分野別セミナー

Revocation functionality is crucial for the practicality of the public key cryptosystems including signcryption. When a user's private key is corrupted by hacking or the period of a contract expires, the cryptosystems must provide a revocation method to revoke the misbehaving/compromised user. Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. However, little work has been published on key revocation in identity-based signcryption. We propose a revocable identity-based signcryption scheme. In the scheme, the master key is randomly divided into two parts: one is used to construct the initial key, the other is used to generate the updated key. Furthermore, they are used to periodically and re-randomly generate full private keys for non-revoked users. Thus, the proposed scheme can revoke users and resist key exposure. In the standard model, we prove the proposed scheme with IND-CCA2 security under the DBDH hardness assumption and EUF-CMA security under the CDH hardness assumption.