Secure identity-based signcryption in the standard model

Abstract

Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. In 2009, Yu et al. [12] proposed an identity-based signcryption (IBSC) scheme in the standard model. In 2010, Zhang [17] pointed out that Yu et al.’s scheme does not have the indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and proposed an improved IBSC scheme. He proved that the improved scheme has the IND-CCA2 property and existential unforgeability against adaptive chosen messages attacks (EUF-CMA). However, in this paper, an attack is proposed to show that Zhang’s scheme does not have the IND-CCA2 property (not even chosen plaintext attacks (IND-CPA)). We present a fully secure IBSC scheme in the standard model. We prove that our scheme has the IND-CCA2 property under the decisional bilinear Diffie–Hellman assumption and has the EUF-CMA property under the computational Diffie–Hellman assumption.