Certificateless Signcryption in the Standard Model

Signcryption can realize encryption and signature simultaneously with lower computational costs and communicational overheads than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. There have been some certificateless signcryption schemes proposed in the standard model up to now, but all of them are just proposed in a weaker Type I security model, which is weaker than the original security model of Barbosa and Farshim, who proposed the first certificateless signcryption scheme. In this paper, we propose a certificateless signcryption scheme in the standard model by using bilinear pairings, which is Type I secure in the original security model of Barbosa and Farshim and can resist the malicious-but-passive key generation center Type II attack. The proposed scheme is proved confidential assuming the modified decisional bilinear Diffie–Hellman (M-DBDH) problem is hard, and unforgeable assuming the square computational Diffie–Hellman (Squ-CDH) problem is hard. At last, we evaluate its efficiency which shows it is of high efficiency.