This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes.
On the constructive side, we show that general ``sign-then-encrypt'' approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model.Category / Keywords: public-key cryptography / signcryption Publication Info: This is a full version of the paper that will appear in ACISP 2013 Date: received 20 Apr 2013, last revised 20 Apr 2013 Contact author: yw990 at uowmail edu au Available format(s): PDF | BibTeX Citation Version: 20130429:111205 (All versions of this report) Short URL: ia.cr/2013/230 Discussion forum: Show discussion | Start new discussion