Formal Proofs for the Security of Signcryption

  • Joonsang Baek
  • Ron Steinfeld
  • Yuliang Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)

Abstract

Signcryption is a public key or asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a lower computational and communication overhead. In this paper, we propose a sound security model for signcryption that admits rigorous formal proofs for the confidentiality and unforgeablity of signcryption. A conclusion that comes out naturally from this work is that, as an asymmetric encryption scheme, signcryption is secure against adaptive chosen ciphertext attack in the random oracle model relative to, quite interestingly, the Gap Diffie-Hellman problem, and as a digital signature scheme, signcryption is existentially unforgeable against adaptive chosen message attack in the random oracle model relative to the discrete logarithm problem.

References

  1. 1.
    J. An: Authenticated Encryption in the Public-Key Setting: Security Notions and Analyses, available at http://eprint.iacr.org/.
  2. 2.
    M. Bellare, A. Desai, E. Jokipii and P. Rogaway: A Concrete Security Treament of Symmetric Encryption, Proceedings of FOCS’ 97, IEEE Computer Society Press, 1997, pages 394–403.Google Scholar
  3. 3.
    M. Bellare, A. Desai, D. Pointcheval and P. Rogaway: Relations Among Notions of Security for Public-Key Encryption Schemes, Advances in Cryptology-Proceedings of CRYPTO’ 98, Vol. 1462 of LNCS, Springer-Verlag 1998, pages 26–45.Google Scholar
  4. 4.
    M. Bellare and C. Namprepre: Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm, Advances in Cryptology-Proceedings of ASIACRYPT 2000, Vol. 1976 of LNCS, Springer-Verlag 2000, pages 531–545.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway: Optimal asymmetric encryption, Advances in Cryptology-Proceedings of Eurocrypt’ 94, Vol. 950 of LNCS, Springer-Verlag 1994, pages 92–111.Google Scholar
  6. 6.
    M. Bellare and P. Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proceedings of First ACM Conference on Computer and Communications Security 1993, pages 62–73.Google Scholar
  7. 7.
    R. Cramer and V. Shoup: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack, Advances in Cryptology-Proceedings of CRYPTO’ 98, Vol. 1462 of LNCS, Springer-Verlag 1998, pages 13–25.Google Scholar
  8. 8.
    T. ElGamal: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Trans. Information Theory, 31, 1985, pages 469–472.MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    A. Frier, P. Karlton and P. Kocher: The SSL 3.0 Protocol, Netscape Communications Corp., 1996, available at http://home.netscape.com/eng/ssl3/ssl.toc.html.
  10. 10.
    E. Fujisaki and T. Okamoto: How to Enhance the Security of Public-Key Encryption at Minimum Cost, Proceedings of Public Key Cryptography’ 99 (PKC’ 99), Vol. 1666 of LNCS, Springer-Verlag 1999, pages 53–68.Google Scholar
  11. 11.
    S. Goldwasser and S. Micali: Probabilistic Encryption, Journal of Computer and System Sciences, Vol. 28, 1984, pages 270–299.MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    S. Goldwasser, S. Micali and R. Rivest: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks, SIAM Journal on Computing, 17, 2, 1988, pages 281–308.MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    S. Kent and R. Atkinson: IP Encapsulating Security Payload (ESP), RFC 2406, 1998.Google Scholar
  14. 14.
    H. Krawczyk: The Order Of Encryption And Authentication For Protecting Communications (Or: How Secure Is SSL?), Advances in Cryptology-Proceedings of CRYPTO 2001, Vol. 2139 of LNCS, Springer-Verlag 2001, pages 310–331.Google Scholar
  15. 15.
    K. Ohta and T. Okamoto: On Concrete Security Treatment of Signatures Derived from Identification, Advances in Cryptology-Proceedings of CRYPTO’ 98, Vol. 1462 of LNCS, Springer-Verlag 1998, pages 354–369.Google Scholar
  16. 16.
    T. Okamoto and D. Pointcheval: The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes, Proceedings of Public Key Cryptography 2001 (PKC 2001), Vol. 1992 of LNCS, Springer-Verlag 2001, pages 104–118.Google Scholar
  17. 17.
    D. Pointcheval: Chosen-Ciphertext Security for Any One-Way Cryptosystem, Proceedings of Public Key Cryptography 2000 (PKC 2000), Vol. 1751 of LNCS, Springer-Verlag 2000, pages 129–146.Google Scholar
  18. 18.
    D. Pointcheval and J. Stern: Security Arguments for Digital Signatures and Blind Signatures, Jornal of Cryptology, Vol. 13-Number 3, Springer-Verlag 2000, pages 361–396.MATHCrossRefGoogle Scholar
  19. 19.
    C. P. Schnorr: Efficient Identification and Signatures for Smart Cards, Advances in Cryptology-Proceedings of CRYPTO’ 89, Vol. 435 of LNCS, Springer-Verlag 1990, pages 235–251.Google Scholar
  20. 20.
    C. P. Schnorr and M. Jakobsson: Security of Signed ElGamal Encryption, Advances in Cryptology-Proceedings of ASIACRYPT 2000, Vol. 1976 of LNCS, Springer-Verlag 2000, pages 73–89.Google Scholar
  21. 21.
    R. Steinfeld and Y. Zheng: A Signcryption Scheme Based on Integer Factorization, Proceedings of Information Security Workshop 2000 (ISW2000), Vol. 1975 of LNCS, Springer-Verlag 2000, pages 308–322.Google Scholar
  22. 22.
    Y. Tsiounis and M. Yung: On the Security of ElGamal-Based Encryption, Proceedings of Public Key Cryptography’ 98 (PKC’ 98), Vol. 1431 of LNCS, Springer-Verlag 1998, pages 117–134.Google Scholar
  23. 23.
    Y. Zheng: Digital Signcryption or How to Achieve Cost (Signature & Encryption) 《 Cost (Signature) + Cost (Encryption), Advances in Cryptology-Proceedings CRYPTO’ 97, Vol. 1294 of LNCS, Springer-Verlag 1997, pages 165–179.Google Scholar
  24. 24.
    Y. Zheng: Digital Signcryption or How to Achieve Cost (Signature & Encryption) 《 Cost (Signature) + Cost (Encryption), full version, available at http://www.pscit.monash.edu.au/ yuliang/pubs/.
  25. 25.
    Y. Zheng: Identification, Signature and Signcryption Using High Order Residues Modulo an RSA Composite, Proceedings of Public Key Cryptography 2001 (PKC 2001), Vol. 1992 of LNCS, Springer-Verlag 2001, pages 48–63.Google Scholar
  26. 26.
    Y. Zheng and J. Seberry: Immunizing public key cryptosystems against chosen ciphertext attacks, the Special Issue on Secure Communications, IEEE Journal on Selected Areas in Communications, Vol. 11, No. 5, 1993, pages 715–724.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Joonsang Baek
    • 1
  • Ron Steinfeld
    • 1
  • Yuliang Zheng
    • 2
  1. 1.School of Network ComputingMonash UniversityFrankstonAustralia
  2. 2.Dept. Software and Info. SystemsUNC CharlotteUSA

Personalised recommendations