Paper 2011/486

On the Joint Security of Encryption and Signature, Revisited

Kenneth G. Paterson, Jacob C. N. Schuldt, Martijn Stam, and Susan Thomson


We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model. We then consider the problem of how to build signcryption schemes from jointly secure combined public key schemes. We provide a construction that uses any such scheme to produce a triple of schemes -- signature, encryption, and signcryption -- that are jointly secure in an appropriate and strong security model.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Full version of paper to appear at Asiacrypt 2011.
Contact author(s)
kenny paterson @ rhul ac uk
2011-09-12: revised
2011-09-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kenneth G.  Paterson and Jacob C. N.  Schuldt and Martijn Stam and Susan Thomson},
      title = {On the Joint Security of Encryption and Signature, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2011/486},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.