Identity-based Signcryption And Its Application In Anonymous Communications

Signcryption is a new cryptographic primitive which simultaneously fulfills both confidentiality and authenticity in a logically single step. Previously, these two security goals had been considered separately, with encryption schemes providing confidentiality and signature schemes providing authenticity. In cases where both were required, the encryption and signature operations were simply composed traditionally. Signcryption is at lower computational costs and communication overheads than the traditional approach, so it provides a good choice to transmit messages when both confidentiality and authenticity are needed. In this paper, we study the signcryption's construction, its provable security and its application in anonymous communications. Exactly, it consists of the following three aspects.1. An identity-based signcryption scheme which proves secure at the random oracle model is proposed. Compared with some known identity-based signcryption schemes, it has the advantage of batch verification, namely it can verify simultaneously many ciphertexts so that the total time of verifying all is reduced. Also a fast and restrictive method of finding all unfit ones from all ciphertexts is structured when batch verification fails. Finally, by the analysis of the scheme's performance, it is pointed that the proposed scheme is greatly feasible to filtrate confidential information for mobile device.2. The weakness of one existing blind identity-based signcryption scheme is given through cryptanalysis to it. After that a new blind identity-based signcryption with the authentication function is proposed. The new scheme is provable secure at the random oracle model and it provides blindness. At last it is indicated that the new scheme overcomes the existing one's weakness without obviously adding computations.3. The applications of identity-based signcryption in anonymous communications considering the case that the identities of the sender and the receiver are both confidential information are studied. Firstly, it is shown that the signature procedure of identity-based one-off public key scheme constructed by Zhang Sheng et al. is insecure against forgery attack. And an improvement is made to avoid it. Then due to the fact that Zhang Sheng et al.'s scheme only can reach the sender's anonymity but not the receiver's, a new one-off public key scheme is structured using signcryption system. The new scheme is more flexible because it can reach both the two parties' anonymity in the communications and can be easily modified to reach only one party's anonymity, namely the sender's or the receiver's according to user's demand. So it provides a choice for solving the anonymous communications.