Anonymous Multi-Receiver Identity-Based And Self-Certified Signcryption Scheme

With the rapid development of network technology, secure multicast/broadcast has become an indispensable part of many network service systems. In addition, multicast key distribution technology, which is related to secure multicast, has become a research hot spot. However, the traditional “one to one” multicast key distribution is low in efficiency and high in communication so that it cannot meet people's demand. For solving the problem of multicast key management and improving the system performance, the multi-receiver encryption/signcryption is used. Later, ID-based method has been introduced into the multi-receiver scheme to simplify key management and eliminate public key certificates of traditional public key cryptosystems. After that, in order to protect the receiver anonymity, ID-based anonymous multi-receiver signcryption scheme is proposed.However, there exists key escrow problems in the identity-based cryptosystem. According to the master key and the user's ID information, PKG(Private Key Generator) produces user's private key. Therefore, PKG(Private Key Generator) knows all the users' private key. It is easy to happen that PKG(Private Key Generator) extracts user's private key in secret and pretends user to signcrypt the information or decrypt the ciphertext. At the same time, PKG has easily become the prime attack targets. In order to avoid the key escrow problems in the ID-based cryptosystem, scholars has combined certificateless method with the multi-receiver encryption/signcryption scheme and produced multi-receiver certificateless encryption/signcryption. But in their schemes, the user's partial public key is generated by hiself/herself, not bound with the user's ID information and has not the function of the verifiable self-certified public key. Therefore, it is easy for them to be subject to the public key substitution attack.Motivated by these problems, an ID-based and self-certified anonymous multi-receiver signcryption scheme has been proposed, based on the problem of discrete logarithm in finite field. The new scheme combines Girault's key exchange protocol with the multi-receiver encryption/signcryption, which can avoid not only the key escrow problems but also the public key substitution attack, and achieve the function of verifiable self-certified public key. So-called verifiable self-certified public key means that on the premise of not leaking the user's private key, anyone can judge whether the user's public key belongs to hiself/herself or not. On the other hand, the new scheme introduces a new polynomial technology to replace the Lagrange interpolating polynomial, which can mix the identity information of receivers and prevent the authorized receivers from verifying the others whether are authorized or not and avoid the Insider attack from the authorized receivers. Therefore, the proposed scheme can not only protect the receiver anonymity from the attackers outside of the system, but also prevent the inner attackers, which can actually achieve complete receiver anonymity. Later, we show that our schemes are secure in the random oracle model. Compared with the existing scheme, we can conclude that the scheme proposed by this paper has better performance. And it avoids not only the key escrow problems but also the public key substitution attack, and achieve the function of verifiable self-certified public key. Therefore, this new scheme can be applied to secure DVD broadcast, network meeting, paying-TV system and data sharing on the cloud better.