Building Better Signcryption Schemes with Tag-KEMs

  • Tor E. Bjørstad
  • Alexander W. Dent
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)


Signcryption schemes aim to provide all of the advantages of simultaneously signing and encrypting a message. Recently, Dent [8, 9]and Bjørstad [4] investigated the possibility of constructing provably secure signcryption schemes using hybrid KEM-DEM techniques [7]. We build on this work by showing that more efficient insider secure hybrid signcryption schemes can be built using tag-KEMs [1]. To prove the effectiveness of this construction, we will provide several examples of secure signcryption tag-KEMs, including a brand new construction based on the Chevallier-Mames signature scheme [5] which has the tightest known security reductions for both confidentiality and unforgeability.


Signature Scheme Security Parameter Signcryption Scheme Security Reduction Passive Attacker 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M., Gennaro, R., Kurosawa, K., Shoup, V.: Tag-KEM/DEM: A new framework for hybrid encryption and a new analysis of Kurosawa-Desmedt KEM. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 128–146. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Baek, J., Steinfeld, R., Zheng, Y.: Formal proofs for the security of signcryption. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 80–98. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Bjørstad, T.E.: Provable security of signcryption. Master’s thesis, Norwegian University of Technology and Science (2005),
  5. 5.
    Chevallier-Mames, B.: An efficient CDH-based signature scheme with a tight security reduction. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 511–526. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Chevallier-Mames, B.: Personal correspondence (2005)Google Scholar
  7. 7.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2004)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Dent, A.W.: Hybrid cryptography. Cryptology ePrint Archive, Report 2004/210 (2004),
  9. 9.
    Dent, A.W.: Hybrid signcryption schemes with insider security. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 253–266. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Dent, A.W.: Hybrid signcryption schemes with outsider security. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 203–217. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Malone-Lee, J.: Signcryption with non-interactive non-repudiation. Technical Report CSTR-02-004, Department of Computer Science, University of Bristol (2004),
  12. 12.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Zheng, Y.: Digital signcryption or how to achieve cost (Signature & encryption) < < cost(Signature) + cost(Encryption). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997), Unpublished full version (47 pages), dated 1999, available through the author’s home page

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tor E. Bjørstad
    • 1
  • Alexander W. Dent
    • 2
  1. 1.The Selmer Center, Department of InformaticsUniversity of BergenNorway
  2. 2.Royal HollowayUniversity of LondonEgham, SurreyUK

Personalised recommendations