Multipurpose Identity-Based Signcryption

A Swiss Army Knife for Identity-Based Cryptography
  • Xavier Boyen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public keys—instead, public keys can be arbitrary identifiers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the flurry of recent results on IB encryption and signature, some questions regarding the security and efficiency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered.

We first propose a stringent security model for IBSE schemes. We require the usual strong security properties of: (for confidentiality) indistinguishability against adaptive chosen-ciphertext attacks, and (for non-repudiation) existential unforgeability against chosen-message insider attacks. In addition, to ensure as strong as possible ciphertext armoring, we also ask (for anonymity) that authorship not be transmitted in the clear, and (for unlinkability) that it remain unverifiable by anyone except (for authentication) by the legitimate recipient alone.

We then present an efficient IBSE construction, based on bilinear pairings, that satisfies all these security requirements, and yet is as compact as pairing-based IBE and IBS in isolation. Our scheme is secure, compact, fast and practical, offers detachable signatures, and supports multi-recipient encryption with signature sharing for maximum scalability.


Signature Scheme Random Oracle Bilinear Pairing Signcryption Scheme Weil Pairing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 83. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 354. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. Conf. Computer and Communication Security (1993)Google Scholar
  4. 4.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001), See [6] for the full version.CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity based encryption from the weil pairing. Cryptology ePrint Archive, Report 2001/090 (2001),
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. Cryptology ePrint Archive, Report 2002/018 (2002),
  9. 9.
    Chen, L., Kudla, C.: Identity based authenticated key agreement from pairings. Cryptology ePrint Archive, Report 2002/184 (2002),
  10. 10.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Proc. 8th IMA Int. Conf. Cryptography and Coding, pp. 26–28 (2001)Google Scholar
  11. 11.
    Feige, U., Fiat, A., Shamir, A.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology 1, 77–94 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  14. 14.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. Technical Report HPL-2002-23, HP Laboratories Bristol (2002)Google Scholar
  15. 15.
    Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. Cryptology ePrint Archive, Report 2002/056 (2002),
  16. 16.
    Hess, F.: Exponent group signature schemes and efficient identity based signature schemes based on pairings. Cryptology ePrint Archive, Report 2002/012 (2002),
  17. 17.
    Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 294–385. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Libert, B., Quisquater, J.-J.: New identity based signcryption schemes based on pairings. Cryptology ePrint Archive, Report 2003/023 (2003),
  20. 20.
    Lynn, B.: Authenticated identity-based encryption. Cryptology ePrint Archive, Report 2002/072 (2002),
  21. 21.
    Malone-Lee, J.: Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098 (2002),
  22. 22.
    Paterson, K.G.: ID-based signatures from pairings on elliptic curves. Cryptology ePrint Archive, Report 2002/004 (2002),
  23. 23.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairings. In: Proc. SCIS 2000, Okinawa, Japan, pp. 26–28 (2000)Google Scholar
  24. 24.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  25. 25.
    Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Cryptology ePrint Archive, Report 2001/111 (2001),
  26. 26.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13, 361–396 (2000)zbMATHCrossRefGoogle Scholar
  27. 27.
    Zheng, Y.: Digital signcryption or how to achieve cost (Signature & encryption) < < cost(Signature) + cost(Encryption). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Xavier Boyen
    • 1
  1. 1.IdentiCryptPalo Alto

Personalised recommendations