Advances in Cryptology – ASIACRYPT 2011

Volume 7073 of the series Lecture Notes in Computer Science pp 161-178

On the Joint Security of Encryption and Signature, Revisited

  • Kenneth G. PatersonAffiliated withRoyal Holloway, University of London
  • , Jacob C. N. SchuldtAffiliated withResearch Center for Information Security, AIST
  • , Martijn StamAffiliated withUniversity of Bristol
  • , Susan ThomsonAffiliated withRoyal Holloway, University of London


We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model.