## 1 INTRODUCTION

Signcryption is an effective method in cryptography that enables authentication and confidentiality at same time. Signcryption was first proposed by Zheng [1], which provides authenticity and confidentiality with a lower computational cost when a message needs to be both signed and encrypted. The concept of ring signcryption comes from the ring signature, so we review the concept of ring signature firstly. Ring signature was first introduced by Revest [2]; it makes use of the construction of a “ring” when a message is signed, avoiding revealing the signer's identity. After the scheme was proposed, the researchers pay much attention to it. The first identity-based ring signature scheme with by line parings was proposed by Zhang [3] in 2002. The threshold ring signature was proposed by Bresson [4] and was applied in the ad hoc network. Awasthi [5] proposed an efficient identity-based ring signature scheme and proxy ring signature scheme in 2004. Chen [6] proposed a method that can be applied in the P2P networks.

Ring signcryption is a combination means of aforementioned two methods; it allows a user to signcrypt a message with a set of attributes (including his or her partial attributes that are arbitrarily chosen) and protects his or her sensitive attributes. Many efficient signcryption schemes [7-9] were proposed after the notion of signcryption was proposed. Beak [10] proposed the formal security proof of signcryption scheme in 2007. Qin [11] proposed a signcryption scheme that can be applied in identity-based system with multireceiver. The first identity-based ring signcryption scheme was proposed by Huang [12] in 2005, which enables user to signcrypt a message anonymously. Li [13] first proposed the ring signature scheme in attribute-based encryption (ABE) system in 2008.

Sahai and Waters [14] first proposed the concept of ABE in 2005. In ABE system, user's identities are described with a set of attributes; a user with attribute *ω* can decrypt ciphertext encrypted with attribute *ω*′ if and only if *ω* and *ω*′ are satisfied by the condition that the number of elements in set *ω* ∩ *ω*′ is attained the threshold. Key-policy ABE and ciphertext-policy ABE are two forms of ABE scheme extending from fuzzy ABE recently. In key-policy ABE schemes [15-17], attribute policies are associated with private keys, and ciphertext is labeled with a set of attributes. A user is able to decrypt the ciphertext if and only if the ciphertext attributes set satisfies the policy on the user's private keys. In ciphertext-policy ABE schemes [18-20], the situation is reversed, attribute policies are associated with the ciphertext, and private keys are labeled with attributes. A user is able to decrypt the ciphertext if and only if attributes of user's private keys match the policy of the ciphertext. Chase [21] proposed an ABE scheme that supports multiauthority environment.

In this paper, we first realize ring signcryption in ABE. In our system, a sender can signcrypt messages with his or her partial attributes and construct a “ring” with these attributes to protect the legitimacy of the sender without exposing his or her particular identity. In additional, we propose the corresponding security models and prove our scheme confidentiality and unforgeability in the random oracle models. We also present the efficiency of our scheme by comparisons.

We can consider following scenario: Bob is a clerk in a department of a company with attributes as Company A, Employee, Department B, Driver License. Bob wants to suggest or complain to the leader of his department, and at the same time, he wants to be kept anonymous. In addition, the leader assures that the suggestions or complaints are really from a member of the company. To do this, Bob can take advantage of our method to encrypt his suggests or complaints with attributes such as “Company A,” “Employee,” and “Department B.” The leader can verify and decrypt the ciphertext and be convinced that it is really from someone of Company A, without knowing the particular identity of its sender.

The rest of this paper is organized as follows. Section 2 gives some mathematical background and presents the framework and security notion of attribute-based ring signcryption scheme (ABRSS). In Section 3, we introduce ABRSS. The formal security proof of our scheme is in Section 4. We analyze our scheme by comparisons in Section 5. Finally, the conclusion of this paper is given in Section 6.