Relations among Privacy Notions for Signcryption and Key Invisible “Sign-then-Encrypt”
Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme.
This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes.
On the constructive side, we show that general “sign-then-encrypt” approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model.
KeywordsEncryption Scheme Signcryption Scheme Challenge Ciphertext Decryption Oracle Choose Ciphertext Attack
Unable to display preview. Download preview PDF.
- 2.Au, J.H., Rabin, T.: Security for Signcryption: The Two-User Model. In: Dent, A., Zheng, Y. (eds.) Practical Signcryption, Information Security and Cryptography. Springer (2010)Google Scholar
- 9.Dent, A.W., Zheng, Y. (eds.): Practical Signcryption. Springer (2010)Google Scholar
- 11.Dodis, Y., Freedman, M.J., Jarecki, S., Walfish, S.: Optimal Signcryption from Any Trapdoor Permutation. Cryptology ePrint Archive, Report 2004/020 (2004), http://eprint.iacr.org/
- 20.Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar