Certificateless KEM and Hybrid Signcryption Schemes Revisited

Often authentication and confidentiality are required as simultaneous key requirements in many cryptographic applications. The cryptographic primitive called signcryption effectively implements the same and while most of the public key based systems are appropriate for small messages, hybrid encryption (KEM-DEM) provides an efficient and practical way to securely communicate very large messages. The concept of certificateless hybrid signcryption has evolved by combining the ideas of signcryption based on tag-KEM and certificateless cryptography. Recently, Lippold et al. [14] proposed a certificateless KEM in the standard model and the first certificateless hybrid signcryption scheme was proposed by Fagen Li et al. [16]. In this paper, we show that [14] is not Type-I CCA secure and [16] is existentially forgeable. We also propose an improved certificateless hybrid signcryption scheme and formally prove the security of the improved scheme against both adaptive chosen ciphertext attack and existential forgery in the appropriate security model for certificateless hybrid signcryption.

[1]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[2]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[3]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[4]  Colin Boyd,et al.  Efficient Certificateless KEM in the Standard Model , 2009, ICISC.

[5]  Fagen Li,et al.  Certificateless hybrid signcryption , 2009, Math. Comput. Model..

[6]  Ratna Dutta,et al.  Pairing-Based Cryptographic Protocols : A Survey , 2004, IACR Cryptol. ePrint Arch..

[7]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[8]  Paulo S. L. M. Barreto,et al.  Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps , 2005, ASIACRYPT.

[9]  Qiong Huang,et al.  Generic Certificateless Key Encapsulation Mechanism , 2007, ACISP.

[10]  Siu-Ming Yiu,et al.  Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity , 2003, ICISC.

[11]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[12]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[13]  Michael J. Freedman,et al.  Versatile padding schemes for joint signature and encryption , 2004, CCS '04.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[15]  Liqun Chen,et al.  Improved Identity-Based Signcryption , 2005, Public Key Cryptography.

[16]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[17]  C. Pandu Rangan,et al.  A note on the Certificateless Multi-receiver Signcryption Scheme , 2009, IACR Cryptol. ePrint Arch..

[18]  Pooya Farshim,et al.  Generic Constructions of Identity-Based and Certificateless KEMs , 2008, Journal of Cryptology.

[19]  C. Pandu Rangan,et al.  Efficient and Provably Secure Certificateless Multi-receiver Signcryption , 2008, ProvSec.

[20]  Wenbo Mao,et al.  Two Birds One Stone: Signcryption Using RSA , 2003, CT-RSA.

[21]  John Malone-Lee,et al.  Identity-Based Signcryption , 2002, IACR Cryptol. ePrint Arch..

[22]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[23]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Insider Security , 2005, ACISP.

[24]  Jean-Jacques Quisquater,et al.  Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups , 2004, Public Key Cryptography.

[25]  Manuel Barbosa,et al.  Certificateless signcryption , 2008, ASIACCS '08.

[26]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.