Certificate-based secure three-party signcryption scheme with low costs

A signcryption scheme combining public key encryptions and digital signatures can simultaneously satisfy the security requirements of confidentiality, integrity, authenticity and non-repudiation. In a three-party communication environment, a message signcrypted by one party might have to be securely delivered to the other two and they usually independently decrypt the ciphertext and verify recovered signature. Consequently, traditional signcryption schemes of single-recipient setting are not applicable. In this paper, we elaborate on the certificate-based cryptosystem to propose a provably secure three-party signcryption scheme from bilinear pairings. The security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) are proved in the random oracle model. Moreover, our scheme enables each recipient to solely reveal the signer's original signature for public verification without extra computational efforts when the case of a later dispute over repudiation occurs. To the best of our knowledge, the proposed scheme is the first provably secure signcryption considering three-party communication environments.