In 1997 Yuliang Zheng presented a positive answer to the following question: “is it possible to transfer a message of arbitrary length in a secure and authenticated way with an expense less than that required by signature then encryption?”. This was for the first time, since public-key cryptography has been invented, that the question is addressed in literature. He discovered a new cryptographic primitive, called signcryption, which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly smaller than that required by signature then encryption. The proposed cryptographic primitive is more efficient for ...view middle of the document...
Any signcryption scheme should have the following properties:
1. Correctness: Any signcryption scheme should be correctly verifiable.
2. Efficiency: The computational costs and communication overheads of a signcryption scheme should be smaller than those of the best known signature then encryption schemes with the same provided functionalities.
3. Security: A signcryption scheme should simultaneously fulfill the security attributes of an encryption scheme and those of a digital signature. Such additional properties mainly include: Confidentiality, Unforgeability, Integrity, and Non-repudiation. Some signcryption schemes provide further attributes such as Public verifiability and Forward secrecy of message confidentiality while the others do not provide them.
-Confidentiality means that only the intended recipient of a signcrypted message should be able to read its contents.
-Authenticity, we mean that the recipient of a signcrypted message can verify the sender’s identity. It is not possible for an attacker to send a message, claiming to be someone else.
-Non-repudiation means that the sender of a message cannot later deny having sent the message. That is, the recipient of a message can prove to a third party that the sender indeed sent the message. Signature schemes always provide non-repudiation, since anyone can verify a signature using only the sender’s public key. Some signcryption scheme can provide non-repudiation and these schemes are called S verifiable, since the verifier uses only the signature scheme S. The first DSAverifiable signcryption scheme has been introduced by Shin, Lee, and Shim.
-Forward secrecy means that an attacker cannot read signcrypted messages, even with access to the sender’s private key. The confidentiality of signcrypted messages is protected, even if the sender’s private...