Cryptology ePrint Archive: Report 2009/462

Certificateless KEM and Hybrid Signcryption Schemes Revisited

S. Sharmila Deva Selvi and S. Sree Vivek and C. Pandu Rangan

Abstract: Often authentication and confidentiality are required as simultaneous key requirements in many cryptographic applications. The cryptographic primitive called signcryption effectively implements the same and while most of the public key based systems are appropriate for small messages, hybrid encryption (KEM-DEM) provides an efficient and practical way to securely communicate very large messages. Recently, Lippold et al. \cite{GCJ09} proposed a certificateless KEM in the standard model and the first certificateless hybrid signcryption scheme was proposed by Fagen Li et al. \cite{LST09}. The concept of certificateless hybrid signcryption has evolved by combining the ideas of signcryption based on tag-KEM and certificateless cryptography. In this paper, we show that \cite{GCJ09} is not Type-I CCA secure and \cite{LST09} is existentially forgeable. We also propose an improved certificateless hybrid signcryption scheme and formally prove the security of the improved scheme against both adaptive chosen ciphertext attack and existential forgery in the appropriate security models for certificateless hybrid signcryption.

Category / Keywords: cryptographic protocols / Certificateless Cryptography, Signcryption, Cryptanalysis, Hybrid Signcryption, Tag-KEM, Bilinear Pairing, Provable Security, Random Oracle Model

Date: received 18 Sep 2009, last revised 23 Feb 2010

Contact author: sharmioshin at gmail com, ssreevivek@gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20100223:182925 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]