Hybrid signcryption is an important technique signcrypting bulk data using symmetric encryption. In this paper, we apply the technique of certificateless hybrid signcryption to an elliptic-curve cryptosystem, and cons...Hybrid signcryption is an important technique signcrypting bulk data using symmetric encryption. In this paper, we apply the technique of certificateless hybrid signcryption to an elliptic-curve cryptosystem, and construct a low-computation certificateless hybrid signcryption scheme. In the random oracle model, this scheme is proven to have indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the elliptic-curve computation Diffie-Hellman assumption. Also, it has a strong existential unforgeability against adaptive chosen-message attacks (sUF-CMA) under the elliptic-curve discrete logarithm assumption. Analysis shows that the cryptographic algorithm does not rely on pairing operations and is much more etticient than other algorithms. In addition, it suits well to applications in environments where resources are constrained, such as wireless sensor networks and ad hoc networks.展开更多
基金the National Natural Science Foundation of China (Nos. 61572303, 61363080, and 61272436), the Foundation of State Key Laboratory of Information Security (No. 2015-MS-10), and the Foundation of Basic Research of Qinghai Province, China (No. 2016-ZJ-776)
文摘Hybrid signcryption is an important technique signcrypting bulk data using symmetric encryption. In this paper, we apply the technique of certificateless hybrid signcryption to an elliptic-curve cryptosystem, and construct a low-computation certificateless hybrid signcryption scheme. In the random oracle model, this scheme is proven to have indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the elliptic-curve computation Diffie-Hellman assumption. Also, it has a strong existential unforgeability against adaptive chosen-message attacks (sUF-CMA) under the elliptic-curve discrete logarithm assumption. Analysis shows that the cryptographic algorithm does not rely on pairing operations and is much more etticient than other algorithms. In addition, it suits well to applications in environments where resources are constrained, such as wireless sensor networks and ad hoc networks.