Constructing highly efficient signcryption with strong anonymity and low message expansion rate

Abstract

Signcryption is an efficient and powerful cryptographic primitive which can do encryption and signature in one logical step. Both confidentiality and unforgebility are the crucial security requirements for signcryption. Besides that some other security requirements may be needed for practical use. For example, Boyen defined a security requirement called ciphertext anonymity for Identity-Based signcryption. This property can assure that all the signcrypted texts are anonymous, hiding the identities of both sender and receiver. This feature favors applications like e-voting and e-auction. Due to the importance of anonymity, many works has been done on building and cryptanalyzing signcryption schemes with anonymity. However, no provably secure scheme under the conventional certificate-based public key setting is known yet. In the very first paper of Signcryption proposed by Zheng in 1997, it mentioned that signcryption could reduce the cost of traditional sign-then-encrypt construction. Here, the cost involves both computational cost and message expansion rate (MER), where MER is a way for measuring the size difference between the message and the ciphertext. However, most of the signcryption papers only focus on discussing computational time of their constructions, little has been addressed on MER, it is not known of a highly efficient signcryption scheme in terms of MER can be built which is comparable to Zheng’s seminal scheme while reaching the strongest security level ever defined for signcryption under the conventional certificate based public key setting. In this thesis, we provide affirmative answers to these two questions. Firstly, we construct an anonymous signcryption which hides the identities of both sender and receiver while achieving probably security with the strongest notions. Furthermore, we address the signer’s anonymity against the verifiers by proposing a ring signcryption scheme. The scheme ensure that neither any third parties nor the receiver can tell which member inside the ring actually generated the ring signcryption. We also provide formal security models and security proofs. Secondly, we give a detailed study on MER and propose a novel construction and two instantiations. This generic construction relies on a special class of public key encryption schemes which can have the encryption randomness recovered during decryption. One of our instantiations achieves a comparable MER and higher security level than Zheng’s original scheme. In particular, our scheme achieves provable insider security for both confidentiality and unforgebility. By using a similar idea, we construct another concrete signcryption scheme which reaches the lowest MER among all the known signcryption schemes, regardless which public key cryptographic setting we are considering. Moreover our scheme also achieves the strongest security notions ever defined namely public verifiability, insider confidentiality and insider unforgebility. According to our research results, we believe that signcryption schemes nowadays are efficient and secure enough for application running on low bandwidth environment and resource limited devices such as smart cards, mobile phones and pocket pcs.