Abstract
Signcryption [33] is a public key primitive that achieves the functionality of both an encryption scheme and a signature scheme simultaneously. It does this more efficiently than a composition of public key encryption and public key signature.
We present a model of security for signcryption schemes that offer non-interactive non-repudiation. This is non-repudiation in which the judge settling a repudiation dispute does not have to get involved in an interactive zero-knowledge proof. Our model applies to many existing schemes in the literature Bao and Deng, [4] He and Wu, [22] Peterson and Michels, [28].
We explain why the scheme proposed in Bao and Deng, [4] is insecure under any definition of privacy based on the idea of indistinguishable encryptions Goldwasser and Micali, [20]. We describe a modified scheme to overcome the problem. Proofs of security are given for the scheme in the random oracle model Bellare and Rogaway, [10].
Similar content being viewed by others
References
M. Abdalla M. Bellare P. Rogaway (2001) ArticleTitleThe Oracle D iffie- H ellman assumptions and an analysis of DHIES In Topics in Cryptology— CT-RSA 2001. Lecture Notes in Computer Science. 2020 143–158
JH. An Y. Dodis T. Rabin (2002) ArticleTitleOn the Security of Joint Signature and Encryption In Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science. 2332 83–107
R. Baek Steinfeld. Y. Zheng (2002) ArticleTitleFormal proofs for the security of signcryption In Public Key Cryptography—PKC 2002. Lecture Notes in Computer Science. 2274 80–98
F. Bao RH. Deng (1998) ArticleTitleA Signcryption scheme with signature directly verifiable by public key In Public Key Cryptography—PKC ’98. Lecture Notes in Computer Science. 1431 55–59
Barreto P.S.LM., Kim HY., Lynn B., Scott M. (2002). Efficient algorithms for paring-based cryptosystems. In Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science. Springer-Verlag pp. 354–368
M. Bellare A. Boldyreva S. Micali (2000) ArticleTitlePublic-key encryption in a multi-user setting: Security proofs and improvements In Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science. 1807 259–274
Bellare M., Desai A., Jokipii E., Rogaway P. (1997). A concrete security treatment of symmetric encryption. In 38 th Annual Symposium on Foundations of Computer Science. IEEE Computer Science Press pp. 394–403
M. Bellare A. Desai D. Pointcheval P. Rogaway (1998) ArticleTitleRelations among notions of security for public-key encryption schemes In Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science. 1462 26–45
M. Bellare M. Jakobsson M. Yung (1997) ArticleTitleRound-optimal zero-knowledge arguments based on any one-way function In Advances in Cryptology—EUROCRYPT ’97 Lecture Notes in Computer Science. 1233 280–305
Bellare M., Rogaway P. (19993). Random oracles are practical: a paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security pp. 62–73
M. Bellare P. Rogaway (1994) ArticleTitleOptimal Asymmetric Encryption—How to encrypt with RSA In Advances in Cryptology—EUROCRYPT ’94. Lecture Notes in Computer Science. 950 92–111
D. Boneh M. Franklin (2001) ArticleTitleIdentity-based encryption from the weil pairing In Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science. 2139 213–229
G. Brassard D.C. Chaum (1988) ArticleTitleCrénimum disclosure proofs of knowledge J. Computer Syst. Sci. 37 156–189 Occurrence Handle10.1016/0022-0000(88)90005-0
J.C. Cha JH. Cheon (2003) ArticleTitleAn identity-based signature from gap diffie-hellman groups In Public Key Cryptography—PKC 2003.Lecture Notes in Computer Science. 2567 18–30
D. Chaum TP. Pederson (1993) ArticleTitleWallet databases with observers In Advances in Cryptology—CRYPTO ’92. Lecture Notes in Computer Science. 740 89–105
R. Cramer V. Shoup (1998) ArticleTitleA practical public key cryptosystem provably secure against adaptive chosen ciphertext attack In Advances in Cryptology—CRYPTO ’98. Lecture Notes in Computer Science. 1462 13–25
R. Cramer V. Shoup (2003) ArticleTitleand analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack In SIAM J. Comput. 33 IssueID1 167–226 Occurrence Handle10.1137/S0097539702403773
S. Galbraith K. Harrison D. Soldera (2002) ArticleTitleImplementing the T ate pairing In Algorithmic Number Theory (ANTS V) Lecture Notes in Computer Science. 2369 324–337
S. Galbraith J. Malone-Lee NP. Smart (2002) ArticleTitlePublic key signatures in the multi-user setting Inform. Process. Lett. 83 IssueID5 263–266 Occurrence Handle10.1016/S0020-0190(01)00338-6
S. Goldwasser S. Micali (1984) ArticleTitleProbabilistic encryption J. Computer Syst. Sci. 28 270–299 Occurrence Handle10.1016/0022-0000(84)90070-9
S. Goldwasser S. Micali R. Rivest (1998) ArticleTitleA digital signature scheme secure against adaptive chosen-message attacks SIAM J. Comput. 17 IssueID2 281–308 Occurrence Handle10.1137/0217017
W.H. He TC. Wu (1999) ArticleTitleCryptanalysis and improvement of Petersen– M ichels signcryption scheme IEE Proc.—Computers Digital Techniques. 146 IssueID2 123–124 Occurrence Handle10.1049/ip-cdt:19990198
F. Hess (2003) ArticleTitleEfficient identity based signature schemes based on pairings In Selected Areas in Cryptography (2002) Lecture Notes in Computer Science. 2595 310–324
Lee MK., Kim D.K., Park K. (2000). An authenticated encryption scheme with public verifiability. In 4th Korea–Japan Joint Workshop on Algorithms and Computation. pp. 49–56
AJ. Menezes T. Okamato SA. Vanstone (1993) ArticleTitleReducing elliptic curve logarithms to logarithms in a finite field IEEE Trans Inform. Theory. 39 IssueID5 1639–1646 Occurrence Handle10.1109/18.259647
K. Ohta T. Okamoto (1998) ArticleTitleOn concrete security treatment of signatures derived from identification In Advances in Cryptology—CRYPTO ’98ture Notes in Computer Science. 1462 354–369
KG. Patterson (2002) ArticleTitleID -based signatures from pairings on elliptic curves Electron Lett. 38 IssueID18 1025–1026 Occurrence Handle10.1049/el:20020682
H. Petersen M. Michels (1998) ArticleTitleCryptanalysis and improvement of signcryption schemes IEE Proc.—Computers Digital Techniques. 145 IssueID2 149–151 Occurrence Handle10.1049/ip-cdt:19981862
CP. Schnorr (1990) ArticleTitleEfficient identification and signatures for smart cards In Advances in Cryptology—CRYPTO ’89cture Notes in Computer Science. 435 235–254
CP. Schnorr (1991) ArticleTitleEfficient signature generation by smart cards J. Cryptol. 4 IssueID3 161–174 Occurrence Handle10.1007/BF00196725
NP. Smart (2002) ArticleTitleAn identity based authenticated key agreement protocol based on the Weil pairing Electronic Lett. 38 IssueID13 630–632 Occurrence Handle10.1049/el:20020387
ER. Verheul (2001) ArticleTitleEvidence that XTR is more secure than supersingular elliptic curve cryptosystems In Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science. 2045 195–210
Y. Zheng (1997) ArticleTitleDigital signcryption or how to achieve cost (signature & encryption) << cost(signature) + cost(encryption) In Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science. 1294 165–179
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: P. Wild
AMS Classification: 94A60
Rights and permissions
About this article
Cite this article
Malone-Lee, J. Signcryption with Non-interactive Non-repudiation. Des Codes Crypt 37, 81–109 (2005). https://doi.org/10.1007/s10623-004-3806-6
Received:
Revised:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/s10623-004-3806-6