On the Joint Security of Encryption and Signature, Revisited

Paterson, Kenneth G.; Schuldt, Jacob C. N.; Stam, Martijn; Thomson, Susan

doi:10.1007/978-3-642-25385-0_9

Cited by 30 publications

(21 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is a statistical property that roughly ensures that the "min-entropy" of the output of a function (for uniformly random input) is sufficiently high, and thus it is information-theoretically hard to guess the output of a function for random inputs. We also show that natural cryptographic functions, a one-way function (OWF), an always second-preimage resistant (aSec secure) hash function [41], and a key derivation function (KDF) [16], have the property, and thus in practice we can use (an appropriate modification of) cryptographic hash functions such as SHA-series).…”

Section: Differences From the Proceedings Version [19]mentioning

confidence: 94%

“…We note that, besides the injective functions (with superpolynomially large domain) which are trivially smooth, the smoothness is in fact satisfied by several famous cryptographic functions such as OWFs, always second-preimage resistant (aSec secure) hash functions [41], and KDFs [16]; see Appendix A. Interestingly, the universal 2 property of the CS projective hash family is preserved by hashing its output to be a shorter element. Intuitively, for the CS projective hash family, the bound of the advantage of adversaries for the universal 2 property is closely related to the parameter for the underlying subset membership problem M, therefore the bound cannot be freely selected (e.g., the order of the group should be larger than a certain threshold relevant to the desired security level) since M must be hard.…”

Section: Definition 53 (Smooth Function) Let F : X → Y Be a Hash Fumentioning

confidence: 96%

“…In this section, we show that natural cryptographic functions, a one-way function (OWF), an always secondpreimage resistant (aSec secure) hash function [41], and a key derivation function (KDF) [16], are smooth in the sense of Definition 5.3.…”

Section: If the Function γ Is Injective Then F • H Is (|π|ϵ/mentioning

confidence: 99%

See 2 more Smart Citations

Chosen Ciphertext Secure Keyed-Homomorphic Public-Key Encryption

Emura

Hanaoka

Ohtake

et al. 2013

Public-Key Cryptography – PKC 2013

View full text Add to dashboard Cite

In homomorphic encryption schemes, anyone can perform homomorphic operations, and therefore, it is difficult to manage when, where and by whom they are performed. In addition, the property that anyone can "freely" perform the operation inevitably means that ciphertexts are malleable, and it is well-known that adaptive chosen ciphertext (CCA) security and the homomorphic property can never be achieved simultaneously. In this paper, we show that CCA security and the homomorphic property can be simultaneously handled in situations that the user(s) who can perform homomorphic operations on encrypted data should be controlled/limited, and propose a new concept of homomorphic publickey encryption, which we call keyed-homomorphic public-key encryption (KH-PKE). By introducing a secret key for homomorphic operations, we can control who is allowed to perform the homomorphic operation. To construct KH-PKE schemes, we introduce a new concept, transitional universal property, and present a practical KH-PKE scheme with multiplicative homomorphic operations from the decisional Diffie-Hellman (DDH) assumption. For ℓ-bit security, our DDH-based KH-PKE scheme yields only ℓ-bit longer ciphertext size than that of the Cramer-Shoup PKE scheme. Finally, we consider an identitybased analogue of KH-PKE, called keyed-homomorphic identity-based encryption (KH-IBE) and give its concrete construction from the Gentry IBE scheme.

show abstract

Section: Differences From the Proceedings Version [19]mentioning

confidence: 94%

Section: Definition 53 (Smooth Function) Let F : X → Y Be a Hash Fumentioning

confidence: 96%

See 1 more Smart Citation

Chosen Ciphertext Secure Keyed-Homomorphic Public-Key Encryption

Emura

Hanaoka

Ohtake

et al. 2013

Public-Key Cryptography – PKC 2013

View full text Add to dashboard Cite

show abstract

“…Practitioners ask if one can do better. We want a joint encryption and signature (JES) scheme [53,61], where there is a single key-pair (sk , pk ) used for both encryption and signing. We aim to minimize the public-key overhead, (loosely) defined as the size of pk minus the size of the public key pk e of the underlying encryption scheme.…”

Section: Introductionmentioning

confidence: 99%

“…In the random oracle model [17], specific IND-CCA-secure public-key encryption schemes have been presented where signing can be added with no public-key overhead [53,36,57]. In the standard model, encryption schemes have been presented that allow signing with a public-key overhead lower than that of the "Cartesian product" solution of just adding a separate signing key [53,61], with the best results, from [61], using IBE or combining encryption and signature schemes of [29,25].…”

Section: Introductionmentioning

confidence: 99%

Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

Bellare

Meiklejohn

Thomson

2014

Advances in Cryptology – EUROCRYPT 2014

Self Cite

View full text Add to dashboard Cite

This paper introduces key-versatile signatures. Key-versatile signatures allow us to sign with keys already in use for another purpose, without changing the keys and without impacting the security of the original purpose. This allows us to obtain advances across a collection of challenging domains including joint Enc/Sig, security against related-key attack (RKA) and security for key-dependent messages (KDM). Specifically we can (1) Add signing capability to existing encryption capability with zero overhead in the size of the public key (2) Obtain RKA-secure signatures from any RKA-secure one-way function, yielding new RKA-secure signature schemes (3) Add integrity to encryption while maintaining KDM-security.

show abstract

A new efficient signcryption scheme in the standard model

Yang

2014

Security Comm Networks

View full text Add to dashboard Cite

We introduce an efficient signcryption scheme for hybrid authenticated encryption that is provably secure in the standard model under a strong multiuser insider setting. Our new signcryption scheme is built on the basis of a variant of Boneh–Boyen short signature, which works under bilinear groups. The new construction idea is to reuse the signature value to derive the encryption key. This could dramatically save not only the computational cost but also the communication bandwidth. The session key security of the proposed scheme is reduced to a hard problem that is a variant of bilinear decisional Diffie–Hellman problem. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

On the Joint Security of Encryption and Signature, Revisited

Cited by 30 publications

References 34 publications

Chosen Ciphertext Secure Keyed-Homomorphic Public-Key Encryption

Chosen Ciphertext Secure Keyed-Homomorphic Public-Key Encryption

Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

A new efficient signcryption scheme in the standard model

Contact Info

Product

Resources

About