Signcryption with Non-interactive Non-repudiation
- 98 Downloads
Signcryption  is a public key primitive that achieves the functionality of both an encryption scheme and a signature scheme simultaneously. It does this more efficiently than a composition of public key encryption and public key signature.
We present a model of security for signcryption schemes that offer non-interactive non-repudiation. This is non-repudiation in which the judge settling a repudiation dispute does not have to get involved in an interactive zero-knowledge proof. Our model applies to many existing schemes in the literature Bao and Deng,  He and Wu,  Peterson and Michels, .
We explain why the scheme proposed in Bao and Deng,  is insecure under any definition of privacy based on the idea of indistinguishable encryptions Goldwasser and Micali, . We describe a modified scheme to overcome the problem. Proofs of security are given for the scheme in the random oracle model Bellare and Rogaway, .
KeywordsSigncryption non-repudiation provable security
Unable to display preview. Download preview PDF.
- Abdalla, M., Bellare, M., Rogaway, P. 2001The Oracle D iffie- H ellman assumptions and an analysis of DHIESIn Topics in Cryptology— CT-RSA 2001. Lecture Notes in Computer Science.2020143158Springer-VerlagGoogle Scholar
- An, JH., Dodis, Y., Rabin, T. 2002On the Security of Joint Signature and EncryptionIn Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science.233283107Springer-VerlagGoogle Scholar
- Baek, R., Steinfeld., , Zheng, Y. 2002Formal proofs for the security of signcryptionIn Public Key Cryptography—PKC 2002. Lecture Notes in Computer Science.22748098Springer-VerlagGoogle Scholar
- Bao, F., Deng, RH. 1998A Signcryption scheme with signature directly verifiable by public keyIn Public Key Cryptography—PKC ’98. Lecture Notes in Computer Science.14315559Springer-VerlagGoogle Scholar
- Barreto P.S.LM., Kim HY., Lynn B., Scott M. (2002). Efficient algorithms for paring-based cryptosystems. In Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science. Springer-Verlag pp. 354–368Google Scholar
- Bellare, M., Boldyreva, A., Micali, S. 2000Public-key encryption in a multi-user setting: Security proofs and improvementsIn Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science.1807259274Springer-VerlagGoogle Scholar
- Bellare M., Desai A., Jokipii E., Rogaway P. (1997). A concrete security treatment of symmetric encryption. In 38 th Annual Symposium on Foundations of Computer Science. IEEE Computer Science Press pp. 394–403Google Scholar
- Bellare, M., Desai, A., Pointcheval, D., Rogaway, P. 1998Relations among notions of security for public-key encryption schemesIn Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science.14622645Springer-VerlagGoogle Scholar
- Bellare, M., Jakobsson, M., Yung, M. 1997Round-optimal zero-knowledge arguments based on any one-way function In Advances in Cryptology—EUROCRYPT ’97Lecture Notes in Computer Science.1233280305Springer-VerlagGoogle Scholar
- Bellare M., Rogaway P. (19993). Random oracles are practical: a paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security pp. 62–73Google Scholar
- Bellare, M., Rogaway, P. 1994Optimal Asymmetric Encryption—How to encrypt with RSAIn Advances in Cryptology—EUROCRYPT ’94. Lecture Notes in Computer Science.95092111Springer-VerlagGoogle Scholar
- Boneh, D., Franklin, M. 2001Identity-based encryption from the weil pairingIn Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science.2139213229Springer-VerlagGoogle Scholar
- Cha, J.C., Cheon, JH. 2003An identity-based signature from gap diffie-hellman groupsIn Public Key Cryptography—PKC 2003.Lecture Notes in Computer Science.25671830Springer-VerlagGoogle Scholar
- Chaum, D., Pederson, TP. 1993Wallet databases with observersIn Advances in Cryptology—CRYPTO ’92. Lecture Notes in Computer Science.74089105Springer-VerlagGoogle Scholar
- Cramer, R., Shoup, V. 1998A practical public key cryptosystem provably secure against adaptive chosen ciphertext attackIn Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science.14621325Springer-VerlagGoogle Scholar
- Galbraith, S., Harrison, K., Soldera, D. 2002Implementing the T ate pairingIn Algorithmic Number Theory (ANTS V) Lecture Notes in Computer Science.2369324337Springer-VerlagGoogle Scholar
- Hess, F. 2003Efficient identity based signature schemes based on pairingsIn Selected Areas in Cryptography (2002) Lecture Notes in Computer Science.2595310324Springer-VerlagGoogle Scholar
- Lee MK., Kim D.K., Park K. (2000). An authenticated encryption scheme with public verifiability. In 4th Korea–Japan Joint Workshop on Algorithms and Computation. pp. 49–56Google Scholar
- Ohta, K., Okamoto, T. 1998On concrete security treatment of signatures derived from identificationIn Advances in Cryptology—CRYPTO ’98ture Notes in Computer Science.1462354369Springer-VerlagGoogle Scholar
- Schnorr, CP. 1990Efficient identification and signatures for smart cardsIn Advances in Cryptology—CRYPTO ’89cture Notes in Computer Science.435235254Springer-VerlagGoogle Scholar
- Verheul, ER. 2001Evidence that XTR is more secure than supersingular elliptic curve cryptosystemsIn Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science.2045195210Google Scholar
- Zheng, Y. 1997Digital signcryption or how to achieve cost (signature & encryption) << cost(signature) + cost(encryption)In Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science.1294165179Springer-VerlagGoogle Scholar