Signcryption, first proposed by Zheng [4, 5], is a cryptographic primitive which combines both the functions of digital signature and public key encryption in a logical single step, and with a computational cost siginficantly lower than that needed by the traditional signature-then-encryption approach. In Zheng's scheme, the signature verification can be done either by the recipient directly (using his private key) or by engaging a zero-knowledge interative protocol with a third party, without disclosing recipient's private key. In this note, we modify Zheng's scheme so that the recipient's private key is no longer needed in signature verification. The computational cost of the modified scheme is higher than that of Zheng's scheme but lower than that of the signature-then-encryption approach.
[1]
C. P. Schnorr,et al.
Efficient Identification and Signatures for Smart Cards (Abstract)
,
1989,
EUROCRYPT.
[2]
Taher ElGamal,et al.
A public key cyryptosystem and signature scheme based on discrete logarithms
,
1985
.
[3]
H. Petersen,et al.
Cryptanalysis and improvement of signcryption schemes
,
1998
.
[4]
Yuliang Zheng,et al.
Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption)
,
1997,
CRYPTO.