Toward Confidentiality And/or Authenticity In Cryptography

Along with the rapid development of network,information security is seeping into the commercial application and people's daily life,such as smart card,stock market,online medical records and ticket booking.The two basic requirements of information security are confidentiality and authenticity,which are two important security properties of cryptography.To obtain these two properties,the cryptographic tools are encryption and signature,respectively.However,we need both in some applications.The traditional approach is encrypt-then-sign or sign-then-encrypt.However,the approach has high computational cost and communication overhead.To improve the efficiency,many effective techniques have been proposed.The convertible authenticated encryption and identity-based generalized signcryption are two popular techniques.In this thesis,we obtain some good results on these two techniques.The convertible authenticated encryption allows the sender to generate an authenticated ciphertext that only a specified receiver has the ability to decrypt it and verify the recovered signature from the ciphertext.When a later dispute occurs,it also allows the specified receiver to convert the ciphertext into an ordinary signature that can be verified by everyone.In this thesis,we focus on the security requirements of the convertible authenticated encryption,and find that all existing convertible authenticated encryption schemes only tackle two security properties:confidentiality and authenticity.While some applications of convertible authenticated encryption,such as credit card,also desires the anonymity.To solve this problem,we propose a new scheme which is the first convertible authenticated encryption scheme with the security proofs of the above three security requirements.Signcryption is an efficient approach to realize confidentiality and authenticity in a logic step,while generalized signcryption can work as an encryption scheme,a signature scheme or a signcryption scheme as per need.Due to its chameleon property,generalized signcryption is very useful in the applications where may need confidentiality or authenticity or both.Nevertheless,all the existing identity-based generalized signcryption schemes are proved only in the random oracle model.It has been shown that security in the random oracle model cannot guarantee the security in the real world.To fill this gap,by using the techniques of Waters and the CHK,we propose the first identity-based generalized signcryption which is proven-secure in the standard mode.