Analysis And Design Of Certificateless Signcryption Schemes

Certificateless public key cryptography eliminates certificate management in tradi-tional public key infrastructure and solves the problem of the key escrow in identity-based cryptography. Signcryption scheme achieves the security properties of public key encryption and signature simultaneously with a lower cost than the technique of Sign-then-Encrypt. Secure certificateless signcryption (CLSC) schemes can be used in communications to efficiently achieve the requirement of confidentiality and non-repudiation at the same time without the support of PKI and without the fear of key escrow in ID-PKC.In this thesis, we investigate the analysis and design of certificateless signcryption schemes.First of all, we give security analysis of two recently proposed certificateless signcryption schemes. The first scheme was presented by Liu et al. [1] and was claimed secure in the standard model under the decisional bilinear Diffie-Hellman assumption and the computational Diffie-Hellman assumption. We show that it is vulnerable to type I adversaries. A type I adversary who replaces users'public keys is able to break both the confidentiality and non-repudiation requirements of the scheme.The second scheme we analyze here is a certificateless multi-receiver signcryption scheme introduced by Selvi et al. [2]. We prove that this scheme is subject to public key replacement attacks of typeⅠadversaries. Our analysis indicates that it fails to satisfy the confidentiality property required by a secure signcryption scheme. Concrete attack procedures to both schemes will be demonstrated in detail.Next, we present a new construction of certificateless multi-receiver signcryption schemes. Our construction makes use of bilinear maps. The security of the multi-receiver signcryption schemes using our construction is based on the intractability of the BDH, CDH and CDHI problems. The formal security proof is shown in the random oracle model. A brief performance analysis of the newly constructed certifi-cateless multi-receiver signcryption scheme is also given.