Certificateless aggregate signcryption: Security model and a concrete construction secure in the random oracle model

The concept of aggregate signcryption was first introduced in 2009 by Selvi et al. [Identity based aggregate signcryption schemes, Lecture Notes in Computer Science 5922 LNCS, 2009, pp. 378–397]. The aggregation process of these schemes reduces the amount of exchanged information and is particularly useful in low-bandwidth communication networks and computationally-restricted environments such as wireless sensor networks. Selvi et al.’s scheme is in the identity-based setting and suffers from the key escrow problem. The goal of this paper is to overcome this problem and propose a suitable security model for aggregate signcryption in the certificateless setting. We further propose a concrete certificateless aggregate signcryption scheme which is based on Barbosa and Farshim’s certificateless signcryption scheme [Certificateless signcryption. In: M. Abe, V. Gligor (Eds.), Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS-08), ACM, New York. pp. 369–372]. We then prove the security of the proposed scheme in the random oracle model under the gap Bilinear Diffie–Hellman and computational Diffie–Hellman intractability assumptions.