Signcryption method and device and corresponding signcryption verification method and device

摘要

A signcryption is generated by a sender by using a first encryption algorithm to encrypt plaintext m with public key Epk to get ciphertext e, e=E.Encrypt(m); generating a key k and its encapsulation c using an encapsulation algorithm and public key Kpk, k,c=KD.Encapsulate( ); sign (e,c) using Ssk, s=S.sign(e,c); encrypt the signature s using a second encryption algorithm and the key k, e_d=D.Encrypt(s). The signcryption of m is formed by (e,c,e_d). The sender may also prove knowledge of the decryption of e, and that e_d encrypts a valid signature on the concatenation of c and e using the key of the encapsulation. Also provided are the corresponding signcryption verification device and method, and computer program products.

主权项

1. A method of signcrypting a plaintext m by a device, the method comprising, at the device:
encrypting the plaintext m with a first encryption algorithm and a first public key Epk of a receiver to obtain a first ciphertext e; using a random r, an encapsulation algorithm and a second public key Kpk of the receiver to generate a session key k and an encapsulation c of the session key k; generating a signature s on the first ciphertext e and the encapsulation c with a signature algorithm using a private signature key Ssk of a sender; encrypting the signature s with a second encryption algorithm using the session key k to obtain a second ciphertext e_d; forming a signcryption using a processor from the first ciphertext e, the encapsulation c and the second ciphertext e_d; and outputting the signcryption.