A certificate-based signcryption scheme is said to be EUF-CBSC-CMA secure if no probabilistic polynomial-time adversary has non-negligible advantage in both the adversarial games EUF-CBSC-CMA Game-I and EUF-CBSC-CMA Game-II.
It then computes [g.sub.1] = [g.sup.[alpha]] and starts IND-CBSC-CCA2 Game-II by supplying [A.sub.II] with the master key msk = [alpha] and the public parameters params = {G, p, g, [g.sub.1], [l.sub.m], [H.sub.1], [H.sub.2], [H.sub.3]}, where [H.sub.1] ~ [H.sub.3] are random oracles controlled by [A.sub.GDH].
It then computes [g.sub.1] = [g.sup.[alpha]] and starts EUF-CBSC-CMA Game-II by supplying [A.sub.II] with the master key msk = [alpha] and the public parameters params = {G, p, g, [g.sub.1], [l.sub.m], [H.sub.1], [H.sub.2], [H.sub.3]}, where [H.sub.1] ~ [H.sub.3] are random oracles controlled by [A.sub.GDL].