Multipurpose Identity-Based Signcryption
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public keys—instead, public keys can be arbitrary identifiers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the flurry of recent results on IB encryption and signature, some questions regarding the security and efficiency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered.
We first propose a stringent security model for IBSE schemes. We require the usual strong security properties of: (for confidentiality) indistinguishability against adaptive chosen-ciphertext attacks, and (for non-repudiation) existential unforgeability against chosen-message insider attacks. In addition, to ensure as strong as possible ciphertext armoring, we also ask (for anonymity) that authorship not be transmitted in the clear, and (for unlinkability) that it remain unverifiable by anyone except (for authentication) by the legitimate recipient alone.
We then present an efficient IBSE construction, based on bilinear pairings, that satisfies all these security requirements, and yet is as compact as pairing-based IBE and IBS in isolation. Our scheme is secure, compact, fast and practical, offers detachable signatures, and supports multi-recipient encryption with signature sharing for maximum scalability.
KeywordsSignature Scheme Random Oracle Bilinear Pairing Signcryption Scheme Weil Pairing
- 3.Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. Conf. Computer and Communication Security (1993)Google Scholar
- 6.Boneh, D., Franklin, M.: Identity based encryption from the weil pairing. Cryptology ePrint Archive, Report 2001/090 (2001), http://eprint.iacr.org/
- 8.Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. Cryptology ePrint Archive, Report 2002/018 (2002), http://eprint.iacr.org/
- 9.Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. Cryptology ePrint Archive, Report 2002/184 (2002), http://eprint.iacr.org/
- 10.Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Proc. 8th IMA Int. Conf. Cryptography and Coding, pp. 26–28 (2001)Google Scholar
- 13.Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
- 14.Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. Technical Report HPL-2002-23, HP Laboratories Bristol (2002)Google Scholar
- 15.Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. Cryptology ePrint Archive, Report 2002/056 (2002), http://eprint.iacr.org/
- 16.Hess, F.: Exponent group signature schemes and efficient identity based signature schemes based on pairings. Cryptology ePrint Archive, Report 2002/012 (2002), http://eprint.iacr.org/
- 19.Libert, B., Quisquater, J.-J.: New identity based signcryption schemes based on pairings. Cryptology ePrint Archive, Report 2003/023 (2003), http://eprint.iacr.org/
- 20.Lynn, B.: Authenticated identity-based encryption. Cryptology ePrint Archive, Report 2002/072 (2002), http://eprint.iacr.org/
- 21.Malone-Lee, J.: Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098 (2002), http://eprint.iacr.org/
- 22.Paterson, K.G.: ID-based signatures from pairings on elliptic curves. Cryptology ePrint Archive, Report 2002/004 (2002), http://eprint.iacr.org/
- 23.Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairings. In: Proc. SCIS 2000, Okinawa, Japan, pp. 26–28 (2000)Google Scholar
- 25.Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Cryptology ePrint Archive, Report 2001/111 (2001), http://eprint.iacr.org/
- 27.Zheng, Y.: Digital signcryption or how to achieve cost (Signature & encryption) < < cost(Signature) + cost(Encryption). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997)Google Scholar