Skip to main content

Hitachi

Corporate InformationResearch & Development

Incrementally Executable Signcryptions

— Presentation at ACISP 2014 —

August 21, 2014

Report from Presenter

The 19th Australasian Conference on Information Security and Privacy (ACISP 2014) was held at Wollongong, Australia, during July 7-9, 2014. The scope of the conference widely covers a range of topics in information security and cryptography. This year, the conference consists of 26 presentations for full papers, 6 presentations for short papers, and two invited talks.


Photo 1 Presentation at ACISP 2014

We presented a full paper titled "Incrementally Executable Signcryptions", which proposes a generalization of traditional signcryption scheme.

Signcryptions combine the features of public-key encryption schemes with those of digital signature schemes to provide both data confidentiality and data authenticity simultaneously. A number of signcryption schemes have been proposed in the literature, which have efficiency and/or security advantages compared to a naive combination of public-key encryption and digital signature. Although signcryption schemes are useful building blocks for end-to-end secure message transmissions, they are not suitable for computationally-restricted devices (e.g., RFID tags, mobile phones, and sensors) due to their signing and public-key encryption parts that usually require expensive operations such as exponentiation or pairing computation. To overcome this difficulty, the notion of on-line/off-line signcryption was introduced, in which the signcryption process is split into two phases: The first phase is performed off-line, i.e., before the message to be signcrypted is given; and the second phase is performed on-line, i.e., after the message to be signcrypted is given. The major computational overhead is shifted to the off-line phase, whereas the on-line phase requires only a low computational overhead.

We split the traditional off-line phase in two, which results in the following three sequential phases: (1) Setup Phase: The identity of the sender is determined. Specifically, the sender generates her own key pair; (2) Handshake Phase: The sender recognizes the target recipient to whom she might send some messages. Specifically, the sender obtains the receiver's public key; (3) On-Line Phase: The sender finally decides a message to be sent to the target recipient determined in the previous phase. The essential point for efficiency is that the sender could have significant idle time in the above setup phase as well as the handshake phase. Our re-definition of the phases helps the scheme designer to pay more attention to the efficiency of the off-line computation. The design principle of efficient signcryptions can be much simpler: Let as many expensive computations move to the earlier phases as possible.


Fig. 1 Incrementally Executable Signcryption
Enlarge


Fig. 2 A Generic Construction
Enlarge

Based on the above observation, we present the concept of "incrementally executable signcryptions", which consists of three algorithms corresponding to the above three phases (Fig. 1). In addition, we showed a generic construction of incrementally executable signcryption, which improves the sender's computational efficiency (Fig. 2). Furthermore, we proved that our construction achieves the strongest security notions.

(By YAMAMOTO Dan)

  • Page top