multi signcryption scheme in which no pairing is computed on the signcryption stage and the signatures can be verified publicly.

2010

Signcryption as a cryptographic primitive that offers both confidentiality and authentication simultaneously. Generally, in signcryption schemes, the message is hidden and thus the validity of the signcryption can be verified only after the unsigncryption process. Thus, a third party will not be able to verify whether the signcryption is valid or not. Signcryption schemes that allow any one to verify the validity of signcryption without the knowledge of the message are called public verifiable signcryption schemes. Third party verifiable signcryption schemes allow the receiver of a signcryption, to convince a third party that the signcryption is valid, by providing some additional information along with the signcryption. This information can be anything other than the receiver’s private key and the verification may or may not require the exposure of the corresponding message. This paper shows the security weaknesses in two such existing schemes namely [14] and [4]. The scheme in [14] is Public Key Infrastructure (PKI) based scheme and the scheme in [4] is an identity based scheme. More specifically, [14] is based on elliptic curve digital signature algorithm (ECDSA). We also, provide a new identity based signcryption scheme that provides both public verifiability and third party verification. We formally prove the security of the newly proposed scheme in the random oracle model.

Eprint Arxiv Cs 0701044, 2007

This paper presents an identity based multi-proxy multi-signcryption scheme from pairings. In this scheme a proxy signcrypter group could authorized as a proxy agent by the coopration of all members in the original signcryption group. Then the proxy signcryption can be generated by the cooperation of all the signcrypters in the authorized proxy signcrypter group on the behalf of the original signcrypter group. As compared to the scheme of Liu and Xiao, the proposed scheme provides public verifiability of the signature along with simplified key management.

Lecture Notes in Computer Science, 2009

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. Ring signcryption enables a user to signcrypt a message along with the identities of a set of potential senders (that includes him) without revealing which user in the set has actually produced the signcryption. Thus a ring signcrypted message has anonymity in addition to authentication and confidentiality. Ring signcryption schemes have no group managers, no setup procedures, no revocation procedures and no coordination: any user can choose any set of users (ring), that includes himself and signcrypt any message by using his private and public key as well as other users (in the ring) public keys, without getting any approval or assistance from them. Ring Signcryption is useful for leaking trustworthy secrets in an anonymous, authenticated and confidential way.

Journal of Information Science and Engineering, 2012

A signcryption scheme combining public key encryptions and digital signatures can simultaneously satisfy the security requirements of confidentiality, integrity, authenticity and non-repudiation. In a three-party communication environment, a message signcrypted by one party might have to be securely delivered to the other two and they usually independently decrypt the ciphertext and verify recovered signature. Consequently, traditional signcryption schemes of single-recipient setting are not applicable. In this paper, we elaborate on the certificate-based cryptosystem to propose a provably secure three-party signcryption scheme from bilinear pairings. The security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) are proved in the random oracle model. Moreover, our scheme enables each recipient to solely reveal the signer's original signature for public verification without extra computational efforts when the case of a later dispute over repudiation occurs. To the best of our knowledge, the proposed scheme is the first provably secure signcryption considering three-party communication environments.

Generalized signcryption a new domain for diverse application has attracted research community with its three flavors of encryption for confidentiality, signature for authentication and signcryption for both confidentiality and authentication. Our proposed scheme performs multi recipient encryption, multi recipient signature and multi recipient signcryption with significant low computation and communication cost by removing the complexity in the internal structure of the existing schemes and use of elliptic curve cryptography.

2012 International Conference on Information Technology and e-Services, 2012

Signcryption is a cryptographic primitive which combines both the functions of digital signature and public key encryption logically in single step, and with a computational cost significantly less than required by the traditional signature-then-encryption approach. Identity based cryptosystem is a public key cryptosystem in which public key can be any arbitrary string. Hybrid cryptosystem combines the convenience of a public key cryptosystem with the efficiency of a symmetric cryptosystem. Dent [4] has given security models for hybrid signcryption scheme with insider security. He has given two security models for hybrid signcryption KEM: key indistinguishability and message indistinguishability model. Hybrid signcryption in identity base setting was given by Fagen Li et al. [10]. In this paper [10] only one security model key indistinguishability is considered. Our contribution in this paper is three fold: First we give new proof for IDB hybrid signcryption in Dent [4] security model. Second for the confidentiality of hybrid signcryption, we improve the bound as compared to Dent [4].Third we also give the example of identity based hybrid signcryption based on [11].