Certificateless aggregate signcryption

The concept of aggregate signcryption was first introduced in 2009 by Selvi et al. Identity based aggregate signcryption schemes, Lecture Notes in Computer Science 5922 LNCS, 2009, pp. 378-397. The aggregation process of these schemes reduces the amount of exchanged information and is particularly useful in low-bandwidth communication networks and computationally-restricted environments such as wireless sensor networks. Selvi et al.'s scheme is in the identity-based setting and suffers from the key escrow problem. The goal of this paper is to overcome this problem and propose a suitable security model for aggregate signcryption in the certificateless setting. We further propose a concrete certificateless aggregate signcryption scheme which is based on Barbosa and Farshim's certificateless signcryption scheme Certificateless signcryption. In: M. Abe, V. Gligor (Eds.), Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS-08), ACM, New York. pp. 369-372. We then prove the security of the proposed scheme in the random oracle model under the gap Bilinear Diffie-Hellman and computational Diffie-Hellman intractability assumptions.