Abstract
Signcryption is an asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a low computational and communication overhead. In this paper we propose realistic security models for signcryption which give the attacker power to choose both messages/signcryptexts as well as recipient/sender public keys when accessing the signcryption/unsigncryption oracles of attacked entities. We then show that Zheng's original signcryption scheme is secure in our confidentiality model relative to the Gap Diffie-Hellman problem and is secure in our unforgeability model relative to a Gap version of the discrete logarithm problem. All these results are shown in the random oracle model.
| Original language | English |
|---|---|
| Pages (from-to) | 203-235 |
| Number of pages | 33 |
| Journal | Journal of Cryptology |
| Volume | 20 |
| Issue number | 2 |
| DOIs | |
| Publication status | Published - Apr 2007 |