Designs, Codes and Cryptography

, Volume 37, Issue 1, pp 81–109

Signcryption with Non-interactive Non-repudiation


DOI: 10.1007/s10623-004-3806-6

Cite this article as:
Malone-Lee, J. Des Codes Crypt (2005) 37: 81. doi:10.1007/s10623-004-3806-6


Signcryption [33] is a public key primitive that achieves the functionality of both an encryption scheme and a signature scheme simultaneously. It does this more efficiently than a composition of public key encryption and public key signature.

We present a model of security for signcryption schemes that offer non-interactive non-repudiation. This is non-repudiation in which the judge settling a repudiation dispute does not have to get involved in an interactive zero-knowledge proof. Our model applies to many existing schemes in the literature Bao and Deng, [4] He and Wu, [22] Peterson and Michels, [28].

We explain why the scheme proposed in Bao and Deng, [4] is insecure under any definition of privacy based on the idea of indistinguishable encryptions Goldwasser and Micali, [20]. We describe a modified scheme to overcome the problem. Proofs of security are given for the scheme in the random oracle model Bellare and Rogaway, [10].


Signcryption non-repudiation provable security 

Copyright information

© Springer Science+Business Media, Inc. 2005

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations