On the security of a certificateless signcryption scheme

Signcryption is a cryptographic primitive that simultaneously realizes both the functions of public key encryption and digital signature in a logically single step, and with a cost significantly lower than that required by the traditional “signature and encryption” approach. Recently, an efficient certificateless signcryption scheme without using bilinear pairings was proposed by Zhu et al., which is claimed secure based on the assumptions that the compute Diffie-Hellman problem and the discrete logarithm problem are difficult. Although some security arguments were provided to show the scheme is secure, in this paper, we find that the signcryption construction due to Zhu et al. is not as secure as claimed. Specifically, we describe an adversary that can break the IND-CCA2 security of the scheme without any Unsigncryption query. Moreover, we demonstrate that the scheme is insecure against key replacement attack by describing a concrete attack approach.

[1]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[2]  C. Pandu Rangan,et al.  Cryptanalysis of Certificateless Signcryption Schemes and an Efficient Construction without Pairing , 2009, Inscrypt.

[3]  Dong Hoon Lee,et al.  A new provably secure certificateless short signature scheme , 2011, Comput. Math. Appl..

[4]  Robert H. Deng,et al.  Cryptanalysis of a certificateless signcryption scheme in the standard model , 2011, Inf. Sci..

[5]  Guomin Yang,et al.  Certificateless public key encryption: A new generic construction and two pairing-free schemes , 2011, Theor. Comput. Sci..

[6]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[7]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8]  Kefei Chen,et al.  Efficient chosen-ciphertext secure certificateless threshold key encapsulation mechanism , 2010, Inf. Sci..

[9]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[10]  Liqun Chen,et al.  Improved Identity-Based Signcryption , 2005, Public Key Cryptography.

[11]  Zhu Hui,et al.  Certificateless Signcryption Scheme Without Pairing , 2010 .

[12]  Paulo S. L. M. Barreto,et al.  Toward Efficient Certificateless Signcryption from (and without) Bilinear Pairings , 2008, Anais do VIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2008).

[13]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[14]  Yi Mu,et al.  Certificateless threshold signature scheme from bilinear maps , 2010, Inf. Sci..

[15]  Josep Domingo-Ferrer,et al.  Simulatable certificateless two-party authenticated key agreement protocol , 2010, Inf. Sci..

[16]  C. Pandu Rangan,et al.  On the Security of Certificateless Signcryption Schemes , 2009 .

[17]  Jingang Zhang,et al.  On the security of a certificateless signcryption scheme , 2014 .

[18]  C. Pandu Rangan,et al.  Security Weaknesses in Two Certificateless Signcryption Schemes , 2010, IACR Cryptol. ePrint Arch..

[19]  Guomin Yang,et al.  Certificateless cryptography with KGC trust level 3 , 2011, Theor. Comput. Sci..

[20]  C. Pandu Rangan,et al.  A note on the Certificateless Multi-receiver Signcryption Scheme , 2009, IACR Cryptol. ePrint Arch..

[21]  Lei Zhang,et al.  Efficient many-to-one authentication with certificateless aggregate signatures , 2010, Comput. Networks.

[22]  C. Pandu Rangan,et al.  On the Security of ID Based Signcryption Schemes , 2011, IACR Cryptol. ePrint Arch..

[23]  John Malone-Lee,et al.  Identity-Based Signcryption , 2002, IACR Cryptol. ePrint Arch..

[24]  Yi Mu,et al.  Certificateless Threshold Ring Signature , 2009, Inf. Sci..

[25]  Fagen Li,et al.  Certificateless threshold signature secure in the standard model , 2013, Inf. Sci..

[26]  Yupu Hu,et al.  Certificateless signcryption scheme in the standard model , 2010, Inf. Sci..

[27]  Kyung-Ah Shim,et al.  Breaking the short certificateless signature scheme , 2009, Inf. Sci..

[28]  Fagen Li,et al.  Certificateless hybrid signcryption , 2009, Math. Comput. Model..

[29]  Zhang Zhang,et al.  Efficient and provably secure certificateless signcryption from bilinear maps , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[30]  Lei Zhang,et al.  Provably-secure electronic cash based on certificateless partially-blind signatures , 2011, Electron. Commer. Res. Appl..

[31]  Siu-Ming Yiu,et al.  Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity , 2003, ICISC.

[32]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[33]  Lei Zhang,et al.  A new certificateless aggregate signature scheme , 2009, Comput. Commun..

[34]  Manuel Barbosa,et al.  Certificateless signcryption , 2008, ASIACCS '08.

[35]  Lei Zhang,et al.  Corrigendum: "Provably-secure electronic cash based on certicateless partially-blind signatures" , 2013, Electron. Commer. Res. Appl..

[36]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[37]  Lei Zhang,et al.  A New Provably Secure Certificateless Signature Scheme , 2008, 2008 IEEE International Conference on Communications.

[38]  Futai Zhang,et al.  A new certificateless public key encryption scheme , 2008, Wuhan University Journal of Natural Sciences.

[39]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[40]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[41]  Zhixiong Chen,et al.  A New Efficient Certificateless Signcryption Scheme , 2008, 2008 International Symposium on Information Science and Engineering.

[42]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .