Abstract
A highly practical parallel signcryption scheme named PLSC from trapdoor permutations (TDPs for short) was built to perform long messages directly. The new scheme follows the idea “scramble all, and encrypt small”, using some scrambling operation on message m along with the user’s identities, and then passing, in parallel, small parts of the scrambling result through corresponding TDPs. This design enables the scheme to flexibly perform long messages of arbitrary length while avoid repeatedly invoking TDP operations such as the CBC mode, or verbosely black-box composing symmetric encryption and signcryption, resulting in noticeable practical savings in both message bandwidth and efficiency. Concretely, the signcryption scheme requires exactly one computation of the “receiver’s TDP” (for “encryption”) and one inverse computation of the “sender’s TDP” (for “authentication”), which is of great practical significance in directly performing long messages, since the major bottleneck for many public encryption schemes is the excessive computational overhead of performing TDP operations. Cutting out the verbosely repeated padding, the newly proposed scheme is more efficient than a black-box hybrid scheme. Most importantly, the proposed scheme has been proven to be tightly semantically secure under adaptive chosen ciphertext attacks (IND-CCA2) and to provide integrity of ciphertext (INT-CTXT) as well as non-repudiation in the random oracle model. All of these security guarantees are provided in the full multi-user, insider-security setting. Moreover, though the scheme is designed to perform long messages, it may also be appropriate for settings where it is impractical to perform large block of messages (i.e. extremely low memory environments such as smart cards).
Similar content being viewed by others
References
An J H, Dodis Y, Rabin T. On the security of joint signature and encryption. In: Knudsen L, ed. Advances in Cryptology—EUROCRYPT’02, LNCS Vol. 2332. Berlin: Springer-Verlag, 2002. 83–107. Available from http://eprint.iacr.org/2002/046/
Zheng Y. Digital signcryption or how to achieve cost (signature & encryption) cost (signature) + cost (encryption). In: Kaliski B S, ed. Advances in Cryptology—CRYPTO’97, LNCS Vol. 1294. Berlin: Springer-Verlag, 1997. 165–179
Zheng Y, Imai H. Efficient signcryption schemes on elliptic curves. Inf Proc Lett, 1998, 68(6): 227–233
Petersen H, Michels M. Cryptanalysis and improvement of signcryption schemes. IEEE Comput Dig Commun, 1998, 145(2): 140–151
He W, Wu T. Cryptanalysis and improvement of petersen-michels signcryption schemes. IEEE Comput Dig Commun, 1999, 146(2): 123–124
Baek J, Steinfeld R, Zheng Y. Formal proofs for the security of signcryption. In: Naccache D, Pailler P, eds. 5th International Workshop on Practice and Theory in Public Key Cryptosystems PKC 2002, LNCS Vol. 2274. Berlin: Springer-Verlag, 2002. 80–98
Bellare M, Rogaway P. Optimal asymmetric encryption. In: Santis A D, ed. Advances in Cryptology—EUROCRYPT94, LNCS Vol. 950. Berlin: Springer-Verlag, 1995. 92–111. Revised version available from http://www-cse.ucsd.edu/users/mihir/
Shoup V. OAEP reconsidered. In: Kilian J, ed. Advances in Cryptology—CRYPTO 2001, LNCS Vol. 2139. Berlin: Springer-Verlag, 2001. 240–259
Bellare M, Rogaway P. The exact security of digital signatures: How to sign with RSA and Rabin. In: Maurer U, ed. Advances in Cryptology—EUROCRYPT 96, LNCS Vol. 1070. Berlin: Springer-Verlag, 1996. 399–416. Revised version appears in http://www-cse.ucsd.edu/users/mihir/papers/crypto-papers.html
Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. In: Wiener M, ed. Advances in Cryptology—Proceedings of CRYPTO’99, LNCS Vol. 1666. Berlin: Springer-Verlag, 1999. 537–554
Shoup V. Aproposal for an ISO standard of public key encryption (version 2.1). Cryptology ePrint Archive, Report 2001/112. http://eprint.iacr.org/2001/112
Dodis Y, Freedman M J, Jarecki S, et al. Optimal signcryption from any trapdoor permutation. Cryptology ePrint Archive, Report 2004/20. http://eprint.iacr.org/2004/20
Mao W, Malone-Lee J. Two birds one stone: Signcryption using RSA. In: Joye M, ed. Progress in Cryptology—CT-RSA 2003, LNCS Vol. 2612. Berlin: Springer-Verlag, 2003. 210–224
Kobara K, Imai H. Oaep++: A very simple way to apply oaep to deterministic ow-cpa primitives. Cryptology ePrint Archive, Report 2002/130. http://eprint.iacr.org/2002/130
Luby M, Rackoff C. How to construct pseudorandom permutations from pseudorandom functions. SIAM J Comput, 1988, 17(2): 373–386
Dodis Y, Freedman M J, Walfish S. Parallel signcryption with OAEP, PSS-R, and other Feistel paddings. Cryptology ePrint Archive, Report 2003/043. http://eprint.iacr.org/2003/043
An J H. Authenticated encryption in the public-key setting: Security notions and analyses. Cryptology ePrint Archive, Report 2001/079. http://eprint.iacr.org/2001/079
RSA Laboratories. PKCS #1 v2.1: RSA encryption standard, June 2002. Available from http://www.rsa.com/rsalabs/pubs/PKCS/
Rivest R L, Shamir A, Adlema L M. A method for obtaining digital signatures and public-key cryptosystems. Commun ACM, 1978, 21(2): 120–126
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the National Basic Research Program (Grant No. 2004CB318004), and the National Natural Science Foundation of China (Grant Nos. 60373047 and 90604036)
Rights and permissions
About this article
Cite this article
Hu, Z., Lin, D., Wu, W. et al. Constructing parallel long-message signcryption scheme from trapdoor permutation. SCI CHINA SER F 50, 82–98 (2007). https://doi.org/10.1007/s11432-007-2018-x
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/s11432-007-2018-x