Identity-Based Multi-Signcryption with Public Verifiability

: Multi-signcryption can meet the requirement of message signcryption with muti-participant. Since the existing identity-based multi-signcryption scheme cannot offer the function of public verifiability, based on identity and bilinear pairing on the Elliptic Curve, a new scheme with public verifiability is proposed. In the scheme, with the steps which is comparatively independent to the signcryption process, it can provide the public verification of each signcryption in need. Therefore, our scheme efficiently achieves the cryptographic functions of multi-signcryption.


Introduction
Identity based cryptosystems were introduced by Shamir in1984 ( [1]). The idea was to get rid of public key certicates by allowing the user's public key to be the binary sequence corresponding to an information identifying him in a non ambiguous way (e-mail address, IP address combined to a user name, social security number,...).Since Boneh and Franklin gave a practical ID-Based encryption scheme [2] from Weil pairing in 2001, a large number of papers have been published in this area.The concept of public key signcryption schemes was found by Zheng in 1997 ( [3]). The idea of this kind of primitive is to perform encryption and signature in a single logical step in order to obtain confidentiality, integrity, authentication and non-repudiation more efficiently than the sign-then-encrypt approach. Many schemes have been designed as the extension of signcryption such as proxy signcryption, Multi-proxy-signcryption, ID-based signcryption,ect, and many research have been proposed [4][5][6][7][8].
With the continue growth of the internet, user sends and forwards an original message to other users. Through this process, the message may be modified, improved and added a convenient feature by many users. But we must detect the malicious attackers and prevent the malicious code from damaging the receiver or prevent the attackers from obtaining the private messages. Therefore the concept of multi-signcryption was proposed in [9] which can meet with the requirement of multi-signers performing together the signcryption operation on messages and a specific scheme called Seo-Lee scheme was proposed in [10]. It efficiently provides message flexibility, order flexibility, message verifiability, order verifiability, message confidentiality, message unforgeability, non-repudiation and robustness. Based on Seo-Lee scheme, a Multi-signcryption scheme using identity and bilinear pairing was proposed. It greatly decreases the cost of building and managing public key infrastructures ; the expense of the users' management of public-key and their certificates is avoided. Up to the present, various studies on ID-Based multi-signcryption have been proposed [12,13].
Most of the existing ID-Based multi-signcryption scheme don't provide the public verifiability though it is a very important property in many practical application. Even there are some schemes can provide the verification, they need the plaintext or the private key of verifier. In this paper, we propose a new ID-Based multi-signcryption that can provide public verification together with other security properties fulfilled and we also give the analysis of the scheme.

Preliminary Works 2.1 Bilinear Pairings
We consider two groups G 1 (additive) and G 2 (multiplicative) of the same prime order q. We need bilinear maps satisfying the following properties: 1. Bilinearity: , ,we have .
2. Non-degeneracy: The map does not send all pairs in to the identity in G2. Observe that since G1,G2 are groups of prime order this implies that if P is a generator of G1 then e(P,P) is a generator of G2.
3. Computability: there exists an efficient algorithm to compute .
There are two problems that our scheme base on as follows: DBDHP: Given two groups G 1 and G 2 of the same prime order q, a bilinear map and a generator P of G 1 the Decisional Bilinear Diffie-Hellman problem (DBDHP) in (G 1 , G 2 , e) is to decide whether given (P,aP,bP,cP) and an element h ∈G 2 .
CBDHP: Given two groups G 1 and G 2 of the same prime order q, a bilinear map and a generator P ofG 1 , the Computational Bilinear Diffie-Hellman problem (CBDHP) in (G 1 ,G 2 ,e) is to compute given(P,aP,bP,cP).
No algorithm is known to be able to solve any of them so far, though DBDHP is no harder than CBDHP.

Security properties
Due to the identity-based nature of singncryption, and the combined requirements on confidentiality and non-repudiation, the security requirements are multifaceted and quite stringent. We assume Alice is the recipient, I i are the signers and Charlie is a third party. The properties a multi-signctyption should meets are as follows: Confidentiality: It is impossible for the attacker to compute the secret messages m 1 , m 2 , ⋯, m n , or compute the private information of Alice by the signcryption . Unforgeability: It is impossible for any attacker to forge a valid multi-signcryption even any one of I i or Alice. Non-repudiation: Charlie can judge the validity of a signcryption when dispute occurs for sender and recipient.

a new ID-Based multi-signcryption
This section proposes a new ID-Based multi-signcryption schemes with flexibility and verifiability for both message and order.

Setup
The PKG chooses the system parameters that include two groups (G 1 , +) and ( G 2 , ·), a bilinear map e :G 1 ×G 1 →G 2 between these groups, a generator P of G1, a master secret * q Z s ∈ , and a public key Ppub = sP ∈G 1 . It also chooses a secure symmetric scheme (E;D) and hash includes the secret information for Alice. Assume I 1 is the first signer and I i+1 is the next one to I i . According to each signer I i .the signcryption process is as follows:

validity and security analysis
Message flexibility: A message does not need to be fixed beforehand. Therefore each signer can modify an original message. Order flexibility: Neither order of signers nor signers themselves need to be designated beforehand. Therefore we can easily change order of signers, add a new signer and exclude a signer. . Therefore it is impossible to get .
Unforgeability: It is impossible for any attacker to forge a valid signcryption without ,the private key of even any one of I i or Alice.

Non-repudiation:
Since the signcryption of each is unforgeable, once the multi-signcryption is generated, it cannot be denied.  satisfied, the problems of ECDL and BDH are solvable. Verification flexibility: The public verification is alternative and calculates of X i can be omitted. Therefore it will be computed only when we need public verification.

Conclusions
This paper proposed a new ID-Based multi-signcryption with its analysis. The scheme can provides the public verification of signcryption and the signer. It also satisfies the security properties efficiently with short cipher text. It can be applied in e-commerce or e-voting.