Show simple item record

dc.contributor.authorHerranz Sotoca, Javier
dc.contributor.authorRuiz, Alexandre
dc.contributor.authorSáez Moreno, Germán
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament de Matemàtiques
dc.date.accessioned2017-06-26T15:08:46Z
dc.date.available2017-06-26T15:08:46Z
dc.date.issued2014-03
dc.identifier.citationHerranz, J., Ruiz, A., Saez, G. Signcryption schemes with threshold unsigncryption, and applications. "Designs codes and cryptography", Març 2014, vol. 70, núm. 3, p. 323-345.
dc.identifier.issn0925-1022
dc.identifier.urihttp://hdl.handle.net/2117/105873
dc.descriptionThe final publication is available at link.springer.com
dc.description.abstractThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.
dc.format.extent23 p.
dc.language.isoeng
dc.subjectÀrees temàtiques de la UPC::Matemàtiques i estadística
dc.subject.otherSigncryption
dc.subject.otherThreshold cryptography
dc.subject.otherElectronic auctions
dc.titleSigncryption schemes with threshold unsigncryption, and applications
dc.typeArticle
dc.contributor.groupUniversitat Politècnica de Catalunya. MAK - Matemàtica Aplicada a la Criptografia
dc.identifier.doi10.1007/s10623-012-9688-0
dc.description.peerreviewedPeer Reviewed
dc.subject.amsClassificació AMS::68 Computer science::68W Algorithms
dc.relation.publisherversionhttps://link.springer.com/article/10.1007/s10623-012-9688-0
dc.rights.accessOpen Access
drac.iddocument11078153
dc.description.versionPostprint (author's final draft)
upcommons.citation.authorHerranz, J., Ruiz, A., Saez, G.
upcommons.citation.publishedtrue
upcommons.citation.publicationNameDesigns codes and cryptography
upcommons.citation.volume70
upcommons.citation.number3
upcommons.citation.startingPage323
upcommons.citation.endingPage345


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

All rights reserved. This work is protected by the corresponding intellectual and industrial property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public communication or transformation of this work are prohibited without permission of the copyright holder