Certificateless Hybrid Signcryption

Li, Fagen; Shirase, Masaaki; Takagi, Tsuyoshi

doi:10.1007/978-3-642-00843-6_11

Cited by 35 publications

(25 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Tag-SKEM.Enc ( , * ) = * (19) In the end, the adversary A 2 submits the challenger cipher * = ( * , * ) to adversary A.…”

Section: Lemmamentioning

confidence: 99%

“…At 2004, Dent [15] proposed a formal composition model for hybrid signcryption, and this model covers Zheng's scheme [2]. Later, Bjorstad et al [18] proposed an improve signcryption scheme with tag-KEMs, Li et al [19] proposed a certificateless hybrid signcryption scheme, and Zhou [20] proposed an improved certificateless hybrid signcryption scheme. Due to the usage of a symmetric encryption scheme to overcome the weakness and restricted message space of traditional asymmetric encryption schemes, these hybrid signcryption schemes can make the length of message independent of the security of the overall signcryption scheme.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the RCCA Security of Hybrid Signcryption for Internet of Things

Dai

Wang

Chang

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

With the rapid development of the Internet of Things (IoT), a lot of sensitive information in our daily lives are now digitalized and open to remote access. The provision of security and privacy of such data would incur comprehensive cryptographic services and has raised wide concern. Hybrid signcryption schemes could achieve various kinds of cryptographic services (e.g., confidentiality, authenticity, and integrity) with much lower cost than the combination of separate traditional cryptographic schemes with each providing a single cryptographic service. Thus, hybrid signcryption schemes are very suitable for IoT environments where resources are generally very constrained (e.g., lightweight sensors and mobile phones). To ensure that the overall hybrid signcryption scheme provides adequate cryptographic service (e.g., confidentiality, integrity, and authentication), its parts of KEM (key encryption mechanism) and DEM (data encryption mechanism) must satisfy some security requirements. Chosen-ciphertext attack (CCA) security has been widely accepted as the golden standard requirement for general encryption schemes. However, CCA security appears too strong in some conditions. Accordingly, Canetti et al. (CRYPTO 2003) proposed the notion of replayable CCA security (RCCA) for encryption schemes, which is a strictly weaker security notion than CCA security and naturally more efficient. This new security notion has proved to be sufficient for most existing applications of CCA security, e.g., encrypted password authentication. This is particularly promising for IoT environments, where security is demanding, yet resources are constrained. In this paper, we examine the RCCA security of the well-known SKEM+DEM style hybrid signcryption scheme by Dent at ISC 2005. Meanwhile, we also examine the RCCA security of the Tag-SKEM+DEM style hybrid signcryption scheme by Bjorstad and Dent at PKC 2006. We rigorously prove that a hybrid signcryption scheme can achieve RCCA security if both its SKEM part and its DEM part satisfy some security assumptions.

show abstract

“…Tag-SKEM.Enc ( , * ) = * (19) In the end, the adversary A 2 submits the challenger cipher * = ( * , * ) to adversary A.…”

Section: Lemmamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

On the RCCA Security of Hybrid Signcryption for Internet of Things

Dai

Wang

Chang

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…In Crypto'97, Zheng [1] introduced the notion of signcryption, which can be viewed as the functional combination of encryption and signature, and its efficiency is higher than the separate signing and encrypting. Since then, a number of signcryption schemes have been proposed, e.g., [2][3][4][5][6][7][8][9][10], including some variants for different settings, e.g., identity-based signcryption [11][12][13][14], certificateless signcryption [15][16][17].…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of a signcryption scheme with fast online signing and short signcryptext

Zhou

Weng

Guan

et al. 2014

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Constructing parallel long-message signcryption scheme from trapdoor permutation Science in China Series F-Information Sciences 50, 82 (2007); Cryptanalysis on AW digital signature scheme based on error-correcting codes Science in China Series F-Information Sciences 45, 397 (2002); Online hybrid test using a finite element program and an explicit integration scheme SCIENCE CHINA Technological Sciences 58, 163 (2015); PPLS: a privacy-preserving location-sharing scheme in mobile online social networks SCIENCE CHINA Information Sciences 63, 132105 (2020);. RESEARCH PAPER. SCIENCE CHINA Information Sciences

show abstract

“…Unfortunately, as shown in [16,18], all the above schemes [4,21,3] have security flaws. Li et al commented on the certificateless hybrid signcryption in [12]. The security of the above mentioned schemes are proven in the random oracle model which can only be considered as a heuristic argument [7].…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, the key escrow problem in ID-PKC is eliminated. Many certificateless cryptosystems have been proposed, including encryption schemes [1,10,24,25], signature schemes [1,11,28,29], key agreement protocols [1,31], threshold cryptosystems [8,14,23,26], and signcryption schemes [3,4,5,12,13,21,22]. As the adversary models in CLC are more complex, the security proofs in CLC are more challenging.…”

Section: Introductionmentioning

confidence: 99%

On security of a certificateless signcryption scheme

Miao

Zhang

et al. 2013

Information Sciences

View full text Add to dashboard Cite

It would be interesting if a signcryption scheme in the standard model could be made certificateless. One of the interesting attempts is due to Liu et al. [Z. Liu, Y. Hu, X. Zhang, H. Ma, Certificateless signcryption scheme in the standard model, Information Sciences 180 (3) (2010) [452][453][454][455][456][457][458][459][460][461][462][463][464]. In this paper, we provide a cryptanalysis on this scheme by depicting two kinds of subtle public key replacement attacks against it. Our analysis reveals that it does not meet the basic requirements of confidentiality and non-repudiation. AbstractIt would be interesting if a signcryption scheme in the standard model could be made certificateless. One of interesting attempts is due to Liu, Hu, Zhang and Ma, who published a certificateless signcryption scheme in the standard model in Volume 180 (3), Information Science, in 2010. In this paper, we provide a cryptanalysis on this scheme and show that it is insecure under two kinds of subtle public key replacement attacks. We show that it does not meet the basic requirements of confidentiality and non-repudoation.

show abstract

Certificateless Hybrid Signcryption

Cited by 35 publications

References 34 publications

On the RCCA Security of Hybrid Signcryption for Internet of Things

On the RCCA Security of Hybrid Signcryption for Internet of Things

Cryptanalysis of a signcryption scheme with fast online signing and short signcryptext

On security of a certificateless signcryption scheme

Contact Info

Product

Resources

About