Upload
kishore-sahoo
View
219
Download
0
Embed Size (px)
Citation preview
8/7/2019 2signcryption complete (3)
1/26
SIGNCRYPTION
Seminar ID: 181
A Technical Seminar Reportsubmitted in partial fulfillment of
the requirements for theDegree of Bachelor of Technology
Under Biju Patnaik University of Technology
By
Kishore Chandra Sahoo Roll # IT200710098
February- 2011
Under the guidance of
Mrs. Sasmita Padhy
8/7/2019 2signcryption complete (3)
2/26
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGYPalur Hills, Berhampur, Orissa 761008, India
ABSTRACT
Signcryption is a new cryptographic primitive which simultaneously provides both
confidentiality and authenticity. Previously, these two goals had been considered
separately, with encryption schemes providing confidentiality and signature schemes
providing authenticity. In cases where both were required, the encryption and
signature operations were simply sequentially composed.
In 1997, Zheng demonstrated that by combining both goals into a single primitive, it
is possible to achieve significant savings both in computational and communication
overhead. Since then, a wide variety of signcryption schemes have been proposed.
Signcryption is a new cryptographic primitive, which simultaneously provides both
confidentiality and authenticity. Previously, these two goals had been considered
separately, with encryption scheme provide confidentiality and digital signature
provides authenticity. In cases where both required, the encryption operations and
digital signature operations were simply sequentially composed. In 1998, Zheng
demonstrated that by combining both goals into a single primitive it is possible to
achieve significant savings both in computational and communication overhead. Since
a wide variety of signcryption schemes have been proposed. In this seminar we
discuss one algorithm for signcryption and advantages and disadvantages of
signcryption.
ii
8/7/2019 2signcryption complete (3)
3/26
ACKNOWLEDGEMENT
It is my proud privilege to epitomize deepest sense of gratitude and indebtedness to
my guide, Mrs. Sasmita Padhy for her valuable guidance, keen and sustainedinterest.
I would like to thank Mr. Purnendu Mishra for his help and support towards our
B.Tech Technical seminar.
I acknowledge with immense pleasure the sustained interest, encouraging attitude and
constant inspiration rendered by Prof. Sangram Mudali, Director, N.I.S.T. Hiscontinued drive for better quality in everything that happens at N.I.S.T. and selfless
inspiration has always helped us to move ahead.
KISHORE CHANDRA SAHOO
i
8/7/2019 2signcryption complete (3)
4/26
TABLE OF CONTENTS
ABSTRACT ......................................ii
ACKNOWLEDGEMENT............................................................................................i
TABLE OF CONTENTS............................................................................................ii
LIST OF FIGURES....................................................................................................iv
1. INTRODUCTION....................................................................................................5
1.1. Why Signcryption?..............................................................................................6
1.1.1 Based on discrete algorithm problem, ..........................................................6
1.1.2 Using RSA cryptosystem..............................................................................6
2. SIGNCRYPTION HOW IT WORKS.................................................................72.1 Basic Architecture................................................................................................8
2.2 Steps involved in Unsigncrypting a message.....................................................10
3. SIGNCRYPTION FROM TRAPDOOR PERMUTATION..............................12
3.1 Trapdoor Permutation Families..........................................................................12
3.1.1 Syntax..........................................................................................................12
3.1.2 Security........................................................................................................13
3.2 Cryptography from Trapdoor Permutations.......................................................13
3.2.1 Drawbacks...................................................................................................14
3.2.2 Advantage....................................................................................................15
4. FEATURES AND SECURITY ASPECTS OF SIGNCRYPTION...................16
4.1 Features..............................................................................................................16
4.1.1 Unique Unsigncryptability .........................................................................16
4.1.2 Security .......................................................................................................16
4.1.3 Efficiency....................................................................................................16
4.2 Security..............................................................................................................16
4.2.1 Unforgeability ............................................................................................16
4.2.2 Confidentiality.............................................................................................17
4.3 Comparisons.......................................................................................................17
5. ADVANTAGES AND DISADVANTAGES OF DIGITAL SIGNCRYPTION18
5.1 Advantages.........................................................................................................18
5.1.1 Low computational cost..............................................................................18
5.1.2 Higher security............................................................................................18
ii
8/7/2019 2signcryption complete (3)
5/26
5.1.3 Message Recovery.......................................................................................19
5.2 Disadvantages.....................................................................................................20
6. POSSIBLE APPLICATIONS OF DIGITAL SIGNCRYPTION......................21
6.1 LM Signcryption and its application in WTLS Handshake Protocol.................21
6.2 Using Signcryption in unforgeable key establishment over ATM Networks....22
7. CONCLUSION.......................................................................................................23
REFERENCES...........................................................................................................24
iii
8/7/2019 2signcryption complete (3)
6/26
LIST OF FIGURES
Figure 2.1 Signcryption - generating k1 and k2........................................................8
Figure 2.2: Signcryption - generating components c and r......................................9
Figure 2.3: Signcryption - generating component s..................................................9
Figure 2.4: Unsigncryption- generating component k............................................10
Figure 2.5: Unsigncryption obtaining the message m..........................................10
Figure 2.6: Unsigncryption verification of the message m..................................11
Figure 5.1: Security of Combination of Algorithms...............................................19
Figure 5.2: Disadvantage of Signcryption................................................................20
Figure 7.1: Future Scenario of Signcryption...........................................................23
iv
8/7/2019 2signcryption complete (3)
7/26
SIGNCRYPTION
1. INTRODUCTION
In order to send a confidential letter in a way that it cannot be forged, it has been a
common practice for the sender of the letter to sign it, put it in an envelope and thenseal it before handing it over to be delivered.
Discovering Public key cryptography has made communication between people who
have never met before over an open and insecure network, in a secure and
authenticated way possible. Before sending a message, the sender has to do the
following:
Sign it using a Digital Signature (DS) scheme Encrypt the message and the signature using a private key encryption
algorithm under randomly chosen message encryption key
Encrypt the random message encryption key using the receivers public key
Send the message following steps 1 to 3.
This approach is knows as signature-then-encryption. The main disadvantage of this
approach is that, digitally signing a message and then encrypting it, consumes moremachine cycles and bloats the message by introducing extended bits to it. Hence,
decrypting and verifying the message at the receivers end, a lot of computational
power is used up.
Thus you can say that the cost of delivering a message using signing-then-encryption
is in effect the sum of the costs of both digital signatures and public key encryption.
Signcryption is a new paradigm in public key cryptography that simultaneously fulfils
both the functions of digital signature and public key encryption in a logically single
step, and with a cost significantly lower than that required by the traditional signature
followed by encryption.
5
8/7/2019 2signcryption complete (3)
8/26
SIGNCRYPTION
1.1. Why Signcryption?
1.1.1 Based on discrete algorithm problem,
Signcryption costs 58% less in average computation time and 70% less in messageexpansion than does signature then encryption.
1.1.2 Using RSA cryptosystem
It costs on average 50% less in computation time and 91% less in message expansion
than signature-then-encryption does.
6
8/7/2019 2signcryption complete (3)
9/26
SIGNCRYPTION
2. SIGNCRYPTION HOW IT WORKS
Signcryption can be defined as a combination of two schemes; one of digital
signatures and the other of public key encryption. One can implement Signcryption byusing El Gamals shortened digital signature scheme, Schnorrs signature scheme or
any other digital signature schemes in conjunction with a public key encryption
scheme like DES, 3DES or SPEED. This choice would be made based on the level of
security desired by the users. Here we present the implementation of Signcryption
using ElGamals shortened signature scheme and a public key encryption algorithm
denoted by E and D(Encryption and Decryption algorithms).
Compared with DSS, SDSS1 and SDSS2 have the following advantages:
1. Their signatures are shorter
2. No modular inversion or division is required in signature verification.
3. They both admit provable security, albeit in the random oracle model
These are the parameters involved in the Signcryption algorithm:
Parameters public to all p a large prime number
q a large prime factor of p-1
g an integer with order q modulo p chosen randomly from [1,,p-1] Hash a one-
way hash function whose output has, say, at least 128 bits KH a keyed one-way
hash function (E, D)
The encryption and decryption algorithms of a private key cipher Alices keys xa
Alices private key, chosen uniformly at random from [1,,q-1]
ya Alices public key (ya = gxa mod p)
Bobs keys xb Bobs private key, chosen uniformly at random from [1,,q-1]
yb Bobs public key (yb = gxb mod p)
7
8/7/2019 2signcryption complete (3)
10/26
SIGNCRYPTION
2.1 Basic Architecture
We are taking an example in which Alice is sender and bob is receiver. So Alice is
having a message m, which wants to send to bob in an unsecured channel, hence he
uses signcryption mechanism to send the message to bob so that message would
remain safe. So below steps are discussed which are involved in Signcrypting the
message.
Figure 2.1 Signcryption - generating k1 and k2
1. Alice chooses a value x from the large range 1,,q-1
2. She then uses Bobs public key and the value x and computes the hash of it. This will
give her a 128-bit string. K = hash (ybx mod p)
3. She then splits this 128-bit value K into two 64-bit halves. We can name them as k1
and k2 and refer to them as the key pair.
4. Next, Alice encrypts the message m using a public key encryption scheme E with the
key k1. This will give her the cipher text c. c = E k1 (m)
5. Then, she uses the key k2 in the one-way keyed hash function KH to get a hash of the
message m. This will give her a 128-bit hash, which we will call r. This process uses
the SDSS Algorithm. r = KH k2 (m)
6. Just like in SDSS, Alice then computes the value of s. She does this using the value of
x, her private key xa, the large prime number q and the value of r.
8
8/7/2019 2signcryption complete (3)
11/26
SIGNCRYPTION
s = x / (r + xa)mod q
7. Alice now has three different values, c, r and s. She then has to get these three values
to Bob in order to complete the transaction. She can do this in a couple of ways. She
can send them all at one time. She can also send them at separately using secure
transmission channels, which would increase security. Thus on her part, Signcryption
of the message is done.
Figure 2.2: Signcryption - generating components c and r.
Figure 2.3: Signcryption - generating component s
9
8/7/2019 2signcryption complete (3)
12/26
SIGNCRYPTION
2.2 Steps involved in Unsigncrypting a message
Figure 2.4: Unsigncryption- generating component k
1. Bob receives the 3 values that Alice has sent him, c, r and s. He uses the values of r
and s, his private key xb, Alices public key ya and p and g to compute a hash which
would give him 128-bit result.
K = hash ((ya * gr)s X xb mod p)
This 128-bit hash result is then split into two 64-bit halves which would give
him a key pair (k1,k2). This key pair would be identical to the key pair that
was generated while Signcrypting the message.
2. Bob then uses the key, k1, to decrypt the cipher text c, which will give him the
message m. m = Dk1(c)
Figure 2.5: Unsigncryption obtaining the message m
10
8/7/2019 2signcryption complete (3)
13/26
SIGNCRYPTION
Figure 2.6: Unsigncryption verification of the message m
3. Now Bob does a one-way keyed hash function on m using the key k2 and compares
the result with the value r he received from Alice. If they match, it means that the
message m was indeed signed and sent by Alice, if not Bob will know that the
message was either not signed by Alice or was intercepted and modified by an
intruder. Thus Bob accepts the message only if KHk2(m) = r.
11
8/7/2019 2signcryption complete (3)
14/26
SIGNCRYPTION
3. SIGNCRYPTION FROM TRAPDOORPERMUTATION
3.1 Trapdoor Permutation Families
Trapdoor permutations are an important building block of public key cryptography. A
trapdoor permutation is simply a permutation f : S S on some finite set S, which
can be efficiently evaluated by anyone, but whose inverse permutation f1 : S S
can only be efficiently evaluated by using some secret trapdoor information.
3.1.1 Syntax
More formally, we define a trapdoor permutation family as a triple of
algorithms(Trap-Gen, Eval, Invert):
Trap Gen is a randomized algorithm which accepts 1k, where k is a Security
parameter, and outputs a pair(f,f1),where f is a permutation over some set S and f1
is its inverse permutation. This Operation is denoted by:
(f,f1) Trap-Gen(1k).
Eval is a deterministic algorithm which accepts permutation f generated by Trap-
Gen, as well as some x S, where S is the set over which f is defined. It outputs
some y S. This operation is denoted by:
y Eval(f,x),or simply y f(x).
Invert is a deterministic algorithm which accepts some f1 generated by Trap-Gen
and some y S, where S is the set over which f is 41defined.Itoutputssome x S.
This operation is denoted by:
x Invert(f1,y),or simply x f1(y).Where h at f1(f(x))= x for all x, and for all pairs(f,f1)generated by Trap-
Gen. This ensures both that f is a permutation, and that f1 is the inverse
permutation of f.
12
8/7/2019 2signcryption complete (3)
15/26
SIGNCRYPTION
3.1.2 Security
As the case for encryption, signature, and signcryption schemes, we define the
security of at trapdoor permutation family in terms of the goal and capabilities of an
adversary.
We will take the goal of the adversary to be inverting a randomly chosen element. To
achieve this goal, the adversary A must win the following game:
1. (f,f1) Trap-Gen(1k)
2. y R S (where S is the set over which f is defined)
3. x A(f,y).
A wins in the case that x = f1(y). As for the capabilities of the adversary, we only
give it access to the permutation f. We require that a trapdoor Permutation family
satisfy Pr[A wins] < negl(k)for any such adversary A.
Note that we have chosen a particularly strong goal for the adversary, and given it
particularly weak capabilities.
This means that the security level provided by a trapdoor permutation family is quite
weak. However, it is still possible to build strongly secure encryption and signature
schemes from trap door permutation families. As we will see in this chapter, it is also
possible to build strongly secure signcryption schemes from them. Thus their weak
notion of security is an advantage, making them easier to construct and analyze.
3.2 Cryptography from Trapdoor Permutations
Originally, trapdoor permutations were used directly as encryption and signature
schemes. For example, to encrypt a message m for a recipient B, one would simply
compute c = fB(m), where fB is Bs trapdoor function. Of course, the recipient would
then compute m = f1 B (c) using his secret trapdoor information. Unfortunately, this
simple scheme does not provide indistinguishability, since anyone can distinguish
between f(m0) and f(m1), for any m0 and m1. Similarly, to sign a message m, a
13
8/7/2019 2signcryption complete (3)
16/26
SIGNCRYPTION
sender A would simply compute s = f1 A (m), and then anyone could verify that
fA(s) = m.
However, this does not provide unforgeability, since any user can compute valid
message/signature pairs (fA(s0), s0) for any s0. The solution to both of these
problems is to first apply a padding function to the message, then apply the trapdoor
permutation to some or all of the padded message.
3.2.1 Drawbacks
This scheme has the following drawbacks:
Each user must maintain two distinct trapdoor permutations: one for
encrypting (f), and one for signing (g).
Two padding steps are required; one for encryption, and one for signature.
Since padding steps generally lengthen their inputs, this unnecessarily
lengthens the input to the second trapdoor permutation, as well as the final
ciphertext output.
The identity of the recipient is appended before signing, and the identity of the
sender is appended before encrypting. This unnecessarily lengthens the inputs
to the trapdoor permutations, as well as the final ciphertext output. Dodis,
Freedman, Jarecki, and Walfish have proposed a series of trapdoor-based
signcryption schemes which addresses all three of these problems.
Their schemes require each user to maintain only a single trapdoor permutation,
which is used to achieve both confidentiality and authenticity. Only a single padding
step is required, which is applied just before the trapdoor permutations of the sender
and recipient. The identities of the sender and recipient are fed in as inputs to the
padding step, but do not lengthen its output.
14
8/7/2019 2signcryption complete (3)
17/26
SIGNCRYPTION
3.2.2 Advantage
This mode has the advantage that the two trapdoor permutations can be applied in
parallel, but the disadvantage that the minimum ciphertext length is twice the output
size of the trapdoor permutations. A further advantage is that fA and fB can be of
different lengths.
Sequential mode: u fB(f1 A (w||s)). In this case, the trapdoor permutations
must be applied sequentially, but the minimum ciphertext length is half that of
the parallel method.
Extended sequential mode: u fB(f1 A (w))||s. This mode is a slight
modification of the sequential mode. Its minimum ciphertext length is only
slightly longer than that of the sequential method (since s can be chosen to be
very short), while it admits a much tighter security proof.
15
8/7/2019 2signcryption complete (3)
18/26
SIGNCRYPTION
4. FEATURES AND SECURITY ASPECTS OFSIGNCRYPTION
4.1 Features
Digital Signcryption strives to do digital signature and public key encryption in one
logical step, with a cost less than that required by each of those steps done separately.
Let us assume that S is the Signcryption algorithm and U is the Unsigncryption
algorithm. The following three aspects define the features of Signcryption: -
4.1.1 Unique Unsigncryptability
A message m of arbitrary length is Signcrypted using the algorithm S. This will give a
Signcrypted output c. The receiver can apply Unsigncryption U on c to verify the
message m. This Unsigncryption is unique to the message m and the sender.
4.1.2 Security
Since Signcryption is a combination of two security schemes, digital signatures as
well as public key encryption, it is likely to be more secure and would ensure that the
message sent couldnt be forged, the contents of which are confidential and ensures
non-repudiation.
4.1.3 Efficiency
The cost of computation involved when applying the Signcryption and
Unsigncryption algorithms as well as the communication overhead is much smaller
than with signature-then-encryption schemes.
4.2 Security
4.2.1 Unforgeability
Bob is in the best position to be able to forge any Signcrypted message from Alice as
only he is in possession of his private key, xb, which is required to directly verify
16
8/7/2019 2signcryption complete (3)
19/26
SIGNCRYPTION
Alices message. Given the Signcrypted text of c, r and s, Bob can only obtain the
message m by decrypting it using his private key xb. Any changes he then makes to
the message m will reflect in the next step of Signcryption, which will ensure that the
one-way keyed hash function on the message m, will not match the value r. Thus Bob,
the prime candidate for this kind of attack, is prevented from forging Alices
Signcrypted message.
4.2.2 Confidentiality
Given that an attacker has obtained all three components of the Signcrypted message,
c, r and s, he still would not be able to get any partial information of the message m
because he would have to also know Bobs private key as well as the two large prime
number p and its factorial q, known only to Alice and Bob. This is not feasible, as we
know that deriving a factorial from a large prime number is not practical.
4.3 Comparisons
The advantage of signcryption over signature-then-encryption lies in the dramatic
reduction of computational cost and communication overhead, which can besymbolized by the following inequality:
Cost (Signcryption)< Cost (signature)+Cost (encryption)
17
8/7/2019 2signcryption complete (3)
20/26
SIGNCRYPTION
5. ADVANTAGES AND DISADVANTAGES OFDIGITAL SIGNCRYPTION
5.1 Advantages
5.1.1 Low computational cost
Signcryption is an efficient scheme as it does two steps at once during Signcryption
and Unsigncryption. When you think of this in terms of one person sending a
Signcrypted message to another person using a mobile device, computation cost does
not really matter much. Computational power of processors has developed vastly
these days, so if you were to consider Signcrypting network traffic between two
stations or all of the traffic on a certain network, then computational power as well
savings in bandwidth are major factors.
5.1.2 Higher security
One can argue the fact that whether the bringing together of two security schemes
would increase or decrease security. In our groups view, it would only increase
security. We base this on the fact that when you combine two security schemes, which
by themselves are complex enough to withstand attacks, it can only lead to added
security.
Consider the following: -
X Any Digital Signature Algorithm
Y Any Encryption Algorithm
X Total Number of Signature Algorithms known
Y Total Number of Encryption Algorithms known
Therefore the combination of the schemes X and Y would give you the
Signcryption scheme S. S = X U Y
18
8/7/2019 2signcryption complete (3)
21/26
SIGNCRYPTION
Figure 5.1: Security of Combination of Algorithms
If you consider the fact that both X and Y involve complex mathematical functions, it
is only logical to assume that S, which is a combination of both X and Y will involve
the combination of the complexities of both X and Y and thus be more complex. More
the complexity, more the harder it is for cryptanalysis. Another point to be noted here
is that X, the digital signature algorithm, can be chosen from a large range of existing
digital signature algorithms, X. Similarly the encryption algorithm for Y can be
chosen from any encryption algorithm like 3DES, DES, etc from the range Y. Thus
the Signcryption algorithm can be implemented using any of the values in X and Y.
This would make it very difficult for a cryptanalyst to figure out which
implementation was used in the Signcrypting algorithm. Basically he would have X x
Y >= X V Y i.e. the cryptanalyst would have to decide between the number of total
digital signature algorithms times the number of encryption algorithms, which is
greater or equal to either the number of X or Y.
5.1.3 Message Recovery
Consider the following scenario: Alice signs and encrypts a message and sends it to
Bob. A while later, she wants to use the contents of the message again. To satisfy
Alice's requirement, her electronic mail system has to store some data related to the
message sent. And depending on cryptographic algorithms used, Alice's electronic
mail system may either keep a copy of the signed and encrypted message as
evidence of transmission, or in addition to the above copy, keep a copy of the
19
8/7/2019 2signcryption complete (3)
22/26
SIGNCRYPTION
original message, either in clear or encrypted form. A cryptographic algorithm or
protocol is said to provide a past recovery ability if Alice can recover the message
from the signed and encrypted message using only her private key. While both
Signcryption and signature-then-encryption-with-astatic-key" provide past recovery,
signature-then-encryption" does not. One may view signature-then-encryption" as
an information black hole" with respect to Alice the sender: whatsoever Alice drops
in the black hole" will never be retrievable to her, unless a separate copy is kept
properly.
5.2 Disadvantages
Figure 5.2: Disadvantage of Signcryption
The way Signcryption algorithm works currently, Alice has to use Bobs public key to
signcrypt a message. This has a disadvantage when you consider the need to broadcast
a Signcrypted text. Imagine a bank needs to send a Signcrypted message to a number
of share traders. With the current algorithm, it needs to signcrypt the message with
each of its intended recipients public keys and send them separately to each one of
them. This approach is redundant in terms of bandwidth consumption and
computational resource usage. There is a research going on to solve this by
introducing a group key between the bank and the clients that it intends to send
Signcrypted text and use that to broadcast Signcrypted messages.
20
8/7/2019 2signcryption complete (3)
23/26
SIGNCRYPTION
6. POSSIBLE APPLICATIONS OF DIGITALSIGNCRYPTION
6.1 LM Signcryption and its application in WTLSHandshake Protocol
The mobile telecommunications business is booming. Tiny digital telephones and
sleek pocketsize PDAs (personal digital assistants) are now more than just fashion
accessories. The ability to connect to the Internet is a major feature that attracts
people to them. It means that mobile communication devices and client mobile
devices are now ready to access the Web. This scenario has given rise to a big
question in the minds of users, is it secure? Accordingly, operators and manufactures
have responded by establishing the WAP (Wireless Application Protocol) forum.
The WAP forum has already developed WTLS (Wireless Transport Layer Security)
layer for secured communication in the WAP environment. The primary goal of
WTLS is to provide privacy, data integrity and AKA (Authentication and Key
Agreement) between communication entities.
Authenticity and confidentiality must be provided by a suitable encryption scheme in
case of mobile communication. One way to implement this is to first digitally sign the
message and encrypt it. This is commonly known as Signature-thenencryption. The
other is vice-versa, called encryption-then-signature. Currently, the WTLS handshake
protocol is used for secure communication through mobile devices. This handshake
uses AKA protocol with an end-to-end connection. In handshake message flow, user
certificate is sent to the recipient without encryption or another cryptographic scheme.
In this scenario an attacker can get the certificate by eavesdropping on the
transmission interface and can figure out user information from the certificate. This
can provide the attacker with the user's location and activity.
If Signcryption is used to send messages with mobile devices it will rectify this gap
by providing stronger security. By the use of Signcryption, bandwidth use can be
reduced and computational load can be decreased without compromising on thesecurity of the message.
21
8/7/2019 2signcryption complete (3)
24/26
SIGNCRYPTION
6.2 Using Signcryption in unforgeable keyestablishment over ATM Networks
The asynchronous transfer mode (ATM) is a high speed networking technique for
public networks capable of supporting many classes of traffic.
It is essentially a packet-switching technique that uses short fixed length packets
called cells. Fixed length cells simplify the design of an ATM switch at the high
switching speeds involved. The selection of a short fixed length cell reduces the
delay. ATM is capable of supporting a wide range of traffic types such as voice,
video, image and various data traffic.
In ATM networks data packets are typically 53 bytes. Only 48 bytes out of 53 bytes in
an ATM cell can be used for transmitting data, as the remaining 5 bytes are reserved
for storing control information. Thus transmitting encryption key materials of more
than 384 bits (48 bytes) over an ATM network would require two or more ATM cells.
In a fast network such as ATM, if data packets are divided then there could be
considerable delay due to packetization, buffering and reassembling data units.
So, the need of the hour is to design an authenticated key establishment protocol that
does not rely on a key distribution system,
has low resource requirements,
message is as short as possible and
offers unforgeability and non-repudiation.
In such a scenario, Signcryption or a modified usage of Signcryption can solve the
problem by minimizing message size as well as ensuring unforgeability and
nonrepudiation. Extensive research is going on in use of Signcryption in key
establishment over ATM networks. It is expected that within a few years it will
actually be implemented.
22
8/7/2019 2signcryption complete (3)
25/26
SIGNCRYPTION
7. CONCLUSION
Signcryption is a very novel idea that, if implemented in the right way, can be very
useful.
Figure 7.1: Future Scenario of Signcryption
In life, it is human nature to try and do two things at once, or to kill two birds in one
stone. Humans do this to make shortcuts, save on time and resources. Is this best
approach to do things? In terms of computer security, like we explained before, we
believe that by combining two complex mathematical functions, you will increase the
complexity and in turn increase security. Signcryption still has a long way to go
before it can be implemented effectively and research is still going on in various parts
of the world to try to come up with a much more effective way of implementing this.
23
8/7/2019 2signcryption complete (3)
26/26
SIGNCRYPTION
REFERENCES
[1] http://www.signcryption.org/introduction/
[2] http://coitweb.uncc.edu/~yzheng/publications/[3] http://www.uow.edu.au/~guilin/bible/signcryption.htm
[4] http://portal.acm.org/citation.cfm?id=1633804.1634880
[5] Alex Dent and Yuliang Zheng: Practical Signcryption, a volume in
Information Security and Cryptography, Springer-Verlag, Berlin,
[6] Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall PTR.
[7] JeeHeaAn, Yevgeniy Dodis ,and TalRabin. On the security of joint signature
and encryption. In L.R.Knudsen, editor, Proc.ofEurocrypt02, volume 2332 ofLNCS, pages83107. Springer-Verlag,2002. Updated versionavailableat:
http://theory.lcs.mit.edu/yevgen/ps/signcrypt.
http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/