A constructive perspective on signcryption security

Christian Badertscher*, Fabio Banfi, Ueli Maurer

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Signcryption is a public-key cryptographic primitive, originally introduced by Zheng (Crypto ’97), that allows parties to establish secure communication without the need of prior key agreement. Instead, a party registers its public key at a certificate authority (CA), and only needs to retrieve the public key of the intended partner from the CA before being able to protect the communication. Signcryption schemes provide both authenticity and confidentiality of sent messages and can offer a simpler interface to applications and better performance compared to generic compositions of signature and encryption schemes. 

Although introduced two decades ago, the question which security notions of signcryption are adequate in which applications has still not reached a fully satisfactory answer. To resolve this question, we conduct a constructive analysis of this public-key primitive. Similar to previous constructive studies for other important primitives, this treatment allows to identify the natural goal that signcryption schemes should achieve and to formalize this goal in a composable framework. More specifically, we capture the goal of signcryption as a gracefully-degrading secure network, which is basically a network of independent parties that allows secure communication between any two parties. However, when a party is compromised, its respective security guarantees are lost, while all guarantees for the remaining users remain unaffected. We show which security notions for signcryption are sufficient to construct this kind of secure network from a certificate authority (or key registration resource) and insecure communication. Our study does not only unveil that it is the so-called insider-security notion that enables this construction, but also that a weaker version thereof would already be sufficient. This may be of interest in the context of practical signcryption schemes that do not achieve the stronger notions. 

Last but not least, we observe that the graceful-degradation property is actually an essential feature of signcryption that stands out in comparison to alternative and more standard constructions that achieve secure communication from the same assumptions. This underlines the vital importance of the insider security notion for signcryption and strongly supports, in contrast to the initial belief, the recent trend to consider the insider security notion as the standard notion for signcryption.

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings
EditorsDario Catalano, Roberto De Prisco
Place of PublicationCham, Switzerland
Number of pages19
ISBN (Print)9783319981123
Publication statusE-pub ahead of print - 3 Aug 2018
Externally publishedYes
Event11th International Conference on Security and Cryptography for Networks, SCN 2018 - Amalfi, Italy
Duration: 5 Sept 20187 Sept 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11035 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference11th International Conference on Security and Cryptography for Networks, SCN 2018


Dive into the research topics of 'A constructive perspective on signcryption security'. Together they form a unique fingerprint.

Cite this