Improvements and generalisations of signcryption schemes

In this work, we study the cryptographic primitive: signcryption, which combines the functionalities of digital signatures and public-key encryption. We first propose two generic transforms from meta-ElGamal signature schemes to signcryption schemes. These constructions can be thought of as generalisations of the signcryption schemes by Zheng and Gamage et al. Our results show that a large class of signcryption schemes are outsider IND-CCA2 secure and insider UF-CMA secure. As a by-product, we also show that the meta-ElGamal signature schemes, for which no previous formal security proofs have been shown, are UF-CMA secure. We then propose a modification of one of the transforms in order to achieve insider IND-CCA2 security in addition to insider UF-CMA security. This modification costs just one extra exponential operation. In particular, we can apply this modification to the Zheng signcryption scheme to make it fully insider secure. Finally, we propose a generic transform from a two-key signcryption scheme to a one-key signcryption scheme while preserving both confidentiality and unforgeability. Our result shows that if we have an insider IND-CCA2 and UFCMA secure two-key signcryption scheme, then it can be turned into an insider IND-CCA2 and UF-CMA secure one-key signcryption scheme. We also show that an insider IND-CCA2 and UF-CMA secure one-key signcryption scheme induces a secure combined public-key scheme; that is, a combination of a signature scheme and a public-key encryption scheme that can securely share the same key pair. Combining previous results suggests that we can obtain a large class of insider secure one-key signcryption schemes from meta-ElGamal signature schemes, and that each of them can induce a secure combined publickey scheme.

[1]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[2]  Jean-Jacques Quisquater,et al.  Improved Signcryption from q-Diffie-Hellman Problems , 2004, SCN.

[3]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[4]  Liqun Chen,et al.  Improved Identity-Based Signcryption , 2005, Public Key Cryptography.

[5]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[6]  Jonathan Gregg On Factoring Integers and Evaluating Discrete Logarithms , 2003 .

[7]  Kyung-Ah Shim,et al.  New DSA-Verifiable Signcryption Schemes , 2002, ICISC.

[8]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[9]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[10]  Kenneth G. Paterson,et al.  On the Joint Security of Encryption and Signature, Revisited , 2011, IACR Cryptol. ePrint Arch..

[11]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[12]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[13]  Yuliang Zheng,et al.  Practical Signcryption , 2010, Information Security and Cryptography.

[14]  Dominic J. A. Welsh,et al.  Complexity and cryptography - an introduction , 2006 .

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Manuel Barbosa,et al.  Certificateless signcryption , 2008, ASIACCS '08.

[17]  Alexander W. Dent,et al.  A Brief History of Provably-Secure Public-Key Encryption , 2008, AFRICACRYPT.

[18]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[19]  Alexander W. Dent,et al.  Fundamental problems in provable security and cryptography , 2006, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[20]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[21]  Yuliang Zheng,et al.  Encrypted Message Authentication by Firewalls , 1999, Public Key Cryptography.

[22]  John Malone-Lee,et al.  Signcryption with Non-interactive Non-repudiation , 2005, Des. Codes Cryptogr..

[23]  Yuliang Zheng,et al.  Identification, Signature and Signcryption Using High Order Residues Modulo an RSA Composite , 2001, Public Key Cryptography.

[24]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[25]  Marc Fischlin,et al.  Confidential Signatures and Deterministic Signcryption , 2010, IACR Cryptol. ePrint Arch..

[26]  Ron Steinfeld,et al.  A Signcryption Scheme Based on Integer Factorization , 2000, ISW.

[27]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[28]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[29]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[30]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[31]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[32]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[33]  David Pointcheval,et al.  Parallel authentication and public-key encryption , 2003 .

[34]  Alexander W. Dent,et al.  Building Better Signcryption Schemes with Tag-KEMs , 2006, Public Key Cryptography.

[35]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[36]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[37]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..