Certificateless aggregate signcryption: Security model and a concrete construction secure in the random oracle model

The concept of aggregate signcryption was first introduced in 2009 by selvi et al.[identity based aggregate signcryption schemes, lecture notes in computer science 5922 lncs, 2009, pp. 378–397]. the aggregation process of these schemes reduces the amount of exchanged information and is particularly useful in low-bandwidth communication networks and computationally-restricted environments such as wireless sensor networks. selvi et al.’s scheme is in the identity-based setting and suffers from the key escrow problem. the goal of this paper is to overcome this problem and propose a suitable security model for aggregate signcryption in the certificateless setting. we further propose a concrete certificateless aggregate signcryption scheme which is based on barbosa and farshim’s certificateless signcryption scheme [certificateless signcryption. in:m. abe, v. gligor (eds.), proceedings of the 2008 acm symposium on information, computer and communications security (asiaccs-08), acm, new york. pp. 369–372]. we then prove the security of the proposed scheme in the random oracle model under the gap bilinear diffie–hellman and computational diffie–hellman intractability assumptions.