Secure identity‐based signcryption in the standard model

Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature‐then‐encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. In 2009, Yu et al. [12] proposed an identity‐based signcryption (IBSC) scheme in the standard model. In 2010, Zhang [17] pointed out that Yu et al.’s scheme does not have the indistinguishability against adaptive chosen ciphertext attacks (IND‐CCA2) and proposed an improved IBSC scheme. He proved that the improved scheme has the IND‐CCA2 property and existential unforgeability against adaptive chosen messages attacks (EUF‐CMA). However, in this paper, an attack is proposed to show that Zhang’s scheme does not have the IND‐CCA2 property (not even chosen plaintext attacks (IND‐CPA)). We present a fully secure IBSC scheme in the standard model. We prove that our scheme has the IND‐CCA2 property under the decisional bilinear Diffie–Hellman assumption and has the EUF‐CMA property under the computational Diffie–Hellman assumption.