Publication Type

Journal Article

Version

publishedVersion

Publication Date

4-2011

Abstract

A signcryption scheme allows a sender to produce a ciphertext for a receiver so that both confidentiality and non-repudiation can be ensured. It is built to be more efficient and secure, for example, supporting insider security, when compared with the conventional sign-then-encrypt approach. In this paper, we propose a new notion called heterogeneous signcryption in which the sender has an identity-based secret key while the receiver is holding a certificate-based public key pair. Heterogeneous signcryption is suitable for practical scenarios where an identity-based user, who does not have a personal certificate or a public key, wants to communicate securely with a server which has a certificate with its public key. We propose two constructions and show their security under the model we define in the random oracle model. The model we define captures the insider security for both confidentiality and unforgeability. Both of the schemes also support public verifiability and key privacy, that is, an adversary cannot find out who the sender and receiver are from a ciphertext in the insider security model. The second scheme is the most efficient one computationally among all key-privacy-preserving signcryption schemes even when compared with schemes in an identity-based cryptographic setting or certificate-based public key setting.

Keywords

key privacy, ciphertext anonymity, identity-based cryptography

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Computer Journal

Volume

54

Issue

4

First Page

525

Last Page

536

ISSN

0010-4620

Identifier

10.1093/comjnl/bxq095

Publisher

Oxford University Press (OUP): Policy B - Oxford Open Option B

Additional URL

http://doi.org/10.1093/comjnl/bxq095

Share

COinS