Provably secure encrypt-then-sign composition in hybrid signcryption

TLDR: In this article, the authors proposed a generic hybrid signcryption scheme called DHEtS using encrypt-then-sign composition method, which uses a symmetric encryption scheme, a signature scheme, and the DH key agreement scheme.

Abstract: To make authenticated encryption which provides confidentiality and authenticity of a message simultaneously, a signcryption scheme uses asymmetric primitives, such as an asymmetric encryption scheme for confidentiality and a mature scheme for authentication. Among the signcryption schemes, the hybrid signcryption schemes are the signcryption schemes that use a key agreement scheme to exchange a symmetric encryption key, and then encrypt a plaintext using a symmetric encryption scheme. The hybrid signcryption schemes are specially efficient for signcrypting a bulk data because of its use of a symmetric encryption. Hence to achieve the joint goals of confidentiality and authenticity in most practical implementation, hybrid signcryption schemes are commonly used. In the paper, we study the properties of signcryption and propose a new generic hybrid signcryption scheme called DHEtS using encrypt-then-sign composition method. DHEtS uses a symmetric encryption scheme, a signature scheme, and the DH key agreement scheme. We analyze DHEtS with respect to the properties of signcryption, and show that DHEtS provider non-repudiation and public verifiability. DHEtS is the first promble secure signcryption schemes with public verifiability. If encrypting and signing components of DHEtS can use the same random coins, the computational cost and the size of a signcryption would be greatly reduced. We show the conditions of signing component to achieve randomness-efficiency.