Paper 2013/230

Relations among Privacy Notions for Signcryption and Key Invisible "Sign-then-Encrypt''

Yang Wang, Mark Manulis, Man Ho Au, and Willy Susilo

Abstract

Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme. This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes. On the constructive side, we show that general ``sign-then-encrypt'' approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. This is a full version of the paper that will appear in ACISP 2013
Keywords
signcryption
Contact author(s)
yw990 @ uowmail edu au
History
2013-04-29: received
Short URL
https://ia.cr/2013/230
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/230,
      author = {Yang Wang and Mark Manulis and Man Ho Au and Willy Susilo},
      title = {Relations among Privacy Notions for Signcryption and Key Invisible "Sign-then-Encrypt''},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/230},
      year = {2013},
      url = {https://eprint.iacr.org/2013/230}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.