Signcryption KEM/tag-KEM, revisited

We revisit the problem of basing signcryption SC tag key encapsulation mechanism KEM on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature;are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle;do not use strongly unforgeable signature schemes as building blocks; andprovide comparable performance to existing SC-KEM/tag-KEM schemes.

[1]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[2]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[3]  Jacob C. N. Schuldt,et al.  Efficient Generic Constructions of Signcryption with Insider Security in the Multi-user Setting , 2011, ACNS.

[4]  Alfred Menezes,et al.  Another look at HMQV , 2007, J. Math. Cryptol..

[5]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[6]  Ron Steinfeld,et al.  A Signcryption Scheme Based on Integer Factorization , 2000, ISW.

[7]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[8]  Chik How Tan Insider-secure Signcryption KEM/Tag-KEM Schemes without Random Oracles , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[9]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[10]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[11]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[12]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[13]  Yuan Zhou,et al.  Direct Construction of Signcryption Tag-KEM from Standard Assumptions in the Standard Model , 2013, ICICS.

[14]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[15]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[16]  Manuel Barbosa,et al.  On the Joint Security of Signature and Encryption Schemes under Randomness Reuse: Efficiency and Security Amplification , 2012, ACNS.

[17]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[18]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[19]  Jacob C. N. Schuldt,et al.  Efficient Constructions of Signcryption Schemes and Signcryption Composability , 2009, INDOCRYPT.

[20]  Fagen Li,et al.  Efficient Signcryption Key Encapsulation without Random Oracles , 2008, Inscrypt.

[21]  Joseph K. Liu,et al.  Short Generic Transformation to Strongly Unforgeable Signature in the Standard Model , 2010, ESORICS.

[22]  Pil Joong Lee,et al.  New Signcryption Schemes Based on KCDSA , 2001, ICISC.

[23]  Alexander W. Dent,et al.  Building Better Signcryption Schemes with Tag-KEMs , 2006, Public Key Cryptography.

[24]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[25]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[26]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Insider Security , 2005, ACISP.