Leakage-Resilient Anonymous Multi-Recipient Signcryption Under a Continual Leakage Model

Abstract

A multi-recipient signcryption (MRSC) scheme possesses the functionalities of both multi-recipient public-key encryption and digital signature to ensure both integrity and confidentiality of transmitted messages. Moreover, an anonymous MRSC (AMRSC) scheme retains the functionalities of an MRSC scheme while offering privacy-preserving, namely, a recipient’s identity or public key being hidden to other recipients. In the past, numerous MRSC and AMRSC schemes based on various public-key cryptographies (i.e., public key infrastructure (PKI)-based, identity (ID)-based and certificateless (CL)) were proposed. Recently, an attacker can realize side-channel attacks to acquire partial bits of private keys participated in cryptographic computations. However, up to date, no MRSC or AMRSC scheme can resist side-channel attacks so that these schemes might suffer from such attacks and could be broken. To resist such attacks under a continual leakage model, we propose the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">first</i> PKI-based leakage-resilient AMRSC (PKI-LR-AMRSC) scheme in this paper. In the proposed scheme, an attacker is permitted to continually acquire partial bits of private keys partook in computations of the PKI-LR-AMRSC scheme, and formal security proofs are given to show that the proposed scheme still retains the original security of AMRSC schemes. As compared with the relevant AMRSC schemes, our PKI-LR-AMRSC scheme not only resists side-channel attacks but also reduces the cost of executing the multi-signcryption and unsigncryption algorithms. In particular, the point is that the computational complexities of our scheme respectively require only <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">O</i> ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">t</i> ) and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">O</i> (1) in executing the Multi-signcryption algorithm and the Unsigncryption algorithm, where t is the number of recipients.