Deterministic Encoding and Hashing to Odd Hyperelliptic Curves

The original publication is available at www.springerlink.comInternational audienceIn this paper we propose a very simple and efficient encoding function from Fq to points of a hyperelliptic curve over Fq of the form H : y2 = f(x) where f is an odd polynomial. Hyperelliptic curves of this type have been frequently considered in the literature to obtain Jacobians of good order and pairing-friendly curves. Our new encoding is nearly a bijection to the set of Fq -rational points on H . This makes it easy to construct well-behaved hash functions to the Jacobian J of H , as well as injective maps to J (Fq ) which can be used to encode scalars for such applications as ElGamal encryption. The new encoding is already interesting in the genus 1 case, where it provides a well-behaved encoding to Joux?s supersingular elliptic curves

A Secure Scheme for Authenticated Encryption

The paper proposes a new scheme of authenticated encryption that is either publicly verifiable or not publicly verifiable depending on the quantity of information the recipient released. This property would give recipient much flexibility in many applications. This scheme combines the ElGamal encryption with Schnorr signature. Considering the security goal of signature, the resultant scheme is at least as secure as that of the combined signature scheme. The security goal of encryption is examined under the chosen ciphertext attack, it is proven directly related to the security of signature. Furthermore, this new scheme is also secure against one-more-decryption attack. This novel security goal may be valuable in the applications of private information retrieval

Cryptanalysis of Li et al.\u27s Identity-Based Threshold Signcryption Scheme

Signcryption is a cryptographic primitive that aims at providing confidentiality and authentication simultaneously. Recently in May 2008, a scheme for identity based threshold signcryption was proposed by Fagen Li and Yong Yu. They have proved the confidentiality of their scheme and have also claimed the unforgeability without providing satisfactory proof. In this paper, we show that in their signcryption scheme the secret key of the sender is exposed(total break) to the clerk during sincryption and hence insecure in the presence of malicious clerks. Further, we propose a corrected version of the scheme and formally prove its security under the existing security model for signcryption

Multi-Recipient Signcryption for Secure Wireless Group Communication

Secure group communication is significant for wireless and mobile computing. Overheads can be reduced efficiently when a sender sends multiple messages to multiple recipients using multi-recipient signcryption schemes. In this paper, we proposed the formal definition and security model of multi-recipient signcryption, presented the definition of reproducible signcryption and proposed security theorems for randomness reusing based multi-recipient signcryption schemes. We found that a secure reproducible signcryption scheme can be used to construct an efficient multi-recipient signcryption scheme which has the same security level as the underlying base signcryption scheme. We constructed a multi-recipient scheme which is provable secure in random oracle model assuming that the GDH problem is hard, based on a new BLS-type signcryption scheme. Overheads of the new scheme are only (n+1)/2n times of traditional ways when a sender sends different messages to n distinct recipients. It is more efficient than other known schemes. It creates a possibility for the practice of the public key cryptosystem in ubiquitous computing

Relations among Privacy Notions for Signcryption and Key Invisible Sign-then-Encrypt\u27\u27

Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme. This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes. On the constructive side, we show that general ``sign-then-encrypt\u27\u27 approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model

Efficient signcryption with key privacy from gap Diffie-Hellman groups

This paper proposes a new public key authenticated encryption (signcryption) scheme based on the Diffie-Hellman problem in Gap Diffie-Hellman groups. This scheme is built on the scheme proposed by Boneh, Lynn and Shacham in 2001 to produce short signatures. The idea is to introduce some randomness into this signature to increase its level of security in the random oracle model and to re-use that randomness to perform encryption. This results in a signcryption protocol that is more efficient than any combination of that signature with an El Gamal like encryption scheme. The new scheme is also shown to satisfy really strong security notions and its strong unforgeability is tightly related to the Diffie-Hellman assumption in Gap Diffie-Hellman groups

Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups

This paper proposes a new public key authenticated encryption (signcryption) scheme based on the Diffie-Hellman problem in Gap Diffie-Hellman groups. This scheme is built on the scheme proposed by Boneh, Lynn and Shacham in 2001 to produce short signatures. The idea is to introduce some randomness into this signature to increase its level of security in the random oracle model and to re-use that randomness to perform encryption. This results in a signcryption protocol that is more efficient than any combination of that signature with an El Gamal like encryption scheme. The new scheme is also shown to satisfy really strong security notions and its strong unforgeability is tightly related to the Diffie-Hellman assumption in Gap Diffie-Hellman groups

On the Joint Security of Encryption and Signature, Revisited

Abstract. We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model. We then consider the problem of how to build signcryption schemes from jointly secure combined public key schemes. We provide a construction that uses any such scheme to produce a triple of schemes – signature, encryption, and signcryption – that are jointly secure in an appropriate and strong security model.

Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata