Show simple item record

dc.contributor.authorHerranz Sotoca, Javier
dc.contributor.authorRuiz, Alexandre
dc.contributor.authorSáez Moreno, Germán
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament de Matemàtiques
dc.identifier.citationHerranz, J., Ruiz, A., Saez, G. Signcryption schemes with threshold unsigncryption, and applications. "Designs codes and cryptography", Març 2014, vol. 70, núm. 3, p. 323-345.
dc.descriptionThe final publication is available at
dc.description.abstractThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.
dc.format.extent23 p.
dc.subjectÀrees temàtiques de la UPC::Matemàtiques i estadística
dc.subject.otherThreshold cryptography
dc.subject.otherElectronic auctions
dc.titleSigncryption schemes with threshold unsigncryption, and applications
dc.contributor.groupUniversitat Politècnica de Catalunya. MAK - Matemàtica Aplicada a la Criptografia
dc.description.peerreviewedPeer Reviewed
dc.subject.amsClassificació AMS::68 Computer science::68W Algorithms
dc.rights.accessOpen Access
dc.description.versionPostprint (author's final draft)
upcommons.citation.authorHerranz, J.; Ruiz, A.; Saez, G.
upcommons.citation.publicationNameDesigns codes and cryptography

Files in this item


This item appears in the following Collection(s)

Show simple item record

All rights reserved. This work is protected by the corresponding intellectual and industrial property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public communication or transformation of this work are prohibited without permission of the copyright holder