Reconciling and improving of multi-receiver signcryption protocols with threshold decryption

Signcryption is a cryptographic primitive that offers both confidentiality and authentication simultaneously, which combines the functionalities of signature and encryption in a provably secure manner. Indistinguishability against adaptive chosen-ciphertext attacks (ind-cca2) and unforgeability against adaptive chosen-message attacks (euf-cma2) are two important security requirements of a signcryption protocol. In a multi-receiver signcryption with a threshold decryption scheme, the ciphertext can be decrypted and verified when arbitrary t or more receivers among the n candidate decrypters work together. Recently, Qin et al. [Security and Communication Networks, 2011] proposed an identity-based multi-receiver signcryption scheme with threshold decryption, and they declared that the scheme achieves ind-cca2 and euf-cma2 security. In this paper, we first indicate that Qin et al.'s scheme is not secure, that is, Qin et al.'s scheme is neither semantically secure against ind-cca2 nor unforgeable against euf-cma2. After that, we present an improved scheme to capture the security requirements. Furthermore, we construct an anonymous version that can preserve the identity privacy of the sender and receiver, and we give the performance evaluation to indicate that our scheme has lower communication overhead although it provides the identity privacy preservation.