Signcryption is an asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a low computational and communication overhead. In this paper we propose realistic security models for signcryption, which give the attacker power to choose both messages/signcryptexts as well as recipient/sender public keys when accessing the signcryption/unsigncryption oracles of attacked entities. We then show that Zheng's original signcryption scheme is secure in our confidentiality model relative to the Gap Diffie-Hellman problem and is secure in our unforgeability model relative to a Gap version of the discrete logarithm problem. All these results are shown in the random oracle model.
Unable to display preview. Download preview PDF.