Efficient and Provably Secure Certificateless Multi-receiver Signcryption

Selvi, S. Sharmila Deva; Vivek, S. Sree; Shukla, Deepanshu; Chandrasekaran, Pandu Rangan

doi:10.1007/978-3-540-88733-1_4

Cited by 37 publications

(27 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Precise definition of Message Confidentiality and Non-repudiation are defined using security models. For the details, please refer to [14].…”

Section: B Security Requirements Of Certificateless Multi-receiver Smentioning

confidence: 99%

“…A certificateless Multi-Receiver signcryption scheme is defined by a five-tuple of probabilistic polynomial-time algorithms [14]:…”

Section: A Framework Of Certificateless Multi-receiver Signcryptionmentioning

confidence: 99%

“…The first certificateless multi-receiver signcryption scheme was presented by Selvi et al [14]. Recently, they found the scheme cannot resist the attacks from the type I adversary and presented an enhanced one.…”

Section: Introductionmentioning

confidence: 98%

See 2 more Smart Citations

Cryptanalysis of a Certificateless Multi-receiver Signcryption Scheme

Miao

Zhang

2010

2010 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

Certificateless public key cryptography eliminates certificate management in traditional public key infrastructure and solves the key escrow problem in identity-based cryptography. Certificateless signcryption is one of the most important primitives in certificateless public key cryptography which achieves confidentiality and authentication simultaneously. Multi-receiver signcryption signcrypts a message to a large number of receivers. Selvi et al. proposed the first efficient and provably secure certificateless multi-receiver signcryption scheme. Recently, they found the scheme is insecure against the type I adversary and gave an enhanced one. However, we find that their enhanced scheme is still insecure against the type I adversary. In this paper, we present an attack on Selvi et al.'s enhanced scheme. Specifically, we show that a type I adversary can first replace a sender's public key and generate a signcrypted message on behalf of the sender.

show abstract

“…Precise definition of Message Confidentiality and Non-repudiation are defined using security models. For the details, please refer to [14].…”

Section: B Security Requirements Of Certificateless Multi-receiver Smentioning

confidence: 99%

“…A certificateless Multi-Receiver signcryption scheme is defined by a five-tuple of probabilistic polynomial-time algorithms [14]:…”

Section: A Framework Of Certificateless Multi-receiver Signcryptionmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis of a Certificateless Multi-receiver Signcryption Scheme

Miao

Zhang

2010

2010 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

show abstract

“…A somewhat related notion is multi-receiver signcryption [8][17] [16] which can provide not only confidentiality and integrity but also authenticity and non-repudiation for multiple receivers. In fact, a sender in our generic construction plays the role of a receiver in a multi-receiver signcryption setting.…”

Section: Introductionmentioning

confidence: 99%

Public Key Encryption for the Forgetful

Wei

Zheng

Wang

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

We investigate public key encryption that allows the originator of a ciphertext to retrieve a "forgotten" plaintext from the ciphertext. This type of public key encryption with "backward recovery" contrasts more widely analyzed public key encryption with "forward secrecy". We advocate that together they form the two sides of a whole coin, whereby offering complementary roles in data security, especially in cloud computing, 3G/4G communications and other emerging computing and communication platforms. We formalize the notion of public key encryption with backward recovery, and present two construction methods together with formal analyses of their security. The first method embodies a generic public key encryption scheme with backward recovery using the "encrypt then sign" paradigm, whereas the second method provides a more efficient scheme that is built on Hofheinz and Kiltz's public key encryption in conjunction with target collision resistant hashing. Security of the first method is proved in a two-user setting, whereas the second is in a more general multi-user setting.

show abstract

“…After that, many identitybased signcryption schemes were proposed [16]- [21]. In 2008, Selvi and others [22] also proposed the first concept of certificateless signcryption.…”

Section: Related Workmentioning

confidence: 99%

Certificate-Based Signcryption Scheme without Pairing: Directly Verifying Signcrypted Messages Using a Public Key

Le¹,

Hwang²

2016

ETRI J

View full text Add to dashboard Cite

To achieve confidentiality, integrity, authentication, and non-repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate-based encryption schemes are designed to resolve the key escrow problem of identity-based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate-based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen-message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.Keywords: Signcryption, certificate-based signcryption, certificate-based public key cryptography. Manuscript received Nov. 15, 2015; revised Mar. 3, 2016, accepted Apr. 19, 2016 I. IntroductionAuthentication is a fundamental block of a secure system. Basically, it is a process for verifying that the identity of an entity belongs to a human or a device. For example, in the authentication process, a certificate in traditional public key cryptography (PKC) is usually used to prove that a public key belongs to a specific user. However, a public key infrastructure (PKI) that supports a traditional PKC has issues, such as complex installation and maintenance processes, issuance, distribution, and a revocation of the certificates.Although the authentication process seems to be irreplaceable, some public key cryptography models have been proposed in which the certificate is eliminated. In 1984, Shamir proposed the first concept of identity-based public key cryptography (ID-PKC) [1]. This scheme shows a great improvement, that is, it does not require PKI because the public key is an identity (for example, email, ID number, driver license number, and so on). In ID-PKC, a private key generator (PKG) uses a master secret key to generate all private keys for its users. The PKG requires secure channels to deliver the private keys to users securely. Although the improvement in ID-PKC is significant, some architectural issues still remain: (1) A secure channel to deliver the private keys is significantly costly to implement. (2) The PKG can impersonate any user at any time because it knows the private keys of all users, which is called the key escrow problem. This issue is unacceptable in certain cases such as legal applications because the PKG cannot guarantee non-repudiation. (3) Finally, the security of the whole system depends on the secrecy of the master secret key. If the PKG is compromised and the master key is revealed, the whole system is affected.To overcome the drawbacks of the traditional PKC and ID-PKC, the first concept ...

show abstract

Efficient and Provably Secure Certificateless Multi-receiver Signcryption

Cited by 37 publications

References 17 publications

Cryptanalysis of a Certificateless Multi-receiver Signcryption Scheme

Cryptanalysis of a Certificateless Multi-receiver Signcryption Scheme

Public Key Encryption for the Forgetful

Certificate-Based Signcryption Scheme without Pairing: Directly Verifying Signcrypted Messages Using a Public Key

Contact Info

Product

Resources

About