Versatile padding schemes for joint signature and encryption

Authors:
Yevgeniy Dodis;Michael J. Freedman;Stanislaw Jarecki;Shabsi Walfish
Affiliations:
New York University;New York University;University of California, Irvine;New York University
Venue:
Proceedings of the 11th ACM conference on Computer and communications security
Year:
2004

Citing 13
Cited 9

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
How to construct pseudorandom permutations from pseudorandom functions

SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
How to construct efficient signcryption schemes on elliptic curves

Information Processing Letters
Securely combining public-key cryptosystems

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Authenticated-encryption with associated-data

Proceedings of the 9th ACM conference on Computer and communications security
Universal Padding Schemes for RSA

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Digital Signcryption or How to Achieve Cost(Signature & Encryption)

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Formal Proofs for the Security of Signcryption

PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
On the power of claw-free permutations

SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Two birds one stone: signcryption using RSA

CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track

Signcryption Scheme in Multi-user Setting without Random Oracles

IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Chosen Ciphertext Security with Optimal Ciphertext Overhead

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Security of Provably Secure Multi-Receiver ID-Based Signcryption Scheme

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
On the Security of Padding-Based Encryption Schemes --- or --- Why We Cannot Prove OAEP Secure in the Standard Model

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Security of practical cryptosystems using Merkle-Damgård hash function in the ideal cipher model

ProvSec'11 Proceedings of the 5th international conference on Provable security
ECGSC: elliptic curve based generalized signcryption

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Improved signcryption from q-Diffie-Hellman problems

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Certificateless KEM and hybrid signcryption schemes revisited

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
On the joint security of encryption and signature, revisited

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.