Abstract
A hybrid signcryption approach can efficiently encapsulate new keys and securely transmit data for various applications such as Advanced Metering Infrastructures (AMIs) and Wireless Sensor Networks (WSNs). However, since most hybrid signcryption approaches rely on traditional PKI using a certificate trusted by CA, they require the management of certificates. Although Identity-based Public Key Cryptography (ID-PKC) was introduced to eliminate the dependency from explicit certificates, it suffers from a key escrow problem because the Key Generation Center (KGC) stores the private keys of all users. In order to resolve these drawbacks, certificateless public key cryptography (CL-PKC) was introduced, that splits the user's private key into two parts: one is a partial private key generator by the KGC, and the other one is a secret value selected by the user. CL-PKC is able to overcome the key escrow problem because the KGC is unable to access the user's secret value. Only when a valid user holds both the partial private key and the secret value, the cryptographic operations such as decryption or digital signing based on CL-PKC can be performed.
Recently,the concept of certificateless hybrid signcryption (CL-HSC) evolved by combining the ideas of signcryption based on tag-KEM and certificateless cryptography. However, existing CL-HSC schemes are not secure against existential forgery attack and are constructed by utilizing bilinear pairing operations. In spite of the recent advances in implementation techniques, the computational cost required for pairing operation is still considerably higher in comparison to standard operations such as ECC point multiplication.
In this technical report, we propose a elliptic curve cryptography based certificateless hybrid signcryption (CL-HSC) scheme without pairing operations. We present the formal security model of our CL-HSC scheme. Then, we provide the security proof of our CL-HSC scheme against both adaptive chosen ciphertext attack and existential forgery in the appropriate security models for certificateless hybrid signcryption. Since our CL-HSC scheme does not depend on the pairing-based operation, it reduces the computational overhead. It is also adopted to utilize ECC (Elliptic Curve Cryptography). Thus, we take the benefit of ECC keys defined on an additive group with a 160-bit length as secure as the RSA keys with 1024-bit length.