E-Book, Englisch, 274 Seiten
Dent / Zheng Practical Signcryption
1. Auflage 2010
ISBN: 978-3-540-89411-7
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 274 Seiten
Reihe: Information Security and Cryptography
ISBN: 978-3-540-89411-7
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
In today's world, data must be sent around the world cheaply and securely, and that requires origin authentication, integrity protection, and confidentiality - the recipient of a message should be able to ascertain who sent the message, be sure that the message has not been changed en route, and be sure that the data arrives without having been read by anyone else. The second editor invented signcryption, an area of cryptography that studies systems that simultaneously provide origin authentication, integrity protection and confidentiality for data. Signcryption schemes combine the features of digital signature schemes with those of public-key encryption schemes and aim to provide security guarantees in a way that is provably correct and significantly less computationally expensive than the 'encrypt-then-sign' method most commonly adopted in public-key cryptography. This is the first comprehensive book on signcryption, and brings together leading authors from the field of cryptography in a discussion of the different methods for building efficient and secure signcryption schemes, and the ways in which these schemes can be used in practical systems. Chapters deal with the theory of signcryption, methods for constructing practical signcryption schemes, and the advantages of using such schemes in practical situations. The book will be of benefit to cryptography researchers, graduate students and practitioners.
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;5
2;Preface;8
3;Contents;10
4;Contributors;15
5;Chapter 1 Introduction ;17
5.1;1.1 Historical Development of Signcryption;17
5.1.1;1.1.1 Coded Modulation;17
5.1.2;1.1.2 Musings on Blending;18
5.1.3;1.1.3 Signcryption;21
5.1.4;1.1.4 Provably Secure Signcryption;23
5.2;1.2 Extensions, Standardization, and Future Research Directions;24
5.3;1.3 Notation and Security Notions;25
5.3.1;1.3.1 Algorithms and Assignment;26
5.3.2;1.3.2 Signature Schemes;27
5.3.3;1.3.3 Public Key Encryption;30
5.3.4;1.3.4 Symmetric Encryption;32
5.3.5;1.3.5 Message Authentication Codes;34
6;Part I Security Models for Signcryption;35
6.1;Chapter 2 Security for Signcryption: The Two-User Model ;36
6.1.1;2.1 Introduction;36
6.1.2;2.2 Definition of Signcryption in the Two-User Setting;38
6.1.2.1;2.2.1 Two Security Notions in the Two-User Setting;38
6.1.2.2;2.2.2 Discussions on the Security Notions;43
6.1.3;2.3 Generic Compositions of Signature and Encryption;45
6.1.3.1;2.3.1 Construction;45
6.1.3.2;2.3.2 Security of the Parallel Composition Method;46
6.1.3.3;2.3.3 Security of the Sequential Composition Methods;47
6.1.4;2.4 Multi-user Setting;54
6.1.4.1;2.4.1 Syntax;54
6.1.4.2;2.4.2 Security;55
6.1.4.3;2.4.3 Extending Signcryption;55
6.2;Chapter 3 Security for Signcryption: The Multi-User Model ;58
6.2.1;3.1 Introduction;58
6.2.2;3.2 The BSZ Model;59
6.2.2.1;3.2.1 Confidentiality of Signcryption in the Multi-User BSZ Model;59
6.2.2.2;3.2.2 Unforgeability of Signcryption in the Multi-User BSZ Model;62
6.2.2.3;3.2.3 Further Discussions on the Multi-User BSZ Model;65
6.2.3;3.3 Example: The Security of Zheng's Signcryption Scheme in the BSZ Model;66
7;Part II Signcryption Schemes;69
7.1;Chapter 4 Signcryption Schemes Based on the Diffie--Hellman Problem ;70
7.1.1;4.1 Introduction;70
7.1.2;4.2 Diffie--Hellman Problems;71
7.1.3;4.3 Zheng's Construction and Its Variants;72
7.1.3.1;4.3.1 Zheng's Original Scheme;72
7.1.3.2;4.3.2 The Bao--Deng Modification;75
7.1.3.3;4.3.3 A Modification with Public Verifiability;75
7.1.4;4.4 An Encrypt-then-Sign Composition;76
7.1.5;4.5 A Scheme with Unforgeability Based on Factoring;77
7.1.6;4.6 Schemes with Non-repudiation;79
7.1.6.1;4.6.1 A DSA-Based Construction;79
7.1.6.2;4.6.2 A Scheme Built on Schnorr's Signature Scheme;80
7.1.7;4.7 The CM Scheme;81
7.2;Chapter 5 Signcryption Schemes Based on Bilinear Maps ;83
7.2.1;5.1 Introduction;83
7.2.2;5.2 Bilinear Map Groups;84
7.2.3;5.3 Assumptions;85
7.2.4;5.4 Signcryption for Anonymous Communications;86
7.2.4.1;5.4.1 Message Privacy;87
7.2.4.2;5.4.2 Ciphertext Unforgeability and Signature Unforgeability;88
7.2.4.3;5.4.3 Anonymity;89
7.2.5;5.5 A Tightly Secure Scheme;90
7.2.5.1;5.5.1 The Scheme;90
7.2.5.2;5.5.2 Efficiency;91
7.2.5.3;5.5.3 Security;92
7.2.6;5.6 A Scheme with Short Detachable Signatures;98
7.2.6.1;5.6.1 Efficiency;100
7.2.6.2;5.6.2 Anonymous Communications;100
7.2.6.3;5.6.3 Security;101
7.3;Chapter 6 Signcryption Schemes Based on the RSA Problem ;110
7.3.1;Alexander W. Dent and John Malone-Lee;110
7.3.1.1;6.1 Introduction;110
7.3.1.2;6.2 The RSA Transform;111
7.3.1.3;6.3 Dedicated RSA-Based Signcryption Schemes;112
7.3.1.4;6.4 Signcryption from Padding Schemes;113
7.3.1.4.1;6.4.1 Trapdoor Permutations;113
7.3.1.4.2;6.4.2 Extractable Commitments;113
7.3.1.4.3;6.4.3 Padding-Based Signcryption Schemes;115
7.3.1.4.4;6.4.4 Proof Intuition;120
7.3.1.5;6.5 Signcryption Based on RSA-TBOS;121
7.3.1.5.1;6.5.1 The TBOS Construction;121
7.3.1.5.2;6.5.2 Security Proof for the TBOS Signcryption Scheme;123
8;Part III Construction Techniques;129
8.1;Chapter 7 Hybrid Signcryption ;130
8.1.1;7.1 Background;130
8.1.1.1;7.1.1 A Brief Word on Notation;132
8.1.2;7.2 Preliminaries;132
8.1.2.1;7.2.1 The Hybrid Framework;132
8.1.2.2;7.2.2 Security Criteria for Data Encapsulation Mechanisms;134
8.1.3;7.3 Hybrid Signcryption with Outsider Security;135
8.1.3.1;7.3.1 An Outsider-Secure Signcryption KEM;135
8.1.3.2;7.3.2 Security Criteria for Outsider-Secure SigncryptionKEMs;136
8.1.3.3;7.3.3 Security of the SKEM + DEM Construction;139
8.1.3.4;7.3.4 Outsider-Secure Hybrid Signcryption in Practice;142
8.1.4;7.4 Hybrid Signcryption with Insider Security;145
8.1.4.1;7.4.1 From Outsider to Insider Security;145
8.1.4.2;7.4.2 Signcryption Tag-KEMs;147
8.1.4.3;7.4.3 Security Criteria for Signcryption Tag-KEMs;149
8.1.4.4;7.4.4 Security of the SCTK+DEM Construction;152
8.1.4.5;7.4.5 Insider-Secure Hybrid Signcryption in Practice;155
8.2;Chapter 8 Concealment and Its Applications to Authenticated Encryption ;157
8.2.1;8.1 Introduction;157
8.2.1.1;8.1.1 Domain Extension of Authenticated Encryption;158
8.2.1.2;8.1.2 Remotely Keyed Authenticated Encryption;160
8.2.2;8.2 Definition of Concealment;163
8.2.2.1;8.2.1 Syntax;163
8.2.2.2;8.2.2 Security of Concealment;164
8.2.2.3;8.2.3 Relaxed Concealments;165
8.2.2.4;8.2.4 Super-Relaxed Concealments;165
8.2.2.5;8.2.5 Comparison to Commitment;165
8.2.3;8.3 Constructing Concealment Schemes;166
8.2.3.1;8.3.1 Achieving Hiding;166
8.2.3.2;8.3.2 Achieving Binding;167
8.2.3.3;8.3.3 Necessity of Assumptions;170
8.2.4;8.4 Applications to Authenticated Encryption;171
8.2.4.1;8.4.1 Definition of Authenticated Encryption;172
8.2.4.2;8.4.2 Authenticated Encryption of Long Messages;174
8.2.4.3;8.4.3 Remotely Keyed Authenticated Encryption;177
8.3;Chapter 9 Parallel Signcryption ;182
8.3.1;9.1 Introduction;182
8.3.2;9.2 Concept of Parallel Signcryption;182
8.3.3;9.3 Overview of Constructions;183
8.3.4;9.4 Generic Parallel Signcryption;185
8.3.4.1;9.4.1 Description of the Scheme;185
8.3.4.2;9.4.2 Security Analysis;187
8.3.5;9.5 Optimal Parallel Signcryption;192
8.3.5.1;9.5.1 Description of the Scheme;192
8.3.5.2;9.5.2 Security Analysis;194
9;Part IV Extensions of Signcryption;200
9.1;Chapter 10 Identity-Based Signcryption ;201
9.1.1;10.1 Introduction;201
9.1.1.1;10.1.1 Identity-Based Cryptography;201
9.1.1.2;10.1.2 Advantages and Disadvantages;203
9.1.1.3;10.1.3 From IBE to Signcryption;205
9.1.1.4;10.1.4 Specifying an IBSC System;206
9.1.1.5;10.1.5 Concrete IBSC from Pairings;207
9.1.2;10.2 The Identity-Based Signcryption Primitive;208
9.1.3;10.3 Security Definitions;209
9.1.3.1;10.3.1 Message Confidentiality;212
9.1.3.2;10.3.2 Signature Non-repudiation;213
9.1.3.3;10.3.3 Ciphertext Unlinkability;214
9.1.3.4;10.3.4 Ciphertext Authentication;215
9.1.3.5;10.3.5 Ciphertext Anonymity;216
9.1.4;10.4 A Concrete IBSC Scheme;217
9.1.4.1;10.4.1 The Boneh--Franklin Framework;217
9.1.4.2;10.4.2 Fully Secure IBSC Construction;218
9.1.4.3;10.4.3 A Performance/Security Trade-Off;221
9.1.4.4;10.4.4 Signcrypting for Multiple Recipients;221
9.2;Chapter 11 Key Establishment Using Signcryption Techniques ;223
9.2.1;11.1 Introduction;223
9.2.2;11.2 Formal Security Models for Key Establishment;225
9.2.2.1;11.2.1 Motivation;225
9.2.2.2;11.2.2 Sessions;226
9.2.2.3;11.2.3 The Formal Security Model;227
9.2.2.4;11.2.4 Entity Authentication;229
9.2.2.5;11.2.5 Forward Secrecy;230
9.2.2.6;11.2.6 Key Compromise Impersonation Attacks;230
9.2.2.7;11.2.7 Notation;230
9.2.3;11.3 Key Transport;231
9.2.4;11.4 Key Establishment Based on Zheng's Signcryption Scheme;232
9.2.5;11.5 Key Agreement Based on Signcryption KEMs;233
9.2.5.1;11.5.1 Key Agreement Based on Signcryption KEMs;235
9.2.5.2;11.5.2 Key Agreement Based on Signcryption Tag-KEMs;236
9.2.5.3;11.5.3 Security Proof for the Bjørstad--Dent Protocol;238
9.2.6;11.6 Key Establishment Based on Timestamps;245
9.3;Chapter 12 Applications of Signcryption ;247
9.3.1;12.1 Application Fields of Signcryption;247
9.3.2;12.2 Example Applications of Signcryption;248
9.3.2.1;12.2.1 Secure Multicasting Over the Internet;249
9.3.2.2;12.2.2 Authenticated Key Recovery;252
9.3.2.3;12.2.3 Secure ATM Networks;254
9.3.2.4;12.2.4 Secure Routing for Mobile Ad Hoc Networks;255
9.3.2.5;12.2.5 Encrypted and Authenticated E-mail by Firewalls;257
9.3.2.6;12.2.6 Signcryption in Secure VoIP;258
9.3.2.7;12.2.7 Applications to Electronic Payment;259
10;References;263
11;Index;275
