Abstract
In the last decades, several signcryption schemes have been developed for different privacy-enhancing purposes. In this paper, we propose a new privacy-enhancing group signcryption scheme that provides: unforgeability, confidentiality, ciphertext and sender anonymity, traceability, unlinkability, exculpability, coalition-resistance, and unforgeable tracing verification. It is important to notice that the proposed scheme allows a signer to anonymously signcrypt a message on the group’s behalf (i.e., sender’s anonymity). The security analysis of the scheme is also provided. Our proposal is proven to be strongly existentially unforgeable under an adaptive chosen message attack, indistinguishable under an adaptive chosen ciphertext attack, and to provide ciphertext anonymity under an adaptive chosen ciphertext attack. Furthermore, the scheme is extended to work in a multi-receiver scenario, where an authorized group of receivers is able to unsigncrypt the ciphertext. The experimental results show that our scheme is efficient even on computationally restricted devices and can be therefore used in many IoT applications. The Signcrypt protocol on smart cards takes less than 1 s (including communication overhead). The time of the Unsigncrypt protocol on current ARM devices is negligible (less than 40 ms).
Highlights
A signcryption scheme [45] combines a digital signature and a public-key encryption scheme with a lower computational and communication overhead than traditional singthen-encrypt scheme
We describe the proof of knowledge protocols (PK) using the notation introduced by Camenisch and Stadler (CS) [12]
We mainly focus on Strong Existential Unforgeability (sUF), IND and ANON proofs since it is known that the notion of security for a signcryption protocol combines unforgeability of the signature and indistinguishability of the encryption scheme [28], [37], [39], [45]
Summary
A signcryption scheme [45] combines a digital signature and a public-key encryption scheme with a lower computational and communication overhead than traditional singthen-encrypt scheme. Most of the traditional signcryption protocols are based on the Diffie-Hellman problem. These schemes guarantee data confidentiality and integrity, as well as signature unforgeability. The use of bilinear pairing in a signcryption protocol allows achieving ciphertext anonymity property at the expense of speed, e.g. see [14], [37], [39]. In the case of e-voting, the voter’s (sender’s) identity has to be hidden to the receiver as well as in the case of video streaming applications where anonymous users (senders) broadcast live video to the Internet. Group signatures allow providing data authenticity without disclosing users’ identity. Our scheme uses group signature and bilinear maps in order to provide ciphertext anonymity plus sender anonymity
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
