关键词: SM2, ECC, 签密, 可证明安全, 随机预言模型

Abstract: A signcryption system combines the functionalities of digital signature and data encryption, significantly reducing computational and communication costs. Most existing signcryption schemes are mainly designed by foreign countries, which does not align with the requirements of independent innovation in core technology and independent and controllable information security. SM2, a Chinese cryptography industry standard for data security, includes both signature and encryption schemes.  It offers high computational and transmission efficiency at the same level of security and has been widely adopted across various sectors. This study proposes the first signcryption scheme based on SM2. The proposed scheme has constantsize public parameters, constantsize public and private keys. Specifically, the private key consists a single integer, while the public key consists of a single group element. The ciphertexts comprises one group element and n bits (n is the total length of signature and plaintext). The security of the proposed scheme relies on ECDH assumption and ECDLP assumption. In the random oracle model, the proposed scheme is proved to be secure. Both theoretical analysis and experimental simulations demonstrate that, compared with the traditional sign and then encrypt processing method, the communication and computational efficiency of the scheme have certain advantages, making it practical for realworld applications.

Key words: SM2, ECC, signcryption, provable security, random oracle model