Signcryption (Short Survey)
نویسنده
چکیده
Encryption and signature schemes are fundamental cryptographic tools for providing privacy and authenticity, respectively, in the public-key setting. Traditionally, these two important building-blocks of public-key cryptography have been considered as distinct entities that may be composed in various ways to ensure simultaneous message privacy and authentication. However, in the last few years a new, separate primitive — called signcryption [14] — has emerged to model a process simultaneously achieving privacy and authenticity. This emergence was caused by many related reasons. The obvious one is the fact that given that both privacy and authenticity are simultaneously needed in so many applications, it makes a lot of sense to invest special effort into designing a tailored, more efficient solution than a mere composition of signature and encryption. Another reason is that viewing authenticated encryption as a separate primitive may conceptually simplify the design of complex protocols which require both privacy and authenticity, as signcryption could now be viewed as an “indivisible” atomic operation. Perhaps most importantly, it was noticed by [3, 2] (following some previous work in the symmetric-key setting [4, 10]) that proper modeling of signcryption is not so obvious. For example, a straightforward composition of signature and encryption might not always work; at least, unless some special care is applied [2]. The main reason for such difficulties is the fact that signcryption is a complex multi-user primitive, which opens a possibility for some subtle attacks (discussed below), not present in the settings of stand-alone signature and encryption.
منابع مشابه
Post-Quantum Secure Hybrid Signcryption from Lattice Assumption
Motivated by the demand to have secure signcryption scheme, even in quantum era, the concept of signcryption tag-KEM (key encapsulation machine) is extended to lattice cryptography in this paper. A lattice-based hybrid signcryption scheme is proposed by building a lattice-based signcryption tag-KEM. Based on the hardness of the learning with errors problem and the short integer solution problem...
متن کاملForgery of Provable Secure Short Signcryption Scheme
In this paper, we analyse Ma signcryption scheme [4] proposed in Inscrypt’2006. Although Ma signcryption scheme [4] is probably secure against adaptive chosen ciphertext attacks and forgery, we show that Ma signcryption scheme is easily forgeable by the receiver and the receiver can impersonate the sender to forge any valid signcryption to any receiver. key words: cryptography, signcryption
متن کاملA Computational Review of Identity-based Signcryption Schemes
Since 2002, several identity based signcryption schemes have been proposed. The purpose of designing a signcryption scheme is to perform signature and encryption both in one step but at lesser cost than performing signature and then encryption separately. In this paper, we present a literature survey on signcryption schemes for identity based setup. Our primary focus is on the schemes recently ...
متن کاملImproved Fair Exchange Protocol Based on Signcryption-Based Concurrent Signature
Through analysis, we point out Luo et al.’s and Sun et al.’s signcryption-based concurrent signature schemes have the same defect in ambiguity and therefore the fair exchange protocols based on their schemes are not fair. Thus based on the notions of signcryption and concurrent signature, a new signcryption-based concurrent signature scheme from bilinear pairing is presented, and based on this ...
متن کاملA Parallel Signcryption Standard using RSA with PSEP
We present a proposed standard for signcryption (a joint signature and encryption primitive) using the Probabilistic Signature and Encryption Padding (PSEP) scheme. The standard supports signcrypting short and long messages, associated data (“labels”), and key reuse (a single RSA key suffices for both signcryption and designcryption). The proposed scheme is provably secure under the strongest k...
متن کامل