On the Joint Security of Encryption and Signature, Revisited

We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model.

[1]  Jean-Jacques Quisquater,et al.  Improved Signcryption from q-Diffie-Hellman Problems , 2004, SCN.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Michael J. Freedman,et al.  Optimal Signcryption from Any Trapdoor Permutation , 2004, IACR Cryptol. ePrint Arch..

[4]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[5]  Jean-Jacques Quisquater,et al.  Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups , 2004, Public Key Cryptography.

[6]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[7]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[8]  David Cash,et al.  Cryptographic Agility and Its Relation to Circular Encryption , 2010, EUROCRYPT.

[9]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[10]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[11]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[12]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[13]  Xiaotie Deng,et al.  An Efficient Signcryption Scheme with Key Privacy , 2007, EuroPKI.

[14]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[15]  David Pointcheval,et al.  About the Security of Ciphers (Semantic Security and Pseudo-Random Permutations) , 2004, Selected Areas in Cryptography.

[16]  Dan Boneh,et al.  Efficient Selective Identity-Based Encryption Without Random Oracles , 2011, Journal of Cryptology.

[17]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[18]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[19]  Yuichi Komano,et al.  Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation , 2003, CRYPTO.

[20]  Ronald Cramer,et al.  Chosen-ciphertext Secure Encryption from Hard Algebraic Set Systems , 2009, IACR Cryptol. ePrint Arch..

[21]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[22]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[23]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[24]  Michael J. Freedman,et al.  Versatile padding schemes for joint signature and encryption , 2004, CCS '04.

[25]  Schuldt Jacob,et al.  On the Joint Security of Encryption and Signature, Revisited , 2012 .

[26]  María Isabel González Vasco,et al.  Combined (identity-based) public key schemes , 2008, IACR Cryptol. ePrint Arch..

[27]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[28]  Jacob C. N. Schuldt,et al.  Efficient Constructions of Signcryption Schemes and Signcryption Composability , 2009, INDOCRYPT.

[29]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[30]  Kaoru Kurosawa,et al.  Between Hashed DH and Computational DH: Compact Encryption from Weaker Assumption , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[31]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[32]  Kaoru Kurosawa,et al.  Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption , 2008, IACR Cryptol. ePrint Arch..

[33]  Jean-Sébastien Coron,et al.  Universal Padding Schemes for RSA , 2002, CRYPTO.

[34]  Vlastimil Klíma,et al.  Further Results and Considerations on Side Channel Attacks on RSA , 2002, CHES.

[35]  Alice Silverberg,et al.  Compression in Finite Fields and Torus-Based Cryptography , 2008, SIAM J. Comput..

[36]  Hideki Imai,et al.  Formal Security Treatments for IBE-to-Signature Transformation: Relations among Security Notions , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[37]  John Malone-Lee,et al.  Signcryption with Non-interactive Non-repudiation , 2005, Des. Codes Cryptogr..

[38]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[39]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.