ABSTRACT
In the previous two chapters, constructions of secure certificateless encryption (CLE) and certificateless signature (CLS) schemes in the standard model are discussed and analyzed. However, these schemes suffer from the following clear disadvantages:
The security of these schemes rests on a relatively small set of strong complexity assumptions (e.g., 3-Decisional Diffie–Hellman (DDH) [54],Squ-Computational Diffie–Hellman (CDH) [135], nonpairing-based generalized bilinear Diffie–Hellman (NGBDH) [60,107], and Many-DH [60,107]). In particular, none of these schemes is constructed based on the hardness of well-studied assumptions such as factoring, discrete logarithm assumptions, or even the computational Diffie–Hellman assumption.
The existing secure schemes in the standard model are currently regarded as not being efficient enough for most practical cases. Notably, the computational complexity and the size of the public parameters depend linearly on the number of bits of identity and messages to be involved. This is especially true compared to various “heuristically secure” schemes (i.e., schemes whose security has not been broken thus far) that are much more efficient than these provably secure schemes in the standard model.
