International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Committing Encryption and Publicly-Verifiable SignCryption

Yitchak Gertner
Amir Herzberg
Search ePrint
Search Google
Abstract: Encryption is often conceived as a committing process, in the sense that the ciphertext may serve as a commitment to the plaintext. But this does not follow from the standard definitions of secure encryption. We define and construct symmetric and asymmetric committing encryption schemes, enabling publicly verifiable non-repudiation. Committing encryption eliminates key-spoofing attacks and has also the robustness to be signed afterwards. Our constructions are very efficient and practical. In particular, we show that most popular asymmetric encryption schemes, e.g. RSA, are committing encryption schemes; we also have an (efficient) construction given an arbitrary asymmetric encryption scheme. Our construction of symmetric committing encryption retains the efficiency of the symmetric encryption for real-time operations, although it uses few public key signatures in the setup phase. Finally, we investigate how to achieve both confidentiality and non-repudiation, and present a publicly verifiable signcryption scheme. Contrary to previous signcryption schemes, which are not publicly verifiable, our publicly verifiable signcryption supports non-repudiation. We construct a simple and efficient publicly verifiable signcryption scheme based on a new composition method which we call ?commit-encrypt-then-sign? (CEtS) that preserves security properties of both committing encryption and digital signature schemes.
  title={Committing Encryption and Publicly-Verifiable SignCryption},
  booktitle={IACR Eprint archive},
  keywords={foundations / Encryption, Commitment, Key-spoofing attack, Committing Encryption, Signcryption, Non-repudiation, digital signatures},
  note={ 12403 received 17 Dec 2003},
  author={Yitchak Gertner and Amir Herzberg},