A new efficient publicly verifiable signcryption scheme and its multiple recipients variant for firewalls implementation

Firewalls are one of the most useful and versatile tools available for securing a LAN and other applications such as constructing secure private virtual networks. They are typically operated as a filtering gateway at the LAN-WAN interface, usually a router. A signcryption scheme used in a LAN should satisfy the public ciphertext authenticity property. This requires that any third party should be able to verify the origin of the ciphertext without knowing the content of the message and getting any help from the intended recipient. Signcryption is a novel public key primitive first proposed by Zheng in 1997 to achieve the functionality of both an encryption scheme and a signature scheme simultaneously. It therefore offers the three services: privacy, authenticity and non-repudiation. It does this more efficiently than a composition of public key encryption and public key signature. Although Zheng signcryption scheme was formally proven to be secure, it is not easy to fulfill the property of non-repudiation since the signature cannot be verified publicly. To overcome this problem many signcryption schemes, as Bao Deng scheme, were designed so that the signature is publicly verifiable but this was at the expense of reducing the efficiency compared with the original signcryption scheme. In this paper we propose a signcryption scheme that achieves the public verifiability property with keeping the same efficiency as the original scheme. Also we introduce a multiple recipient variant of the proposed scheme that is more efficient than Zheng´s multiple recipient signcryption schemes. The security of our scheme is based on the intractability of the Discrete Logarithm Problem (DLP) and the Diffie-Hellman Problem (DHP).