On the security of joint signature and encryption revisited

Article Type

Research Article

Publication Title

Journal of Mathematical Cryptology

Abstract

In 2002, An et al. [1] proposed three generic conversions of signcryption, EtS, StE and CtE&S from the primitive encryption scheme and signature scheme. But, the security proof of confidentiality in the CtE&S paradigm was ambiguous. In this paper, we revisit these paradigms again and provide a more transparent proof for the aforementioned paradigm. None of these paradigms preserves both stronger securities: strong unforgeability and IND-CCA security.We extend the above paradigms to new signcryption paradigms, EtStS, StEtS and CtE&StS, by applying one-time signature (OTS) cautiously at the outside layer. In these new paradigms, the stronger security of the primitive encryption and signature schemes are maintained.We also obtain a new paradigm, "Encrypt and Sign then Sign (E&StS)", which is surprisingly better than the CtE&StS paradigm in all aspects except that E&StS does not guarantee the non-repudiation. Moreover, the IND-CCA security and strong unforgeability of the proposed signcryptions are achieved from the IND-gCCA secure encryption scheme and weak unforgeable signature scheme, respectively. Further, we extend these paradigms to capture signcryptions in attribute-based setting, also known as attribute-based signcryption (ABSC). We show that the IND-CCA security and strong unforgeability under chosen message attack of ABSC can be obtained from IND-CPA security of ABE and unforgeability under no message attack of ABS, respectively. Furthermore, our generic constructions are applicable to a combined setup, where the public parameters and keys for the primitives ABS and ABE are identical. The security of all the generic constructions is proven in the standard model.

First Page

181

Last Page

221

DOI

10.1515/jmc-2015-0060

Publication Date

12-1-2016

Link to Full Text

Share

COinS