Information Technology Reference
In-Depth Information
4 A Digital Signcryption
The scheme in the previous section provides only mutual authentication with
missing non-repudiation service. The proposed scheme in this section, in con-
trast, provides all the services. It provides authenticity, privacy, integrity, and
non-repudiation, all-in-one.
The goal here is to provide an ”encrypted signature” for a message
m
.As
in the previous scheme, we use secret sharing method as the template for our
algorithm. To achieve this, we need to define parameters (shares) for the system.
Here, rather, we use (2,2) threshold secret sharing method with two shares and a
threshold is set to the shares. The signer constructs the polynomial and ensures
the security and the eciency of the system.
Obviously, for a message
m
, it is easy to find the hash of the message
h
,
the ciphertext of the message
c
, and the signed hash value
s
. Therefore, the
system involves the operations of the following primitive tools: an intractable
hash function
H
and a public-key cryptosystem
R
. The hash function is used as
one-way function and should be a provable-secure hash function such as SHA-1.
The cryptosystem is used to encrypt the message and provide non-repudiation.
The type of cryptosystem is not determined, and any public-key cryptosystem
may used [11].
Assumptions
1. a message
m
2. participant parties:
Sender
A
and
Receiver
B
3. any asymmetric cryptosystem for
A
: public key
P
a
and secret Key
S
a
and
for
B
public key
P
b
and secret Key
S
b
4. an intractable hashing function
H
4.1 The Scheme
Signer A
1. compute
h
=
H
(
m
)
2. compute
s
=
E
S
a
(
h
)
3. compute
c
=
E
P
b
(
m
)
4. design the polynomial
f
(
x
)=
f
0
+
f
1
x
such that
f
(0) =
c,
f
(1) =
s
(There are two equations and two unknowns so there is a unique
f
(
x
).)
5. compute the signature
σ
=
f
(2).
(the couple:
σ
and
s
are shares of (2,2) Shamir scheme with the secret
c
)
6. transmit (
s, σ
) to the Verifier.
