Analysis and Improvement of a Signcryption Scheme with Key Privacy
In PKC’04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.
KeywordsSigncryption Key Privacy Ciphertext Anonymity Bilinear Pairings Gap Diffie-Hellman Groups
Unable to display preview. Download preview PDF.
- 9.Boyen, X.: Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography. In: CRYPTO 2003. LNCS, vol. 2729, pp. 383–399. Springer, Heidelberg (2003)Google Scholar
- 13.Mu, Y., Varadharajan, V.: Distributed signcryption. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 155–164. Springer, Heidelberg (2000)Google Scholar
- 14.Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
- 17.Zheng, Y.: Digital signcryption or how to achieve cost(signature & encryption) < < cost(signature) + cost(encryption). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997)Google Scholar