Fagen Li,Masaaki Shirase,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/ares.2009.44

2009-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we address a question whether it is possible to construct a hybrid signcryption scheme in identity-based setting. This question seems to have never been addressed in the literature. We answer the question positively in this paper. In particular, we extend the concept of signcryption key encapsulation mechanism to the identity-based setting. We show that an identity-based signcryption scheme can be constructed by combining an identity-based signcryption key encapsulation mechanism with a data encapsulation mechanism. We also give an example of identity-based signcryption key encapsulation mechanism.

Fagen Li,Masaaki Shirase,Tsuyoshi Takagi

DOI: https://doi.org/10.1007/978-3-642-01440-6_6

2009-01-01

Abstract:Recently, Tan proposed an insider secure signcryption key encapsulation mechanism (KEM) and an insider secure signcryption tag-KEM. His schemes are secure without random oracles (in the standard model). In this paper, we proposed a more efficient construction for signcryption KEM and tag-KEM. We prove their semantic security and existential unforgeability in the standard model. Compared to Tan's schemes, our corresponding schemes have 20% faster speed in the key encapsulation, 33% faster speed in the key decapsulation, 33% shorter public key, 60% shorter private key, and |p | bits shorter ciphertext.

Xiangxue Li,Haifeng Qian,Yu Yu,Jian Weng,Yuan Zhou

DOI: https://doi.org/10.1007/978-3-319-02726-5_13

2013-01-01

Abstract:The paper presents a direct construction of signcryption tag-KEM under the standard DBDH and CDH assumptions in the standard model, without using strongly unforgeable signature schemes as building blocks. We prove its confidentiality and unforgeability with respect to adversarially-chosen keys where the adversary is given more advantageous attack environment than existing models in the literature. The performance of our construction is comparable to existing signcryption tag-KEM schemes.

Ting-Chieh Ho,Yuh-Min Tseng,Sen-Shan Huang

DOI: https://doi.org/10.15388/24-infor546

2024-03-08

Informatica

Abstract:Signcryption integrates both signature and encryption schemes into single scheme to ensure both content unforgeability (authentication) and message confidentiality while reducing computational complexity. Typically, both signers (senders) and decrypters (receivers) in a signcryption scheme belong to the same public-key systems. When signers and decrypters in a signcryption scheme belong to heterogeneous public-key systems, this scheme is called a hybrid signcryption scheme which provides more elastic usage than typical signcryption schemes. In recent years, a new kind of attack, named side-channel attack, allows adversaries to learn a portion of the secret keys used in cryptographic algorithms. To resist such an attack, leakage-resilient cryptography has been widely discussed and studied while a large number of leakage-resilient schemes have been proposed. Also, numerous hybrid signcryption schemes under heterogeneous public-key systems were proposed, but none of them possesses leakage-resilient property. In this paper, we propose the first hybrid signcryption scheme with leakage resilience, called leakage-resilient hybrid signcryption scheme, in heterogeneous public-key systems (LR-HSC-HPKS). Security proofs are demonstrated to show that the proposed scheme provides both authentication and confidentiality against two types of adversaries in heterogeneous public-key systems.

computer science, information systems,mathematics, applied

Fagen Li,Hu Xiong,YongJian Liao

DOI: https://doi.org/10.1109/ICCCAS.2009.5250509

2009-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we propose the first generic construction of identity-based signcryption (GCIS) by using identity-based key encapsulation mechanism (ID-KEM), data encapsulation mechanism (DEM), and identity-based signature schemes (ID-SIG). We prove that our construction satisfies confidentiality and unforgeability. We describe an instantiation of our construction that is secure in the standard model. Our instantiation also solves an open problem proposed by Yuen and Wei.

Zhiyuan Liu,Xiaofei Wang,Guohua Cui,Jun Li

DOI: https://doi.org/10.13245/j.hust.2008.01.018

2008-01-01

Abstract:Technology of RSA (Ron Rivest, AdiShamir and Leonard Adleman) signcrypt was discussed. On the basis of universal padding from Coron's method, a new hybrid signcryption scheme using RSA was proposed. Assuming the intractability of RSA problem, the scheme was provably secure under the random oracle model. The simulation indicated that this scheme could signcrypt the message of any length and provide the non-repudiation in a simple manner, and its communication overload was only one RSA modular length. The scheme exceeds the traditional signature to encryption scheme in the bandwidth of message recovery.

Setareh Sharifian,Reihaneh Safavi-Naini

DOI: https://doi.org/10.48550/arXiv.2102.02243

2021-02-03

Cryptography and Security

Abstract:A hybrid encryption scheme is a public-key encryption system that consists of a public-key part called the key encapsulation mechanism (KEM), and a (symmetric) secret-key part called data encapsulation mechanism (DEM): the public-key part is used to generate a shared secret key between two parties, and the symmetric key part is used to encrypt the message using the generated key. Hybrid encryption schemes are widely used for secure communication over the Internet. In this paper, we initiate the study of hybrid encryption in preprocessing model which assumes access to initial correlated variables by all parties (including the eavesdropper). We define information-theoretic KEM (iKEM) that, together with a (computationally) secure DEM, results in a hybrid encryption scheme in preprocessing model. We define the security of each building block, and prove a composition theorem that guarantees (computational) qe-chosen plaintext (CPA) security of the hybrid encryption system if the iKEM and the DEM satisfy qe-chosen encapculation attack and one-time security, respectively. We show that iKEM can be realized by a one-way SKA (OW-SKA) protocol with a revised security definition. Using an OW-SKA that satisfies this revised definition of security effectively allows the secret key that is generated by the OW-SKA to be used with a one-time symmetric key encryption system such as XORing a pseudorandom string with the message, and provide qe-CPA security for the hybrid encryption system.We discuss our results and directions for future work.

LI Fa-Gen,HU Yu-Pu,LI Gang

2006-01-01

Chinese Journal of Computers

Abstract:Signcryption is a cryptographic primitive that combines both the functions of digital signature and public key encryption in a logical single step,at lower computational costs and communication overheads than the traditional signaturethen-encryption approach.In this paper,the authors present a new identitybased signcryption scheme using the bilinear pairings and prove its security in the random oracle model.The proposed scheme is proved to be secure assuming the bilinear Diffle-Hellman problem is hard.As compared with the most efficient Chen & Malone-Lee scheme to date,the proposed scheme decreases one pairing operation and only requires two pairing operations.

guobin zhu,hu xiong,ruijin wang,zhiguang qin

DOI: https://doi.org/10.1007/978-81-322-1759-6_12

2014-01-01

Abstract:As one of the fundamental cryptographic primitives, signcryption can achieve unforgeability and confidentiality simultaneously at the cost significantly lower than the signature-then-encryption approach in terms of computational costs and communication overheads. In view of the damage caused by the secret key leakage, Chen et al. proposed an efficient identity-based key-insulated signcryption (ID-KI-SC) scheme secure in the standard model recently. However, in this paper, we show that their scheme does not achieve the indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptively chosen message attacks (EUF-CMA). Furthermore, we propose an improved scheme that remedies the weakness of Chen et al.' s scheme.

Yiliang Han,Xiaolin Gui

DOI: https://doi.org/10.1109/gcc.2009.69

2009-01-01

Abstract:Generalized signcryption is a novel cryptographic primitive, which provides encryption and authenticity services simultaneously or separately. The known schemes have the low communication performance and fail to deliver data stream. Based on bilinear pairing, an efficient generalized signcryption scheme with the shortened ciphertext called BPGSC is proposed. Combined with the hash-chained mechanism and KEM/DEM (key encapsulation mechanism/data encapsulation mechanism), the hybrid BPGSC is proposed also. Formal security analysis showed that BPGSC is a provable secure scheme in random oracle model under GDH (Gap Diffie-Hellman) assumption. With present secure parameters, the data rate of proposed scheme is 76%. It has the highest communication performance in all of known schemes.

Ikram Ali,Yong Chen,Niamat Ullah,Muhammad Afzal,HE Wen,Wen HE

DOI: https://doi.org/10.1109/tvt.2021.3078806

IF: 6.8

2021-06-01

IEEE Transactions on Vehicular Technology

Abstract:Vehicular ad-hoc networks (VANETs) enable vehicles to exchange safety information with the surrounding vehicles and infrastructure in order to ensure safety and efficiency in traffic management. Recently however, vehicles come from different manufacturers and therefore use different protocols for the transmission of messages. As a result, communication among vehicles become heterogeneous. Because of this, VANETs face problems related to security and performance. To address this, some heterogeneous vehicular communication-based schemes have been proposed. However, they do not perform well because of an increase in computational overhead. In order to resolve this, we propose a certificateless cryptosystem (CLC) and public key infrastructure (PKI)-based conditional privacy-preserving hybrid signcryption (CP-CPPHSC) scheme. This scheme utilizes bilinear pairings and provides security requirements in a single logical step. Through the CP-CPPHSC scheme, a message is transmitted by a vehicle using the CLC to a vehicle using the PKI. Additionally, the CP-CPPHSC scheme supports the batch unsigncryption method which helps a vehicle to unsigncrypt more than one messages simultaneously. In the random oracle model (ROM), our scheme ensures existential unforgeability against adaptive chosen message attack (EUF-CMA) with respect to a hardness assumption of q-strong Diffie-Hellman (q-SDH) and modified inverse computational Diffie-Hellman (mICDH) problems and indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) with respect to a hardness assumption of q-bilinear Diffie-Hellman inversion (q-BDHI) problem. Our scheme effectively reduces computational cost when compared to state-of-the-art schemes without an increase in the communication cost.

telecommunications,engineering, electrical & electronic,transportation science & technology

Shuang Hu,Renjun Zhang,Fuqun Wang,Kefei Chen,Bin Lian,Gongliang Chen

DOI: https://doi.org/10.1016/j.jisa.2022.103371

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Sanitizable signcryption adds sanitization functionality to signcryption, such that a delegated sanitizer can modify a signcryptext and still derive a valid signcryptext without cooperation of the original sender. Sanitizable signcryption is useful for data sharing with authentication and access control. Existing sanitizable signcryption scheme cannot achieve public verifiability, which can prevent malicious senders or sanitizers from cheating the receivers. In order to realize public verifiability, we propose a new composition method called "Encrypt-then-Commit-then-Sign (EtCtS)". In particular, our method carefully embeds a key-exposure free chameleon hash function (also known as trapdoor commitment) between encryption and signing operations. Accordingly, we convert the sanitization operation into finding collisions in the key-exposure free chameleon hash function using the trapdoor key, and after sanitization the plaintext is still confidential to the sanitizer. Based on the EtCtS method, we construct the first sanitizable signcryption scheme that is public verifiable. We give a rigorous security proof of our scheme in the random oracle model. We also provide an implementation of our scheme for performance analysis.

Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/icccas.2008.4657820

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at a lower computational costs and communication overheads than the signature-then-encryption approach. Recently, two identity-based threshold signcryption schemes [12], [27] have been proposed by combining the concepts of identity-based threshold signature and signcryption together. However, the formal models and security proofs for both schemes are not considered. In this paper, we formalize the concept of identity-based threshold signcryption and give a new scheme based on the bilinear pairings. We prove its confidentiality under the Decisional Bilinear Diffie-Hellman assumption and its unforgeability under the Computational Diffie-Hellman assumption in the random oracle model. Our scheme turns out to be more efficient than the two previously proposed schemes.

Fagen Li,Muhammad Khurram Khan

DOI: https://doi.org/10.4103/0256-4602.81236

2011-01-01

IETE Technical Review

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has found many applications, such as electronic transaction protocol, mobile agent protocol, key management, and routing protocol. In this article, the state-of-the-art of identity-based signcryption (IBSC) is surveyed. We examine the security model of IBSC. We survey the existing IBSC schemes and compare their security properties and efficiency. IBSC with special properties and identity-based hybrid signcryption are investigated. Some possible future work is also pointed out.

Yanbo Chen,Yunlei Zhao

DOI: https://doi.org/10.1016/j.tcs.2024.115006

IF: 1.002

2024-11-29

Theoretical Computer Science

Abstract:Sign-then-encrypt is a classical composition method of public-key encryption (PKE) and signatures. It is also viewed as a generic construction of signcryption scheme, a primitive that provides confidentiality and authenticity simultaneously. In this work, we study how to sign-then-encrypt with CPA-to-CCA security enhancement and shorter ciphertext.Our first step is to combine sign-then-encrypt with the Fujisaki-Okamoto (FO) transformation. The FO transformation is a useful technique to construct CCA-secure PKE from CPA-secure schemes in the random oracle model (ROM). Some extra randomness should be encrypted in the FO transformation. We show that when combined with sign-then-encrypt, we can realize "free" FO transformation by replacing the encrypted randomness in the FO transformation with a high-entropy signature. Then we give another construction based on a variant of the FO transformation, requiring a CPA-secure key encapsulation mechanism (KEM) instead of PKE.Our second step is to further compress the ciphertext, focusing on signatures from the Fiat-Shamir transformation. We use the challenge part of the signature as the random coins used in the KEM, for which we call our general construction "Encrypt-with-Challenge". Requiring some joint properties between the signature scheme and the KEM, the symmetric key or the key encapsulation can replace the challenge in the signature. We thus further remove the encrypted challenge from the ciphertext.Finally, we give instantiations of Encrypt-with-Challenge. Our ElGamal-based construction has comparable ciphertext size with existing signcryption schemes and is the first to achieve CCA security from standard CDH assumption.

computer science, theory & methods

Fagen Li,Fahad Bin Muhaya,Mingwu Zhang,Tsuyoshi Takagi

DOI: https://doi.org/10.1002/cpe.1823

2011-01-01

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has been shown to be useful in many applications, such as electronic commerce, mobile communications and smart cards. Recently, three identity-based signcryption schemes in the standard model were proposed. However, the three schemes are broken soon. How to construct a secure identity-based signcryption scheme in the standard model is still an open problem. In this paper, we solve this problem and propose an efficient identity-based signcryption scheme in the standard model. We prove that our scheme has the indistinguishability against adaptive chosen ciphertext attacks under the modified decisional bilinear Diffie-Hellman assumption and the existential unforgeability against adaptive chosen messages attacks under the computational Diffie-Hellman assumption.

SK Hafizul Islam,Fagen Li

DOI: https://doi.org/10.1093/comjnl/bxv002

2015-01-01

The Computer Journal

Abstract:Signcryption schemes play a vital role to accomplish confidentiality, integrity, authentication and non-repudiation of messages simultaneously. In the literature, many certificateless signcryption (CLSC) schemes have been designed; however, most of them are vulnerable to ephemeral secret leakage (ESL) attack. In these schemes, sender uses an ephemeral secret to compute a ciphertext on a message. H...

Yong Yu,Fagen Li,Chunxiang Xu,Ying Sun

DOI: https://doi.org/10.1007/s11859-008-0607-1

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter’s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from bilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffie-Hellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.

Jianhua Yan,Licheng Wang,Muzi Li,Haseeb Ahmad,Jun Yue,Wenbin Yao

DOI: https://doi.org/10.1109/access.2019.2900003

IF: 3.9

2019-01-01

IEEE Access

Abstract:For realizing the fine-grained access control with non-interactive approach, and effectively guaranteeing the comprehensive security for information under the post-quantum environment, this paper proposes an attribute-based signcryption (ABSC) scheme based on the intractability of lattices. The proposed ABSC scheme is proved indistinguishable against the inner adaptive-chosen ciphertext attacks (IND-CCA2) and existentially unforgeable against inner chosen-message attacks (EUF-CMA), in the standard model. The theoretical analysis presents that the public key size and the computational cost of the signcryption operation are both reduced obviously, compared with the signature and then encryption mechanism. An efficient variant is also presented that significantly decreases the computational complexity of unsigncryption operation at the expense of an increase in the ciphertext size.

Xiangxue Li,Haifeng Qian,Yu Yu,Yuan Zhou,Jian Weng

DOI: https://doi.org/10.1007/978-3-642-38980-1_12

2013-01-01

Abstract:We present a direct construction for signcryption Key Encapsulation Mechanism (KEM) without random oracles under standard complexity assumptions. Chosen-ciphertext security is proven in the standard model under the DBDH assumption, and unforgeability is proven in the standard model under the CDH assumption. The proof technique allows us to achieve strong unforgeability from the weakly unforgeable Waters signature. The validity of the ciphertext of our signcryption KEM can be verified publicly, without knowledge of the decryption key.