Versatile padding schemes for joint signature and encryption

Yevgeniy Dodis, Stanislaw Jarecki, Michael J. Freedman, Shabsi Walfish

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
EditorsB. Pfitzmann, P. Liu
Pages344-353
Number of pages10
StatePublished - 2004
EventProceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004 - Washington, DC, United States
Duration: Oct 25 2004Oct 29 2004

Other

OtherProceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004
CountryUnited States
CityWashington, DC
Period10/25/0410/29/04

Fingerprint

Cryptography
Chemical analysis

Keywords

  • Extractable commitments
  • Feistel Transform
  • Joint signature and encryption
  • Signcryption
  • Universal padding schemes

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Dodis, Y., Jarecki, S., Freedman, M. J., & Walfish, S. (2004). Versatile padding schemes for joint signature and encryption. In B. Pfitzmann, & P. Liu (Eds.), Proceedings of the ACM Conference on Computer and Communications Security (pp. 344-353)

Versatile padding schemes for joint signature and encryption. / Dodis, Yevgeniy; Jarecki, Stanislaw; Freedman, Michael J.; Walfish, Shabsi.

Proceedings of the ACM Conference on Computer and Communications Security. ed. / B. Pfitzmann; P. Liu. 2004. p. 344-353.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Jarecki, S, Freedman, MJ & Walfish, S 2004, Versatile padding schemes for joint signature and encryption. in B Pfitzmann & P Liu (eds), Proceedings of the ACM Conference on Computer and Communications Security. pp. 344-353, Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, United States, 10/25/04.
Dodis Y, Jarecki S, Freedman MJ, Walfish S. Versatile padding schemes for joint signature and encryption. In Pfitzmann B, Liu P, editors, Proceedings of the ACM Conference on Computer and Communications Security. 2004. p. 344-353
Dodis, Yevgeniy ; Jarecki, Stanislaw ; Freedman, Michael J. ; Walfish, Shabsi. / Versatile padding schemes for joint signature and encryption. Proceedings of the ACM Conference on Computer and Communications Security. editor / B. Pfitzmann ; P. Liu. 2004. pp. 344-353
@inproceedings{d05c1266dac049dca5fab78fc73a436a,
title = "Versatile padding schemes for joint signature and encryption",
abstract = "We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, {"}backward{"} use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.",
keywords = "Extractable commitments, Feistel Transform, Joint signature and encryption, Signcryption, Universal padding schemes",
author = "Yevgeniy Dodis and Stanislaw Jarecki and Freedman, {Michael J.} and Shabsi Walfish",
year = "2004",
language = "English (US)",
pages = "344--353",
editor = "B. Pfitzmann and P. Liu",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - Versatile padding schemes for joint signature and encryption

AU - Dodis, Yevgeniy

AU - Jarecki, Stanislaw

AU - Freedman, Michael J.

AU - Walfish, Shabsi

PY - 2004

Y1 - 2004

N2 - We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.

AB - We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.

KW - Extractable commitments

KW - Feistel Transform

KW - Joint signature and encryption

KW - Signcryption

KW - Universal padding schemes

UR - http://www.scopus.com/inward/record.url?scp=14844307084&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=14844307084&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:14844307084

SP - 344

EP - 353

BT - Proceedings of the ACM Conference on Computer and Communications Security

A2 - Pfitzmann, B.

A2 - Liu, P.

ER -