Designs, Codes and Cryptography

, Volume 37, Issue 1, pp 81–109 | Cite as

Signcryption with Non-interactive Non-repudiation

  • John Malone-LeeEmail author


Signcryption [33] is a public key primitive that achieves the functionality of both an encryption scheme and a signature scheme simultaneously. It does this more efficiently than a composition of public key encryption and public key signature.

We present a model of security for signcryption schemes that offer non-interactive non-repudiation. This is non-repudiation in which the judge settling a repudiation dispute does not have to get involved in an interactive zero-knowledge proof. Our model applies to many existing schemes in the literature Bao and Deng, [4] He and Wu, [22] Peterson and Michels, [28].

We explain why the scheme proposed in Bao and Deng, [4] is insecure under any definition of privacy based on the idea of indistinguishable encryptions Goldwasser and Micali, [20]. We describe a modified scheme to overcome the problem. Proofs of security are given for the scheme in the random oracle model Bellare and Rogaway, [10].


Signcryption non-repudiation provable security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abdalla, M., Bellare, M., Rogaway, P. 2001The Oracle D iffie- H ellman assumptions and an analysis of DHIESIn Topics in Cryptology— CT-RSA 2001. Lecture Notes in Computer Science.2020143158Springer-VerlagGoogle Scholar
  2. An, JH., Dodis, Y., Rabin, T. 2002On the Security of Joint Signature and EncryptionIn Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science.233283107Springer-VerlagGoogle Scholar
  3. Baek, R., Steinfeld., , Zheng, Y. 2002Formal proofs for the security of signcryptionIn Public Key Cryptography—PKC 2002. Lecture Notes in Computer Science.22748098Springer-VerlagGoogle Scholar
  4. Bao, F., Deng, RH. 1998A Signcryption scheme with signature directly verifiable by public keyIn Public Key Cryptography—PKC ’98. Lecture Notes in Computer Science.14315559Springer-VerlagGoogle Scholar
  5. Barreto P.S.LM., Kim HY., Lynn B., Scott M. (2002). Efficient algorithms for paring-based cryptosystems. In Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science. Springer-Verlag pp. 354–368Google Scholar
  6. Bellare, M., Boldyreva, A., Micali, S. 2000Public-key encryption in a multi-user setting: Security proofs and improvementsIn Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science.1807259274Springer-VerlagGoogle Scholar
  7. Bellare M., Desai A., Jokipii E., Rogaway P. (1997). A concrete security treatment of symmetric encryption. In 38 th Annual Symposium on Foundations of Computer Science. IEEE Computer Science Press pp. 394–403Google Scholar
  8. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P. 1998Relations among notions of security for public-key encryption schemesIn Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science.14622645Springer-VerlagGoogle Scholar
  9. Bellare, M., Jakobsson, M., Yung, M. 1997Round-optimal zero-knowledge arguments based on any one-way function In Advances in Cryptology—EUROCRYPT ’97Lecture Notes in Computer Science.1233280305Springer-VerlagGoogle Scholar
  10. Bellare M., Rogaway P. (19993). Random oracles are practical: a paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security pp. 62–73Google Scholar
  11. Bellare, M., Rogaway, P. 1994Optimal Asymmetric Encryption—How to encrypt with RSAIn Advances in Cryptology—EUROCRYPT ’94. Lecture Notes in Computer Science.95092111Springer-VerlagGoogle Scholar
  12. Boneh, D., Franklin, M. 2001Identity-based encryption from the weil pairingIn Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science.2139213229Springer-VerlagGoogle Scholar
  13. Brassard, G., Chaum, D.C. 1988Crénimum disclosure proofs of knowledgeJ. Computer Syst. Sci.37156189CrossRefGoogle Scholar
  14. Cha, J.C., Cheon, JH. 2003An identity-based signature from gap diffie-hellman groupsIn Public Key Cryptography—PKC 2003.Lecture Notes in Computer Science.25671830Springer-VerlagGoogle Scholar
  15. Chaum, D., Pederson, TP. 1993Wallet databases with observersIn Advances in Cryptology—CRYPTO ’92. Lecture Notes in Computer Science.74089105Springer-VerlagGoogle Scholar
  16. Cramer, R., Shoup, V. 1998A practical public key cryptosystem provably secure against adaptive chosen ciphertext attackIn Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science.14621325Springer-VerlagGoogle Scholar
  17. Cramer, R., Shoup, V. 2003and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attackIn SIAM J. Comput.33167226CrossRefGoogle Scholar
  18. Galbraith, S., Harrison, K., Soldera, D. 2002Implementing the T ate pairingIn Algorithmic Number Theory (ANTS V) Lecture Notes in Computer Science.2369324337Springer-VerlagGoogle Scholar
  19. Galbraith, S., Malone-Lee, J., Smart, NP. 2002Public key signatures in the multi-user settingInform. Process. Lett.83263266CrossRefGoogle Scholar
  20. Goldwasser, S., Micali, S. 1984Probabilistic encryptionJ. Computer Syst. Sci.28270299CrossRefGoogle Scholar
  21. Goldwasser, S., Micali, S., Rivest, R. 1998A digital signature scheme secure against adaptive chosen-message attacksSIAM J. Comput.17281308CrossRefGoogle Scholar
  22. He, W.H., Wu, TC. 1999Cryptanalysis and improvement of Petersen– M ichels signcryption schemeIEE Proc.—Computers Digital Techniques.146123124CrossRefGoogle Scholar
  23. Hess, F. 2003Efficient identity based signature schemes based on pairingsIn Selected Areas in Cryptography (2002) Lecture Notes in Computer Science.2595310324Springer-VerlagGoogle Scholar
  24. Lee MK., Kim D.K., Park K. (2000). An authenticated encryption scheme with public verifiability. In 4th Korea–Japan Joint Workshop on Algorithms and Computation. pp. 49–56Google Scholar
  25. Menezes, AJ., Okamato, T., Vanstone, SA. 1993Reducing elliptic curve logarithms to logarithms in a finite field IEEE TransInform. Theory.3916391646CrossRefGoogle Scholar
  26. Ohta, K., Okamoto, T. 1998On concrete security treatment of signatures derived from identificationIn Advances in Cryptology—CRYPTO ’98ture Notes in Computer Science.1462354369Springer-VerlagGoogle Scholar
  27. Patterson, KG. 2002ID -based signatures from pairings on elliptic curvesElectron Lett.3810251026CrossRefGoogle Scholar
  28. Petersen, H., Michels, M. 1998Cryptanalysis and improvement of signcryption schemesIEE Proc.—Computers Digital Techniques.145149151CrossRefGoogle Scholar
  29. Schnorr, CP. 1990Efficient identification and signatures for smart cardsIn Advances in Cryptology—CRYPTO ’89cture Notes in Computer Science.435235254Springer-VerlagGoogle Scholar
  30. Schnorr, CP. 1991Efficient signature generation by smart cardsJ. Cryptol.4161174CrossRefGoogle Scholar
  31. Smart, NP. 2002An identity based authenticated key agreement protocol based on the Weil pairingElectronic Lett.38630632CrossRefGoogle Scholar
  32. Verheul, ER. 2001Evidence that XTR is more secure than supersingular elliptic curve cryptosystemsIn Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science.2045195210Google Scholar
  33. Zheng, Y. 1997Digital signcryption or how to achieve cost (signature & encryption) << cost(signature) + cost(encryption)In Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science.1294165179Springer-VerlagGoogle Scholar

Copyright information

© Springer Science+Business Media, Inc. 2005

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations