Provable secure identity based generalized signcryption scheme

Zhao

Security and Communication Networks

et al. 2017

Generalized signcryption (GSC) can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH) assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL) assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices.

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Certificateless Key-Insulated Generalized Signcryption Scheme without Bilinear Pairings

Zhao

Security and Communication Networks

et al. 2017

“…According to Yu et al's scheme [21], the abilities of an adversary are formally modeled by queries issued by adversities. Each adversary may issue the following queries:…”

Section: Security Modelmentioning

confidence: 99%

“…We compare the efficiency and security of our scheme with those of three identity based generalized signcryption schemes, including Lal et al's scheme [20], Yu et al's scheme [21] and Kushwah et al's scheme [22]. We denote the modular exponentiation and the pairing computation by E, P, respectively.…”

Section: Efficiencymentioning

confidence: 99%

Identity Based Generalized Signcryption Scheme in the Standard Model

Shen

Yang

Feng

2017

Entropy

Generalized signcryption (GSC) can adaptively work as an encryption scheme, a signature scheme or a signcryption scheme with only one algorithm. It is more suitable for the storage constrained setting. In this paper, motivated by Paterson-Schuldt's scheme, based on bilinear pairing, we first proposed an identity based generalized signcryption (IDGSC) scheme in the standard model. To the best of our knowledge, it is the first scheme that is proven secure in the standard model.

“…In the same year, Boyen [15] proposed a multi-purpose signcryption scheme together with a comprehensive security model for a multi-purpose identitybased signcryption cryptosystem. After that, many identitybased signcryption schemes were proposed [16]- [21]. In 2008, Selvi and others [22] also proposed the first concept of certificateless signcryption.…”

Section: Related Workmentioning

confidence: 99%

Certificate-Based Signcryption Scheme without Pairing: Directly Verifying Signcrypted Messages Using a Public Key

Le¹,

Hwang²

2016

ETRI J

To achieve confidentiality, integrity, authentication, and non-repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate-based encryption schemes are designed to resolve the key escrow problem of identity-based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate-based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen-message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.Keywords: Signcryption, certificate-based signcryption, certificate-based public key cryptography. Manuscript received Nov. 15, 2015; revised Mar. 3, 2016, accepted Apr. 19, 2016 I. IntroductionAuthentication is a fundamental block of a secure system. Basically, it is a process for verifying that the identity of an entity belongs to a human or a device. For example, in the authentication process, a certificate in traditional public key cryptography (PKC) is usually used to prove that a public key belongs to a specific user. However, a public key infrastructure (PKI) that supports a traditional PKC has issues, such as complex installation and maintenance processes, issuance, distribution, and a revocation of the certificates.Although the authentication process seems to be irreplaceable, some public key cryptography models have been proposed in which the certificate is eliminated. In 1984, Shamir proposed the first concept of identity-based public key cryptography (ID-PKC) [1]. This scheme shows a great improvement, that is, it does not require PKI because the public key is an identity (for example, email, ID number, driver license number, and so on). In ID-PKC, a private key generator (PKG) uses a master secret key to generate all private keys for its users. The PKG requires secure channels to deliver the private keys to users securely. Although the improvement in ID-PKC is significant, some architectural issues still remain: (1) A secure channel to deliver the private keys is significantly costly to implement. (2) The PKG can impersonate any user at any time because it knows the private keys of all users, which is called the key escrow problem. This issue is unacceptable in certain cases such as legal applications because the PKG cannot guarantee non-repudiation. (3) Finally, the security of the whole system depends on the secrecy of the master secret key. If the PKG is compromised and the master key is revealed, the whole system is affected.To overcome the drawbacks of the traditional PKC and ID-PKC, the first concept ...