Building Better Signcryption Schemes with Tag-KEMs

Signcryption schemes aim to provide all of the advantages of simultaneously signing and encrypting a message. Recently, Dent [8, 9]and Bjorstad [4] investigated the possibility of constructing provably secure signcryption schemes using hybrid KEM-DEM techniques [7]. We build on this work by showing that more efficient insider secure hybrid signcryption schemes can be built using tag-KEMs [1]. To prove the effectiveness of this construction, we will provide several examples of secure signcryption tag-KEMs, including a brand new construction based on the Chevallier-Mames signature scheme [5] which has the tightest known security reductions for both confidentiality and unforgeability.

[1]  Joonsang Baek,et al.  Formal Proofs for the Security of Signcryption , 2002, Journal of Cryptology.

[2]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Insider Security , 2005, ACISP.

[3]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[4]  Patrick Horster,et al.  Authenticated encryption schemes with low communication costs , 1994 .

[5]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[6]  Benoît Chevallier-Mames,et al.  An Efficient CDH-Based Signature Scheme with a Tight Security Reduction , 2005, CRYPTO.

[7]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[8]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[9]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[10]  H. Petersen,et al.  Cryptanalysis and improvement of signcryption schemes , 1998 .

[11]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[12]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[13]  Alexander W. Dent,et al.  Hybrid Signcryption Schemes with Outsider Security , 2005, ISC.

[14]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[15]  Michael J. Freedman,et al.  Optimal Signcryption from Any Trapdoor Permutation , 2004, IACR Cryptol. ePrint Arch..

[16]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[17]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[18]  John Malone-Lee,et al.  Signcryption with Non-interactive Non-repudiation , 2005, Des. Codes Cryptogr..

[19]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[20]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[21]  Jee Hea An Authenticated Encryption in the Public-Key Setting: Security Notions and Analyses , 2001, IACR Cryptol. ePrint Arch..

[22]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[23]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..