A Study On The Theory Of Mixed Signature And Its Proofable Security

With the rapid development of computer network technology, various network service has penetrated into every field of daily life. On the one hand, this brings great convenience to human activities; on the other hand, it also brings the unprecedented threat. Storage, transmission and processing of information increasing take place in the open network, thus it is very easy to suffer from threats of various attacks. Hence, information security has become one of the most important problems to be urgently solved in information society. As a key technique, cryptography can ensure information security, encryption and signature are two kinds of the most common cryptographic technique. In general, encryption can provide the confidentiality of information, i.e., any illegal user can not gain the message content; and signature can provide the authenticity of message, i.e., the receiver can determine who is the real sender. With the further development of information security, the transmission data in the internet needs higher and higher security, and the security requirements of simultaneous confidentiality and authenticity also become wider and wider. This shows that it is far from being enough to use encryption or signature seperately, so we often need to combine encryption with signature in practical applications.It is well known that signcryption is an ideal approach to provide simultaneous confidentiality and authenticity, and it can use lower computation and communication overhead to fulfill two functions of encryption and signature at the same time. At present, most signcryption schemes implement the process of encryption and signature in public key setting. However, such signcryption schemes often limit the message space to a particular group, which can be restrictive when one wants to handle the message of arbitrary length. In order to realize secure communication of arbitrary message, in 2005 Dent devised hybrid signcryption schemes that consist of a signcryption key encapsulation mechanism (KEM) and a key encapsulation mechanism (KEM). Here, a signcryption KEM employs the public key technique to encapsulate a symmetric key, but a DEM makes use of the symmetric technique to encrypt arbitrary message. The security model of hybrid signcryption does have the advantage of allowing the security requirements of the asymmetric part and symmetric part to be completely independent, therefore, we can study their security respectively. Hybrid signcryption technique soon became a new hotspot of cryptographic field since it was introduced. Compared with signcryption technique in public key setting, hybrid signcryption technique has higher flexibility and better security in cryptographic applications.Aiming at the key issues about scheme design and provably secure theory for hybrid signcryption system, we research and analyze the existing hybrid signcryption schemes, and then use the thoughts of identity-based cryptography and certificateless cryptography to give the algorithm models, formally secure definitions and instance schemes for a hybrid signcryption scheme in the identity-based setting, a provably secure hybrid signcryption scheme in the certificateless setting, a pairing-free hybrid signcryption scheme in the certificateless setting and a hybrid ring signcryption scheme in the certificateless setting. In addition, we explore and research the provably secure theory in the random oracle models for these instance schemes which can satisfy various cryptographic application requirements.The main research results in this dissertation are listed as follows.1. In identity-based cryptography, the user’s public key does not need to be gained from public key certificate, but comes from a character string identifying the user’s identity directly. A private key generator employs the user’s public key to compute his private key. In traditional public key cryptosystem, a user obtains a legal public key with very expensive cost, but the cost is almost zero in the identity-based setting. In chapter 3, we combine identity-based cryptography with hybrid signcryption to give the algorithm model and formally secure definition for an identity-based hybrid signcryption scheme. And then we use the bilinear map defined by three multiplicative cyclic groups with same prime order to construct a concrete identity-based hybrid signcryption scheme. We also prove that this scheme has the confidentiality under the co-bilinear Diffie-Hellman assumption and unforgeability under co-computational Diffie-Hellman assumption in the random oracle model.2. In chapter 4, we research the existing certificateless hybrid signcryption schemes, bilinear map and relevant security assumptions, and base these theoretical basis to describe the algorithm model and formally secure definition for a provably secure certificateless hybrid signcryption scheme using bilinear pairings. And then we construct a provably secure certificateless hybrid signcryption scheme, whose security is based on the hardness of the bilinear Diffie-Hellman problem and computational Diffie-Hellman problem. From the performance analysis, we find that this scheme is superior to similar schemes in terms of computational complexity and communication overhead, so it has the very good application prospect in cryptography field.3. Discrete logarithm problem is a difficult problem, and at present no one finds a polynomial time algorithm to compute discrete logarithm problem. Discrete logarithm cryptosystem is widely used in some security agency and protection of important file information, such as well-known Diffie-Hellman key exchange protocol, ELGamal public key cryptosystem, digital signature algorithm (DSA) used by American officials and digital signcryption schemes, and so on. In chapter 5, according to the application requirements of cryptography, we extend the technique of certificateless hybrid signcryption to discrete logarithm cryptosystem, and give the algorithm model and formally secure definition for a pairing-free hybrid signcryption scheme based on certificateless cryptography. And then we devise a concrete pairing-free certificateless hybrid signcryption scheme, and also show that this sheme can completely withdraw adaptive chosen-ciphertext attacks and adaptive chosen-message attacks under the discrete logarithm assumption and computational Diffie-Hellman assumption. Our scheme has these advantages of small storage space, high efficiency and strong security.4. Ring signcryption is capable of realizing the unconditional anonymity of signcrypter, this shows that no one can trace the identity of signcrypter. In the generation process of ring signcryption, the real signcrypter randomly chooses a group of members (including himself) as possible signcrypters, and employ his own private key and public keys of other members to signcrypt the message. Ring signcryption is different from group signcryption, there is not a group administrator in ring signcryption, all the members in ring have the same status, and the information of signcrypter can not be divulged. In chapter 5, according to the application requirements of rign signcryption in electronic voting, electronic election and anonymous communication, we simultaneously apply ring signcryption and hybrid signcryption to the certificateless setting, and give the algorithm model and formally secure definition for a certificateless hybrid ring signcryption scheme. And then we propose a certificateless hybrid ring signcryption instance scheme, and provide its security proof in the random oracle model.