Paper 2020/1388

Signcryption in a Quantum World

Sanjit Chatterjee, Tapas Pandit, Shravan Kumar Parshuram Puria, and Akash Shah


This work studies signcryption of classical data in the quantum setting. Essentially, we investigate the quantum security of generic constructions of signcryption schemes based on three paradigms, viz., encrypt-then-sign (EtS), sign-then-encrypt (StE) and commit-then-encrypt-and-sign (CtE&S). For doing that we define the confidentiality and authenticity of signcryption for classical data both in insider and outsider models against quantum adversaries. In the insider model, we show that the quantum variants of the classical results hold in the quantum setting. However, for arguing authenticity in outsider model of StE and CtE&S paradigms, we need to consider an intermediate setting in which the adversary is given quantum access to unsigncryption oracle but classical access to signcryption oracle. In two-user outsider model, as in the classical setting, we show that post-quantum CPA security of the base encryption scheme is amplified in the EtS paradigm if the base signature scheme satisfies a stronger definition. We prove an analogous result in the StE paradigm. Interestingly, in the multi-user setting, our results strengthen the known classical results. Furthermore, our results for the EtS and StE paradigms in the two-user outsider model also extend to the setting of authenticated encryption. Finally, we briefly discuss concrete instantiations in various paradigms utilizing some available candidates of quantum secure encryption and signature schemes.

Note: Differences from the previous version: 1. Using the quantum oracle recording technique of Chevalier et al. (2020), we have improved the confidentiality of classical data in encrypt-then-sign and commit-then-encrypt-and-sign paradigms in the outsider models by giving proofs in a full security model, where both the oracles, signcrypt and unsigncrypt, are accessible in superposition. 2. In proving unforgeability in the sign-then-encrypt paradigm in the multi-user insider model, we have removed the assumption that the output ancilla register is initialized with 0. 3. We also have revised the paper appropriately to incorporate the aforementioned improvements.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
SigncryptionPost-quantum cryptographyQuantum security
Contact author(s)
sanjit @ iisc ac in
tapasgmmath @ gmail com
sppuria94 @ gmail com
shahakash94 @ gmail com
2021-05-07: revised
2020-11-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sanjit Chatterjee and Tapas Pandit and Shravan Kumar Parshuram Puria and Akash Shah},
      title = {Signcryption in a Quantum World},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1388},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.