Provably secure and efficient leakage-resilient certificateless signcryption scheme without bilinear pairing

详细信息    查看全文

• 作者：Yanwei Zhou^a ; ^b ; ^c ; Bo Yang^a ; ^b ; ^c ; ^{byang@snnu.edu.cn" class="auth_mail" title="E-mail the corresponding author} ; Wenzheng Zhang^b
• 关键词：Certificateless signcryption ; Leakage-resilient ; Computational Diffie&ndash ; Hellman ; Discrete logarithm ; IND-KL-CCA2 ; EUF-KL-CMA
• 刊名：Discrete Applied Mathematics
• 出版年：2016
• 出版时间：11 May 2016
• 年：2016
• 卷：204
• 期：Complete
• 页码：185-202
• 全文大小：474 K

文摘

The signcryption scheme should withstand various leakage attacks in practical applications. This paper presents a new leakage-resilient certificateless signcryption (LR-CLSC) scheme without bilinear pairing. The security of this scheme is based on the computational Diffie–Hellman (CDH) assumption and discrete logarithm (DL) problem. Considering the computational costs, our proposed method is more efficient than traditional certificateless signcryptions schemes and has a short ciphertext length and high security. In the random oracle model, the proposed approach is semantically secure against adaptive posteriori chosen-ciphertext key-leakage attacks (IND-KL-CCA2) according to the hardness of the CDH assumption, and existentially unforgeable against chosen-message key-leakage attacks (EUF-KL-CMA) according to the hardness of the DL problem. Furthermore, it will maintains the original security under the condition that the adversary learns a small amount of leakage information about the secret key by the side channel attacks. The key leakage parameter λ$\lambda$ and message length m$m$ are subject to $\lambda \le logq-m-2log\left(\frac{1}{\omega }\right)$. Given that a dependence between λ$\lambda$ and m$m$ is undesirable, a new variant that also against IND-KL-CCA2 and EUF-KL-CMA is presented. With a leakage resilient length of up to $\lambda \le logq-2log\left(\frac{1}{\omega }\right)$, the leakage parameter λ$\lambda$ has a constant size which is independent of the message length m$m$. Our proposed method is the first LR-CLSC scheme with an independent leakage parameter and it can be applied into mobile internet.