SIGNCRYPTION ANALYZE

The aim of this paper is to provide an overview for the research that has been done so far in signcryption area. The paper also presents the extensions for the signcryption scheme and discusses the security in signcryption. The main contribution to this paper represents the implementation of the signcryption algorithm with the examples provided.ElGamal, elliptic curves, encryption, identity-based, proxy-signcryption, public key, ring-signcryption, RSA, signcryption

Identity Based Public Verifiable Signcryption Scheme

Signcryption as a single cryptographic primitive offers both confidentiality and authentication simultaneously. Generally in signcryption schemes, the message is hidden and thus the validity of the ciphertext can be verified only after unsigncrypting the ciphertext. Thus, a third party will not be able to verify whether the ciphertext is valid or not. Signcryption schemes that allow any user to verify the validity of the ciphertext without the knowledge of the message are called public verifiable signcryption schemes. Third Party verifiable signcryption schemes allow the receiver to convince a third party, by providing some additional information along with the signcryption other than his private key with/without exposing the message. In this paper, we show the security weaknesses in three existing schemes \cite{BaoD98}, \cite{TsoOO08} and \cite{ChowYHC03}. The schemes in \cite{BaoD98} and \cite{TsoOO08} are in the Public Key Infrastructure (PKI) setting and the scheme in \cite{ChowYHC03} is in the identity based setting. More specifically, \cite{TsoOO08} is based on elliptic curve digital signature algorithm (ECDSA). We also, provide a new identity based signcryption scheme that provides public verifiability and third party verification. We formally prove the security of the newly proposed scheme in the random oracle model

Analysis and Improvement of Authenticatable Ring Signcryption Scheme

Ring signcryption is an anonymous signcryption which allows a user to anonymously signcrypt a message on behalf of a set of users including himself. In an ordinary ring signcryption scheme, even if a user of the ring generates a signcryption, he also cannot prove that the signcryption was produced by himself. In 2008, Zhang, Yang, Zhu, and Zhang solve the problem by introducing an identity-based authenticatable ring signcryption scheme (denoted as the ZYZZ scheme). In the ZYZZ scheme, the actual signcrypter can prove that the ciphertext is generated by himself, and the others cannot authenticate it. However, in this paper, we show that the ZYZZ scheme is not secure against chosen plaintext attacks. Furthermore, we propose an improved scheme that remedies the weakness of the ZYZZ scheme. The improved scheme has shorter ciphertext size than the ZYZZ scheme. We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability

Signcryption schemes based on elliptic curve cryptography

Signcryption is cryptographic primitive which simultaneously provide both the function of digital signature and public key encryption in a single logical step. Identity based cryptography is an alternative to the traditional certificate based cryptosystem. Its main idea is that each user uses his identity information as his public key. Many identity based signcryption scheme have been proposed so, far. However, all the schemes were proven using bilinear pairing. Elliptic curve cryptosystem (ECC) have recently received significant attention by research due to their low computational and communicational overhead. Elliptic curve cryptography (ECC) is the hardest computational problems; the elliptic curve discrete logarithm problem and elliptic curve Deffie-Hellman problem are the most reliable cryptographic technique in ECC. The advantages of ECC that it requires shorter key length compared to other public-key algorithms. So, that its use in low-end systems such as smart cards because of its efficiency and limited computational and communicational overhead. We introduce new signcryption schemes based on elliptic curve cryptography. The security of proposed schemes is based on elliptic curve discrete logarithm problem (ECDLP) and elliptic curve Diffie-Hellman problem (ECDHP). The proposed schemes provide various desirable security requirements like confidentiality, authenticity, non-repudiation and forward security as well as chosen ciphertext attack and unforgeability

On the Provable Security of Multi-Receiver Signcryption Schemes

In ATC 2007, an identity based signcryption scheme for multiple receivers was proposed by Yu et al. In this paper, we first show that Yu et al.\u27s signcryption scheme is insecure by demonstrating an universal forgeability attack - anyone can generate a valid signcryption on any message on behalf of any legal user for any set of legal receivers without knowing the secret keys of the legal users. Also, we point out a subtle flaw in the proof of confidentiality given by Yu et al. and show that the scheme does not provide confidentiality. Further, we propose a corrected version of Yu et al.\u27s scheme and formally prove its security (confidentiality and unforgeability) under the existing security model for signcryption.\\ In another direction, Fagen Li et al. have proposed a pairing based multi-recipient signcryption scheme which works in public key infrastructure (PKI). We show that, the scheme proposed by Fagen Li et al. is not adaptive chosen ciphertext secure. We propose a new PKI based multi-receiver signcryption scheme and formally prove confidentiality and unforgeability of the scheme. Since all the previously reported schemes are shown to have flaws either in this paper or else where, the schemes reported in this paper are the only correct and efficient ones (both identity based and PKI based) for multi-receiver signcryption

Relations among Privacy Notions for Signcryption and Key Invisible Sign-then-Encrypt\u27\u27

Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme. This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes. On the constructive side, we show that general ``sign-then-encrypt\u27\u27 approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model

A Constructive Perspective on Signcryption Security

Signcryption is a public-key cryptographic primitive, originally introduced by Zheng (Crypto \u2797), that allows parties to establish secure communication without the need of prior key agreement. Instead, a party registers its public key at a certificate authority (CA), and only needs to retrieve the public key of the intended partner from the CA before being able to protect the communication. Signcryption schemes provide both authenticity and confidentiality of sent messages and can offer a simpler interface to applications and better performance compared to generic compositions of signature and encryption schemes. Although introduced two decades ago, the question which security notions of signcryption are adequate in which applications has still not reached a fully satisfactory answer. To resolve this question, we conduct a constructive analysis of this public-key primitive. Similar to previous constructive studies for other important primitives, this treatment allows to identify the natural goal that signcryption schemes should achieve and to formalize this goal in a composable framework. More specifically, we capture the goal of signcryption as a gracefully-degrading secure network, which is basically a network of independent parties that allows secure communication between any two parties. However, when a party is compromised, its respective security guarantees are lost, while all guarantees for the remaining users remain unaffected. We show which security notions for signcryption are sufficient to construct this kind of secure network from a certificate authority (or key registration resource) and insecure communication. Our study does not only unveil that it is the so-called insider-security notion that enables this construction, but also that a weaker version thereof would already be sufficient. This may be of interest in the context of practical signcryption schemes that do not achieve the stronger notions. Last but not least, we observe that the graceful-degradation property is actually an essential feature of signcryption that stands out in comparison to alternative and more standard constructions that achieve secure communication from the same assumptions. This underlines the vital importance of the insider security notion for signcryption and strongly supports, in contrast to the initial belief, the recent trend to consider the insider security notion as the standard notion for signcryption