The ISC International Journal of Information Security

Abstract Confidentiality, unforgeability, and public verifiability are essential for secure multi-party communications. These communications play a vital role in real-world applications such as decentralized financial transactions, e-commerce, cloud computing, and web services, where authentication and privacy preservation are very important. In conventional cryptosystems, individual signcryption performed by each participant significantly increases the unsigncryption cost for the receiver. Multi-signcryption offers an efficient alternative by allowing multiple signers to jointly signcrypt a single message. This paper proposes a novel certificateless multi-signcryption scheme that eliminates the certificate management problem of traditional public key infrastructures and avoids the key escrow problem of identity-based cryptography. To reduce the computational cost associated with bilinear pairings over elliptic curves, the proposed scheme is designed in a pairing-free environment. This scheme achieves constant-time verification in the unsigncryption phase and is independent of the number of signers. Security is formally proven under the hardness assumptions of the Elliptic Curve Computational Diffie–Hellman Problem (ECCDHP) and the Elliptic Curve Discrete Logarithm Problem (ECDLP). The proposed scheme ensures confidentiality, unforgeability, and public verifiability, and it attains significantly lower computational costs than existing schemes. Hence, the proposed scheme can be used for secure group communications in resource-constrained environments where high performance is essential. 

Abstract The certificateless public key cryptography (CL-PKC) setting, makes it possible to overcome the problems of the conventional public key infrastructure and the ID-Based public key cryptography, concurrently. A certificateless signcryption (CL-SC) scheme is an important cryptographic primitive which provides the goals of a signature scheme and an encryption scheme both at once, in a certificateless setting. In addition to the basic security requirements of a CL-SC scheme (i. e. the unforgeability and the confidentiality), a new security notion called as the known session specific temporary information security (KSSTIS) has been proposed in the literature, recently. This security notion guarantees the confidentiality of the message even if the temporary information, used for creating the signcryption on the message, reveals. However, as discussed in the literature, there are not any secure CL-SC schemes in the standard model (i. e. without the assumption of random oracles) which guarantees the KSSTIS. In this paper, three recently proposed CL-SC schemes (Caixue, Shan and Ullah et al.'s schemes) are analyzed and it is shown that these schemes not only do not satisfy the KSSTIS, but also they do not even provide the basic security requirements of a CL-SC scheme. Furthermore, an enhanced secure CL-SC scheme is proposed in the standard model which satisfies the KSSTIS.

Abstract A certificateless (CL) signcryption scheme is a cryptographic primitive that provides user authentication and message confidentiality at the same time. CL signcryption schemes (as a type of certificateless encryption scheme) have solved problems concerning malicious server presentation, and the server who issues users' partial private keys and certificates cannot obtain users' signing keys. Therefore, the CL signcryption scheme is an excellent choice for protecting users' signing keys and providing user authentication and message confidentiality. Moreover, signcryption schemes have lower computational costs than signature and encryption schemes.
The present study presents a short and efficient CL signcryption scheme based on the hyperelliptic curve (HC). Applying HC as the calculation base for designing the presented CL signcryption scheme reduces key-length from 160 bits to 80. The presented CL signcryption scheme is shorter than other recently-proposed ones with regard to communication overhead with its less than one-third shorter length compared to the shortest of the others. Moreover, it is more efficient than other recently-proposed CL signcryption schemes in the user-side computational cost, including the \textit{key generation} and \textit{user key generation} phases that have been halved in total. Finally, the security of the presented CL signcryption scheme was analyzed in the random oracle (RO) model based on the hardness of the point factorization problem (PFP) on HC.