Signcryption KEM/tag-KEM, revisited

Xiangxue Li; Haifeng Qian; Yu Yu; Jian Weng; Yuan Zhou

doi:10.1002/sec.1232

Signcryption KEM/tag-KEM, revisited

Xiangxue Li
, Haifeng Qian^*
, Yu Yu
, Jian Weng
, Yuan Zhou

^*Corresponding author for this work

Software Engineering Institute

Research output: Contribution to journal › Article › peer-review

Abstract

We revisit the problem of basing signcryption (SC) (tag) key encapsulation mechanism (KEM) on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature; are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle; do not use strongly unforgeable signature schemes as building blocks; and provide comparable performance to existing SC-KEM/tag-KEM schemes. Both constructions do not require the knowledge about the recipient's private keys to verify the validity of the ciphertexts and thus can be used in applications where a ciphertext needs to be validated by any third party that only knows the public key of the sender as in usual signature scheme.

Original language	English
Pages (from-to)	3067-3082
Number of pages	16
Journal	Security and Communication Networks
Volume	8
Issue number	17
DOIs	https://doi.org/10.1002/sec.1232
State	Published - 25 Nov 2015

Keywords

Key encapsulation mechanism
Signcryption
Standard assumption
Standard model
Tag

Access to Document

10.1002/sec.1232

Cite this

@article{e2eb826a1ada44e9af6ecde1440a809d,

title = "Signcryption KEM/tag-KEM, revisited",

abstract = "We revisit the problem of basing signcryption (SC) (tag) key encapsulation mechanism (KEM) on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature; are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle; do not use strongly unforgeable signature schemes as building blocks; and provide comparable performance to existing SC-KEM/tag-KEM schemes. Both constructions do not require the knowledge about the recipient's private keys to verify the validity of the ciphertexts and thus can be used in applications where a ciphertext needs to be validated by any third party that only knows the public key of the sender as in usual signature scheme.",

keywords = "Key encapsulation mechanism, Signcryption, Standard assumption, Standard model, Tag",

author = "Xiangxue Li and Haifeng Qian and Yu Yu and Jian Weng and Yuan Zhou",

note = "Publisher Copyright: {\textcopyright} 2015 John Wiley \& Sons, Ltd.",

year = "2015",

month = nov,

day = "25",

doi = "10.1002/sec.1232",

language = "英语",

volume = "8",

pages = "3067--3082",

journal = "Security and Communication Networks",

issn = "1939-0114",

publisher = "John Wiley and Sons Ltd",

number = "17",

}

TY - JOUR

T1 - Signcryption KEM/tag-KEM, revisited

AU - Li, Xiangxue

AU - Qian, Haifeng

AU - Yu, Yu

AU - Weng, Jian

AU - Zhou, Yuan

PY - 2015/11/25

Y1 - 2015/11/25

N2 - We revisit the problem of basing signcryption (SC) (tag) key encapsulation mechanism (KEM) on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature; are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle; do not use strongly unforgeable signature schemes as building blocks; and provide comparable performance to existing SC-KEM/tag-KEM schemes. Both constructions do not require the knowledge about the recipient's private keys to verify the validity of the ciphertexts and thus can be used in applications where a ciphertext needs to be validated by any third party that only knows the public key of the sender as in usual signature scheme.

AB - We revisit the problem of basing signcryption (SC) (tag) key encapsulation mechanism (KEM) on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature; are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle; do not use strongly unforgeable signature schemes as building blocks; and provide comparable performance to existing SC-KEM/tag-KEM schemes. Both constructions do not require the knowledge about the recipient's private keys to verify the validity of the ciphertexts and thus can be used in applications where a ciphertext needs to be validated by any third party that only knows the public key of the sender as in usual signature scheme.

KW - Key encapsulation mechanism

KW - Signcryption

KW - Standard assumption

KW - Standard model

KW - Tag

UR - https://www.scopus.com/pages/publications/84945466078

U2 - 10.1002/sec.1232

DO - 10.1002/sec.1232

M3 - 文章

AN - SCOPUS:84945466078

SN - 1939-0114

VL - 8

SP - 3067

EP - 3082

JO - Security and Communication Networks

JF - Security and Communication Networks

IS - 17

ER -

Signcryption KEM/tag-KEM, revisited

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this