| Confidentiality and authentication are the targets of information security; they can be realized by encryption-decryption algorithm and signature algorithm. The data transferred in internet needs more security, encryption or signature cannot satisfy the requirement alone. In many conditions, we need confidentiality and authentication at the same time. Although there are some protocol have integrated encryption and signature algorithm, but the traditional secrete negotiation or"Encryption-then-Sign"methods cost much computation and communication, they also can be attacked by Man-in-the-Middle attack. Integrating encryption and signature is a new field of cryptography.Signcryption is the typical protocol of encryption and signature; it can provide confidentiality, authenticity and non-repudiation. Signcryption not only provides confidentiality and authenticity efficiently, it also can provide non-repudiation without the trusted third party. Signcryption is the new hot topic of cryptography. Till now, there are hundreds of signcryption schemes have been proposed in discrete logarithm system, RSA system and elliptic curve system. According to the encryption algorithm, signcryption can be divided to public-key signcryption and hybrid signcryption. Because of the low efficiency of public-key encryption, the public-key signcryption is also less efficient. The hybrid signcryption based on symmetric encryption algoritm is the mainstream.In signcryption protocol, except the sender and the receiver, there is an arbitrator. Arbitration mechanism is used for settling disputes in signcryption while the sender repudiates a valid signcryption. While arbitration, the receiver should provide arbitration message to the arbitrator, since the arbitrator is not a trusted third party, this will bring some security problems. In the existed schemes or signcryption models, arbitration is considered separately; this will result to the loss of confidentiality or unforgeablity while arbitration. In some scheme, the arbitrator can decrypt all the signcryptions of a receiver while he gets some kinds of arbitration message; in another schemes, the arbitration mechanism cannot protect the integrity of plaintext.This paper analyzed the signcryption based on triplet signature systematically. We analyzed the construct of triplet signature, and point out the relationship of two DH secretes related to a signature; and then analyze the signcryptions from the arbitration messages. We divide signcryptions to two kinds based on triplet signature, one is signing on plaintext and the other is signing on ciphertext. By analyze all the possible arbitral message of the two kinds of signcryptions, we proposed a resolvent that can solve the two problem by changing a secure arbitration message. In TS-HSC, we must add secrete message in the hash value in order to reach IND-CCA2 security; only the symmetric key is the secure arbitral message and should add in the hash value.Based on the analysis, new model and secure scheme are proposed.â‘ we proposed a triplet secure signcryption model TS-FUO, it includes signcryption, unsigncryption and arbitration. It can resist inside attacks by arbitrator and receiver thus makes the model more secure.â‘¡By analysis, we know the arbitration oracle is more powerful than unsigncryption oracle in TS-HSC, and then we proposed a secure signcryption model named FAO for TS-HSC.â‘¢Under FAO model, this paper proposes a secure"Encrypt-and-sign"signcryption (SAEaS) scheme based on Schnorr signature and AES symmetric algorithm. We prove its IND-CCA2 security and UF-CMA security in random oracle model. Furthermore, SAEaS is a securely arbitral signcryption scheme, it can protect the integrity of plaintexts by an arbitration message associated with plaintext; and the scheme can resist decryption attacks of arbitrator, even he gets the arbitration message. SAEaS does not increase computation nor communication overloads; it has no limitation to the length of plaintext, which makes SAEaS more convenient.After discussing the disadvantages of existed signcryption models, this paper proposed a new signcryption model with arbitral security. Analyzed the TS-HSC signcryption from arbitration, we get the secure arbitral message and proposed a secure signcryption scheme considering signcryption, unsigncryption and arbitration. This paper does some researches and discuss in the analysis of signcryption, designing secure model and designing secure scheme.
|
PDF Full Text Request