无证书的可公开验证聚合签密方案

聚合签密的研究多以基于身份密码体制下提供机密性与认证性，提高验证的效率为目标，存在对证书管理以及密钥托管问题，因此需要设计新的聚合签密算法，在解决证书管理以及密钥托管问题的同时兼顾机密性与高效性。分析了当前主流的聚合签密算法及其发展，利用Zhang等(ZHANG L, ZHANG F T. A new certificateless aggregate signature scheme. Computer Communications, 2009,32(6)：1079-1085)方案，并考虑上述需求，提出了一种新的无证书的聚合签密方案。方案基于双线性Diffie-Hellman(BDH)和计算性Diffie-Hellman(CDH)问题，证明了方案的机密性和不可伪造性。实验结果表明，所提方案在聚合解签密运算量上与其他方案持平或降低；同时，新的方案还满足了可公开验证性，消除了公钥证书的使用，并且解决了基于身份密码体制中的密钥托管问题。

Certificateless aggregate signcryption scheme with public verifiability

The research on aggregate signcryption is mostly based on identity-based encryption to provide confidentiality and authentication, thus improving efficiency. But aggregate signcryption has the problem in certificate management and key escrow. Therefore, it needs to design new aggregate signcryption schemes, which not only solve the problem of certificate management and key escrow, but also guarantee the confidentiality and authentication of the scheme. This paper analyzed the main stream aggregate signcryption schemes and their development. Combined with the scheme of Zhang et al.(ZHANG L, ZHANG F T. A new certificateless aggregate signature scheme. Computer Communications, 2009,32(6)：1079-1085) and the needs mentioned above, this article designed a certificateless aggregate signcryption scheme, and proved its confidentiality and unforgeability based on the Bilinear Diffie-Hellman (BDH) problem and Computational Diffie-Hellman (CDH) problem. The experimental results show that the proposed scheme is more efficient and the amount of computation is equal or lower in comparison with the other schemes. What's more, the new scheme is publicly verifiable, and it eliminates the use of public key certificate and solves the problem in key escrow.