Confidential Signatures and Deterministic Signcryption

Beitrag bei einer Tagung

Details zur Publikation

Autorinnen und Autoren: Dent A, Fischlin M, Manulis M, Stam M, Schröder D
Jahr der Veröffentlichung: 2009
Band: 2009
Seitenbereich: 588
Sprache: Englisch


Encrypt-and-sign, where one encrypts and signs a message in parallel, is usually not recommended for confidential message transmission. The reason is that the signature typically leaks information about the message. This motivates our investigation of confiden- tial signature schemes, which hide all information about (high-entropy) input messages. In this work we provide a formal treatment of confidentiality for such schemes and a comprehensive discussion of the relationship of different notions we propose. We give constructions meeting our notions, both in the random oracle model and the standard model. As part of this we show that full domain hash signatures achieve a weaker level of confidentiality than Fiat-Shamir signatures. We then revisit the connection of confidential signatures to sign- cryption schemes. We give formal security models for deterministic signcryption schemes for high-entropy and low-entropy messages, and prove encrypt-and-sign to be secure for confidential signature schemes and high-entropy messages. Finally, we show that one can derandomize any signcryption scheme in our model and obtain a secure deterministic scheme. 

FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)


Dent, A., Fischlin, M., Manulis, M., Stam, M., & Schröder, D. (2009). Confidential Signatures and Deterministic Signcryption. (pp. 588).

Dent, Alexander, et al. "Confidential Signatures and Deterministic Signcryption." Proceedings of the PKC Public-Key Cryptography 2009. 588.


Zuletzt aktualisiert 2018-10-08 um 13:25