On the Security of Identity Based Threshold Unsigncryption Schemes

Signcryption is a cryptographic primitive that provides confidentiality and authenticity simultaneously at a cost significantly lower than that of the naive combination of encrypting and signing the message. Threshold signcryption is used when a message to be sent needs the authentication of a certain number of members in an organisation, and until and unless a given number of members (known as the threshold) join the signcyption process, a particular message cannot be signcrypted. Threshold unsigncryption is used when this constraint is applicable during the unsigncryption process. In this work, we cryptanalyze two threshold unsigncryption schemes. We show that both these schemes do not meet the stringent requirements of insider security and propose attacks on both confidentiality and unforgeability. We also propose an improved identity based threshold unsigncryption scheme and give the formal proof of security in a new stronger security model.

[1]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[2]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[3]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[4]  Ratna Dutta,et al.  Pairing-Based Cryptographic Protocols : A Survey , 2004, IACR Cryptol. ePrint Arch..

[5]  Siu-Ming Yiu,et al.  Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity , 2003, ICISC.

[6]  Zhang Zhang,et al.  Signcryption scheme with threshold shared unsigncryption preventing malicious receivers , 2002, 2002 IEEE Region 10 Conference on Computers, Communications, Control and Power Engineering. TENCOM '02. Proceedings..

[7]  C. Pandu Rangan,et al.  Cryptanalysis of Li et al.'s Identity-Based Threshold Signcryption Scheme , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[8]  Peng Changgen,et al.  Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing , 2005, Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005..

[9]  John Malone-Lee,et al.  Identity-Based Signcryption , 2002, IACR Cryptol. ePrint Arch..

[10]  Joonsang Baek,et al.  Identity-Based Threshold Decryption , 2004, Public Key Cryptography.

[11]  C. Pandu Rangan,et al.  Breaking and Building of Threshold Signcryption Schemes , 2009, Inscrypt.

[12]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[13]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[14]  Fagen Li,et al.  ID-Based Threshold Unsigncryption Scheme from Pairings , 2005, CISC.

[15]  Jun Li,et al.  A Threshold Subliminal Channel for MANET Using Publicly Verifiable Hybrid Signcryption , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[16]  Fagen Li,et al.  ID-based Signcryption Scheme with (t, n) Shared Unsigncryption , 2006, Int. J. Netw. Secur..