Cryptanalysis of an Elliptic Curve-based Signcryption Scheme

The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Although several signcryption schemes are proposed over the years, some of them are proved to have security problems. In this paper, the security of Han et al.'s signcryption scheme is analyzed, and it is proved that it has many security flaws and shortcomings. Several devastating attacks are also introduced to the mentioned scheme whereby it fails all the desired and essential security attributes of a signcryption scheme.

[1]  Yupu Hu,et al.  Signcryption based on elliptic curve and its multi-party schemes , 2004, InfoSecu '04.

[2]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[3]  Mohsen Toorani,et al.  LPKI - A lightweight public key Infrastructure for the mobile environments , 2008, 2008 11th IEEE Singapore International Conference on Communication Systems.

[4]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[5]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[6]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[7]  Alfred Menezes,et al.  Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol , 1999, Public Key Cryptography.

[8]  Fagen Li,et al.  ID-based Signcryption Scheme with (t, n) Shared Unsigncryption , 2006, Int. J. Netw. Secur..

[9]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[10]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.

[11]  Mohsen Toorani,et al.  Cryptanalysis of an efficient signcryption scheme with forward secrecy based on elliptic curve , 2008, 2008 International Conference on Computer and Electrical Engineering.

[12]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[13]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[14]  W. Marsden I and J , 2012 .

[15]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[16]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[17]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[18]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .

[19]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[20]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[21]  Mohsen Toorani,et al.  SSMS - A secure SMS messaging protocol for the m-payment systems , 2008, 2008 IEEE Symposium on Computers and Communications.

[22]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.