TY - GEN
T1 - Relations among privacy notions for signcryption and key invisible "sign-then-encrypt"
AU - Wang, Yang
AU - Manulis, Mark
AU - Au, Man Ho Allen
AU - Susilo, Willy
PY - 2013/9/26
Y1 - 2013/9/26
N2 - Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme. This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes. On the constructive side, we show that general "sign-then- encrypt" approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model.
AB - Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme. This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. More surprisingly, we prove that key invisibility also implies indistinguishability against chosen ciphertext attacks. This places key invisibility on the top of privacy hierarchy for public-key signcryption schemes. On the constructive side, we show that general "sign-then- encrypt" approach offers key invisibility if the underlying encryption scheme satisfies two existing security notions, indistinguishable against adaptive chosen ciphertext attacks and indistinguishability of keys against adaptive chosen ciphertext attacks. By this method we obtain the first key invisible signcryption construction in the standard model.
UR - http://www.scopus.com/inward/record.url?scp=84884497322&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-39059-3_13
DO - 10.1007/978-3-642-39059-3_13
M3 - Conference article published in proceeding or book
SN - 9783642390586
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 187
EP - 202
BT - Information Security and Privacy - 18th Australasian Conference, ACISP 2013, Proceedings
T2 - 18th Australasian Conference on Information Security and Privacy, ACISP 2013
Y2 - 1 July 2013 through 3 July 2013
ER -