On the Security of Joint Signature and Encryption
We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether the adversary is an outsider or a legal user of t...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Buchkapitel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 107 |
|---|---|
| container_issue | |
| container_start_page | 83 |
| container_title | |
| container_volume | 2332 |
| creator | An, Jee Hea Dodis, Yevgeniy Rabin, Tal |
| description | We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether the adversary is an outsider or a legal user of the system. We then examine generic sequential composition methods of building signcryption from a signature and encryption scheme. Contrary to what recent results in the symmetric setting [5, 22] might lead one to expect, we show that classical “encryptthen-sign” (EtS) and “sign-then-encrypt” (StE) methods are both secure composition methods in the public-key setting.
We also present a new composition method which we call “commit-then-encrypt-and-sign” (CtE&S). Unlike the generic sequential composition methods, CtE&S applies the expensive signature and encryption operations in parallel, which could imply a gain in efficiency over the StE and EtS schemes. We also show that the new (CtE&S) method elegantly combines with the recent “hash-sign-switch” technique of [30], leading to efficient on-line /off-line signcryption.
Finally and of independent interest, we discuss the definitional inadequacy of the standard notion of chosen ciphertext (CCA2) security. We suggest a natural and very slight relaxation of CCA2-security, which we call generalized CCA2-security (gCCA2). We show that gCCA2-security suffices for all known uses of CCA2-secure encryption, while no longer suffering from the definitional shortcomings of the latter. |
| doi_str_mv | 10.1007/3-540-46035-7_6 |
| format | Book Chapter |
| fullrecord | <record><control><sourceid>proquest_pasca</sourceid><recordid>TN_cdi_pascalfrancis_primary_14180213</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EBC3072528_12_94</sourcerecordid><originalsourceid>FETCH-LOGICAL-c419t-67ed325bd06a21b021407b936953e1463794634da98e1ff7b07522ec408814b3</originalsourceid><addsrcrecordid>eNotkL1PAzEMxcOnKNCZ9RbGgB0nl8uIqvIlJAbYo9w1Vw5KriTp0P-e0OLBlv2e3_Bj7ArhBgH0LXElgcsaSHFt6wN2TuWw2_Uhm2CNyImkOWJTo5udRkqROGYTIBDcaEmnbGJUowTUhGdsmtInlCIBRuKE4Wuo8oev3ny3iUPeVmNfPY9DyNXbsAwub6KvXFhU89DF7ToPY7hkJ71bJT_9nxfs_X7-PnvkL68PT7O7F95JNJnX2i9IqHYBtRPYgkAJujVUG0UeZU3alCYXzjQe-163oJUQvpPQNChbumDX-9i1S51b9dGFbkh2HYdvF7cWJTYlk4qP732pSGHpo23H8StZBPuH0JItVOwOmS0Ii1_858bxZ-NTtv7vofMhR7fqPtw6-5gsgRZKNBaFNZJ-ATJSaxc</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype><pqid>EBC3072528_12_94</pqid></control><display><type>book_chapter</type><title>On the Security of Joint Signature and Encryption</title><source>Springer Books</source><creator>An, Jee Hea ; Dodis, Yevgeniy ; Rabin, Tal</creator><contributor>Knudsen, Lars</contributor><creatorcontrib>An, Jee Hea ; Dodis, Yevgeniy ; Rabin, Tal ; Knudsen, Lars</creatorcontrib><description>We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether the adversary is an outsider or a legal user of the system. We then examine generic sequential composition methods of building signcryption from a signature and encryption scheme. Contrary to what recent results in the symmetric setting [5, 22] might lead one to expect, we show that classical “encryptthen-sign” (EtS) and “sign-then-encrypt” (StE) methods are both secure composition methods in the public-key setting.
We also present a new composition method which we call “commit-then-encrypt-and-sign” (CtE&S). Unlike the generic sequential composition methods, CtE&S applies the expensive signature and encryption operations in parallel, which could imply a gain in efficiency over the StE and EtS schemes. We also show that the new (CtE&S) method elegantly combines with the recent “hash-sign-switch” technique of [30], leading to efficient on-line /off-line signcryption.
Finally and of independent interest, we discuss the definitional inadequacy of the standard notion of chosen ciphertext (CCA2) security. We suggest a natural and very slight relaxation of CCA2-security, which we call generalized CCA2-security (gCCA2). We show that gCCA2-security suffices for all known uses of CCA2-secure encryption, while no longer suffering from the definitional shortcomings of the latter.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783540435532</identifier><identifier>ISBN: 3540435530</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 3540460357</identifier><identifier>EISBN: 9783540460350</identifier><identifier>DOI: 10.1007/3-540-46035-7_6</identifier><identifier>OCLC: 958520631</identifier><identifier>LCCallNum: QA268</identifier><language>eng</language><publisher>Germany: Springer Berlin / Heidelberg</publisher><subject>Applied sciences ; Commitment Scheme ; Cryptography ; Encryption Scheme ; Exact sciences and technology ; Information, signal and communications theory ; Joint Signature ; Signal and communications theory ; Signature Scheme ; Symmetric Setting ; Telecommunications and information theory</subject><ispartof>Advances in Cryptology - EUROCRYPT 2002, 2002, Vol.2332, p.83-107</ispartof><rights>Springer-Verlag Berlin Heidelberg 2002</rights><rights>2002 INIST-CNRS</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c419t-67ed325bd06a21b021407b936953e1463794634da98e1ff7b07522ec408814b3</citedby><relation>Lecture Notes in Computer Science</relation></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/3072528-l.jpg</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/3-540-46035-7_6$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/3-540-46035-7_6$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,775,776,780,785,786,789,4036,4037,27902,38232,41418,42487</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=14180213$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Knudsen, Lars</contributor><creatorcontrib>An, Jee Hea</creatorcontrib><creatorcontrib>Dodis, Yevgeniy</creatorcontrib><creatorcontrib>Rabin, Tal</creatorcontrib><title>On the Security of Joint Signature and Encryption</title><title>Advances in Cryptology - EUROCRYPT 2002</title><description>We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether the adversary is an outsider or a legal user of the system. We then examine generic sequential composition methods of building signcryption from a signature and encryption scheme. Contrary to what recent results in the symmetric setting [5, 22] might lead one to expect, we show that classical “encryptthen-sign” (EtS) and “sign-then-encrypt” (StE) methods are both secure composition methods in the public-key setting.
We also present a new composition method which we call “commit-then-encrypt-and-sign” (CtE&S). Unlike the generic sequential composition methods, CtE&S applies the expensive signature and encryption operations in parallel, which could imply a gain in efficiency over the StE and EtS schemes. We also show that the new (CtE&S) method elegantly combines with the recent “hash-sign-switch” technique of [30], leading to efficient on-line /off-line signcryption.
Finally and of independent interest, we discuss the definitional inadequacy of the standard notion of chosen ciphertext (CCA2) security. We suggest a natural and very slight relaxation of CCA2-security, which we call generalized CCA2-security (gCCA2). We show that gCCA2-security suffices for all known uses of CCA2-secure encryption, while no longer suffering from the definitional shortcomings of the latter.</description><subject>Applied sciences</subject><subject>Commitment Scheme</subject><subject>Cryptography</subject><subject>Encryption Scheme</subject><subject>Exact sciences and technology</subject><subject>Information, signal and communications theory</subject><subject>Joint Signature</subject><subject>Signal and communications theory</subject><subject>Signature Scheme</subject><subject>Symmetric Setting</subject><subject>Telecommunications and information theory</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783540435532</isbn><isbn>3540435530</isbn><isbn>3540460357</isbn><isbn>9783540460350</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2002</creationdate><recordtype>book_chapter</recordtype><recordid>eNotkL1PAzEMxcOnKNCZ9RbGgB0nl8uIqvIlJAbYo9w1Vw5KriTp0P-e0OLBlv2e3_Bj7ArhBgH0LXElgcsaSHFt6wN2TuWw2_Uhm2CNyImkOWJTo5udRkqROGYTIBDcaEmnbGJUowTUhGdsmtInlCIBRuKE4Wuo8oev3ny3iUPeVmNfPY9DyNXbsAwub6KvXFhU89DF7ToPY7hkJ71bJT_9nxfs_X7-PnvkL68PT7O7F95JNJnX2i9IqHYBtRPYgkAJujVUG0UeZU3alCYXzjQe-163oJUQvpPQNChbumDX-9i1S51b9dGFbkh2HYdvF7cWJTYlk4qP732pSGHpo23H8StZBPuH0JItVOwOmS0Ii1_858bxZ-NTtv7vofMhR7fqPtw6-5gsgRZKNBaFNZJ-ATJSaxc</recordid><startdate>2002</startdate><enddate>2002</enddate><creator>An, Jee Hea</creator><creator>Dodis, Yevgeniy</creator><creator>Rabin, Tal</creator><general>Springer Berlin / Heidelberg</general><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>FFUUA</scope><scope>IQODW</scope></search><sort><creationdate>2002</creationdate><title>On the Security of Joint Signature and Encryption</title><author>An, Jee Hea ; Dodis, Yevgeniy ; Rabin, Tal</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c419t-67ed325bd06a21b021407b936953e1463794634da98e1ff7b07522ec408814b3</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2002</creationdate><topic>Applied sciences</topic><topic>Commitment Scheme</topic><topic>Cryptography</topic><topic>Encryption Scheme</topic><topic>Exact sciences and technology</topic><topic>Information, signal and communications theory</topic><topic>Joint Signature</topic><topic>Signal and communications theory</topic><topic>Signature Scheme</topic><topic>Symmetric Setting</topic><topic>Telecommunications and information theory</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>An, Jee Hea</creatorcontrib><creatorcontrib>Dodis, Yevgeniy</creatorcontrib><creatorcontrib>Rabin, Tal</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>An, Jee Hea</au><au>Dodis, Yevgeniy</au><au>Rabin, Tal</au><au>Knudsen, Lars</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>On the Security of Joint Signature and Encryption</atitle><btitle>Advances in Cryptology - EUROCRYPT 2002</btitle><seriestitle>Lecture Notes in Computer Science</seriestitle><date>2002</date><risdate>2002</risdate><volume>2332</volume><spage>83</spage><epage>107</epage><pages>83-107</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783540435532</isbn><isbn>3540435530</isbn><eisbn>3540460357</eisbn><eisbn>9783540460350</eisbn><abstract>We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether the adversary is an outsider or a legal user of the system. We then examine generic sequential composition methods of building signcryption from a signature and encryption scheme. Contrary to what recent results in the symmetric setting [5, 22] might lead one to expect, we show that classical “encryptthen-sign” (EtS) and “sign-then-encrypt” (StE) methods are both secure composition methods in the public-key setting.
We also present a new composition method which we call “commit-then-encrypt-and-sign” (CtE&S). Unlike the generic sequential composition methods, CtE&S applies the expensive signature and encryption operations in parallel, which could imply a gain in efficiency over the StE and EtS schemes. We also show that the new (CtE&S) method elegantly combines with the recent “hash-sign-switch” technique of [30], leading to efficient on-line /off-line signcryption.
Finally and of independent interest, we discuss the definitional inadequacy of the standard notion of chosen ciphertext (CCA2) security. We suggest a natural and very slight relaxation of CCA2-security, which we call generalized CCA2-security (gCCA2). We show that gCCA2-security suffices for all known uses of CCA2-secure encryption, while no longer suffering from the definitional shortcomings of the latter.</abstract><cop>Germany</cop><pub>Springer Berlin / Heidelberg</pub><doi>10.1007/3-540-46035-7_6</doi><oclcid>958520631</oclcid><tpages>25</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0302-9743 |
| ispartof | Advances in Cryptology - EUROCRYPT 2002, 2002, Vol.2332, p.83-107 |
| issn | 0302-9743 1611-3349 |
| language | eng |
| recordid | cdi_pascalfrancis_primary_14180213 |
| source | Springer Books |
| subjects | Applied sciences Commitment Scheme Cryptography Encryption Scheme Exact sciences and technology Information, signal and communications theory Joint Signature Signal and communications theory Signature Scheme Symmetric Setting Telecommunications and information theory |
| title | On the Security of Joint Signature and Encryption |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T17%3A01%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_pasca&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=On%20the%20Security%20of%20Joint%20Signature%20and%20Encryption&rft.btitle=Advances%20in%20Cryptology%20-%20EUROCRYPT%202002&rft.au=An,%20Jee%20Hea&rft.date=2002&rft.volume=2332&rft.spage=83&rft.epage=107&rft.pages=83-107&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783540435532&rft.isbn_list=3540435530&rft_id=info:doi/10.1007/3-540-46035-7_6&rft_dat=%3Cproquest_pasca%3EEBC3072528_12_94%3C/proquest_pasca%3E%3Curl%3E%3C/url%3E&rft.eisbn=3540460357&rft.eisbn_list=9783540460350&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC3072528_12_94&rft_id=info:pmid/&rfr_iscdi=true |