Cryptology ePrint Archive: Report 2008/247

Cryptanalysis of Bohio et al.'s ID-Based Broadcast Signcryption (IBBSC) Scheme for Wireless Ad-hoc Networks

S. Sharmila Deva Selvi and S. Sree Vivek and Naga Naresh Karuturi and Ragavendran Gopalakrishnan and Pandu Rangan Chandrasekaran

Abstract: Broadcast signcryption enables the broadcaster to simultaneously encrypt and sign the content meant for a specific set of users in a single logical step. It provides a very efficient solution to the dual problem of achieving confidentiality and authentication during content distribution. Among other alternatives, ID-based schemes are arguably the best suited for its implementation in wireless ad-hoc networks because of the unique advantage that they provide - any unique, publicly available parameter of a user can be his public key, which eliminates the need for a complex public key infrastructure. In 2004, Bohio et al. [4] proposed an ID-based broadcast signcryption (IBBSC) scheme which achieves constant ciphertext size. They claim that their scheme provides both message authentication and confidentiality, but do not give formal proofs. In this paper, we demonstrate how a legitimate user of the scheme can forge a valid signcrypted ciphertext, as if generated by the broadcaster. Moreover, we show that their scheme is not IND-CCA secure. Following this, we propose a fix for Bohio et al.'s scheme, and formally prove its security under the strongest existing security models for broadcast signcryption (IND-CCA2 and EUF-CMA). While fixing the scheme, we also improve its efficiency by reducing the ciphertext size to two elements compared to three in [4].

Category / Keywords: Signcryption, Broadcast Encryption, Bilinear Pairing, Cryptanalysis, ID-based Cryptosystem, Ad-hoc Networks, Provable Security

Publication Info: Accepted in PST '08

Date: received 31 May 2008, last revised 16 Aug 2008

Contact author: sharmioshin at gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Many errors have been corrected. This paper will appear in proceedings of IEEE PST '08.

Version: 20080817:041519 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]