Advertisement

Digital signcryption or how to achieve cost(signature & encryption) ≪ cost(signature) + cost(encryption)

  • Yuliang Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)

Abstract

Secure and authenticated message delivery/storage is one of the major aims of computer and communication security research. The current standard method to achieve this aim is “(digital) signature followed by encryption”. In this paper, we address a question on the cost of secure and authenticated message delivery/storage, namely, whether it is possible to transport/store messages of varying length in a secure and authenticated way with an expense less than that required by “signature followed by encryption”. This question seems to have never been addressed in the literature since the invention of public key cryptography. We then present a positive answer to the question. In particular, we discover a new cryptographic primitive termed as “signcryption” which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by “signature followed by encryption”. For typical security parameters for high level security applications (size of public moduli = 1536 bits), signcryption costs 50% (31%, respectively) less in computation time and 85% (91%, respectively) less in message expansion than does “signature followed by encryption” based on the discrete logarithm problem (factorization problem, respectively).

Keywords

Authentication Digital Signature Encryption Key Distribution Secure Message Delivery/Storage Public Key Cryptography Security Signcryption 

References

  1. 1.
    Basturk, E., Bellare, M., Chow, C.-S., Guerin, R.: Secure transport protocols for high-speed networks. IBM Research Report Report RC 19981 IBM T. J. Watson Research Center Yorktown Heights, NY 10598 1994.Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In Advances in Cryptology — CRYPTO'96 (Berlin, New York, Tokyo, 1996) vol. 1109 of Lecture Notes in Computer Science Springer-Verlag pp. 1–15.Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the First ACM Conference on Computer and Communications Security (New York, November 1993) The Association for Computing Machinery pp. 62–73.Google Scholar
  4. 4.
    Brickell, E., McCurley, K.: Interactive identification and digital signatures. AT&T Technical Journal (1991) 73–86.Google Scholar
  5. 5.
    Chaum, D.: Zero-knowledge undeniable signatures. In Advances in Cryptology — EUROCRYPT'90 (Berlin, New York, Tokyo, 1990) vol. 473 of Lecture Notes in Computer Science Springer-Verlag pp. 458–464.Google Scholar
  6. 6.
    Coppersmith, D., Franklin, M., Patarin, J., Reiter, M.: Low-exponent RSA with related messages. In Advances in Cryptology — EUROCRYPT'96 (Berlin, 1996) vol. 1070 of Lecture Notes in Computer Science Springer-Verlag pp. 1–9.Google Scholar
  7. 7.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22 (1976) 472–492.MathSciNetGoogle Scholar
  8. 8.
    Diffie, W., Oorschot, P. V., Wiener, M.: Authentication and authenticated key exchange. Designs, Codes and Cryptography 2 (1992) 107–125.CrossRefGoogle Scholar
  9. 9.
    ElGamal, T.: A public key cryptosystein and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31 (1985) 469–472.CrossRefMathSciNetGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptively chosen message attacks. SIAM J. on Computing 17 (1988) 281–308.zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Horster, P., Michels, M., Petersen, H.: Meta-ElGamal signature schemes. In Proceedings of the second ACM Conference on Computer and Communications Security (New York, November 1994) ACM pp. 96–107.Google Scholar
  12. 12.
    Johnson, D., Matyas, S.: Asymmetric encryption: Evolution and enhancements. CryptoBytes 2 (1996) 1–6.Google Scholar
  13. 13.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48 (1987) 203–209.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Lenstra, A. K., Lenstra, H. W.: Algorithms in Number Theory vol. A of Handbook in Theoretical Computer Science. Elsevier and the MIT Press 1990.Google Scholar
  15. 15.
    Linn, J.: Privacy enhancement for internet electronic mail: Part I: Message encryption and authentication procedures. Request for Comments RFC 1421 IAB IRTF PSRG, IETF PEM WG 1993.Google Scholar
  16. 16.
    Matsumoto, T., Imai, H.: On the key predistribution systems: A practical solution to the key distribution problem. In Advances in Cryptology — CRYPTO'87 (Berlin, New York, Tokyo, 1987) vol. 239 of Lecture Notes in Computer Science Springer-Verlag pp. 185–193.Google Scholar
  17. 17.
    National Bureau of Standards: Data encryption standard. FIPS PUB 46 U.S. Department of Commerce January 1977.Google Scholar
  18. 18.
    National Institute of Standards and Technology: Digital signature standard (DSS). FIPS PUB 186 U.S. Department of Commerce May 1994.Google Scholar
  19. 19.
    National Institute of Standards and Technology: Secure hash standard. FIPS PUB 180-1 U.S. Department of Commerce April 1995.Google Scholar
  20. 20.
    Nyberg, K., Rueppel, R.: Message recovery for signature schemes based on the discrete logarithm problem. Designs, Codes and Cryptography 7 (1996) 61–81.zbMATHGoogle Scholar
  21. 21.
    Odlyzko, A.: The future of integer factorization. CryptoBytes 1 (1995) 5–12.Google Scholar
  22. 22.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In Advances in Cryptology — EUROCRYPT'96 (Berlin, New York, Tokyo, 1996) vol. 1070 of Lecture Notes in Computer Science Springer-Verlag pp. 387–398.Google Scholar
  23. 23.
    Schnorr, C. P.: Efficient identification and signatures for smart cards. In Advances in Cryptology — CRYPTO'89 (Berlin, New York, Tokyo, 1990) vol. 435 of Lecture Notes in Computer Science Springer-Verlag pp. 239–251.Google Scholar
  24. 24.
    Zheng, Y.: Improved public key cryptosystems secure against chosen ciphertext attacks. Technical Report 94-1 University of Wollongong Australia January 1994.Google Scholar
  25. 25.
    Zheng, Y.: The SPEED cipher. In Proceedings of Financial Cryptography'97 (Berlin, New York, Tokyo, 1997) Lecture Notes in Computer Science Springer-Verlag.Google Scholar
  26. 26.
    Zheng, Y., Seberry, J.: Immunizing public key cryptosystems against chosen ciphertext attacks. IEEE Journal on Selected Areas in Communications 11 (1993) 715–724.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Yuliang Zheng
    • 1
  1. 1.Monash UniversityFrankston, MelbourneAustralia

Personalised recommendations