Abstract

In the last decades, several signcryption schemes have been developed for different privacy-enhancing purposes. In this paper, we propose a new privacy-enhancing group signcryption scheme that provides: unforgeability, confidentiality, ciphertext and sender anonymity, traceability, unlinkability, exculpability, coalition-resistance, and unforgeable tracing verification. It is important to notice that the proposed scheme allows a signer to anonymously signcrypt a message on the group’s behalf (i.e., sender’s anonymity). The security analysis of the scheme is also provided. Our proposal is proven to be strongly existentially unforgeable under an adaptive chosen message attack, indistinguishable under an adaptive chosen ciphertext attack, and to provide ciphertext anonymity under an adaptive chosen ciphertext attack. Furthermore, the scheme is extended to work in a multi-receiver scenario, where an authorized group of receivers is able to unsigncrypt the ciphertext. The experimental results show that our scheme is efficient even on computationally restricted devices and can be therefore used in many IoT applications. The Signcrypt protocol on smart cards takes less than 1 s (including communication overhead). The time of the Unsigncrypt protocol on current ARM devices is negligible (less than 40 ms).

Highlights

  • A signcryption scheme [45] combines a digital signature and a public-key encryption scheme with a lower computational and communication overhead than traditional singthen-encrypt scheme

  • We describe the proof of knowledge protocols (PK) using the notation introduced by Camenisch and Stadler (CS) [12]

  • We mainly focus on Strong Existential Unforgeability (sUF), IND and ANON proofs since it is known that the notion of security for a signcryption protocol combines unforgeability of the signature and indistinguishability of the encryption scheme [28], [37], [39], [45]

Read more

Summary

INTRODUCTION

A signcryption scheme [45] combines a digital signature and a public-key encryption scheme with a lower computational and communication overhead than traditional singthen-encrypt scheme. Most of the traditional signcryption protocols are based on the Diffie-Hellman problem. These schemes guarantee data confidentiality and integrity, as well as signature unforgeability. The use of bilinear pairing in a signcryption protocol allows achieving ciphertext anonymity property at the expense of speed, e.g. see [14], [37], [39]. In the case of e-voting, the voter’s (sender’s) identity has to be hidden to the receiver as well as in the case of video streaming applications where anonymous users (senders) broadcast live video to the Internet. Group signatures allow providing data authenticity without disclosing users’ identity. Our scheme uses group signature and bilinear maps in order to provide ciphertext anonymity plus sender anonymity

STATE OF THE ART
BILINEAR PAIRING
WEAK BONEH-BOYEN SIGNATURE
LIGHTWAY GROUP SIGNATURE
BCEP GROUP KEY AGREEMENT PROTOCOL
SECURITY MODEL AND REQUIREMENTS
SECURITY MODEL
ARCHITECTURE
PROPOSED SCHEME
SETUP ALGORITHM
SETUP ALGORITHM The Setup algorithm consists of two phases
APPLICATION
COMPARISON
EXPERIMENTAL RESULTS
ARM PLATFORM AND SOFTWARE SELECTION
GB 2 GB
CONCLUSION
UNFORGEABILITY
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call