DESIGN AND ANALYSIS OF MULTI RECEIVER SIGNCRYPTION …

DESIGN AND ANALYSIS OF MULTI RECEIVER

SIGNCRYPTION SCHEMES ON ELLIPTIC CURVES

NIZAMUD DIN

DEPARTMENT OF INFORMATION TECHNOLOGY

HAZARA UNIVERSITY MANSEHRA

2016

ii

DESIGN AND ANALYSIS OF MULTI RECEIVER

SIGNCRYPTION SCHEMES ON ELLIPTIC CURVES

SUBMITTED BY NIZAMUD DIN

RESEARCH SUPERVISOR DR. ARIF IQBAL UMAR

Assistant Professor

Department of Information Technology

DEPARTMENT OF INFORMATION TECHNOLOGY

HAZARA UNIVERSITY MANSEHRA

2016

v

DEDICATION

To those who dedicated their lives to serves Humanity

vi

CONTENTS

1.1 MULTICAST SECURITY ...................................................................................................... 2

1.2 ELLIPTIC CURVE CRYPTOGRAPHY IN PRACTICE .............................................................. 3

1.3 MULTI RECEIVER SIGNCRYPTION ..................................................................................... 4

1.4 MOTIVATION ..................................................................................................................... 5

1.5 RESEARCH QUESTION ....................................................................................................... 5

1.6 PROPOSED SOLUTION ....................................................................................................... 6

1.7 OBJECTIVE ......................................................................................................................... 6

1.8 THESIS ORGANIZATION .................................................................................................... 6

2.1 ALGEBRAIC STRUCTURES .................................................................................................. 8

2.2 ELLIPTIC CURVES .............................................................................................................. 9

2.2.1 Points on Elliptic Curve ......................................................................................... 9

2.2.2 Elliptic Curve Point Addition ............................................................................. 10

2.2.3 Elliptic Curve Point Scalar Multiplication ......................................................... 11

2.2.4 Kinds of Elliptic Curves ....................................................................................... 11

2.2.5 Choice of Base Points ............................................................................................ 11

2.2.6 Recommended Elliptic Curves ............................................................................ 12

2.3 LITERATURE REVIEW ...................................................................................................... 12

ABBREVIATIONS .................................................................................................................... X

LIST OF TABLES ................................................................................................................... XII

LIST OF FIGURES ............................................................................................................... XIV

ACKNOWLEDGEMENTS ................................................................................................... XV

ABSTRACT .......................................................................................................................... XVI

CHAPTER 1 .............................................................................................................................. 1

1 INTRODUCTION ................................................................................................................. 1

CHAPTER 2 .............................................................................................................................. 7

2 INTRODUCTION ................................................................................................................. 8

vii

2.3.2 Signcryption Schemes Based on Elliptic Curves .............................................. 13

2.3.3 Multi Message Signcryption Schemes ............................................................... 14

2.3.4 Multi Receiver Signcryption Schemes in PKI ................................................... 14

2.3.5 ID based Multi Receiver Signcryption Schemes ............................................... 18

2.3.6 Certificateless Multi Receiver Signcryption Schemes ...................................... 23

3.1 BILINEAR PAIRING .......................................................................................................... 24

3.2 COMPUTATIONAL PRIMITIVES ........................................................................................ 24

3.3 PUBLIC KEY CRYPTOGRAPHY .......................................................................................... 26

3.3.1 Public Key Infrastructure ..................................................................................... 26

3.3.2 Identity-Based Encryption ................................................................................... 27

3.3.3 Certificateless Cryptography .............................................................................. 27

3.4 FORMAL MODALS ........................................................................................................... 28

3.4.1 Key Generation ...................................................................................................... 28

3.4.2 Multi Receiver Public Key Encryption ............................................................... 28

3.4.3 Digital Signature ................................................................................................... 28

3.4.4 Multi Receiver Signcryption ................................................................................ 29

3.4.5 Generalized Multi Receiver Signcryption ......................................................... 29

3.4.6 Blind Multi Receiver Signcryption ..................................................................... 30

3.4.7 Proxy Multi Receiver Signcryption .................................................................... 31

3.5 SECURITY PARAMETERS OF MULTI RECEIVER SIGNCRYPTION ...................................... 32

3.5.1 Confidentiality ....................................................................................................... 32

3.5.2 Authenticity ........................................................................................................... 32

3.5.3 Non Repudiation ................................................................................................... 32

3.5.4 Forward Secrecy .................................................................................................... 32

3.5.5 Sender Anonymity ................................................................................................ 32

3.5.6 Sender Message Unlinkability ............................................................................ 33

3.5.7 Message Public Verifiability ................................................................................ 33

2.3.1 MULTI RECEIVER ENCRYPTION SCHEMES ........................................................ 12

CHAPTER 03 .......................................................................................................................... 24

3 INTRODUCTION ............................................................................................................... 24

viii

3.5.8 Ciphertext Public Verifiability ............................................................................ 33

3.5.9 Random Oracle ...................................................................................................... 33

3.5.10 Indistinguishability-Adaptive Chosen Ciphertext Attack ............................ 33

3.5.11 Existentially Unforgeable-Adaptive Chosen Message Attack ..................... 34

3.6 COST ANALYSIS PARAMETERS OF MULTI RECEIVER SIGNCRYPTION ............................ 35

3.6.1 Computational Cost Analysis ............................................................................. 35

3.6.2 Communication Cost/Overhead Analysis ....................................................... 36

4.1 AN EFFICIENT MULTI RECEIVER SIGNCRYPTION SCHEME ............................................ 38

4.1.1 Setup ....................................................................................................................... 38

4.1.2 Key Generation ...................................................................................................... 38

4.1.3 Multi-Receiver Signcryption ............................................................................... 38

4.1.4 Unsigncryption ...................................................................................................... 39

4.1.5 Analysis of MRSC ................................................................................................. 40

4.1.5.3 Efficiency Analysis ............................................................................................. 45

4.2 MULTI RECEIVER SIGNCRYPTION SCHEME WITH FORWARD SECRECY.......................... 47

4.2.1 Setup ....................................................................................................................... 47

4.2.2 Key Generation ...................................................................................................... 47


4.2.4 Unsigncryption ...................................................................................................... 48

4.2.5 Analysis of MRSCFS ............................................................................................. 49

4.3 MULTI-RECEIVER SIGNCRYPTION FOR FIREWALL .......................................................... 53

4.3.1 Setup ....................................................................................................................... 53

4.3.2 Key Generation ...................................................................................................... 54


4.3.4 Verification by Firewalls ...................................................................................... 54

4.3.5 Unsigncryption ...................................................................................................... 55

4.3.6 Analysis of MESCFV ............................................................................................ 55

4.4 GENERALIZED MULTI RECEIVER SIGNCRYPTION ........................................................... 60

CHAPTER 4 ............................................................................................................................ 37

4 INTRODUCTION ............................................................................................................... 37

ix

4.4.1 Setup ....................................................................................................................... 60

4.4.2 Key Generation ...................................................................................................... 60

4.4.3 Generalized Signcryption .................................................................................... 61

4.4.4 Generalized Unsigncryption ............................................................................... 61

4.4.5 Generalized Signcryption in Different Modes .................................................. 62

4.4.6 Analysis of GMRSC .............................................................................................. 66

4.5 BLIND MULTI RECEIVER SIGNCRYPTION SCHEME ......................................................... 72

4.5.1 Participants ............................................................................................................ 73

4.5.2 Setup ....................................................................................................................... 74

4.5.3 Key Generation ...................................................................................................... 74

4.5.4 Blind Multi Receiver Signcryption ..................................................................... 74

4.5.5 Blind Unsigncryption ........................................................................................... 76

4.5.6 Analysis of BMRSC ............................................................................................... 77

4.6 PROXY MULTI RECEIVER SIGNCRYPTION SCHEME ........................................................ 81

4.6.1 Setup ....................................................................................................................... 83

4.6.2 Key Generation ...................................................................................................... 83

4.6.3 Proxy Warrant Generation .................................................................................. 83

4.6.4 Proxy Warrant Verification ................................................................................. 83

4.6.5 Proxy Multi Receiver Signcryption .................................................................... 84

4.6.6 Proxy Unsigncryption .......................................................................................... 84

4.6.7 Analysis of PMRSC ............................................................................................... 85

5.2 FUTURE WORK ................................................................................................................ 92

CHAPTER 5 ............................................................................................................................ 90

5.1 CONCLUSION ................................................................................................................. 90

REFERENCES ......................................................................................................................... 93

x

ABBREVIATIONS

Certificate Authority

A finite field of order where

where

A base point on elliptic curve with order

Private key of user

Public key of user where

Hash Function

Keyed Hash Function

Symmetric Encryption

Symmetric Decryption

Message/Ciphertext

Reject

Randomly Generated Numbers

Random Oracle Modal

Standard Modal

Confidentiality

Integrity

Authenticity

Unforgeability

Non-Repudiation

Ciphertext Verifiability

Forward Secrecy

Number of receivers in the multicast group

https://en.wikipedia.org/wiki/Lists_of_abbreviations

xi

Moduler Exponentiation

Elliptic Curve Point Scalar Multiplication

Time required for one Elliptic Curve Point Scalar Multiplication

Time required for one Moduler Exponentiation

Time required for one Moduler Addition

Time required for one Elliptic Curve Point Addition

Time required for one Symmetric encryption

Time required for one Symmetric decryption

Time required for one hash

xii

LIST OF TABLES

TABLE NO DESCRIPTION PAGE NO

1.1 NIST Recommended Key Size (bits) Comparison 4

2.1 Security Comparison of DLP Based MRSC 15

2.2 Cost Analysis of DLP Based MRSC 16

2.3 Security Analysis of ECDLP Based GMRSC 16

2.4 Cost Analysis of ECDLP Based GMRSC 17

2.5 Security Analysis of Bilinear Pairing Based MRSC 17

2.6 Cost Analysis of Bilinear Pairing Based MRSC 17

2.7 Security Analysis of Bilinear Pairing Based GMRSC 18

2.8 Cost Analysis of Bilinear Pairing Based GMRSC 18

2.9 Security Analysis of ID Based MRSC 20

2.10 Cost Analysis of ID Based MRSC 20

2.11 Security Analysis of ID Based Anonymous MRSC 21

2.12 Cost Analysis of ID Based Anonymous MRSC 22

2.13 Security Analysis of ID Based GMRSC 22

2.14 Cost Analysis of ID Based GMRSC 22

2.15 Security Analysis of Certificateless MRSC 23

2.16 Cost Analysis of Certificateless MRSC 23

3.1 NIST Recommended Crypto Primitives and Key Sizes 36

4.1 Computational cost comparison of existing schemes and

proposed MRSC 46

4.2 Communication overhead comparison of existing schemes and

proposed MRSC 46


proposed MRSCFS 51

xiii


proposed MRSCFS 52

4.5 Computational Cost Comparison of existing schemes and

proposed MRSCFV 59


proposed MRSCFV 59

4.7 Security Analysis of proposed GMRSC 69


proposed GMRSC 70


proposed GMRSC 71

4.10 Security Analysis of proposed BMRSC 80

4.11 Computational cost analysis of proposed BMRSC 80

4.12 Communication overhead of proposed BMRSC 80

4.13 Computational cost analysis of PMRSC 89

4.14 Computational overhead analysis of PMRSC 89

xiv

LIST OF FIGURES

FIGURE NO DESCRIPTION PAGE NO

1.1 Multicast Communication 1

2.1 Algebraic Structures

2.2 Elliptic Curves Over Fq 9

2.3 Geometric Addition and doubling of E points 10

4.1 Application-Level Firewalls for Incoming Message

Authentication 53

4.2 Blind Multi Receiver Signcryption 73

4.3 Proxy Multi Receiver Signcryption 82

xv

ACKNOWLEDGEMENTS

I would like to express my immense gratitude to my advisors Dr. Arif Iqbal Umar for

their support, enthusiasm and motivation to my PhD study. It would not have been

successful without their unreserved support and kind assistance.

Special thanks to Mr. Noor ul Amin for all their care guidance, and love. Without his

guidance, support, encouragement and help it would have not been possible to start

and complete this thesis. He teaches me, belief on patience a key to success.

Thanks to PhD pre submission Committee Chair Prof. Dr. Habib Ahmed (TI) and

committee member Dr. Mohsin Nawaz, Dr. Saleem Abdullah and Dr. Bin Amin for

valuable feedback.

I express my most sincere appreciation to my Ex-advisor Shehzad Ashraf Chaudhry

at International Islamic University Islamabad. Shehzad was very kind, provide me a

labyrinthine research environment and insist me to pursue higher study.

I express my special thanks to my parents for their unconditional love, prayers and

giving me the freedom to pursue my own interests. I also gratified my brothers,

sisters and all family members. Thanks to Bai Jan and his family members for

astonishing hospitality during my postgraduate study.

Thanks to Abdul Waheed and Jawaid Iqbal who give me, a lot of delighted hours and

always company me in my bright and dark time.

Thanks to all my research fellows for all great ideas, discussions and arguments. They

are Abdul Baser, Arifa Rasheed, Asfandyar Khan, Hizbullah, Junaid Iqbal,

Mohibullah, Riaz Ullah, Shamsherullah, Sagheer Ahmad Jan, Taayba Bibi, Zahab

Khan and Zill-e-Huma.

Thanks to Muaz and Masab, my cute flowers and source of happiness. Finally yet

importantly, I am seriously gratified to my wife and love for her support,

understanding and endless care throughout the duration of my postgraduate study.

To all of you thank you very much!

Nizamud Din

xvi

ABSTRACT

Multicast is an efficient means of information dissemination to a set of nodes. It has

low utilization of bandwidth and communication resources as compare to unicast.

Secure multicast preserves confidentiality and authenticity of information to

legitimate group members, adopted in emerging commercialization of wireless

applications.

Elliptic curves cryptography has promising industrial attraction. National Security

Agency (NSA) of USA purchased license of ECC from Certicom. It will use ECC in its

cryptographic modernization initiative, which aims to replace about 1.3 million

existing security equipments over the next 10 years. Public Key Infrastructure (PKI) is

the most popular centralized and hierarchical infrastructure, consists of trusted third

parties registration authority and certificate authority and provides solution for

proving authenticity of public keys.

Multi receiver signcryption ensure confidential and authenticated dissemination of

information to multicast group member instead of multi recipient encryption and

digital signature. It is attractive for stateful secure multicast to distribute and update

session keys and stateless secure multicast to disseminate multicast messages.

In this thesis, we proposed six multi-receiver signcryption schemes on elliptic curve

in PKI setting.

First, multi-receiver signcryption scheme has functionalities of confidential and

authenticated multicast session key agreement and instant secure message

communication. It is efficient in term of computation and communication cost and

suitable for secure multicast communication.

Second, multi receiver signcryption with forward secrecy has additional functionality

of forward secrecy of messages. It ensures confidentiality even if an attacker has

stolen the sender private key. Its low communication overhead could make this

construction a better option for use in resource constrained secure multicast

communication.

xvii

Third, multi receiver signcryption for firewalls has additional functionality of

encrypted message authentication. It enables firewall to verify encrypted message

without disclosing message contents and obtaining any secret parameter from the

participants. In case of dispute judge can also verify the authenticity of ciphertext and

solve the dispute with obtaining any secret parameter from the participants. Its

security attributes and cost effectiveness makes it suitable choice for efficient and

secure multicast firewalls applications.

Fourth, generalized multi receiver signcryption scheme based on elliptic curves has

functionality of digital signature or multi receiver encryption or multi receiver

signcryption with single algorithm.

Fifth, blind multi receiver signcryption scheme has additional functionality of sender

anonymity. It has significance in applications as privacy preserving multicast

communication; electronic voting and payment system to protect the sender privacy

and guarantees the freedom of thoughts and freedom of opinion.

Sixth, proxy multi receiver signcryption scheme has functionality of designated a

proxy agent, who makes multicast communication on the behalf of original user. It

has applications in privilege delegation mechanism, an essential service in modern

enterprises and organizations to extend and operate business via designated agent

due to temporal absence, lack of time or processing capability.

1

Chapter 1

INTRODUCTION

1 Introduction

Multicast is an efficient means of information dissemination to a set of nodes.

Compare to unicast multicast has low utilization bandwidth and communication

resources. Each router in the multicast may forward the received packet through

several of its interfaces. (Mockapetris 1983) first Analyze and compare several

families of reliable multicast transmissions for LAN such as Ethernet (Corporation

1981) and Token Ring (Donnan 1985).

For internetwork using IP routers (Deering 1991) first proposed multicast service

model called Host Group Model (HGM) and proposed store-and-forward

algorithms for multicasting in a datagram internetwork. According to HGM the

internetwork multicast groups may be of arbitrary size and member may change

membership dynamically, and local or global in scope. Sender may not be the

member of the multicast group and need not know the membership of the groups.

Wireless networks standards committees, including IEEE 802.16 and 3GPP have

standardized the Multicast Broadcast Services (MBS) which can commercialize

efficient group communications(Park et al. 2013).

Fig.1. 1 Multicast Communication

2

Multicast communication is broadly categorized as one-to-may multicast and many-

to-many multicast.

In One-to-Many multicast one sender disseminate information to a group of

receivers called multicast group member and applications are:

• Push media such as news headlines, sports scores, and weather updates

multicast(Islam & Atwood 2007)

• Distributed application e.g. distributed simulations(Holbrook et al. 1995) and

file multicasting with forward error correction(Gemmell & Gray 2000)

• Distributed database(Gifford 1979) where a user can parallel process queries

on multiple database servers.

• Announcement network time, session schedules, session announcement

protocol (SAP) (Handley 2000).

In many-to-many multicast, each user in multicast group share a common

communication channel and most or all multicast group members can disseminate

multicast messages and receive other sender multicast messages of in the group as

well(Ding et al. 2013).

It has applications in emerging multimedia networks as:

• Multi-Player Gaming, Chat Groups

• Multimedia Conferencing/Interactive Distance Learning

• Distributed Interactive Simulations

1.1 Multicast Security

Secure multicast preserve confidentiality and integrity of information to legitimate

group members is adopted in emerging wireless applications (Tran et al. 2013;

Nicanfar et al. 2014; Keoh et al. 2014; Wang et al. 2014; Rajamanickam & Veerappan

2014; Yavuz 2014) for successful multicast commercialization. A secure multicast

system categorized as stateless and stateful:

3

In stateful secure multicast, user provides keys that may be updated after new user

joins or existing user revokes. Multicast groups keys are shared with group members

using multicast signcryption and the multicast messages are encrypted with these

keys. The problem with this approach is key management, such as rekeying is

needed when members join or leave the group and to get latest key receiver group,

member must be stateful and always online.

In stateless secure multicast, users having long-term private and public keys that

never changed throughout the system lifetime. Messages are signcrypted using

multicast signcryption and multicast to group members. This approach has low key

storage and no key update cost while have high computation and communication

cost compare to stateful secure multicast (Curtmola 2007).

1.2 Elliptic Curve Cryptography in Practice

In 1985, (Koblitz 1987) of Washington University and (Miller 1994) of IBM

independently designed elliptic curves public-key cryptography (ECC). Victor

Miller's talk at Crypto '85 excited Scott Alexander Vanstone a Professor of

Mathematics and Computer Science at the University of Waterloo and head of

Certicom company (Kapoor et al. 2008). He focused much of his research on the

security analysis of ECC and optimizing its implementation for scarce resource

environments, such as smart cards and wireless handheld computers at Certicom.

Although it should be cleared, that Certicom was not explicitly founded for ECC

research(Anon n.d.), holds more than 130 patents related to ECC.

National Security Agency (NSA) of USA purchased a license of ECC from Certicom

to protect information of US and allied government. It plans to use the ECC with key

size (256, 384, and 521 bits) published by NIST, to protect both unclassified and

classified national security information. It will use ECC for key agreement and

digital signatures in the US DoD in its Cryptographic Modernization Initiative,

which aims to replace about 1.3 million security equipments in next 10 years.

Moreover, NATO nations such as the USA, UK, Canada have adopted ECC for the

4

protection of intra and inter exchange of classified information(Service(NSA/CSS) &

Service(NSA/CSS) 2009).

Cryptographic sanity checks (Bos et al. 2014) explore the insufficient entropy and

implementation bugs of ECC deployed in Bitcoin, SSH, TLS, and the Austrian citizen

card.

Table 1. 1 NIST Recommended Key Size (bits) Comparison

Symmetric Encryption RSA and Diffie-Hellman (DH)

Elliptic Curves (ECC)

Ratio of RSA/DH: ECC

80 1024 160 3:1

112 2048 224 6:1

128 3072 256 10:1

192 7680 384 32:1

256 15360 521 64:1

1.3 Multi Receiver Signcryption

The word Signcryption (Zheng 1997) coined by Zheng, combined digital signature

(DS) and public key encryption (PKE) into a single logical phase based on El-Gamal

cryptosystem. In comparison to DSS and El-Gamal encryption, first signcryption

scheme has 50% computational efficiency and 76.8% to 96.0% less communication

efficiency. It got attraction in resource constrained environment due to its cost

efficiency and have applications in MANET (Holzinger et al. 2010)(Bohio & Miri

2004)(Vijayan R 2011)(Yavuz, Alagoz, et al. 2006)(Yavuz et al. 2010)(Chuanrong &

Hong 2009), sensor networks (In Tae Kim & Seong Oun Hwang 2011)(Li & Xiong

2013), satellite communication, electronic and mobile commerce (Wang & Li 2004)

(Chiu et al. 2000) etc.

Multi receiver signcryption by (Zhang 1998) ensure confidential and authenticated

dissemination of information to multicast group member instead of multi recipient

encryption scheme (Kurosawa 2002) and digital signature. Since then a set of

proposed multi receiver signcryption reviewed in the literature review section. Multi

receiver signcryption is a best choice for stateful secure multicast to distribute and

5

update session keys and stateless secure multicast to disseminate multicast

messages.

1.4 Motivation

Elliptic curves gets industries attraction in most wide spread Public Key

Infrastructure (PKI). Multi receiver Signcryption scheme based on elliptic Curves

have significance due to its cost efficiency and suitable choice for smart and secure

multicast communication. However, unlike signcryption schemes minor

contribution reported in multi receiver signcryption. While for multi receiver

signcryption with additional properties like forward secure, public verifiability,

blind (sender anonymous) and proxy (designated agents) no contribution have been

noted in the literature.

1.5 Research Question

The thesis addresses the following research questions:

Q 1 How to design an efficient multi receiver signcryption scheme using

elliptic curves?

Q 2 How to design multi receiver signcryption scheme with forward secrecy

using elliptic curves?

Q 3 How to design multi receiver signcryption scheme with firewalls verifiability


Q 4 How to design generalized multi receiver signcryption scheme


Q 5 How to design blind multi receiver signcryption scheme using

elliptic curves?

Q 6 How to design proxy multi receiver signcryption scheme using

elliptic curves?

6

1.6 Proposed Solution

This study proposed six with different application requirement using

elliptic curves for secure multicast communication solution.

First, an efficient multi receiver signcryption scheme using elliptic

curves.

Second, multi receiver signcryption scheme with forward secrecy

using elliptic curves.

Third, multi receiver signcryption scheme with firewalls verifiability

using elliptic curves.

Fourth, generalized multi receiver signcryption scheme using elliptic

curves.

Fifth, blind multi receiver signcryption scheme using elliptic curves.

Sixth, proxy multi receiver signcryption scheme using elliptic

curves?

1.7 Objective

The proposed research work is to design efficient signcryption schemes based on

ECC, gets industries attraction in most wide spread Public Key Infrastructure (PKI).

We proposed six schemes that is: an efficient , with forward

secrecy, for firewalls verifiability, generalized (Signature, Encryption,

Signcryption) , Blind (Sender anonymous) , Proxy (Designated

agents) for secure multicast communication. Proposed Schemes have

applications both in stateful secure multicast to securely disseminate and update key

with group members or stateless secure multicast messages.

1.8 Thesis Organization

Chapter 1 consists of introduction, motivation, research question, proposed solution

and objective. Chapter 2 provides background study and detailed literature

7

reviewed. Chapter 3 consists of material and methods, basic formal models, security

parameters and cost analysis parameter. Chapter 4 consists of proposed solution

result and discussion. Chapter 5 concludes the thesis and presents some possible

future directions.

Chapter 2

BACKGROUNDS STUDY

8

2 Introduction

Public key cryptosystems are purely mathematical and its security is based on the

hardness of solving various mathematical problems. This chapter presents the

comprehension of basic abstract algebraic structure, elliptic curve cryptography and

security notions of signcryption. The detail reader may consult the abstract algebra

[40, 41] for number theory are [42] and for Elliptic curve(Hankerson et al. 2006) and

security notions of signcryption(Dodis 2010)

2.1 Algebraic Structures

The algebraic structure generally refers to a set (called underlying set) with one or

more finitary operators (takes a finite number of input) defined on it such as Group,

Ring, Field etc.

Additive Groups formed by a set under addition arithmetic operator and

multiplicative Groups formed by a set under multiplication operator satisfying

certain axioms. Field is formed by a set under two binary arithmetic

operators satisfying certain axioms. Algebraic structures are demonstrated in the

figure 2.1.

Fig.2. 1 Algebraic Structures

http://en.wikipedia.org/wiki/Set_(mathematics)

http://en.wikipedia.org/wiki/Finitary_operation

http://en.wikipedia.org/wiki/Finite_cardinality

9

2.2 Elliptic Curves

Let be a prime order finite field. An Elliptic Curve (EC) is a smooth projective

curve of genus one having at least one rational point. It can be defined over in

two dimensions coordinate by short Weierstrass equation

, where .

Let be an elliptic curve defined over . The number of points in denoted

as , According to Hasse Theorem .

Fig.2. 2 Elliptic Curves Over Fq

2.2.1 Points on Elliptic Curve

Rational points on with a special point at infinity (denoted by ) form an

Abelian group under addition operator having order . This group is cyclic

and having a fixed generator usually called the base point.

Let be point on with a Special Point at Infinity

1. (Closure Under Addition)

2. (Associative Under Addition)

3. ( is Additive Identity )

4. (Additive Inverse )

5. (Commutative Under Addition )

10

2.2.2 Elliptic Curve Point Addition

Points on elliptic curves are added using geometric method for understandings

propose and algebraic method which is derived from geometric method and used

for real cryptographic applications.

Geometrically point addition and doubling performed as: Let and

be two points on . Geometrically the sum is the project of a third

point that is if we draw a line through intersects the EC defined as:

Points Addition Point doubling

Fig.2. 3 Geometric Addition and doubling of E points

Algebraically two points on are added using chord-and-tangent rule as in

Algorithm 1.1 to give a third point in .

Algorithm 2.1 Elliptic Curve Points Addition

Input ; )

Out Put

1.

2.

Return

11

2.2.3 Elliptic Curve Point Scalar Multiplication

Elliptic Curve Point Scalar Multiplication is performed by MSB-Set Comb

Method for (Feng et al. 2006), an average point doublings and

points addition is required.

Algorithm 2.2 Elliptic Curve Point Scalar Multiplication

Input: A point , an integer

Output:

Pre-computation Stage:

1. Require

2. Compute

3.

Evaluation Stage

4. For

If then else

End for

5. Return

2.2.4 Kinds of Elliptic Curves

In standard ECC, Curves are categorized in two broad categories: Pseudo-random

and special curves.

In Pseudo-random curve, coefficients are generated using hash function such as

SHA-1 as specified in ANS X9.62. To optimize efficiency, a special curves coefficient

is selected from underlying field.

2.2.5 Choice of Base Points

An EC of order is supplied base point

. However, users can

select their own base points as specified in IEEE Standard 1363-2000 or ANS X9.62,

to ensure cryptographic networks separation.

12

2.2.6 Recommended Elliptic Curves

NIST recommends five elliptic curves for use in the ECDSA for different security

levels In the FIPS 186-4 (U.S. Department of Commerce. National Institute of

Standards and Technology 2013). Over prime fields and pseudo-random elliptic

curves , where , NIST

recommend five elliptic curves: .

Over field of degree , pseudo-random curve ,

NIST recommends five elliptic curves:

. Over binary field of degree , Special Koblitz curve of the form

, NIST recommends five elliptic curves: K-163,

Curves: .

Certicom also recommended elliptic curves in the Standards for Efficient

Cryptography SEC2 (Research 2010). Over prime fields it defines five pseudo-

random elliptic curves: secp192r1, secp224r1, secp256r1, secp384r1, secp521r1 and

five Koblitz curve special curves: secp192k1, secp224k1, secp256k1, secp384k1,

secp521k1. Over binary field of degree , it defines six pseudo-random elliptic

curves: sect163r1, sect163r2, sect233r1, sect283r1, sect409r1, sect571r1 and five Special

Koblitz curve: sect233k1, sect239k1, sect283k1, sect409k1, sect571k1 are defined for

different security levels.

2.3 Literature Review

Literature review is divided in five parts: Multi Receiver Encryption, Signcryption

Schemes Based on Elliptic Curves, Multi Message Signcryption Scheme, Multi

Receiver Signcryption ( ) Schemes in PKI setting, ID based ( ) Schemes

and Certificates ( ) Schemes.

2.3.1 Multi Receiver Encryption Schemes

Multi-Recipient Encryption approach is extended concept of the approach specified

in S/MIME (Ramsdel & Turner 2010), generates random key and encrypting the

13

message and encrypting the random key with each receiver public key called

(KEM/DEM).

First MRES (Kurosawa 2002) with a shortened ciphertext having reduced bandwidth

requirements. In (Smart 2005) introduced mKEM notion, as an efficient key

encapsulation technique for multiple recipients. (Bellare et al. 2003)(Bellare et al.

2007) systematically studied the technique of randomness reuse and provided

several generic and efficient constructions for MRES. (Barbosa 2007) proposed the

notion of weak reproducibility which enabled them to construct a wider class of

efficient (single message) MRESs. Another approach considered by (Hiwatari et al.

2009) of examining the behavior of a simulator in a security proof. Proposed

broadcast encryption (Fiat & Naor 1994), share a similar goal of multi-recipient

encryption, researchers differentiate between these two types of security techniques

by noting how public/secret key pairs for recipients are generated.

2.3.2 Signcryption Schemes Based on Elliptic Curves

First proposed signcryption on elliptic curves (Zheng & Imai 1998), saves about 58%

computational and 40% communication cost compare to previous approach. First

signcryption with forward secrecy on ECC (Hwang et al. 2005) also provides

message public verifiability. In (Han et al. 2004) proposed public verifiable

signcryption. In (T Okamoto, E Okamoto 2008) proposed a scheme with forward

secrecy and ciphertext verifiability in the ROM.

The notion of generalized signcryption first coined by (Han & Yang 2006) and

developed generalized signcryption scheme based on ECC. Generalized

signcryption has features of signcryption or digital signature only or encryption

only. Based on specific parameters the primitive can be executed in these three

different modes. In (Wang et al. 2010) analyzed (Han & Yang 2006) generalized

signcryption and report the incorrect security proof and proposed an improved

scheme, define security notions for his new primitive with correct proofs. In (Toorani

& Shirazi 2008) presented analysis of (Hwang et al. 2005) scheme and reported nine

security flaws. Although these papers claim cryptanalysis but actually they present

14

analysis because the assumption such as: ECDLP is hard and random numbers are

random; are assumed by Hwang et al (Hwang et al. 2005). Proposed scheme

(Toorani & Shirazi 2010) provide forward secrecy and public verifiability of plain

text of message. In (Toorani & Shirazi 2010) analyzed security of Han et al

signcryption scheme, security flaws and shortcomings are enlisted.

Blind signcryption using elliptic curves (Ullah et al. 2014) having additional

properties of message unlink-ability, sender anonymity, and applications in mobile

phone voting and m-commerce.

In (Hassan M. Elkamchouchi , Eman F. Abu Elkhair 2013) proposed two proxy

signcryption schemes based on DLP and ECDLP. The receiver can verify the origin

of the ciphertext and authorized proxy agent can create valid proxy signatures after

verifying the identity of the original sender.

2.3.3 Multi Message Signcryption Schemes

Multi-message signcryption (PKMMS) scheme (Elkamchouchi, A. M. Emarah, et al.

2007) were proposed for confidential and authenticated transmission of multiple

messages, efficient compared to Zheng scheme. In (Elkamchouchi & Hagras 2009)

proposed multi-message Elliptic Curve signcryption (PK-MMECS) scheme based on

ECDLP and efficient compare to (Elkamchouchi, A. M. Emarah, et al. 2007), and also

proposed Public Key Threshold Multi-Message Signcryption (PK-TMMS) with (t, n)

shared verification (Elkamchouchi 2007) based on discrete logarithm problem using

multi key generator.

2.3.4 Multi Receiver Signcryption Schemes in PKI

In 1998, (Zhang 1998) proposed first multiple recipients signcryption scheme, for

confidential and authenticated broad casting of messages to multiple users working

on the same mission. The basic idea is to use dual keys that is a message-encryption

key and a receiver specific key. The message-encryption key is used to encrypt a

message and receiver specific key is used to encrypt the message encryption key

with symmetric cipher. Proposed N -Tier Satellite Multicast Security Protocol

15

(NAMEPS) (Yavuz, Alagz, et al. 2006) for dynamic, heavy and secure satellite

multicast systems based on (Zhang 1998). In proposed signcryption based on

ECC and its multi-party version (Han et al. 2004), for unicast and multicast secure

communication; the description of multicast scheme is omitted from original paper.

In 2007, (Elkamchouchi, A. A. M. Emarah, et al. 2007) extended the concept of public

key multi-message signcryption (PKMMS) Schemes with public key multi messages

multi-recipients signcryption (PK-MM-MRS) scheme. In (Han et al. 2008) proposed

two schemes, first and second Multiple Messages . The first scheme

has high communication overhead, produce copies of a single message to

multicast; while (H Elkamchouchi et al. 2009) proposed Multiple Broadcasters

Signcryption Scheme (MBSS) with added property of ciphertext authenticity allows

the gateway to filter the false ciphertext, reduce the receiver's workload having

application in secure distributed networks. It is vulnerable to man in the middle

attack. In (Elkamchouchi 2009) presented verifiable signcryption scheme and its

multi party variants. It claims that multi recipient variant is suitable for firewalls

implementation but it does not provide ciphertext verification and cannot be

implemented on firewalls. In (Ahmed et al. 2010) proposed message public verifiable

multi recipient signcryption scheme is vulnerable to Man in the Middle Attack.

The security features of different in PKI are summarized in Table 2.1 and

comparative computation cost and communication overhead of above existing

schemes is shown in Table 2.1.

Table 2. 1 Security Comparison of DLP Based MRSC

Schemes Model

1998 (Zhang 1998) Yes Yes Yes Yes Yes No No

2006 (Yavuz, Alagz, et al. 2006) Yes Yes Yes Yes Yes No No

2007 (Elkamchouchi, A. A. M.

Emarah, et al. 2007) Yes Yes Yes Yes Yes No No

2009 (Han & Gui 2009b) Yes Yes Yes Yes Yes No No

2009 (H Elkamchouchi et al. 2009) Yes Yes Yes Yes Yes Yes No

2009 (Elkamchouchi 2009) Yes Yes Yes Yes Yes No No

2010 (Ahmed et al. 2010) Yes Yes Yes Yes Yes No No

16

Table 2. 2 Cost Analysis of DLP Based MRSC

2.3.4.1 Generalized Multi-Receiver Signcryption

Generalized Multi-Receiver Signcryption (GMRSS) (Yang et al. 2008), fulfills the

functions of multi-receiver signcryption or multi-receiver encryption or signature.

The scheme does not provide confidentiality. The security features of different

GMRSS in PKI are summarized in Table 3, and computation cost and

communication overhead is shown in Table 4.

Table 2. 3 Security Analysis of ECDLP Based GMRSC

Schemes

Computation Cost

Communication

Overhead

Signcryption Cost

(Sender)

Unsigncryption Cost

(Each Receiver)

(Zhang 1998)

(Yavuz, Alagz, et al.

2006)

(Elkamchouchi, A. A.

M. Emarah, et al. 2007)

(Han & Gui 2009b)

Scheme1

Scheme2

+ | | + | |

(H Elkamchouchi et al.

2009)

(Elkamchouchi 2009)

(Ahmed et al. 2010)

Schemes Model

(Yang et al. 2008) No Yes Yes Yes Yes No No

17

Table 2. 4 Cost Analysis of ECDLP Based GMRSC

Scheme Computation Cost Communication

Overhead Signcryption Cost

(Sender)

Unsigncryption Cost

(Each Receiver)

(Yang et al.

2008)

Sig Mode

Enc Mode

Signc Mode

2.3.4.2 Multi-Receiver Signcryption on Bilinear Pairing

First based on bilinear pairing (BP) (Li et al. 2007) proved their semantic

security and unforgeability; under GDHP assumption in ROM. In (S. Selvi & Vivek

2008), shows that (Li et al. 2007) is not IND-CCA2 secure and propose a new BP

based in PKI setting with formal proof in the ROM. In (Han et al. 2008),

define formal security model and proposed a secure scheme in ROM on GDH

problem. In (Han et al. 2010), proposed and claim to reduce computational

and transmission overheads by using randomness reuse and cipher text aggregation

respectively. The security comparison is shown in Table 2.5 and cost comparison is

presented in Table 2.6.

Table 2. 5 Security Analysis of Bilinear Pairing Based MRSC

Schemes Model

2007 (Li et al. 2007) Yes Yes Yes Yes Yes Yes No

2008 (S. Selvi & Vivek 2008) Yes Yes Yes Yes Yes No No

2008 (Han et al. 2008) Yes Yes Yes Yes Yes No No

2010 (Han et al. 2010) Yes Yes Yes Yes Yes No No

Table 2. 6 Cost Analysis of Bilinear Pairing Based MRSC

Schemes

Computation Cost

Communication

Overhead

Signcryption Cost Signcryption Cost

(Li et al. 2007) - - -

(S. Selvi & Vivek 2008)

Scheme(I-IBMSC)

Scheme (N-MSC)

(Han et al. 2010)

18

2.3.4.3 Generalized Multi-Receiver Signcryption Based Bilinear Pairing

In (Han & Gui 2009a), proposed generalized scheme GMRSC for adaptive secure

multicast framework based on the GDH problem, but lacks communication

efficiency. In (Zhou 2012b), show that (Han & Gui 2009a) multi-receiver GSC scheme

is not IND-CCA2 secure in the pure and hybrid encryption mode, and presents an

improved scheme to be IND-CCA2 secure and UF-CMA under (CDH) assumption.

The security comparison is shown in Table 2.7 and cost comparison is presented in

Table 2.8.

Table 2. 7 Security Analysis of Bilinear Pairing Based GMRSC

Schemes Model

2009 (Han & Gui 2009a) No Yes Yes Yes Yes Yes No

2012 (Zhou 2012b) Yes Yes Yes Yes Yes Yes No

Table 2. 8 Cost Analysis of Bilinear Pairing Based GMRSC

Scheme Mode

Computation Cost

Communication

Overhead

GM Signcryption Cost G Unsigncryption Cost

(Han & Gui 2009a)

Sig

Enc

Signc

(Zhou 2012b)

Sig

Enc

Signc

2.3.5 ID based Multi Receiver Signcryption Schemes

First ID-based multicast signcryption (Bohio & Miri 2004) is inconvenient, as it needs

a pre-agreement common secret key establishment. In (Duan & Cao 2006), proposed

first identity based setting, and claim that it is secure against IND-CCA2 and

UF-CMA in ROM. However, (Zhang et al. 2012) prove that (Duan & Cao 2006) is

IND-CCA2 insecure. In (Yu et al. 2007), proposed scheme and claim that it is

semantically secure under the hardness of BDHP and has unforgeability under the

CDH assumption. However, (S. S. D. Selvi & Vivek 2008), showed that Yu et al.’s

19

scheme is insecure too and presented an improved scheme. In (Li et al. 2009), show

that both Yu et al. and Selvi et al schemes are insecure and proposed a new

scheme, that it is semantically secure and having unforgeability in the random

oracle modal. New multi receiver scheme (Sharmila Deva Selvi, Sree Vivek,

Srinivasan, et al. 2009) using shared master secret key MSK of the system having

efficiency but flaw as system become insecure due to compromise of this single

secret key. In (Khullar et al. 2013b), proposed signcryption scheme using ECC

instead of multi receiver, although the title of the paper is multi receiver

signcryption. An ID based threshold signcryption scheme for multi-receiver (Qin et

al. 2011) proved its chosen-ciphertext security of the scheme in the random oracle

model. However, (Zhang et al. 2012) analyze the security of Qin et.al's and shows

that the presented scheme is insecure and proposed an improved scheme. In

standard model, (B. Zhang & Q.-L. Xu 2010) proposed the first identity-based

. In (Zhang & Mao 2009), proposed an identity based multi-signcryption

scheme using bilinear pairings and claimed it is secure against IND-CCA2 and UF-

CMA, but (Sharmila Deva Selvi, Sree Vivek & Pandu Rangan 2009) shows that this

scheme is not secure against IND-CCA2 and UF-CMA and proposed an improved

scheme. In (Elkamchouchi & Abouelseoud 2007b)(Elkamchouchi & Abouelseoud

2007a), proposed a tree-based identity-based having same structure as in

complete sub tree broadcast encryption scheme (Naor et al. 2001). Possible

applications of the proposed scheme are suggested as well.


Table 2.10.

20

Table 2. 9 Security Analysis of ID Based MRSC Schemes Model

2006 (Duan & Cao 2006) No Yes Yes No Yes No No

2007 (Yu et al. 2007) No Yes Yes No Yes No No

2007 (Elkamchouchi &

Abouelseoud 2007a) Yes Yes Yes No Yes No No

2007 (Elkamchouchi &

Abouelseoud 2007a) Yes Yes Yes No Yes No No

2008 (S. S. D. Selvi & Vivek 2008) No Yes Yes Yes Yes No No

2009 (Li et al. 2009) Yes Yes Yes Yes Yes No Yes

2009

(Sharmila Deva Selvi, Sree

Vivek, Srinivasan, et al.

2009)

Yes Yes Yes Yes Yes No No

2009 (Zhang & Mao 2009) No Yes Yes No Yes No No

2009


Vivek & Pandu Rangan

2009)

Yes Yes Yes Yes Yes No No

2010 (Qin et al. 2011) No Yes Yes No Yes No No

2010 (Zhang et al. 2012) Yes Yes Yes Yes Yes No No

2012 (B. Zhang & Q.-L. Xu 2010) Yes Yes Yes Yes Yes No No

Table 2. 10 Cost Analysis of ID Based MRSC

Schemes

Computation Cost

Signcrypted Text

Size


(Duan & Cao 2006)

(Yu et al. 2007)

(Elkamchouchi &

Abouelseoud 2007a)

(Elkamchouchi &

Abouelseoud 2007a)

(S. S. D. Selvi & Vivek 2008)

(Li et al. 2009)


Vivek, Srinivasan, et al. 2009)


Vivek & Pandu Rangan 2009)

(Zhang et al. 2012)

(B. Zhang & Q.-L. Xu 2010)

21

2.3.5.1 Anonymous ID-Based Multiple Receivers Signcryption Scheme

Anonymous signcryption have additional property of ciphertext unlinkability and

sender anonymity. First anonymous ID-based (Lal & Kushwah 2009) is

proved secure in ROM. In SM (B. Zhang & Q. Xu 2010)(B. Zhang & Q. Xu 2010)

proposed an identity based anonymous scheme. However, (Wang et al.

2012), shows that both Lal et al. and Zhang et al. are insecure and against IND-CCA2

and improve their corresponding schemes. Improved schemes satisfy the security

properties: sender anonymity, semantic security and unforgeability. Using bilinear

pairing (Wu 2012) proposed an ID provable secure in ROM and suitable for

secure communication in MANET. In (Hien et al. 2010), proposed an identity-based

broadcast signcryption scheme with ciphertext authenticity and can be implemented

in firewalls applications. In (Khullar et al. 2013a), presented a survey of signcryption

along with identity based multi receiver signcryption technique. The survey does not

cover the literature.


Table 2.12.

Table 2. 11 Security Analysis of ID Based Anonymous MRSC

Schemes Model

(Lal & Kushwah 2009) No Yes Yes No Yes No No

(B. Zhang & Q. Xu

2010)(B. Z. B. Zhang & Xu

2010)

No Yes Yes No Yes No No

(Wang et al. 2012)

Lal et al Improved

Zhang et al Improved

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

(Hien et al. 2010) Yes Yes Yes Yes Yes Yes No

(Wu 2012) Yes Yes Yes Yes Yes No Yes

22

Table 2. 12 Cost Analysis of ID Based Anonymous MRSC

Schemes

Computation Cost

Signcrypted Text

Size


(Lal & Kushwah 2009) - -

(B. Zhang & Q. Xu

2010)(B. Z. B. Zhang & Xu

2010)

-

(Wang et al. 2012)

Lal et al Improved

Zhang et al Improved

-

-

-

(Wu 2012) -

(Hien et al. 2010)

2.3.5.2 Generalized ID-based Multiple Receivers Signcryption Scheme

First identity-based multi-receiver GSC scheme (Zhou 2011) proved to be

confidential under the BDH assumption and existential unforgeable under the CDH

assumption in ROM.


Table 2.14.

Table 2. 13 Security Analysis of ID Based GMRSC

Schemes Model

2011 (Zhou 2011) Yes Yes Yes Yes Yes No No

Table 2. 14 Cost Analysis of ID Based GMRSC

Scheme Mode

Computation Cost

Communication

Overhead

Signcryption Cost

(Sender)

Unsigncryption Cost

(Each Receiver)

(Zhou 2011)

Sig

Enc

Signc

23

2.3.6 Certificateless Multi Receiver Signcryption Schemes

First certificateless MRSC scheme (Selvi et al. 2008) proved secure in ROM against

insider attacks. In (Selvi et al. 2009), proved that (Selvi et al. 2008) scheme is insecure

against IND-CCA2 and proposed an enhanced scheme.

A cryptanalysis of (Selvi et al. 2009) is presented by (Miao et al. 2010), proved that it

is insecure against the UF-CMA adversary. In (Sun & Li 2010), presented

heterogeneous signcryption and its multi-receiver construction between public key

cryptosystem and identity based cryptosystem that is provably secure in the ROM.


Table 2.16.

Table 2. 15 Security Analysis of Certificateless MRSC

Schemes Model

2008 (Selvi et al. 2008) No Yes Yes No No No Yes

2009 (Selvi et al. 2009) Yes Yes Yes No No No Yes

2010 (Sun & Li 2010) Yes Yes Yes Yes Yes No No

Table 2. 16 Cost Analysis of Certificateless MRSC

Schemes

Computation Cost

Communication

Overhead


(Selvi et al. 2008) -

(Selvi et al. 2009)

(Sun & Li 2010)

24

Chapter 03

MATERIAL AND METHODS

3 Introduction

Let be a finite field of order where and let be an elliptic curve

defined by equation , where

, A base point of elliptic curve with order . The number of receiver is and if

the message is not properly encrypted or signed ( ).

3.1 Bilinear Pairing

Let an aditive cyclic group and is the genrator with prime order . Let

a multiplicative cyclic group and is the genrator with same prime

order. A Bilinear Pairing (Meffert 2009) is a map having following

properties of bilinearity, non-degenaracy and computability

3.2 Computational Primitives

Security of elliptic curves cryptography based on the hardness of ECDLP, ECDHP

and BDHP. Solving these problems is still infeasible for sufficient security

parameters (Certicom Research 2009).

Definition 2.2 (DLP)

Let be the generator of finite field of order , given

finding an integer – is the discrete logarithm problem. The

algorithm success probability in solving the on is defined as:

.

Definition 2.3 (DLP Assumption)

At present with sufficient given security parameter , the success probability

in time is negligible quantity and solving is hard.

25

Definition 2.2 (ECDLP)

Let be a base point on of order , , given find an integer

– is the ECDLP. The algorithm success probability in solving

the on is defined as:

Definition 2.3 (ECDLP Assumption)



Definition 2.4 ECDHP

Let be a base point on of order and . Given two points

Compute – . The algorithm success

probability in solving the on is defined as:

Definition 2.5 (ECDHP Assumption)



Definition 5.8 (BDHP)

Let be the genrator of given for some

. Compute is . The success probability of an algorithm

in solving the defined as:

Definition 2.5 (BDHP Assumption)



26

Definition 3 (Collision resistance Hash Functions)

Collision Resistance Hash Functions ( ) (Ishai et al. 2005) applies to a family of

functions uses the terminology of secret-coin (Franklin et al. 2004) that map a

variable size message to a fixed size digest, for .

Definition 5.10 (Random Oracle)

Hash function shares the features of Random Oracle. The output of hash function

is random and uniform.

3.3 Public key Cryptography

Cryptography have enabled confidential communication science in the age of

Ancient Egypt and Rome to the Second World War and even more important in

today’s era of globalization.

Cryptography has two broad categories Secret Key Cryptography (SKC) having

roots in Ancient Egypt and Rome, provides confidentiality and Public Key

Cryptography (PKC) appeared in 1976 provides additional service of authenticity.

In PKC user generates a keys pair called private and public key. The public key is

bind with user identity, and distributed through insecure channel, eliminating the

need of secure channel for key distribution in SKC and reduces the number of keys

required for secure communication but limitation of providing authenticity of the

public keys.

In 1976, called cryptography zero year, Diffie proposed the concept of PKC(Diffie &

Hellman 1976) while (Rivest et al. 1978) proposed first practicable public key

encryption on the hardness of solving large integer prime factorization problem

(IFP). In 1985 , (Elgamal 1985) present the concept of digital signature based on DLP.

3.3.1 Public Key Infrastructure

Public Key Infrastructure (PKI) is the most popular centralized and hierarchical

infrastructure, consists of trusted third parties Registration Authority (RA) and

27

Certificate Authority (CA), and provides solution for proving authenticity of public

keys. User requests RA to issue digital certificate for their public keys. Upon

successful verification of user credentials, CA generates and sign certificate, which

contains user’s identity and public key. It is scalable and most common and easy to

use on the Internet, so issues such as securing Certificate Authorities, Identity

checking and naming semantics in certificates are precisely analyzed. PKI has

limitations of heavyweight and expensive infrastructure, and difficult to verify,

store, distribute and revoke certificates.

3.3.2 Identity-Based Encryption

The idea of Identity Based Encryption (IBE) presented idea in 1984(Shamir 1985) and

practical implemented by (Boneh & Franklin 2003) using Weil Pairing over elliptic

curves and finite fields. In IBE public key are unique string like an email address or a

phone number, eliminate the need of CA to authenticate the public key. It uses

Private Key Generator (PKG) that generates the private keys of all of its users and

distribute through secure channel. The problem is lack of scalability and cannot be

used on public internet, compromise of PKG lead to whole system compromise and

over authority of PKG of signcrypt any message and unsigncryption any

signcrypted text in an IBSC scheme.

3.3.3 Certificateless Cryptography

Certificateless Public Key Cryptography (CL-PKC), first presented by Riyami and &

Paterson (Al-Riyami & Paterson 2003). Its functionality is between traditional

certified PKI and IBE and more flexible. Private Key generation split between user

and trusted third party/Key Generation Center (KGC) and user’s public key is a

composed pair of identity ID and public key PA of user’s. CL-PKC does not require

expensive infrastructure like PKI composed of different kind of authorities and

similar to IBE, only Key Generation Center and Public Parameters Server are

required.

28

3.4 Formal Modals

3.4.1 Key Generation

A Randomized Key Generation algorithm takes User information and

security parameters as input, and generates private key and public key :

.

3.4.2 Multi Receiver Public Key Encryption

A Multi Receiver Encryption scheme consists of three

Probabilistic Polynomial Time and one Deterministic Polynomial Time

algorithm.

Setup: This is algorithm takes input security parameter k, and outputs the

public system parameters such as finite fields, elliptic curve, and base point.

Key Generation : This is a Key Generation algorithm takes

User information and security parameters as input, and generates

private key and public key : .

Multi Receiver Encryption : This is a Multi Receiver Encryption

Algorithm takes input message and return ciphertext

.

Decryption : This is a Decryption Algorithm, takes input and

return .

3.4.3 Digital Signature

A Signature scheme consists of three and one

algorithm.

Setup: This is algorithm takes input security parameter k, and outputs

the public system parameters such as Finite fields, Elliptic curve, and base

point.

29



private key and public key .

Signature : This is a Signature Algorithm takes input

and returns signature

Verify : This is a Verification takes input and returns

3.4.4 Multi Receiver Signcryption

A scheme consists of three and one

algorithm.



point.



private key and public key .

Multi Receiver Signcryption : This is a Multi Receiver

Signcryption algorithm takes input and returns Multi

Receiver Signcrypted text .

Unsigncryption This is Unsigncryption algorithm, takes

input and return .

3.4.5 Generalized Multi Receiver Signcryption

A generalized multi receiver signcryption scheme

consists of three and one algorithm.



point.

30




Generalized Multi Receiver Signcryption : This is a generalized

multi receiver signcryption , takes input

and returns generalized multi receiver signcrypted

.

When

When

When

Generalized Unsigncryption : This is a generalized

unsigncryption algorithm takes input and return

.

When ,

When ,

When

3.4.6 Blind Multi Receiver Signcryption

Blind multi receiver signcryption scheme

consists of five and one algorithm.


the public system parameters such as Finite fields, Elliptic curve, and

base point.




Blind factor : This is a Blind factor algorithm takes input

and output blind factor .

31

Blind signature : This is a Blind signature algorithm,

takes input and generates output blind signature

.

Blind Multi Receiver Signcryption : This is a blind multi

receiver signcryption algorithm . It takes input and

output

Blind unsigncryption : This is a blind unsigncryption

algorithm. It takes input and returns output

.

3.4.7 Proxy Multi Receiver Signcryption

Proxy multi-receiver signcryption scheme

consists of four and two algorithms.



point.




Proxy warrant generation : This is a proxy warrant generation

algorithm, it takes input and returns ,

Proxy verification : This is proxy warrant verification

algorithm, it takes input and returns .

Proxy Multi Receiver Proxy Signcryption : This is proxy multi

receiver proxy signcryption algorithm, it takes and

returns

Proxy Unsigncryption : This is Proxy Unsigncryption

algorithm. It takes input and

returns .

32

3.5 Security Parameters of Multi Receiver Signcryption

This section presents the security function provided by different multi receiver

signcryption schemes in this dissertation.

3.5.1 Confidentiality

A channel is perfectly confidential if an eavesdropper gets no information about the

content of transmitted plaintext message. It is infeasible for an adaptive attacker to

lesion the contents of the signcrypted message.

3.5.2 Authenticity

Sender authentication means that receiver knows the identity of the sender; while

message authentication means that receiver can validate that, the message was send

by legitimate sender.

3.5.3 Non Repudiation

Sender cannot deny from the signcrypted text he sent. In case of dispute, it is

computationally feasible for a judge/third party to settle the dispute between sender

and receiver in case of such dispute.

3.5.4 Forward Secrecy

It is property of key-agreement protocols ensuring that a session key derived from

private key cannot be compromised if the long-term private key compromised

(Diffie et al. 1992).

3.5.5 Sender Anonymity

Sender anonymity states that the sender concealed his identity from the set of all

possible users or the adversary select two users, he cannot decide which of them

have been communicating(Backes & Kate 2013).

http://www.springerreference.com/docs/html/chapterdbid/317254.html

33

3.5.6 Sender Message Unlinkability

It states that, for a challenge message an adversary does not know whether

they come from the same user or from different users; or for any two actions, the

adversary cannot determine whether the same or different users execute it.

3.5.7 Message Public Verifiability

Let a multi-receiver signcryption scheme is Public

Verifiable with respect to auxiliary algorithms and if

3.5.8 Ciphertext Public Verifiability

Let a multi-receiver signcryption scheme is be public

verifiable with respect to auxiliary algorithms and (Gonz et al. 2013) if

3.5.9 Random Oracle

Hash function shares the features of random oracle. The output of hash function

is random and uniform. It has limitation as no finite algorithm computable function

can implement a true random oracle.

3.5.10 Indistinguishability-Adaptive Chosen Ciphertext Attack

A is said to be Indistinguishability-Adaptive Chosen Ciphertext

Attack secure, if a adversary has a negligible advantage in

the game played between a hypothetical challenger and an

attacker .

34

Setup: Challenger generates sender and each receiver key pairs of algorithm

Give sender and receiver public key pair and each receiver pubic

keys to while keeping sender receiver private key secret.

Phase 1: makes polynomially bounded adaptive queries to the and

Oracles as:

Oracle - produce messages , any receiver Public key and

requires the result of for an attacked receiver private

key . Challenger runs algorithm and retuns the output to .

Oracle - produces and arbitrary sender Public key and requires the

result of for the attacked user private key . runs algorithm

and retuns the output to .

produces two equal-length messages and submit to which flip a

coin to compute a multi receiver signcrypted

text under the attacked user public key and returns to

as challenge.

Phase 2: makes new queries as in Phase 1 while differently should not query

the

Guess: Eventually outputs a bit , wins the game if

The advantege of is defned as:

3.5.11 Existentially Unforgeable-Adaptive Chosen Message Attack

A is said to be existentially unforgeable-adaptive chosen message attack

secure if adversary has a negligible advantage in the

35

following game named , played between a hypothetical challenger

and an attacker .

Setup: Challenger generates sender and each receiver key pairs according to the

definition 5.1of Algorithm

Give sender pubic keys to while keeping sender private key secret.

Attack: can adaptively perform queries to the same oracles defined in Definition 3.

Forgery: At the end of the game produces a cipher text and arbitrary receiver

key . wins the game if under the attack user public key the result of

is a valid message and is not the output

of

.

The advantege of is defned as:

3.6 Cost Analysis Parameters of Multi Receiver Signcryption

Multi receiver signcryption ( ) cost analysis parameters are computational cost

and communication cost/overhead.

3.6.1 Computational Cost Analysis

Computational cost is the time and energy consumption of various crypto

operations. The computational costs measured in term of count of major and minor

operations.

Like standard public key cryptosystem Multi Receiver Signcryption the most costly

operations are Modular Exponentiation ( ), Elliptic Curve Point Scalar

Multiplication ( ) and Bilinear Pairing ( ).

Minor operations are Modular Addition ( ), Modular Multiplication ( ),

Modular Inversion ( ), Elliptic Curve Point Addition ( ), Symmetric

Encryption and Decryption and hash .

36

3.6.2 Communication Cost/Overhead Analysis

Communication cost is the total number of bits transmitted during communication

while communication overhead is the number of extra bits excluding original

message transmitted. The communication overhead depends on the choice cipher

primitive and size of parameters. We assume the NIST minimal security key sizes

are provided in bits (Barker et al. 2011) (Giry 2013) in Table 2.

Table 3. 1 NIST Recommended Crypto Primitives and Key Sizes

Date Minimum of

Strength Symmetric Algorithms

Factoring Modulus

Discrete Logarithm Elliptic Curve

Hash Key

Group

2010 (Legacy)

80 2DES 1024

160 1024 160

SHA-1 SHA-224 SHA-256 SHA-384 SHA-512

2011 – 2030 112 3DES 2048 224 2048 224

SHA-224 SHA-256 SHA-384 SHA-512

> 2030 128 AES-128 3072 256 3072 256 SHA-256-512

37

Chapter 4

RESULTS AND DISCUSSION

4 Introduction

In this Chapter, we propose six different types of multi receiver signcryption

schemes ( ) based on elliptic curves for secure message multicast.

In section 4.1, proposed efficient multi-receiver signcryption scheme has security

features of multicast messages confidentiality, integrity, sender authenticity and

non-repudiation; fulfills the security parameters of signcryption. Forward secrecy is

one of considerable property of message confidentiality. Existing forward

signcryption schemes are for secure unicast communication not multicast; and multi-

receiver signcryption schemes lack forward secrecy. In section 4.2, proposed multi-

receiver signcryption scheme with forward secrecy. Firewalls play an important role

to prevent malicious traffic. Firewalls verifiable signcryption enable it to verify

encrypted traffic. Existing firewalls verifiable signcryption are for unicast not

multicast, and multi receiver signcryption schemes lack firewalls verifiability. In

section 4.3, proposed multi-receiver signcryption scheme for firewalls has additional

feature of encrypted message authentication used for firewalls application. In section

4.4, proposed generalized multi-receiver signcryption scheme has the functionality

of digital signature, multi- receiver encryption and multi receiver signcryption and

has security features of multicast messages confidentiality, integrity, sender

authenticity and non-repudiation; fulfill the security parameters of signcryption. In

section 4.5, proposed blind multi-receiver signcryption scheme has the functionality

of sender anonymous multi receiver signcryption and has security features of

multicast messages confidentiality, integrity, sender authenticity, non-repudiation

and forward secrecy. In section 4.6, proposed proxy multi-receiver signcryption

scheme. It has the functionality of designated agent multi receiver signcryption and

has security features of multicast messages confidentiality, integrity, sender

authenticity and non-repudiation.

38

4.1 An Efficient Multi Receiver Signcryption Scheme

Proposed efficient multi-receiver signcryption consists of four phases: Setup, Key

Generation, Multi-Receiver Signcryption and Unsigncryption.

4.1.1 Setup

In setup phase, the security parameters such as finite field, elliptic curve, and base

point are defined and published in-group members.


In key generation phase member of the multicast group randomly

generate private key and computes public key

where . Each member of the multicast group get certificate of his

public key from the CA and publish to the group member.

4.1.3 Multi-Receiver Signcryption

Let Alice (Sender) wants to multicast a message vector to a group of

receivers having identities ( in a confidential and authenticated way.

Sender runs algorithm 4.1 to generate signcrypted text and multicast it to

group of receivers.

39

Algorithm 4.1 MRSC

1. Verifies each receiver public key by using their certificates

2. Selects randomly an integer

3. Computes

4. Computes

5. Computes


7. For each recipient

i. Computes

ii. Computes

8. Computes

9.

Multicast the Signcrypted text

4.1.4 Unsigncryption

Each member of multicast group gets multicast signcrypted text , obtains the

message and verifies the authenticity of sender and message contents using

deterministic algorithm 4.2.

Algorithm 4.2 USC

1. Verifies sender public key by using his certificate

2. Computes

3. Computes

4. Computes

5. Computes

6. Generates

7. Computes

8. Verify: if accept else

40

4.1.5 Analysis of MRSC

4.1.5.1 Correctness Analysis

Theorem 4.1

The Multi-Receiver Signcryption Schemes is correct if the equation

holds.

Proof:

The equation established so the is correct.

4.1.5.2 Security Analysis

Our proposed multicast instant message communication protocol ensures the basic

security properties of signcryption under the established assumption that solving

with sufficient security parameters is infeasible.

4.1.5.2.1 Confidentiality

Our proposed scheme ensures the multicast message confidentiality. We present the

possible attacks that an attacker can try to break the message confidentiality.

Case 1: An attacker can compute from equation if he computes from

equation . The attacker gets easily but if tries to generate from

equation , and then he has to solve .

41

Case 2: An attacker can compute from equation (4.4) and (4.5) if he computes

from equation (4.3). The attacker gets easily but if tries to generate from


4.1.5.2.2 IND-CCA2

Theorem 4.2

Let denotes the time required for one computation, if no adversary can

solve the in probabilistic polynomial time , performs

queries, queries and queries to oracles run in , the proposed

withstand the in the random oracle modal where

Proof:

The algorithm tries to resolve by taking an input ,

simulates itself as the challenger to serve in the following game, where can ask

at most time of oracles times of and times of

in polynomial time .

Setup: runs the setup algorithm to produce all necessary public parameters

, set at least one receiver public key as the challenge

public key and send to .

Phase 1: Performs a first series of queries handled by of the following kinds as

explained below:

Simulator:

42

A list is maintained by , to keep track the answer given to oracle queries

on . When query on his chosen input , check in lists , if it is

previously defined, that value is retuned, else it pick a random value form range

store in , and returned to .

Simulator:

Produces a message vector and arbitrary receiver public keys

and calls a query. Then run the

oracles as follows:

Selects , Queries , Queries

Computes

Selects randomly an integer

For each recipient

Selects and compute

Queries

Computes

Computes

The ciphertext vector is is returned to

Simulator:

Produces a Multicast Signcrypted text , an arbitrary sender public

key and requires the result of

Then runs the oracles with a signcrypted message , searches the list

according to unsigncryption step and then recovers the message m.

43

Then checks if is in ; if not, moves to the next item of and begins again, else

retrieves and checks if If not, moves to the next item of and

begins again, else returns and stop. If no returns returns .

Challenge: produces two equal length messages never query before,

an arbitrary private key , receiver public keys and requires the

, which flip a coin to compute a multi receiver signcrypted

text and return to as challenge.

Phase 2: make polynomially bounded number of new queries as in Phase 1, but

should not call any query for the message . returns a

guess and realize that is a valid signcrypted text unless asks for one of the hash

value ,

for which . ignores ’s answer and looks into the list for

tuples of the form , retrieves and checks if ; if

this relation holds stops and outputs as the solution of the . If no tuple

of this kind satisfies the above equality, stops and outputs invalid.

Analysis of the game: Assessment of the probability in case of imperfect simulation,

the only case where it can occur when a valid signcrypted text is rejected in a

query. It is simple to see that for every item in , there is exactly one item in

providing a valid and to rejection probability of valid not greater than

.

Since makes total queries during the attack, so we have

and ’s computation time take from the fact that query

requires two operation while the extraction of the solution from implies to

compute at most thus .

4.1.5.2.3 Integrity

Proposed scheme ensures message integrity that no changes occur during

dissemination of message via insecure channel. Receiver obtains the message and

checks the integrity using equation (4.6) and (4.7).

44

If an attacker, change ciphertext the corresponding message also change from

to and message digest as well. It is infeasible for an attacker to change

and by the one-way hash function collision resistant property.

4.1.5.2.4 Unforgeability

Proposed scheme ensures infeasibility of an attacker/ legitimate receiver to compute

valid signature without knowing sender private key .

Let an attacker/ legitimate receiver tries to forge valid parameters

to he must generate from equation (14) for the message that

require to compute from equation (4.3) equivalent to solve . Therefore,

our proposed scheme is unforgeable.

4.1.5.2.5 UF-CMA

Theorem 4.3

The proposed withstand , if no forger with non-negligible can

can solve the in Probabilistic polynomial time , performs

queries, queries and queries to oracles runs in , in the random oracle

modal where

; denotes the time

required for one computing .

Proof:

The algorithm tries to resolve by taking an input , simulates

itself as the challenger and run adversary as subroutine and its goal is to

compute .

45

Setup: Setup: runs the setup algorithm to produce all necessary public

parameters , set sender public key as the

challenge public key and send to .

Phase 1: Performs a first series of queries handled by as in IND-CCA game.

Forgery: produces a cipher text and arbitrary sender key . Win the

game if under the attack user public key the result of is a valid

message and is not the output of

.

Analysis of the game: Now the event queries and queries to oracles run

in , in the random oracle modal where F out put a fake signcrypted text without

asking the corresponding queries is at most

and the probability is to reject

valid is

so the B advantage is

; denotes the time required for one computing .

4.1.5.2.6 Authenticity

Proposed scheme assure sender and received message authenticity. The sender

authenticity confirmed by sender public key certificate.

The message signature use to compute cipher text decryption session key

and further use collision resistance hash function

to verify the message validity.

4.1.5.2.7 Non-Repudiation

In case of a legitimate sender denies from the signcrypted text sent, then any

trusted third party can verify the message contents using Zero knowledge protocol.

Our proposed scheme provides the property of non-repudiation.

4.1.5.3 Efficiency Analysis

We analyzed the efficiency of the proposed scheme in multicast key distribution

phase and secure multicast instant message dissemination phase.

46

Schemes

Signcryption Cost (Sender) Unsigncryption Cost (Each Receiver)

Proposed

(Zhang 1998)

(Yavuz, Alagz,

et al. 2006)

(Elkamchouchi,

A. A. M.

Emarah, et al.

2007)

Schemes Communication Overhead

Proposed

(Zhang 1998)

(Yavuz, Alagz, et al. 2006)

(Elkamchouchi, A. A. M. Emarah, et al. 2007)

(Han & Gui 2009b)

Scheme1

Scheme2

+ | | + | |

(H Elkamchouchi et al. 2009)

(Elkamchouchi 2009)

(Ahmed et al. 2010)

Table 4. 1 Computational cost comparison of existing schemes and proposed MRSC

Table 4. 2 Communication overhead comparison of existing schemes and proposed MRSC

47

4.2 Multi Receiver Signcryption Scheme with Forward Secrecy

Message security attribute forward secrecy coined by (Diffie et al. 1992) is defined as

compromised of sender long-term private key should not result in compromise of

session keys(Boyd & Nieto 2011).

In (H.Y. Jung, K.S. Chang, D.H. Lee 2001), first proposed signcryption scheme with

forward secrecy based on will known . In (Hwang et al. 2005), proposed

signcryption scheme with forward secrecy and message public verifiability, (Toorani

& Shirazi 2008) presented security analysis of (Hwang et al. 2005) scheme. (Ashraf

Ch et al. 2012) proposed first forward secure scheme based on hyper elliptic curves

small key size compare to elliptic curves.

We proposed Multi Receiver Signcryption with Forward Secrecy ( ) based

on elliptic curves. It consists of four phases: Setup, Key Generation, Signcryption and

Unsigncryption.

4.2.1 Setup







public key from CA and publish to the group member.


Let Alice (Sender) wants to multicast a message vector to a group of

receivers having identities ( and public keys in a

confidential and authenticated way with forward secrecy. Sender runs

algorithm 4.3 to generate signcrypted text and multicast it to group

of receivers.

48

Algorithm 4.3 MRSCFS



3. Computes

4. Computes

5. Computes



iii. Computes

iv. Computes

8. Computes

9. Computes

10.



In the Unsigncryption phase, each receiver in the multicast group having

identity select his relevant information from multicast signcrypted

text according to his position, gets and verify the message using

deterministic algorithm 4.4 USC.

Algorithm 4.4 USC


2. Computes

3. Computes

4. Computes

5. Generates

6. Computes

Verifies If true then accept else

49

4.2.5 Analysis of MRSCFS


Theorem 4.4

The Multi-Receiver Signcryption Schemes is correct if the equation

holds.

Proof:

( )

( )

( )



The proposed scheme possesses seven security attributes namely: multicast message

confidentiality, sender authentication, multicast message integrity, multicast

message unforgeability, sender non-repudiation and forward secrecy. The proofs are

based on the will known assumptions: that and are hard [10] and

hash function is one-way collision resistive. The security attributes of the proposed

scheme compared with existing schemes in Table 4.2.


Our proposed scheme provides message confidentiality. Let the attacker

tries to derive the message from , he must obtained secret key .

However, the possible ways to generate is equivalent to solve the .

50

Case 1: An attacker can compute from equation (4.9) if he computes from

equation (4.1). The attacker gets easily but if tries to generate from

equation , and then attacker requires solving .

4.2.5.2.2 Integrity

In our proposed scheme recipient can verify that received message is either original

or corrupted by using equation (4.10) and equation (4.11).

If an attacker changes the related message is changed to such

that and . It is computationally infeasible for an attacker to modify

such that by the one-way hash function collision resistant property.


The attacker/recipient cannot forge valid without the sender private

key . Let the attacker/recipient wants to forge a valid that

attacker eavesdropped/received. They must generate from equation (4.13) .

However, to compute , attacker must compute from equation (4.3) and from

equation (4.12) that is equivalent to solve two , and receiver should compute

from equation (4.3) that is equivalent to solve one . Therefore, the

proposed scheme is unforgeable.

4.2.5.2.4 Authentication

Proposed scheme assure sender and received message authenticity. The sender

authenticity confirmed by sender public key certificate. The message

51

signature used to compute session key, compute

message digest using collision resistance hash function

to verify the message validity.

4.2.5.2.5 Non-repudiation

In case of a legitimate sender deny from the signcrypted text sent,

and then any trusted third party can verify the message contents using ZKP.

4.2.5.2.6 Forward secrecy

If the sender’s long-term private key compromised, the attacker still cannot

recover any previous message from the Signcrypted text . Lets an

attacker gets the sender private key , and wants to compute pre-session key

random number from equation (4.14) still he need to compute using equation

(4.12) but computing from is equivalent to solve .

4.2.5.3 Cost Analysis

The computational efficiency of proposed scheme is analyzed and compared with existing schemes on the base of major operations as shown in Table 2.

Table 4. 3 Computational cost comparison of existing schemes and proposed MRSCFS

Schemes Signcryption Cost (Sender) Unsigncryption Cost (Each Receiver)

Proposed

(Zhang 1998)


(Elkamchouchi, A. A. M.

Emarah, et al. 2007)

52


Proposed

(Zhang 1998)



(Han & Gui 2009b)

Scheme1

Scheme2

+ | | + | |


(Elkamchouchi 2009)

(Ahmed et al. 2010)

Table 4. 4 Communication overhead comparison of existing schemes and proposed MRSCFS

53

4.3 Multi-Receiver Signcryption for Firewall

Firewalls are installed either hardware devices or software applications to enforce

security policies within a network or between networks. It operates at different

layers and protects private local area networks from hostile intrusion. The

application layer firewalls provides the most comprehensive filtering of end user

message authentication.

Fig.4. 1 Application-Level Firewalls for Incoming Message Authentication

The objective of this research is to identify and implement the security requirements

of firewalls for multicast signcrypted messages. To achieve this objective, we

proposed an efficient multi receiver signcryption scheme based on elliptic curves

that enable firewalls to verify the authenticity of the network traffic without

disclosing the contents of the encrypted messages. Proposed multi-receiver

signcryption consists of four phases: Setup, Key Generation, Multi-Receiver

Signcryption and Unsigncryption.

4.3.1 Setup



54







Let Alice (Sender) having identity wants to multicast a message vector

to a group of receivers having identities ( and public keys

in a confidential and authenticated way with firewalls verifiability.

Sender runs a PPT algorithm 4.5 to generate signcrypted text and

multicast it to group of receivers.

Algorithm 4.5 MRSCFV



3. Computes

4. Computes



i. Computes

ii. Computes

7. Computes

8.

9. Computes

10. Computes

11. Return

Multicast the Signcrypted text to each group member

4.3.4 Verification by Firewalls

Firewalls verify the authenticity of received signcrypted text as

follow:

55

Algorithm 4.6 FV

1. Verifies sender public key using their certificate

2. Computes

3. Computes

4. Accept and forwards Signcrypted text if otherwise


Each receiver in multicast group having identity extracts his corresponding

parameters from signcrypted text , verifies and gets the

message using Unsigncryption algorithm as follows:

Algorithm 4.7 USC


2. Computes

3. Computes

4. Accept Signcrypted text if otherwise

5. Computes

6. Computes

7. Computes

8. Computes

Message

4.3.6 Analysis of MESCFV

4.3.6.1 Correction Analysis

Theorem 4.5

Multi Receiver Signcryption firewalls verification is valid if the

sender and verifier conform to the applied protocols .

Proof:

56

=

The equation holds so the verification is correct.

Theorem 4.6

Multi Receiver Signcryption for firewalls is valid if sender and

receiver conform to the protocols.

Proof:

Clearly, the equation is established and is correct.


The security analysis of the proposed scheme is presented, on the established

assumption that solving is hard for sufficient large security parameters.


Let an attacker wants to derive the original message, then attacker must obtain the

secret key and further compute message session key . The following are the

possible cases to derive secret key:




57




4.3.6.2.2 Integrity

Proposed MRSCFV scheme provides message integrity. Firewalls and each recipient

can verify whether the received signcrypted text is the original, and sent by the

legitimate sender or altered using equation (4.18), (4.19) and (4.20). In Signcryption

phase the sender computes using one-way collision resistive hash function using

equation (4.19). If an attacker alter the original ciphertext or then is

changed to

.

It is computationally infeasible for an attacker to modify and due to

one-way hash function collision resistive property.


Let the attacker tries to forge a valid from a previous

eavesdropped . They must generate from Equation (4.22) and (4.23) for

message . For computing valid signature , attacker has to compute sender

private key from Equation (4.3) or secret parameter from Equations (4.21)

equivalent to solve .

58

4.3.6.2.4 Encrypted Message Authentication/Firewalls Verifiability

Proposed scheme assures sender and received encrypted message authenticity.

Firewalls can verify whether received signcrypted text is sent by the legitimate

sender or not without disclosing message contents using deterministic algorithm 4.7

FV.

4.3.6.2.5 Public Verifiability

In case of dispute third party can verify the authenticity of the signcrypted text

using deterministic algorithm 4.7 FV.


Sender cannot deny from a previously sent signcrypted text . In case

of denying the text, third part can resolve the dispute. Sender private and only

known to sender is associated with sender public key . Third party settles the

dispute by verifying the sender public key and ciphertext contents using

deterministic Algorithm 4.4 FV.


The computational efficiency of proposed MRSCFV is analyzed based on two major

operations namely and . Table 3 illustrates the efficiency comparison of

the proposed scheme and existing schemes. The proposed scheme is based on elliptic

curve and efficient than based scheme.

59

Table 4. 5 Computational Cost Comparison of existing schemes and proposed MRSCFV

Schemes Signcryption Cost (Sender) Unsigncryption Cost (Each Receiver)

Proposed

(Zhang 1998)

(Yavuz, Alagz, et al.

2006)

(Elkamchouchi, A.

A. M. Emarah, et al.

2007)

Table 4. 6 Communication overhead comparison of existing schemes and proposed MRSCFV


Proposed

(Zhang 1998)



(Han & Gui 2009b)

Scheme1

Scheme2

+ | | + | |


(Elkamchouchi 2009)

(Ahmed et al. 2010)

60

4.4 Generalized Multi Receiver Signcryption

Generalized signcryption adaptively works as a digital signature scheme, an

encryption scheme, or a signcryption scheme with only one algorithm, suitable for

storage-constrained environments. It is attractive for storage-constrained

environments like smart grid, smart cards, embedded systems, wireless sensor

networks.

Signcryption schemes are efficient, but will not be feasible when only one of three

function: confidentiality, authenticity, or confidentiality and authenticity are

required. To solve the mentioned problem (Han & Yang 2006) (Han et al. 2006)

proposed generalized signcryption scheme adaptively works as an encryption

scheme, a signature scheme or a signcryption scheme. In (Han 2007), first proposed a

multi-receiver GSC scheme in the ROM on assumption, this scheme lack the

functionality of signature only mode. on (Yang et al. 2008) can

adaptively work as signature, multi receiver encryption or multi-receiver

signcryption, but lack confidentiality. In (Han & Gui 2009a), proposed a multi-

receiver GSC scheme under the CDH assumption. However, (Zhou 2012a) (Zhou

2015), show multi-receiver GSC scheme (Han & Gui 2009a) is not IND-CCA2 secure

in the pure encryption and hybrid encryption mode and gives an improvement of

their scheme secure under the CDH assumption, however this is inefficient.

We proposed an efficient generalized multi receiver signcryption scheme. It

consists of four phases: Setup, Key, Generalized Multi Receiver Signcryption and

Generalized Unsigncryption.

4.4.1 Setup






61



4.4.3 Generalized Signcryption

Let a sender want to multicast a message to a group of receivers having

identities and public keys in an authenticated or

confidential, or confidential and authenticated manner, sender run the

algorithm to generate multi receiver signcrypted text .

Algorithm 4.8


2. Computes

3.

i. Selects randomly an integer

ii. Computes

iii. Computes

iv. Computes

v. For each recipient

a. Computes

b. Computes

c.

4.

5. Computes

6. Computes


4.4.4 Generalized Unsigncryption

In the Unsigncryption phase, each receiver in the multicast group having

identity select his relevant information from multicast signcrypted

62

text according to his position, gets and verify the message using

deterministic Algorithm 4.9 GUSC.

Algorithm 4.9

1. Verifies sender public key by using their certificate

2.

{

i. Computes

ii. Computes

iii. Computes

iv. Computes

v. Computes

vi. Accept message if else }

3. {

a. Computes

b. Computes

Accept message as valid if else }

4.4.5 Generalized Signcryption in Different Modes

It will work in three different modes as Multi Receiver Encryption mode or signature

mode or Multi Receiver Signcryption mode according to the security requirement.

The scheme can be used to multicast a message in a confidential, or authenticated, or

confidential and authenticated manner.

Proposed Generalized Multi-Receiver signcryption can work in three different

modes according to need of security functions as signature only mode, encryption

on mode and Signcryption mode.

4.4.5.1 Signature only Mode

Alice signs a message using with variable values and ,

will be equivalent to signs a message.

63

Algorithm 4.10


2. Computes

3.

4.

i. Computes

ii. Computes

5. Return


Any recipient who knows sender’s public key can verify the message as:

Algorithm 4.11


2.

3.

i. Computes

ii. Computes

Accept message as valid if else

4.4.5.2 Encryption only Mode

The scheme will become multi-receiver encryption when

and Sender can encrypt a message receiver’s as:

64

Algorithm 4.12


2. Computes

3.

iii. Selects randomly an integer

iv. Computes

v. Computes

vi. Computes

vii. For each recipient

a. Computes

b. Computes

c.

4.


To get the message each recipient runs deterministic algorithm

Algorithm 4.13


2.

i. Computes

ii. Computes

iii. Computes

iv. Computes

v. Computes

vi. Accept message if else

4.

4.4.5.3 Signcryption only Mode

The scheme will be multi-receiver encryption when and . Any

Sender who knows the receiver’s public key can encrypt a message as:

65

Algorithm 4.14


2. Computes

3.

i. Selects randomly an integer

ii. Computes

iii. Computes

iv. Computes

v. For each recipient

a. Computes

b. Computes

c.

4.

5. Computes

6. Computes


To get the verified message each recipient run deterministic algorithm

Algorithm 4.15


2.

i. Computes

ii. Computes

iii. Computes

iv. Computes

v. Computes

vi. Accept message if else

3.

a. Computes

b. Computes

Accept message as valid if else

66

4.4.6 Analysis of GMRSC

This section presents the correctness, security and efficiency analysis in signature

only mode, encryption only mode and signcryption mode.


This section presents the consistency proofs of proposed scheme in signature only

mode, encryption only mode, signcryption mode and judge verification.

Theorem 4.7

Multi Receiver Generalized Signcryption (signature only mode)

Signature/Verification is valid if sender and each receiver conform to the Equation.

Proof:

Clearly, the equation is established.

Theorem 4.8

Multi Receiver Generalized Signcryption (Encryption only mode)

Encryption/Decryption is valid if sender and receiver conform to the

Equation

Proof:

67

Clearly, the equation is established.

Theorem 4.9

Multi Receiver Generalized Signcryption (signcryption only mode)

Signcryption/Unsigncryption is valid if sender and receiver conform to the

Equations

and

Proof:

Clearly, both the equation holds as proved in theorem 4.8 and 4.9.


The proposed scheme possesses seven security attributes namely: multicast message

confidentiality, sender authentication, multicast message integrity, multicast

message unforgeability, sender non-repudiation and forward secrecy. The proofs are

based on the well known assumptions: that and are hard [10] and

hash function is one-way collision resistive.


Let an attacker tries to derive the original message from signcrypted text

, he must obtained secret key . However, the possible ways to generate

is equivalent to solve the .


equation (4.3). The attacker gets easily but if tries to generate from


Case 2: An attacker knows and can compute from

equation (4.26) if he computes from equation (4.25) but if tries to compute

from and , is solving .

68

4.4.6.2.2 Integrity

In proposed recipient can verify that received message is either original or

corrupted by using equation (4.27) and equation (4.28). If an attacker

changes the related message is changed to such that and

. It is computationally infeasible for an attacker to modify such that

by the one-way hash function collision resistant property.


Let an attacker/recipient wants to forge a valid from a previous one that

attacker eavesdropped/received. They must generate from equation (14) for the

message . However, to compute , attacker must compute from equation

(4.3) and from equation (4.21) that is equivalent to solve two , and receiver

should compute from equation (4.3) that is equivalent to solve one .

Therefore, the proposed scheme is unforgeable.

4.4.6.2.4 Message Authentication

Proposed scheme assures sender and received message authenticity. The sender

authenticity confirmed by sender public key certificate. Receiver computes message

digest using collision resistance hash function and message

signature used and verify the message validity using .

69


In case of dispute between sender and receiver, a trusted third party/Judge can

verify the message and settle the dispute. Receiver forwards to the

trusted third party/Judge the authenticity of message using determinist Algorithm

4.16 JV.

Algorithm 4.16 JV

1. Verifies sender public key using their certificate

2. Computes

3. Computes

Message is sent by the sender having public key if else

4.4.6.2.6 Forward secrecy

Let an attacker gets sender’s private key , still cannot recover any previous

message from the Signcrypted text . Lets an attacker gets the

sender private key , still he need to compute using equation (4.31) from

encrypted message. However, attacker has no access to message and cannot derive

the correct without knowing original message .

Table 4. 7 Security Analysis of proposed GMRSC

Schemes Model

Proposed Yes Yes Yes Yes Yes Yes Yes

(Yang et al. 2008) No Yes Yes Yes Yes No No

(Han & Gui 2009a) No Yes Yes Yes Yes Yes No

(Zhou 2012b) Yes Yes Yes Yes Yes Yes No

(Zhou 2011) Yes Yes Yes Yes Yes No No

70


For a single message; the efficiency measurement, computation operation and

multicast signcrypted text size are two important factors; we present the cost

analysis of proposed scheme and comparison with existing scheme. While designing

cryptographic technique for ubiquitous computing and bandwidth constrained

wireless communication media the most considerable important parameter is

communication overhead.

Proposed scheme is more efficient of all three different modes compared to existing

schemes, with respect to these most expensive operations in Table 4.5.

Table 4. 8 Computational cost comparison of existing schemes and proposed GMRSC

Schemes Mode

Signcryption Cost

(Sender)

Unsigncryption Cost

(Each Receiver)

Proposed

Sign

Enc

Signc

(Yang et al. 2008)

Sign

Enc

Signc

(Han & Gui 2009a)

Sign

Enc

Signc

(Zhou 2012b)

Sign

Enc

Signc

(Zhou 2011)

Sign

Enc

Signc

71

Table 4. 9 Communication overhead comparison of existing schemes and proposed GMRSC

Schemes Mode Communication Overhead

Proposed

Sign

Enc

Signc

(Yang et al. 2008)

Sign

Enc

Signc

(Han & Gui 2009a)

Sign

Enc

Signc

(Zhou 2012b)

Sign

Enc

Signc

(Zhou 2011)

Sign

Enc

Signc

72

4.5 Blind Multi Receiver Signcryption scheme

Anonymous communication has significance applications in electronic voting and

payment system. For anonymous authenticated communication, Chum first

introduces the concept of blind signature scheme having additional properties:

Blindness (signer is unable to see the content of messages) and Untraceability (signer

must not be able to trace the sender (requester), after disclosing the blind signature

to the public).

Blind Signcryption combines the functionalities of blind signature and encryption. It

has application in anonymous confidential communication and protects the sender

privacy to guarantee the freedom of thoughts and freedom of opinion in anonymous

preserved confidential communication like mobile phone voting and payment

system.

Blind signature (Chaum 1983), a variant of digital signature ensure sender

anonymity and demonstrated an online untraceable payment protocol. In (Brands

1994), presented the restrictive blind signature scheme, the requester blinds the

message with some restrictions. In (Nikooghadam & Zakerolhosseini 2009),

proposed blind signature scheme based on the hardness of solving elliptic curves

discrete logarithm problem and efficient compared to schemes based on . In

(Chakraborty & Mehta 2012), proposed a blind signature protocol based on elliptic

curves. Requester puts two locks on the message to ensure that the signer knows

nothing about original message. One lock can be unlocked by the signer. The second

lock is used for blinding the message from the signer.

First blind Signcryption (Awasthi & Lal 2005) is based on and lack public

verifiability. In (Yu & He 2008), first proposed public verifiable scheme based on

. Both the schemes based on have high cost and are not attractive for

scarce resource environment like mobile devices or smart cards based anonymous

confidential communication. In (Ullah et al. 2014), proposed blind signcryption

using elliptic curves cryptosystem. Which is cost efficient compare to based

schemes, it is efficient, but it has syntactical errors. In (Hai-Sheng et al. 2012)

73

proposed first certificateless blind signcryption scheme with partial message

recovery, based on the exiting certificateless blind signature and encryption scheme

with partial message recovery.

For anonymous multicast (Levine & Shields 2002) proposed a first multicast based

initiator anonymous protocol, while cryptographic scheme can be used for

authentication and confidentiality(Shin et al. 2006).

We proposed Blind Multi Receiver Signcryption ( ) using ECC having small

key size and efficiency and having application in anonymous scarce multimedia

service.

Proposed have three participants: signer, requester, verifier; and four

phases: setup, key generation, blind signcryption and unsigncryption.

Fig.4. 2 Blind Multi Receiver Signcryption

4.5.1 Participants

The details of participants in the proposed scheme are as under:

74

4.5.1.1 Sender

Requester is a sender wants to communicate anonymously with receiver. He sends

blind message to signer for sign and after un-blinds signature forward Blind

Signcrypted text to verifier.

4.5.1.2 Signer

Signer is any designated party who signs blinded message sent by requester and gets

zero knowledge about content of messages.

4.5.1.3 Verifier

Verifier is a legitimate receiver obtain message and verify the validity from Blind

Signcrypted text, if yes accept otherwise reject.

4.5.2 Setup

In this phase, the domain parameters of elliptic curve are defined and issued.


In this phase each users choose private key, compute their public key, obtain

certificate from Certificate Authority (CA) and publish.

Sender selects private key and computes public key

Signer selects private key and computes public key

Receiver selects private key and computes public key

=

4.5.4 Blind Multi Receiver Signcryption

Let anonymous sender having identity wants to anonymously multicast a

message vector to a group of receivers having identities (

and public keys in a confidential and authenticated way. Sender and

75

signer runs algorithm 1, 2 and 3 to generate signcrypted

text and multicast it to group of receivers.

4.5.4.1 Sender

Anonymous sender having identity generates blind factor ; sends to signer to

obtain blind signature; a message vector . Sender runs algorithm 1 to

generate blind factor .

Algorithm 4.17 BF


2. Computes

3. Computes

Sends blind factor to Signer

4.5.4.2 Signer

Designated signer gets the blind factor , generates blind signature using

algorithm 4.18 BS, and sends blind signature back to sender.

Algorithm 4.18 BS


2. Computes

3. Generates

Sends to Sender

4.5.4.3 Sender

Anonymous sender having identity anonymously multicasts a message vector

to a group of receivers having identities and public

keys in anonymous, confidential and authenticated way. Sender and

signer run algorithm 4.19 to generate signcrypted text

and multicast it to group of receivers.

76

Algorithm 4.19 BMRSC


2. Selects randomly an integers

3. Computes



a. Computes

b. Computes

6. Computes

7.

Multicast blind signcrypted text

4.5.5 Blind Unsigncryption

In blind unsigncryption phase, each receiver in the multicast group having

identity select his relevant information from blind multicast

signcrypted text according to his position, from anonymous sender,

verify designated signer and its content validity using deterministic algorithm 4.20

BUSC , if verified accept otherwise reject.

Algorithm 4.20 BUSC

1. Computes

2. Computes

3. Computes

4. Generates

5. Computes

6. Verify: if accept else

77

4.5.6 Analysis of BMRSC

4.5.6.1 Correction Analysis

Theorem 4.10

The multi receiver blind signcryption scheme is correct if sender and

receiver confirm to the following equation:

Proof:

=

=

=

= =



The proposed scheme provides additionally security functions: forward secrecy

sender anonymity and message sender unlinkability.

4.5.6.2.1 Message Confidentiality

Let an attacker wants to breach the confidentially of original message, he must get

the secret key . We proved that, possible ways to compute is equivalent to

solve , which is computationally infeasible and provide message

confidentiality.

Case 1: Let an attacker tries to derive from equation (4.33) he should derive

receiver private key from equation (4.1). The attacker gets easily but if tries to

generate from equation , and then he has to solve .

78

Case 2: Let an attacker tries to derive from (4.5) and (4.35), he should derive secret

parameter from (4.34). However, attacker just knows the public parameter and

divisor and computing from (4) is equivalent to solve computational infeasible

problem .

4.5.6.2.2 Message Integrity

The proposed provides message integrity and receiver can verify that the

message is not altered by an attacker. Receiver obtain the message and check the

integrity using equation (4.36) and (4.37). If an attacker, change ciphertext the

corresponding message also change from to and message digest as

will. It is infeasible for an attacker to change and by one-way hash

function collision resistant property.


In proposed scheme, neither attacker nor legitimate receiver can forge the

signature . For forging an eavesdropped or new message using (4.40) and

(4.41), an attacker/ receiver needs to compute signer private key and random

secret parameter from (4.38) and (4.39) is equivalent to solve two .

79

4.5.6.2.4 Signer and Message Authentication

Proposed scheme ensures authentication of signer and message. The receiver uses

the signer public key with its certificate to confirm the validity of the signer.

Signer public key used to compute message secret key using equation (4.38) and

further use collision resistance hash function to verify

the message validity. As signer public key associated with signer private key

insure that the message is signed by the legitimate signer having private

key , while computing from (4.38) by an attacker is equivalent to

solve .

4.5.6.2.5 Non-Repudiation

In case of a legitimate sender deny from sent, then any TTP can

verify the message contents using Zero knowledge protocol. Our proposed scheme

provides the property of non-repudiation.

4.5.6.2.6 Sender Anonymity

Proposed scheme provides sender anonymity. Sender only used random numbers

and sends to receiver, as receiver doesn’t use his private

key in generating signcrypted text, therefore the receiver or any third party has

no way to trace the original sender.

4.5.6.2.7 Message and Original Sender Unlinkability

Proposed scheme provides sender message unlinkability. Sender Computes

and sends to signer if the signer record . If later on

signcrypted messages are publically announce, still Signer/third

party cannot link with sender as sender can argue that Bob can also generate

such pair.

4.5.6.2.8 Forward Secrecy

Let sender and signer long-term private keys compromised, the attacker

still cannot recover any previous message from blind signcrypted text

80

. To compute session key from (4.42) and (4.43), an attacker should

compute from (4.39), equivalent to solve the .

The security comparison of proposed blind multi receiver signcryption and existing

blind signcryption schemes is presented and compared in Table 4.6.

Table 4. 10 Security Analysis of proposed BMRSC

Schemes Model Multi Receiver

Proposed Yes Yes Yes Yes Yes Yes Yes Yes Yes

(Ullah et al. 2014) Yes Yes Yes Yes Yes Yes Yes Yes No

(Awasthi & Lal 2005) Yes Yes Yes Yes Yes Yes Yes Yes No

(Yu & He 2008) Yes Yes No Yes Yes No No Yes No

(Hai-Sheng et al. 2012) Yes Yes No Yes Yes No No Yes No


The proposed signcryption is analyzed; it provides an optimal solution for resource

constrained environments.

Table 4. 11 Computational cost analysis of proposed BMRSC

Proposed Scheme Major Operations Minor Operations

Anonymous Sender

Designated Signer

Receiver

Table 4. 12 Communication overhead of proposed BMRSC

Between Anonymous Sender and

Designated Signer Between Anonymous Sender and Multicast Group

81

4.6 Proxy Multi Receiver Signcryption Scheme

Privilege delegation mechanism has become an essential service in modern

enterprises and organizations. It allows businessperson to extend and operate his

business via designated agent due to temporal absence or lack of time or processing

capability. It has applications in e-commerce such as online proxy auction and

business contract signing etc. Personal pervasive communications devices like

mobile phones, digital assistants have lack of computational capability or battery

power to perform heavy cryptographic computation. Therefore, proxy signature and

signcryption schemes have emerged to delegate intensive computation from a scarce

resource device to more powerful server(Elkamchouchi & Abouelseoud 2008). Proxy

provable data possession (PPDP)(Wang 2013) enable the proxy in public clouds to

connect the cloud service provider and evaluate the loss and discuss the reparation

according to the loss severity.

First the concept of proxy signature based on is coined by (Mambo et al. 1996a).

It allows a designated person, called a proxy signer, to sign on behalf of an original

signer. A complete proxy, partial proxy and entitlement certificate signature is

presented in (Mambo et al. 1996b).

For confidential proxy communication instead of proxy signature and encryption,

(Gamage et al. 1999) first proposed proxy signcryption scheme based on . It has

limitation as secure channel between original and to her proxy agent is required.

Proxy signcryption scheme (Zhang et al. 2004) have properties of forward secrecy

and message public verifiability but with limitation of cost deficiency. The formal e

syntax and notions of security of warrant-based proxy signcryption based on IF

assumption is defined in (Zhou et al. 2005). Another proxy signcryption scheme

(Hassan Elkamchouchi et al. 2009) was proposed with forward secrecy and public

verifiability for the original and proxy signcrypter. It is vulnerable to man in the

middle attack. Two proxy signcryption scheme were proposed in (Elkamshoushy et

al. 2006), first is based on the and second is based on and has been

implemented using Mathematica for realistic (256-bit) parameters.

82

First the concept of multi-proxy multi-signcryption scheme (Lal & Singh 2007) was

coined. In (Swapna et al. 2013), proposed a new identity based multi proxy multi-

signcryption scheme using bilinear pairings. (Elkamchouchi 2013) proposed two

proxy signcryption scheme one is based on the , second is based on and

has been implemented using Mathematica for realistic (256-bit) parameters.

Proxy signcryption scheme has three participants: original signer, proxy signcrypter

and group of designated receivers.

Original signer generates a proxy credential/warrant to delegate his/her signing

authority to a proxy agent. Proxy Agent generates and multicast signcrypted

message to group of receivers. Receiver unsigncryption the message content from

the received signcrypted message, verify its validity and accept or reject.

Fig.4. 3 Proxy Multi Receiver Signcryption

A proxy signcryption scheme consists of the following four phases.

Setup

Key Generation

Proxy Warrant Generation (PGG)

Proxy Warrant Verification (PWV)

Proxy Multi Receiver Signcryption (PMRSC)

Proxy Unsigncryption (US)

83

4.6.1 Setup




Alice ,Proxy, Bob generate there private and compute public keys as:

Sender selects private key and computes public key

Proxy selects private key and computes public key

Receiver selects private key and computes public key

=

4.6.3 Proxy Warrant Generation

In this phase, the Alice signs a warrant message and sends to proxy. This is PPT

algorithm takes the private key of original signer and a warrant as input and

then returns a proxy credential .

Algorithm 4.21 PWG


2. Computes

3. Computes

4. Computes

Send to proxy agent

4.6.4 Proxy Warrant Verification

Proxy agent checks the validity of warrant message. This is deterministic algorithm

takes the public key of original signer , and verify and accept or reject the

warrant . Whether the message is sent by original signer or not. If the message is

from original signer, then accept otherwise reject.

84

Algorithm 4.22 PWV

1. Verifies each sender public key by using their certificates

2. Computes

3. Compute

Accept the warrant if else

4.6.5 Proxy Multi Receiver Signcryption

In this phase proxy on behalf of original user, generates proxy multi-receiver

signcrypted text by using algorithm takes a proxy credential , message ,

using his secret key , and receivers public keys and generates multicast proxy

signcrypted text.

Algorithm 4.23 PMRSC



3. Computes

4. Computes

5. Computes



i. Computes

ii. Computes

8. Computes

9.

Multicast proxy signcrypted text

4.6.6 Proxy Unsigncryption

In proxy Unsigncryption phase, only the intending receiver can recover the plain

text from cipher text. This is deterministic algorithm takes a signcrypted message ,

public key of original user, public key of proxy agent, receiver private key and

returns a valid message otherwise returns an error .

85

Algorithm 4.24 PUSC

1. Verifies each Sender and proxy agent public key by using their

certificates

2. Computes

3. Compute

4. Computes

5. Computes

6. Generates

7. Computes

Verify: if accept else

4.6.7 Analysis of PMRSC


Theorem 4.11

The proxy warrant generation/verification is correct if sender and receiver confirm

to the following equation:

Proof:

The equation established so the proxy multi-receiver signcryption warrant

generation/verification is correct.

Theorem 4.12

The proxy multi receiver signcryption is correct if sender and receiver

confirm to the following equation:

86

Proof:

= =

The equation established so the proxy multi-receiver signcryption scheme

is correct.


Our proposed multicast instant message communication protocol ensures the basic

security properties under the established assumption that solving with

sufficient security parameters is infeasible.


Our proposed scheme ensures the multicast message confidentiality. We present the

possible attacks that an attacker can try to break the message confidentiality.


equation (1). The attacker gets easily but if tries to generate from



from equation (1). The attacker gets easily but if tries to generate from


4.6.7.2.2 Warrant Integrity

Proposed scheme ensures warrant integrity that no one change it during

dissemination via insecure channel to proxy. The sender calculates warrant digest

using equation (10) and sends to proxy.

87

If the attacker changes into the corresponding digest is changed to .

Proxy verifies warrant integrity using equation (4.47), (4.48) and (4.49). It is infeasible

for an attacker to change and by one-way hash function the

collision resistant property.

4.6.7.2.3 Message Integrity

Proposed scheme ensures message integrity that no changes occur during

dissemination of message via insecure channel. Receiver obtains the message and

checks the integrity using equation (4.50) and (4.51).

If an attacker, changes ciphertext the corresponding message also changes

from to and message digest as will. It is infeasible for an attacker to

change and by the one-way hash function the collision resistant

property.

4.6.7.2.4 Warrant Unforgeability

In proposed scheme, only sender generates valid signature of warrant and ensures

infeasibility of an attacker/ legitimate proxy to generate valid signature for a

warrant.

Let an attacker/ legitimate proxy tries to forge valid parameters

to he must generate from equation (4.52) for the message

that require to compute from equation (4.3) equivalent to solve .

Therefore, our proposed scheme is unforgeable.

88

4.6.7.2.5 Message Unforgeability

I proposed scheme only proxy generates a valid signature for message and ensures

infeasibility of an attacker/ legitimate receiver to generate valid signature for a

message.

Let an attacker/ legitimate receiver tries to forge valid parameters

to he must generate from equation (4.53) for the message that

require to computes from equation (4.44) equivalent to solve . Therefore,

our proposed scheme is unforgeable.

4.6.7.2.6 Authenticity

Proposed scheme assures sender and received message authenticity. The sender and

proxy authenticity confirmed by sender and proxy public key certificate.

The message signature used to compute

ciphertext decryption session key, and further use collision resistance hash

function to verify the message and warrant

validity.

4.6.7.2.7 Sender Non-Repudiation

Trusted third party/judge verifies and decides that warrant from sender or not

when proxy provides that verify as:

Algorithm 4.22 PWV

1. Verifies each sender public key by using their certificates

2. Computes

3. Compute

Accept the warrant if else

89

4.6.7.2.8 Proxy Non-Repudiation

In case of a legitimate proxy denies from the signcrypted text sent, then any

trusted third party can verify the message contents using Zero knowledge protocol.

Our proposed scheme provides property of non-repudiation.


The computational efficiency of proposed scheme is analyze and shown in Table 4.9.

Table 4. 13 Computational cost analysis of PMRSC

Proposed Scheme Major Operations Minor Operations

Original User

(Proxy Warrant Generation )

Proxy Agent

(Proxy Warrant Verification)

Proxy Agent

Signcryption

Receiver Unsigncryption

The communication overhead of proposed PMRSC is presented in Table 4.14.

Table 4. 14 Computational overhead analysis of PMRSC

Between Original User and Proxy Agent Between Proxy Agent and Receiver

90

Chapter 5

CONCLUSION AND FUTURE WORK

5.1 Conclusion

Securing multicast communication is an emerging challenge in future wired and

wireless networks. Elliptic curves cryptography has a step forward for

industrialization due to small key size and cost efficiency. Multi receiver

signcryption is a logical combination of digital signature and multi receiver

encryption eye-catching for securing multicast. Multi receiver signcryption schemes

on elliptic curves are more attractive for scarce resource in establish PKI.

This thesis aims to propose efficient construction of multi receiver signcryption

based on ECC. We proposed six multi-receiver signcryption schemes on ECC in PKI

setting.

We presented formal model of an efficient multi-receiver signcryption scheme, its

correctness and detail security analysis. The cost is analyzed and it seems efficient

than existing construction and have applications in confidential and authenticated

multicast session key agreement and instant secure message communication.

Forward secrecy is of prime importance in recent future internet services as 37.8% of

TLS-enabled websites for secure browsing have to use cipher suites with forward

secrecy. To address the requirements of forward secrecy in multicast secure

communication, we proposed multi receiver signcryption scheme with forward

secrecy on ECC in PKI. The correctness, security and cost analysis is given. It ensures

confidentiality of messages even if the sender private key has been stolen by an

attacker. Its low communication overhead could make this construction a better

option for use in resource constrained secure multicast communication.

To enable firewall in multicast setting, we proposed multi receiver signcryption for

firewalls with additional functionality of encrypted message authentication and

enables firewall to verify encrypted message without disclosing message contents

and obtaining any secret parameter from the participants. Its security attributes and

91

cost effectiveness make it a suitable choice for efficient firewall enabled secure

multicast applications.

The concept like Internet of things gained significant attention such that by 2020,

there will be 50 to 100 billion devices connected to the Internet and may require

miscellaneous multicast security requirements like confidentiality, authenticity, or

both. Our proposed generalized multi receiver signcryption scheme based on elliptic

curves endeavor to provide the functionality of digital signature or multi receiver

encryption or multi receiver signcryption with single algorithm, adaptively work in

three different modes according to the security requirement. The proposed scheme

formal model, correctness, security, and cost analysis is presented, that shows its

suitability.

Freedom of thoughts and freedom of opinion is a prime right of develop human

society on global village due to internet. Due biased and unbiased factors human

nature this will be only confirmed if the identity of communicator situates anonyms.

To assure such property in secure multicast environment, we proposed blind multi

receiver signcryption scheme which provides the functionality of sender anonymity.

It has significance in applications as privacy preserve multicast communication;

electronic voting and intelligence/spy services; to protect the sender privacy and

guarantee the freedom of thoughts and freedom of opinion.

People in modern global village are eventful than any human era and ubiquitous

communications devices have lack of computational capability or battery power,

while security become more imperative. To off load the burden of busy people and

scarce resource devices with security assurance in multicast setting we proposed

proxy multi receiver signcryption scheme with the functionality of designated a

proxy agent, makes secure multicast communication on behalf of the original user.

The formal model, correctness, security and cost analysis is given, that shows that

suitability of proposed scheme to off-load intensive computational load from a

scarce resource device to more powerful servers for efficient and secure proxy

communication.

92

5.2 Future Work

We can summarize the survey findings and future directions as follows:

Construction of Multi receiver signcryption for hybrid multicast secure

communication sensor networks like sensor networks and Internet of things (IoT) (Li

& Xiong 2013) wave of innovation to improve and optimize our daily life sensor and

smart object (Keoh et al. 2014).

Construction of new multi receiver signcryption provably secure in the standard

Model. For cost-effective secure post-quantum multicast security quantum attack

resistant multi-receiver signcryption scheme in IB and PKI setting is attractive. Find

new applications for multi receiver signcryption with scarce resource emerging

networks.

Smart grids are emerging to promote sustainable ways of living. Due to hierarchal

structure, multicast is envisioning in many smart grid applications such as various

operation and control, wide area protection, demand-response and in-substation

protection (Zhang & Gunter 2010)(Mahmoud et al. 2013)(Li & Cao 2011). Multi

receiver signcryption scheme can be used to efficiently solve important and

challenging concerns of security and privacy of multicast session key agreement and

instant secure message communication in smart grid.

Multi receiver signcryption can be used to share group temporal key for secure

multicast communication body sensor networks (Movassaghi et al. 2014) and mobile

health systems (Silva et al. 2015) include the use of mobile that interact with patients

and caretakers.

93

References

Ahmed, F., Masood, A. & Kausar, F., 2010. An efficient multi recipient

signcryption scheme offering non repudiation. In 10th International

Conference on Computer and Information Technology. pp. 1577 – 1581.

Al-Riyami, S.S. & Paterson, K.G., 2003. Certificateless Public Key

Cryptography. In Advances in Cryptology-ASIACRYPT 2003. pp. 452–

473.

Anon, Scott Vanstone Award Lecture; Rump Session. Available at:

http://research.microsoft.com/apps/video/default.aspx?id=140735

&r=1.

Ashraf Ch, S., Nizamuddin & Sher, M., 2012. Public Verifiable

Signcryption Schemes with Forward Secrecy Based on Hyperelliptic

Curve Cryptosystem. Communications in Computer and Information

Science, 285 CCIS, pp.135–142. Available at:

http://link.springer.com/10.1007/978-3-642-29166-1{_}12.

Awasthi, A.K. & Lal, S., 2005. An Efficient Scheme for Sensitive Message

Transmission using Blind Signcryption. In arXiv preprint cs/0504095.

Backes, M. & Kate, A., 2013. AnoA: A Framework For Analyzing

Anonymous Communication Protocols. In 26th IEEE Computer

Security Foundations Symposium. pp. 163–178.

Barbosa, M., 2007. Randomness reuse: extensions and improvements. In

Cryptography and Coding, LNCS. pp. 257–276. Available at:

94

http://dl.acm.org/citation.cfm?id=1782597.

Barker, E. et al., 2011. Transitions: Recommendation for Transitioning

the Use of Cryptographic Algorithms and Key Lengths. In NIST

Special Publication 800,131A.

Bellare, M. et al., 2007. Multirecipient encryption schemes: How to save

on bandwidth and computation without sacrificing security. IEEE

Transactions on Information Theory, 53(11), pp.3927–3943.

Bellare, M., Boldyreva, A. & Staddon, J., 2003. Multi-Recipient

Encryption Schemes: Security Notions and Randomness Re-Use.

Public Key Cryptography, Lecture Notes in Computer Science, 2567, pp.1–

30.

Bohio, M. & Miri, A., 2004. An Authenticated Broadcasting Scheme for

Wireless Ad hoc Network. In 2nd Annual Conference on

Communication Networks and Services Research. pp. 69 – 74.

Boneh, D. & Franklin, M., 2003. Identity-based encryption from the Weil

pairing. SIAM Journal on Computing. Available at:

http://epubs.siam.org/doi/abs/10.1137/S0097539701398521.

Bos, J., Halderman, J. & Heninger, N., 2014. Elliptic Curve Cryptography

in Practice. Financial Cryptography and Data Security, LNCS, 8437,

pp.157–175. Available at: http://cryptome.org/2013/11/ecc-

practice.pdf.

Boyd, C. & Nieto, J.G., 2011. On forward secrecy in one-round key

95

exchange. In Cryptography and Coding, LNCS 7089. pp. 451–468.

Brands, S., 1994. Untraceable off-line cash in wallet with observers. In

Advances in Cryptology—CRYPTO’93. pp. 302–318.

Certicom Research, 2009. Certicom ECC Challenge. , pp.1–50.

Chakraborty, K. & Mehta, J., 2012. A Stamped Blind Signature Scheme

based on Elliptic Curve Discrete Logarithm Problem. International

journal of Network Security, 14(6), pp.316–319.

Chaum, D., 1983. Blind signatures for untraceable payments. In Advances

in cryptology. pp. 199–203.

Chiu, Y.T., Lin, C.S. & Chang, C., 2000. A Secure Agent-based

Framework for Internet Trading in Mobile Computing

Environments. In Distributed and Parallel Databases. pp. 85–117.

Chuanrong, Z. & Hong, X., 2009. Threshold key management protocol in

mobile ad hoc networks using an ID-based signcryption scheme. In

2009 International Conference on Cyber-Enabled Distributed Computing

and Knowledge Discovery. pp. 233–237. Available at:

http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=

5342189.

Corporation, D.E., 1981. The ethernet: a local area network: data link

layer and physical layer specifications. ACM SIGCOMM Computer

Communication Review, 11(3), pp.20–66.

96

Curtmola, R., 2007. A Mechanism for Communication-Efficient

Broadcast Encryption over Wireless Ad Hoc. In Electronic Notes in

Theoretical Computer Science. pp. 57–69. Available at:

http://dx.doi.org/10.1016/j.entcs.2006.11.009.

Deering, S.E., 1991. Multicast routing in a datagram internetwork. PhD

Dissertation, Department of Computer Science Stanford University,

(December). Available at:

http://oai.dtic.mil/oai/oai?verb=getRecord{&}metadataPrefix=htm

l{&}identifier=ADA325909.

Diffie, W. & Hellman, M., 1976. New directions in cryptography. IEEE

Transactions on Information Theory, 22(6), pp.644 – 654.

Diffie, W., van Oorshot, P. & Wiener, M., 1992. Authentication and

Authenticated Key Exchange. Designs, Codes and Cryptography,

2(169), pp.107–125.

Ding, W., Wang, H. & Wei, X., 2013. Many-to-many multicast routing

schemes under a fixed topology. The Scientific World Journal, 2013,

pp.1–11.

Dodis, Y., 2010. Practical Signcryption A. Dent, Yuliang. Zheng, ed.,

Springer-Verlag Berlin Heidelberg. Available at:

http://www.springerlink.com/index/10.1007/978-3-540-89411-7.

Donnan, R.A., 1985. IEEE Standards for local area networks Token ring,

Duan, S. & Cao, Z., 2006. Efficient and provably secure multi-receiver

97

identity-based signcryption. In Information Security and Privacy,

LNCS. Springer Berlin Heidelberg, pp. 195–206. Available at:

http://link.springer.com/chapter/10.1007/11780656_17.

Elgamal, T., 1985. A public key cryptosystem and a signature scheme

based on discrete logarithms. Advances in cryptology LNCS, 196,

pp.10–18.

Elkamchouchi, H., 2009. A New Efficient Publicly Verifiable

Signcryption Scheme and its Multiple Recipients Variant for

Firewalls Implementation. In 26th National Radio Science Conference.

pp. 1–9.

Elkamchouchi, H., 2013. An efficient proxy signcryption scheme based

on the discrete logarithm problem. International Journal of ….

Elkamchouchi, H. & Abouelseoud, Y., 2007a. A Multi-Recipient Tree-

Based Signcryption Scheme. In International Conference on Signal

Processing and Communications. pp. 69–72.

Elkamchouchi, H. & Abouelseoud, Y., 2007b. A New Multi-Recipient

Tree-Based Signcryption Scheme. In International Conference on

Computer Engineering & Systems. pp. 126 – 130.

Elkamchouchi, H. & Abouelseoud, Y., 2008. A New Proxy Identity-

Based Signcryption Scheme for Partial Delegation of Signing Rights.

IACR Cryptology ePrint Archive 2008, 41.

Elkamchouchi, H., Nasr, M. & Ismail, R., 2009. A new efficient multiple

98

broadcasters signcryption scheme (MBSS) for secure distributed

networks. In 5th International Conference on Networking and Services.

pp. 204–209.

Elkamchouchi, H., Nasr, M. & Ismail, R., 2009. A new efficient strong

proxy signcryption scheme based on a combination of hard

problems. In IEEE International Conference on Systems, Man and

Cybernetics. pp. 5123–5127.

Elkamchouchi, H.M., 2007. A New Public Key Multi-Message Dynamic

Signcryption ( PK-MM-DS ) Scheme for Cryptographic

Transmission. In 24th National Radio Science Conference (NRSC 2007).

pp. 1–10.

Elkamchouchi, H.M., Emarah, A.A.M. & Hagras, E.A.A., 2007. A new

efficient public key multi-message multi-recipient signcryption (PK-

MM-MRS) scheme for provable secure communications. In

International Conference on Computer Engineering and Systems. pp. 89–

94.

Elkamchouchi, H.M., Emarah, A.M. & Hagras, E.A.A., 2007. Public Key

Multi-Message Signcryption (PK-MMS) scheme for secure

communication systems. In Fifth Annual Conference on Communication

Networks and Services Research. pp. 329–334.

Elkamchouchi, H.M. & Hagras, E., 2009. Public Key Threshold Multi-

Message Signcryption (PK-TMMS) scheme with (t, n) shared

verification. In National Radio Science Conference. pp. 1–9.

99

Elkamshoushy, D.H., AbouAlsoud, a. K. & Madkour, M., 2006. New

proxy signcryption scheme with DSA verifier. In National Radio

Science Conference. pp. 1–8.

Feng, M. et al., 2006. Signed MSB-Set Comb Method for Elliptic Curve

Point Multiplication. In Information Security Practice and Experience,

LNCS. pp. 13–24.

Fiat, A. & Naor, M., 1994. Broadcast encryption. In 13th annual

international cryptology conference on Advances in cryptology, LNCS. pp.

480–491.

Franklin, M., Hsiao, C.-Y. & Reyzin, L., 2004. Finding Collisions on a

Public Road, or Do Secure Hash Functions Need Secret Coins? In

Advances in Cryptology – CRYPTO 2004 - LNCS 3152. pp. 92–105.

Available at:

http://www.springerlink.com/content/8nabgcve9ht5lhtt/.

Gamage, C., Leiwo, J. & Zheng, Y., 1999. An Effcient Scheme for Secure

Message Transmission using Proxy-Signcryption. In 22nd

Australasian Computer Science Conference. pp. 420–431.

Gemmell, J. & Gray, J., 2000. Fcast Multicast File Distribution. IEEE

Network, 14(1), pp.58–68.

Gifford, D.K., 1979. Weighted voting for replicated data. In 7th ACM

symposium on Operating systems principles. pp. 150–162. Available at:

http://portal.acm.org/citation.cfm?doid=800215.806583.

100

Giry, D., 2013. Keylength - NIST Report on Cryptographic Key Length

and Cryptoperiod. Available at:

http://www.keylength.com/en/4/.

Gonz, J.M. et al., 2013. Publicly Verifiable Ciphertexts. Journal of

Computer Security, 21(5), pp.749–778.

H.Y. Jung, K.S. Chang, D.H. Lee, J.I.L., 2001. Signcryption schemes with

forward secrecy. In Proceeding of WISA 2. pp. 403–475.

Hai-Sheng, Q., Lei, Z. & Yan-Qiang, F., 2012. Certificateless Blind

Signcryption Scheme with Message Recovery Design. In In

International Conference on Computer Science & Service System. pp. 867–

870.

Han, Y. et al., 2006. ECGSC: Elliptic Curve based Generalized

Signcryption. In Ubiquitous Intelligence and Computing, LNCS-4159.

Springer Berlin Heidelberg, pp. 956–965.

Han, Y., 2007. Generalization of signcryption for resources constrained

environments. Wireless Communications and Mobile Computing, 7(7),

pp.919–931.

Han, Y. et al., 2010. Parallel multi-recipient signcryption for multicast

networks. International Journal of Innovative Computing, Information

and Control, 6(8), pp.1349–4198.

Han, Y. & Gui, X., 2009a. Adaptive Secure Multicast in Wireless

Networks. International Journal of Communication Systems, 22(9),

101

pp.1213–1239.

Han, Y. & Gui, X., 2009b. Multi Recipient Signcryption for Secure Group

Comomunication. In 4th IEEE Conference on Industrial Electronics and

Applications. pp. 161–165.

Han, Y., Gui, X. & Wang, X., 2008. Multi-Recipient Signcryption for

Secure Wireless Group Communication. In IACR Cryptology ePrint

Archive 253.

Han, Y. & Yang, X., 2006. ECGSC: Elliptic Curve based Generalized

Signcryption Scheme. In IACR Cryptology ePrint Archive:126.

Han, Y., Yang, X. & Hu, Y., 2004. Signcryption based on elliptic curve

and its multi-party schemes. In 3rd international conference on

Information security. pp. 216–217.

Handley, M., 2000. Session Announcement Protocol. In RfC. pp. 1–18.

Available at:

http://www.protocolbase.net/protocols/protocol_SAP.php.

Hankerson, D., Menezes, a J. & Vanstone, S., 2006. Guide to Elliptic Curve

Cryptography,

Hassan M. Elkamchouchi , Eman F. Abu Elkhair, Y.A., 2013. An Efficient

Proxy Signcryption Scheme. International Journal of Information

Technology, Modeling and Computing, 1(2), pp.7–19.

Hien, D.T., Tien, T.N. & Hien, T.T.T., 2010. An Efficient Identity-Based

102

Broadcast Signcryption Scheme. In 2nd International Conference on

Knowledge and Systems Engineering. pp. 209 – 216.

Hiwatari, H. et al., 2009. Multi-recipient Public-Key Encryption from

Simulators in Security Proofs. In Information Security and Privacy,

LNCS. pp. 293–308.

Holbrook, H.W., Singhal, S.K. & Cheriton, D.R., 1995. Log-Basecl

Receiver-Reliable Multicast for Distributed Interactive Simulation. In

ACM SIGCOMM. pp. 328–341.

Holzinger, A. et al., 2010. Towards life long learning: three models for

ubiquitous applications. Wireless Communications and Mobile

Computing, 10(10), pp.350–1365. Available at:

http://eprints.soton.ac.uk/266684/.

Hwang, R., Lai, C. & Su, F., 2005. An efficient signcryption scheme with

forward secrecy based on elliptic curve. Applied Mathematics and

Computation, 2005(167), pp.870–881.

In Tae Kim & Seong Oun Hwang, 2011. An efficient identity-based

broadcast signcryption scheme for wireless sensor networks. In

International Symposium on Wireless and Pervasive Computing. pp. 1–6.

Available at:


5751323.

Ishai, Y., Kushilevitz, E. & Ostrovsky, R., 2005. Sufficient Conditions for

103

Collision-Resistant Hashing. In Theory of Cryptography, LNCS-3378.

pp. 445–456.

Islam, S. & Atwood, J.W., 2007. A policy framework for multicast group

control. In 4th Annual IEEE Consumer Communications and Networking

Conference, CCNC07. pp. 1103–1107.

Kapoor, V., Abraham, V.S. & Singh, R., 2008. Elliptic curve

cryptography. Ubiquity, 2008(May), pp.1–8. Available at:

http://portal.acm.org/citation.cfm?doid=1386853.1378356.

Keoh, S.L., Kumar, S.S. & Tschofenig, H., 2014. Securing the Internet of

Things: A Standardization Perspective. IEEE Internet of Things

Journal, 1(3), pp.265–275.

Khullar, S., Richhariya, V. & Richhariya, V., 2013a. A survey of Identity

Based Multireceiver Signcryption scheme. International Journal of

Scientific & Engineering Research, 4(4), pp.744–746.

Khullar, S., Richhariya, V. & Richhariya, V., 2013b. An Efficient identity

based Multi-receiver Signcryption Scheme using ECC. International

Journal of Advancements in Research & Technology, 2(4), pp.189–193.

Koblitz, N., 1987. Elliptic curve cryptosystems. Mathematics of

Computation, 48(177), pp.203–203.

Kurosawa, K., 2002. Multi-Recipient Public- key encryption with

shortened ciphertext. In Public Key Cryptography, LNCS. pp. 48–63.

104

Lal, S. & Kushwah, P., 2009. Anonymous ID Based Signcryption Scheme

for Multiple Receivers. In IACR Cryptology ePrint Archive.

Lal, S. & Singh, T., 2007. New ID Based Multi-Proxy Multi-Signcryption

Scheme from Pairings. In arXiv preprint cs/0701044. pp. 1–9.

Levine, B. & Shields, C., 2002. Hordes: A Multicast Based Protocol for

Anonymity. Journal of Computer Security, 10(3), pp.213–240.

Li, F., Hu, Y. & Liu, S., 2007. Efficient and provably secure multi-

recipient signcryption from bilinear pairings. Wuhan University

Journal of Natural Sciences, 12(1), pp.17–20.

Li, F., Xiong, H.X.H. & Nie, X.N.X., 2009. A new multi-receiver ID-based

signcryption scheme for group communications. In International

Conference on Communications, Circuits and Systems. pp. 296–300.

Li, F. & Xiong, P., 2013. Practical secure communication for integrating

wireless sensor networks into the internet of things. IEEE Sensors

Journal, 13(10), pp.3677–3684.

Li, Q. & Cao, G., 2011. Multicast authentication in the smart grid with

one-time signature. IEEE Transactions on Smart Grid, 2(4), pp.686–696.

Mahmoud, M.M.E. a, Misic, J. & Shen, X., 2013. A scalable public key

infrastructure for smart grid communications. In IEEE Global

Telecommunications. pp. 784–789. Available at:

http://ieeexplore.ieee.org/xpls/abs{_}all.jsp?arnumber=6831168.

105

Mambo, M., Usuda, K. & Okamoto, E., 1996a. Proxy signatures for

delegating signing operation. In 3rd ACM conference on Computer and

communications security. pp. 48–57.

Mambo, M., Usuda, K. & Okamoto, E., 1996b. Proxy Signatures:

Delegation of the Power to Sign Messages. IEICE TRANSACTIONS

on Fundamentals of Electronics Communications and Computer Sciences,

E79-A(9), pp.1338–1354.

Meffert, D., 2009. Bilinear Pairings in Cryptography. In Master’s thesis,

Radboud Universiteit Nijmegen.

Miao, S., Zhang, F. & Zhang, L., 2010. Cryptanalysis of a certificateless

multi-receiver signcryption scheme. In International Conference on

Multimedia Information Networking and Security. pp. 593–597.

Miller, V., 1994. Use of elliptic curves in cryptography. In Advances in

Cryptology — CRYPTO ’85, LNCS. pp. 417–426.

Mockapetris, P. V, 1983. Analysis of reliable multicast algorithms for

local networks. ACM SIGCOMM Computer Communication Review,

13(4), pp.150–157.

Movassaghi, S. et al., 2014. Wireless Body Area Networks: A Survey.

IEEE Communications Surveys & Tutorials, 16(3), pp.1658–1686.

Naor, D., Naor, M. & Lotspiech, J., 2001. Revocation and Tracing

Schemes for Stateless Receivers. In Advances in Cryptology, LNCS. pp.

41–62.

106

Nicanfar, H. et al., 2014. Efficient authentication and key management

mechanisms for smart grid communications. IEEE Systems Journal,

8(2), pp.629–640.

Nikooghadam, M. & Zakerolhosseini, A., 2009. An Efficient Blind

Signature Scheme Based on the Elliptic Curve Discrete Logarithm

Problem. The ISC International Journal of Information Security, 1(2).

Park, M. et al., 2013. Key Management for Multiple Multicast Groups in

Wireless Networks. IEEE TRANSACTIONS ON MOBILE

COMPUTING, 12(9), pp.1712–1723.

Qin, H., Dai, Y. & Wang, Z., 2011. Identity based multi receiver

threshold signcryption scheme. Security and Communication Networks,

4(11), pp.1331–1337.

Rajamanickam, V. & Veerappan, D., 2014. Inter cluster communication

and rekeying technique for multicast security in mobile ad hoc

networks. IET Information Security, 8(4), pp.234–239.

Ramsdel, B. & Turner, S., 2010. RFC 5751: Secure/Multipurpose Internet

Mail Extensions (S/MIME) Version 3.2 Message Specification. IETF

Network Working Group, pp.1–45.

Research, C., 2010. Standards for Efficient Cryptography 2 (SEC 2):

Recommended Elliptic Curve Domain Parameters. , 2(Sec 2), pp.1–

33.

Rivest, R.L., Shamir, a. & Adleman, L., 1978. A method for obtaining

107

digital signatures and public-key cryptosystems. Communications of

the ACM, 21(2), pp.120–126.

Selvi, S. et al., 2008. Efficient and provably secure certificateless multi-

receiver signcryption. In Provable Security LNCS 5324. pp. 52–67.

Selvi, S. & Vivek, S., 2008. On the Provable Security of Multi-Receiver

Signcryption Schemes. In IACR Cryptology ePrint Archive.

Selvi, S.S.D. & Vivek, S.S., 2008. Cryptanalysis of id-based signcryption

scheme for multiple receivers. In Cryptology ePrint Archive, Report.

Selvi, S.S.D., Vivek, S.S. & Rangan, C.P., 2009. A note on the

Certificateless Multi-receiver Signcryption Scheme. IACR Cryptology

ePrint Archive.

Service(NSA/CSS), N.S.A.S. & Service(NSA/CSS), N.S.A.S., 2009. The

Case for Elliptic Curve Cryptography .

Shamir, A., 1985. Identity-based cryptosystems and signature schemes.

Advances in Cryptology CRYPTO 84, LNCS, 196, pp.47–53.

Sharmila Deva Selvi, S., Sree Vivek, S., Srinivasan, R., et al., 2009. An

efficient identity-based signcryption scheme for multiple receivers.

In Advances in Information and Computer Security, LNCS. pp. 71–88.

Sharmila Deva Selvi, S., Sree Vivek, S. & Pandu Rangan, C., 2009.

Breaking and fixing of an identity based multi-signcryption scheme.

In Provable Security, LNCS. pp. 61–75.

108

Shin, D. et al., 2006. Anonymous Voting Scheme on Multicast. , pp.1034–

1039.

Silva, B.M.C. et al., 2015. Mobile-health: A review of current state in

2015. Journal of biomedical informatics, 56(2015), pp.265–272.

Smart, N.P., 2005. Efficient Key Encapsulation to Multiple Parties. In

Security in Communication Networks. Springer Berlin Heidelberg, pp.

208–219.

Sun, Y.X. & Li, H., 2010. Efficient signcryption between TPKC and

IDPKC and its multi-receiver construction. Science China Information

Sciences, 53(3), pp.557–566. Available at:

http://link.springer.com/article/10.1007/s11432-010-0061-5.

Swapna, G., Reddy, P.V. & Gowri, T., 2013. Efficient identity based

multi-proxy multi-signcryption scheme using bilinear pairings over

elliptic curves. In International Conference on Advances in Computing,

Communications and Informatics. pp. 418–423.

T Okamoto, E Okamoto, R.T., 2008. ECDSA-Verifiable Signcryption

Scheme with Signature Verification on the Signcrypted Message. In

Information Security and Cryptology, LNCS 4990. pp. 11–24.

Toorani, M. & Shirazi, a. a B., 2008. Cryptanalysis of an efficient

signcryption scheme with forward secrecy based on elliptic curve. In

International Conference on Computer and Electrical Engineering. pp.

428–432. Available at:

109

http://linkinghub.elsevier.com/retrieve/pii/S0096300304005351.

Toorani, M. & Shirazi, A.A.B., 2010. Cryptanalysis of an elliptic curve-

based signcryption scheme. International Journal of Network Security,

10(6), pp.51–56.

Tran, T.T. et al., 2013. Secure wireless multicast for delay-sensitive data

via network coding. IEEE Transactions on Wireless Communications,

12(7), pp.3372–3387.

U.S. Department of Commerce. National Institute of Standards and

Technology, 2013. Digital Signature Standard ( DSS ). Federal

Information Processing Standards Publication 186-4, (FIPS PUB 186-4),

pp.1–121.

Ullah, R., Umar, A.I. & ul Amin, N., 2014. Blind signcryption scheme

based on elliptic curves. In Conference on Information Assurance and

Cyber Security (CIACS). IEEE, pp. 51–54.

Vijayan R, S.S., 2011. A Novel approach for Implementing Security over

Vehicular Ad hoc network using Signcryption through Network

Grid. International Journal of Advanced Computer Science and

Applications (IJACSA), 2(4), pp.44–48. Available at:

http://ijacsa.thesai.org/.

Wang, H., 2013. Possession in Public Clouds. IEEE TRANSACTIONS ON

SERVICES COMPUTING, 6(4), pp.551–559.

Wang, H., Zhang, Y. & Qin, B., 2012. Analysis and improvements of two

110

identity based anonymous signcryption schemes for multiple

receivers. In 11th IEEE Int. Conference on Ubiquitous Computing and

Communications. pp. 1057–1062.

Wang, X., Tao, M. & Xu, Y., 2014. Outage analysis of cooperative secrecy

multicast transmission. IEEE Wireless Communications Letters, 3(2),

pp.161–164.

Wang, X., Yang, X. & Han, Y., 2010. Provable Secure Generalized

Signcryption. Journal of Computers, 5(5).

Wang, Y. & Li, T., 2004. LITESET/A++: a new agent-assisted secure

payment protocol. In IEEE International Conference on E-Commerce

Technology. pp. 244–251.

Wu, L., 2012. An ID-Based Multi-Receiver Signcryption Scheme In

MANET. Journal of Theoretical & Applied Information Technology, 46(1),

pp.120–124.

Yang, X. et al., 2008. New ECDSA-verifiable multi-receiver

generalization signeryption. In 10th IEEE International Conference on

High Performance Computing and Communications, HPCC 2008. pp.

1042–1047.

Yavuz, A. a., AlagöZ, F. & Anarim, E., 2010. A new multi-tier adaptive

military MANET security protocol using hybrid cryptography and

signcryption. Turkish Journal of Electrical Engineering and Computer

Sciences, 18(1), pp.1–21.

111

Yavuz, A.A., 2014. An Efficient Real-Time Broadcast Authentication

Scheme for Command and Control Messages. IEEE

TRANSACTIONS ON INFORMATION Forensics And Security, 9(10),

pp.1733–1742.

Yavuz, A.A., Alagoz, F. & Anarim, E., 2006. HIMUTSIS: Hierarchical

Multi-tier Adaptive Ad-hoc Network Security Protocol Based on

Signcryption Type Key Exchange Schemes. In Computer and

Information Sciences – ISCIS 2006, LNCS. pp. 434–444.

Yavuz, A.A., Alagz, F. & Anarim, E., 2006. NAMEPS: N -tier satellite

multicast security protocol based on signcryption schemes. In IEEE

Global Telecommunications Conference. IEEE, pp. 1–6. Available at:


4151161.

Yu, X. & He, D., 2008. A new efficient blind signcryption. Wuhan

University Journal of Natural Sciences, 13(6), pp.662–664.

Yu, Y. et al., 2007. Efficient identity-based signcryption scheme for

multiple receivers. In Autonomic and Trusted Computing LNCS 4610.

Springer, Heidelberg 2007, pp. 13–21.

Zhang, B. & Xu, Q., 2010. An ID-based anonymous signcryption scheme

for multiple receivers secure in the standard model. In Advances in

Computer Science and Information Technology, LNCS. pp. 15–27.

Zhang, B. & Xu, Q.-L., 2010. Identity-Based Multi-Signcryption Scheme

112

without Random Oracles. Chinese Journal of Computers, 33(1), pp.103–

110.

Zhang, B.Z.B. & Xu, Q.X.Q., 2010. An ID-based Anonymous

Signcryption Scheme for Multiple Receivers. International Journal of

Advanced Science and Technology, 20, pp.9–24.

Zhang, J., Chen, Z. & Xu, M., 2012. On the security of ID-based multi-

receiver threshold signcryption scheme. In 2nd International

Conference Electronics, Communications and Networks (CECNet). pp.

1944 – 1948.

Zhang, J. & Gunter, C.A., 2010. Application-Aware Secure Multicast for

Power Grid Communications. IEEE International Conference on Smart

Grid Communications, 6(1), pp.40–52.

Zhang, J. & Mao, J., 2009. A novel identity-based multi-signcryption

scheme. Computer Communications, 32(1), pp.14–18.

Zhang, Y., 1998. Signcryption and its application in efficient public key

solution. In Information Security Workshop (ISW 97) LNCS. pp. 291–

312.

Zhang, Z., Dong, Q. & Cai, M., 2004. A new publicly verifiable proxy

signcryption scheme. In Progress on Cryptography, The International

Series in Engineering and Computer Science. pp. 53–57.

Zheng, Y., 1997. Digital signcryption or how to achieve cost (signature &

encryption) << cost (signature)+ cost (encryption). In Advances in

113

Cryptology — Crypto ’97 LNCS. pp. 165–179.

Zheng, Y. & Imai, H., 1998. How to construct efficient signcryption

schemes on elliptic curves. Information Processing Letters, 68(5),

pp.227–233.

Zhou, C., 2011. A Multi-Receiver ID-Based Generalized Signcryption

Scheme. In IACR Cryptology ePrint Archive. pp. 1–9.

Zhou, C., 2015. An Improved Multi-receiver Generalized Signcryption

Scheme. International Journal of Network Security, 17(3), pp.340–350.

Zhou, C., 2012a. Cryptanalysis and Improvement of a Multi Receiver

Generalized Signcryption Scheme. IACR Cryptology ePrint

Archive:638.

Zhou, C., 2012b. Cryptanalysis and Improvement of a Multi-Receiver

Generalized Signcryption Scheme. In ACR Cryptology ePrint Archive.

pp. 1–17.

Zhou, Y., Cao, Z. & Lu, R., 2005. Constructing Secure Warrant-Based

Proxy Signcryption Schemes. In Cryptology and Network Security,

LNCS. pp. 172–185.

DESIGN AND ANALYSIS OF MULTI RECEIVER SIGNCRYPTION …

Documents

Transcript of DESIGN AND ANALYSIS OF MULTI RECEIVER SIGNCRYPTION …