SpringerLink
Log in

Signcryption schemes with threshold unsigncryption, and applications

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

The goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price includes VAT (Canada)

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. An J.H., Dodis Y., Rabin T.: On the security of joint signature and encryption. Proceedings of Eurocrypt’02, LNCS, vol. 2332, pp. 83–107. Springer (2002).

  2. Bellare M., Rogaway P.: Minimizing the use of random oracles in authenticated encryption schemes. Proceedings of Information and Communications Security’97, LNCS, vol. 1334, pp. 1–16. Springer (1997).

  3. Boneh D., Boyen X.: Efficient selective-ID secure identity-based encryption without random oracles. Proceedings of Eurocrypt’04, LNCS, vol. 3027, pp. 223–238. Springer (2004).

  4. Boneh D., Boyen X., Halevi S.: Chosen ciphertext secure public key threshold encryption without random oracles. Proceedings of CT-RSA’06, LNCS, vol. 3860, pp. 226–243. Springer (2006).

  5. Boneh D., Shen E., Waters B.: Strongly unforgeable signatures based on Computational Diffie-Hellman. Proceedings of PKC’06, LNCS, vol. 3958, pp. 229–240. Springer (2006).

  6. Canetti R., Gennaro R., Jarecki S., Krawczyk H., Rabin T.: Adaptive security for threshold cryptosystems. Proceedings of Crypto’99, LNCS, vol. 1666, pp. 98–115. Springer (1999).

  7. Canetti R., Krawczyk H., Nielsen J.B.: Relaxing chosen-ciphertext security. Proceedings of Crypto’03, LNCS, vol. 2729, pp. 565–582. Springer (2003).

  8. Canetti R., Halevi S., Katz J.: Chosen-ciphertext security from identity-based encryption. Proceedings of Eurocrypt’04, LNCS, vol. 3027, pp. 207–222. Springer (2004).

  9. Gennaro R., Jarecki S., Krawczyk H., Rabin T.: Secure distributed key generation for Discrete-Log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  10. Herranz J., Ruiz A., Sáez G.: Fully secure threshold unsigncryption. Proceedings of ProvSec’10, LNCS, vol. 6402, pp. 261–278. Springer (2010).

  11. Jarecki S., Lysyanskaya A.: Adaptively secure threshold cryptography: introducing concurrency, removing erasures. Proceedings of Eurocrypt’00, LNCS, vol. 1807, pp. 221–242. Springer (2000).

  12. Koo J.H., Kim H.J., Jeong I.R., Lee D.H., Lim J.I.: Jointly unsigncryptable signcryption schemes. Proceedings of WISA’01, vol. 2, pp. 397–407 (2001).

  13. Li F., Gao J., Hu Y.: ID-based threshold unsigncryption scheme from pairings. Proceedings of CISC’05, LNCS, vol. 3822, pp. 242–253. Springer (2005).

  14. Li F., **n X., Hu Y.: ID-based signcryption scheme with (t, n) shared unsigncryption. Int. J. Netw. Secur. 3(2), 155–159 (2006)

    Google Scholar 

  15. Li J., Yuen T.H., Kim K.: Practical threshold signatures without random oracles. Proceedings of ProvSec’07, LNCS, vol. 4784, pp. 198–207. Springer (2007).

  16. Lysyanskaya A., Peikert C.: Adaptive security in the threshold setting: from cryptosystems to signature schemes. Proceedings of Asiacrypt’01, LNCS, vol. 2248, pp. 331–350. Springer (2001).

  17. Mohassel P.: One-time signatures and chameleon hash functions. Proceedings of SAC’10, LNCS, vol. 6544, pp. 302–319. Springer (2011).

  18. Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)

    Article  MATH  Google Scholar 

  19. Shamir A.: How to share a secret. Commun. ACM 22, 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  20. Sharmila Deva Selvi S., Sree Vivek S., Priti S., Pandu Rangan C.: On the security of identity based threshold unsigncryption schemes. Proceedings of APWCS’2010, available at http://eprint.iacr.org/2010/360 (2010).

  21. Shoup V.: Lower bounds for discrete logarithms and related problems. Proceedings of Eurocrypt’97, LNCS, vol. 1233, pp. 256–266. Springer (1997).

  22. Shoup V., Gennaro R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75–96 (2002)

    MATH  MathSciNet  Google Scholar 

  23. Stinson D.R., Strobl R.: Provably secure distributed Schnorr signatures and a (t, n) threshold scheme for implicit certificates. Proceedings of ACISP’01, LNCS, vol. 2119, pp. 417–434. Springer (2001).

  24. Wang H., Zhang Y., Feng D.: Short threshold signature schemes without random oracles. Proceedings of Indocrypt’05, LNCS, vol. 3797, pp. 297–310. Springer (2005).

  25. Yang B., Yu Y., Li F., Sun Y.: Provably secure identity-based threshold unsigncryption scheme. Proceedings of ATC’07, LNCS, vol. 4610, pp. 114–122. Springer (2007).

  26. Zhang Z., Mian C., ** Q.: Signcryption scheme with threshold shared unsigncryption preventing malicious receivers. Proceedings of TENCON’02, IEEE Computer Society, vol. 2, pp. 196–199 (2002).

  27. Zheng Y.: Digital signcryption or How to achieve cost(signature & encryption) < < cost(signature) + cost(encryption). Proceedings of Crypto’97, LNCS, vol. 1294, pp. 165–179. Springer (1997).

Download references

Author information

Authors and Affiliations

  1. Dept. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya, C. Jordi Girona, 1-3, Mòdul C3, Barcelona, Spain

    Javier Herranz, Alexandre Ruiz & Germán Sáez

Authors
  1. Javier Herranz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandre Ruiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Germán Sáez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Javier Herranz.

Additional information

Communicated by C. Blundo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Herranz, J., Ruiz, A. & Sáez, G. Signcryption schemes with threshold unsigncryption, and applications. Des. Codes Cryptogr. 70, 323–345 (2014). https://doi.org/10.1007/s10623-012-9688-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-012-9688-0

Keywords

Mathematics Subject Classification

Search

Navigation