Signcryption secure against linear related-key attacks

Hui Cui, Yi Mu, Man Ho Allen Au

Research output: Journal article publicationJournal articleAcademic researchpeer-review

2 Citations (Scopus)


A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device, and observes the result of the cryptographic primitive under this modified private key. In this paper, we consider the security of signcryption schemes under linear RKAs, where an adversary is allowed to tamper the private keys of the receiver and the sender, and subsequently observe the outcome of a signcryption system under these modified private keys of both parties. We define two security notions for RKA-secure signcryption schemes: chosen ciphertext RKA and chosen message RKA. We require that a signcryption scheme remains secure even when an adversary is allowed to access the designcryption oracle and the signcryption oracle on linear shifts of the private keys of the receiver and the sender, respectively. After reviewing some basic definitions related to our construction, we give a specific signcryption scheme from bilinear Diffie-Hellman which is secure against RKAs. Furthermore, we extend the security model of signcryption with anonymity, where the ciphertext is anonymous to others except the real receiver given the honest sender and the honest receiver. Fortunately, with a trivial modification to the original signcryption scheme, our proposed signcryption scheme can protect the privacy of both the sender and the receiver.
Original languageEnglish
Pages (from-to)1472-1483
Number of pages12
JournalComputer Journal
Issue number10
Publication statusPublished - 6 Sept 2014
Externally publishedYes


  • anonymity
  • CC-RKA
  • CM-RKA
  • signcryption

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Signcryption secure against linear related-key attacks'. Together they form a unique fingerprint.

Cite this