{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:31:10Z","timestamp":1764981070481,"version":"3.46.0"},"reference-count":39,"publisher":"Walter de Gruyter GmbH","issue":"2","license":[{"start":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T00:00:00Z","timestamp":1557878400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"funder":[{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["FT140101145","DP180102199"],"award-info":[{"award-number":["FT140101145","DP180102199"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004281","name":"Narodowe Centrum Nauki","doi-asserted-by":"publisher","award":["DEC-2014\/15\/B\/ST6\/05130"],"award-info":[{"award-number":["DEC-2014\/15\/B\/ST6\/05130"]}],"id":[{"id":"10.13039\/501100004281","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,6,1]]},"abstract":"Abstract<\/jats:title>\n Signcryption aims to provide both confidentiality and authentication of messages more efficiently than performing encryption and signing independently.\nThe \u201cCommit-then-Sign & Encrypt\u201d (CtS&E) method allows to perform encryption and signing in parallel.\nParallel execution of cryptographic algorithms decreases the computation time needed to signcrypt messages.\nCtS&E uses weaker cryptographic primitives in a generic way to achieve a strong security notion of signcryption.\nVarious message pre-processing schemes, also known as message padding, have been used in signcryption as a commitment scheme in CtS&E.\nDue to its elegance and versatility, the sponge structure turns out to be a useful tool for designing new padding schemes such as SpAEP\n[T.\u2009K. Bansal, D. Chang and S.\u2009K. Sanadhya,\nSponge based CCA2 secure asymmetric encryption for arbitrary length message,\nInformation Security and Privacy \u2013 ACISP 2015,\nLecture Notes in Comput. Sci. 9144,\nSpringer, Berlin 2015, 93\u2013106],\nwhile offering further avenues for optimization and parallelism in the context of signcryption.\nIn this work, we design a generic and efficient signcryption scheme featuring parallel encryption and signature on top of a sponge-based message-padding underlying structure.\nUnlike other existing schemes, the proposed scheme also supports arbitrarily long messages.\nWe prove the construction secure when instantiated from weakly secure asymmetric primitives such as a trapdoor one-way encryption and a universal unforgeable signature.\nWith a careful analysis and simple tweaks, we demonstrate how different combinations of weakly secure probabilistic and deterministic encryption and signature schemes can be used to construct a strongly secure signcryption scheme, further broadening the choices of underlying primitives to cover essentially any combination thereof.\nTo the best of our knowledge, this is the first signcryption scheme based on the sponge structure that also offers strong security using weakly secure underlying asymmetric primitives, even deterministic ones, along with the ability to handle long messages, efficiently.<\/jats:p>","DOI":"10.1515\/jmc-2018-0006","type":"journal-article","created":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T03:51:22Z","timestamp":1557892282000},"page":"117-150","source":"Crossref","is-referenced-by-count":1,"title":["Signcryption schemes with insider security in an ideal permutation model"],"prefix":"10.1515","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1346-9206","authenticated-orcid":false,"given":"Tarun Kumar","family":"Bansal","sequence":"first","affiliation":[{"name":"ESY2 , Robert Bosch Engineering and Business Solutions Private Limited (RBEI) , Bangalore , India"}]},{"given":"Xavier","family":"Boyen","sequence":"additional","affiliation":[{"name":"Faculty of Science and Engineering , Queensland University of Technology , Brisbane , Australia"}]},{"given":"Josef","family":"Pieprzyk","sequence":"additional","affiliation":[{"name":"Data61 , CSIRO , Sydney , Australia ; and Institute of Computer Science, Polish Academy of Sciences, Poland"}]}],"member":"374","published-online":{"date-parts":[[2019,5,15]]},"reference":[{"key":"2025120600285482014_j_jmc-2018-0006_ref_001_w2aab3b7b1b1b6b1ab1b7b1Aa","doi-asserted-by":"crossref","unstructured":"M. Abe, R. Gennaro and K. Kurosawa,\nTag-KEM\/DEM: A new framework for hybrid encryption,\nJ. Cryptology 21 (2008), no. 1, 97\u2013130.\n10.1007\/s00145-007-9010-x","DOI":"10.1007\/s00145-007-9010-x"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_002_w2aab3b7b1b1b6b1ab1b7b2Aa","doi-asserted-by":"crossref","unstructured":"J. H. An, Y. Dodis and T. Rabin,\nOn the security of joint signature and encryption,\nAdvances in Cryptology \u2013 EUROCRYPT 2002,\nLecture Notes in Comput. Sci. 2332,\nSpringer, Berlin (2002), 83\u2013107.","DOI":"10.1007\/3-540-46035-7_6"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_003_w2aab3b7b1b1b6b1ab1b7b3Aa","doi-asserted-by":"crossref","unstructured":"C. Badertscher, F. Banfi and U. Maurer,\nA constructive perspective on signcryption security,\nSecurity and Cryptography for Networks \u2013 SCN 2018\nLecture Notes in Comput. Sci. 11035,\nSpringer, Berlin (2018), 102\u2013120.","DOI":"10.1007\/978-3-319-98113-0_6"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_004_w2aab3b7b1b1b6b1ab1b7b4Aa","doi-asserted-by":"crossref","unstructured":"J. Baek, R. Steinfeld and Y. Zheng,\nFormal proofs for the security of signcryption,\nPublic Key Cryptography \u2013 PKC 2002\nLecture Notes in Comput. Sci. 2274,\nSpringer, Berlin (2002), 80\u201398.","DOI":"10.1007\/3-540-45664-3_6"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_005_w2aab3b7b1b1b6b1ab1b7b5Aa","doi-asserted-by":"crossref","unstructured":"J. Baek, W. Susilo, J. K. Liu and J. Zhou,\nA new variant of the Cramer\u2013Shoup KEM secure against chosen ciphertext attack,\nApplied Cryptography and Network Security \u2013 ACNS 2009\nLecture Notes in Comput. Sci. 5536,\nSpringer, Berlin (2009), 143\u2013155.","DOI":"10.1007\/978-3-642-01957-9_9"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_006_w2aab3b7b1b1b6b1ab1b7b6Aa","doi-asserted-by":"crossref","unstructured":"T. K. Bansal, D. Chang and S. K. Sanadhya,\nSponge based CCA2 secure asymmetric encryption for arbitrary length message,\nInformation Security and Privacy \u2013 ACISP 2015\nLecture Notes in Comput. Sci. 9144,\nSpringer, Berlin (2015), 93\u2013106.","DOI":"10.1007\/978-3-319-19962-7_6"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_007_w2aab3b7b1b1b6b1ab1b7b7Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nOptimal asymmetric encryption,\nAdvances in Cryptology \u2013 EUROCRYPT 1994,\nLecture Notes in Comput. Sci. 950,\nSpringer, Berlin (1995), 92\u2013111.","DOI":"10.1007\/BFb0053428"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_008_w2aab3b7b1b1b6b1ab1b7b8Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nThe exact security of digital signatures - how to sign with RSA and rabin,\nAdvances in Cryptology \u2013 EUROCRYPT 1996,\nLecture Notes in Comput. Sci. 1070,\nSpringer, Berlin (1996), 399\u2013416.","DOI":"10.1007\/3-540-68339-9_34"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_009_w2aab3b7b1b1b6b1ab1b7b9Aa","unstructured":"M. Bellare and P. Rogaway,\nCode-based game-playing proofs and the security of triple encryption,\npreprint (2004), http:\/\/eprint.iacr.org\/2004\/331."},{"key":"2025120600285482014_j_jmc-2018-0006_ref_010_w2aab3b7b1b1b6b1ab1b7c10Aa","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway,\nThe security of triple encryption and a framework for code-based game-playing proofs,\nAdvances in Cryptology \u2013 EUROCRYPT 2006,\nLecture Notes in Comput. Sci. 4004,\nSpringer, Berlin (2006), 409\u2013426.","DOI":"10.1007\/11761679_25"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_011_w2aab3b7b1b1b6b1ab1b7c11Aa","doi-asserted-by":"crossref","unstructured":"G. Bertoni, J. Daemen, M. Peeters and G. V. Assche,\nDuplexing the sponge: Single-pass authenticated encryption and other applications,\nSelected Areas in Cryptography \u2013 SAC 2011,\nLecture Notes in Comput. Sci. 7118,\nSpringer, Berlin (2011), 320\u2013337.","DOI":"10.1007\/978-3-642-28496-0_19"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_012_w2aab3b7b1b1b6b1ab1b7c12Aa","unstructured":"G. Bertoni, J. Daemen, M. Peeters and G. V. Assche,\nPermutation-based encryption, authentication and authenticated encryption,\npreprint (2012)."},{"key":"2025120600285482014_j_jmc-2018-0006_ref_013_w2aab3b7b1b1b6b1ab1b7c13Aa","doi-asserted-by":"crossref","unstructured":"G. Bertoni, J. Daemen, M. Peeters and G. V. Assche,\nKeccak,\nAdvances in Cryptology \u2013 EUROCRYPT 2013,\nLecture Notes in Comput. Sci. 7881,\nSpringer, Berlin (2013), 313\u2013314.","DOI":"10.1007\/978-3-642-38348-9_19"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_014_w2aab3b7b1b1b6b1ab1b7c14Aa","doi-asserted-by":"crossref","unstructured":"T. E. Bj\u00f8rstad and A. W. Dent,\nBuilding better signcryption schemes with tag-kems,\nPublic Key Cryptography \u2013 PKC 2006,\nLecture Notes in Comput. Sci. 3958,\nSpringer, Berlin (2006), 491\u2013507.","DOI":"10.1007\/11745853_32"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_015_w2aab3b7b1b1b6b1ab1b7c15Aa","doi-asserted-by":"crossref","unstructured":"T. E. Bj\u00f8rstad, A. W. Dent and N. P. Smart,\nEfficient KEMs with partial message recovery,\nCryptography and Coding,\nLecture Notes in Comput. Sci. 4887,\nSpringer, Berlin (2007), 233\u2013256.","DOI":"10.1007\/978-3-540-77272-9_15"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_016_w2aab3b7b1b1b6b1ab1b7c16Aa","doi-asserted-by":"crossref","unstructured":"D. Chiba, T. Matsuda, J. C. N. Schuldt and K. Matsuura,\nEfficient generic constructions of signcryption with insider security in the multi-user setting,\nApplied Cryptography and Network Security \u2013 ACNS 2011,\nLecture Notes in Comput. Sci. 6715,\nSpringer, Berlin (2011), 220\u2013237.","DOI":"10.1007\/978-3-642-21554-4_13"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_017_w2aab3b7b1b1b6b1ab1b7c17Aa","doi-asserted-by":"crossref","unstructured":"R. Cramer and V. Shoup,\nA practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,\nAdvances in Cryptology \u2013 Crypto 1998,\nLecture Notes in Comput. Sci. 1462,\nSpringer, Berlin (1998), 13\u201325.","DOI":"10.1007\/BFb0055717"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_018_w2aab3b7b1b1b6b1ab1b7c18Aa","doi-asserted-by":"crossref","unstructured":"A. W. Dent,\nA designer\u2019s guide to KEMs,\nCryptography and Coding,\nLecture Notes in Comput. Sci. 2898,\nSpringer, Berlin (2003), 133\u2013151.","DOI":"10.1007\/978-3-540-40974-8_12"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_019_w2aab3b7b1b1b6b1ab1b7c19Aa","doi-asserted-by":"crossref","unstructured":"A. W. Dent,\nHybrid signcryption schemes with insider security,\nInformation Security and Privacy \u2013 ACISP 2005,\nLecture Notes in Comput. Sci. 3574,\nSpringer, Berlin (2005), 253\u2013266.","DOI":"10.1007\/11506157_22"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_020_w2aab3b7b1b1b6b1ab1b7c20Aa","doi-asserted-by":"crossref","unstructured":"A. W. Dent,\nHybrid signcryption schemes with outsider security,\nInformation Security \u2013 ISC 2005,\nLecture Notes in Comput. Sci. 3650,\nSpringer, Berlin (2005), 203\u2013217.","DOI":"10.1007\/11556992_15"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_021_w2aab3b7b1b1b6b1ab1b7c21Aa","doi-asserted-by":"crossref","unstructured":"A. W. Dent and Y. Zheng,\nPractical Signcryption,\nSpringer, Berlin, 2010.","DOI":"10.1007\/978-3-540-89411-7"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_022_w2aab3b7b1b1b6b1ab1b7c22Aa","doi-asserted-by":"crossref","unstructured":"Y. Dodis, M. J. Freedman, S. Jarecki and S. Walfish,\nVersatile padding schemes for joint signature and encryption,\nProceedings of the 11th ACM Conference on Computer and Communications Security \u2013 CCS\u201904,\nACM, New York (2004), 344\u2013353.","DOI":"10.1145\/1030083.1030129"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_023_w2aab3b7b1b1b6b1ab1b7c23Aa","unstructured":"Y. Dodis, M. J. Freedman and S. Walfish,\nParallel signcryption with oaep, pss-r, and other feistel paddings,\npreprint (2003), http:\/\/eprint.iacr.org\/2003\/043."},{"key":"2025120600285482014_j_jmc-2018-0006_ref_024_w2aab3b7b1b1b6b1ab1b7c24Aa","doi-asserted-by":"crossref","unstructured":"E. Fujisaki and T. Okamoto,\nSecure integration of asymmetric and symmetric encryption schemes,\nJ. Cryptology 26 (2013), no. 1, 80\u2013101.\n10.1007\/s00145-011-9114-1","DOI":"10.1007\/s00145-011-9114-1"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_025_w2aab3b7b1b1b6b1ab1b7c25Aa","doi-asserted-by":"crossref","unstructured":"T. E. Gamal,\nA public key cryptosystem and a signature scheme based on discrete logarithms,\nIEEE Trans. Inform. Theory 31 (1985), no. 4, 469\u2013472.\n10.1109\/TIT.1985.1057074","DOI":"10.1109\/TIT.1985.1057074"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_026_w2aab3b7b1b1b6b1ab1b7c26Aa","unstructured":"M. P. Guido Bertoni, Joan Daemen and G. V. Assche,\nSponge functions, ECRYPT Hash Function Workshop, 2007."},{"key":"2025120600285482014_j_jmc-2018-0006_ref_027_w2aab3b7b1b1b6b1ab1b7c27Aa","doi-asserted-by":"crossref","unstructured":"E. Kiltz,\nChosen-ciphertext security from tag-based encryption,\nTheory of Cryptography \u2013 TCC 2006,\nLecture Notes in Comput. Sci. 3876,\nSpringer, Berlin (2006), 581\u2013600.","DOI":"10.1007\/11681878_30"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_028_w2aab3b7b1b1b6b1ab1b7c28Aa","doi-asserted-by":"crossref","unstructured":"K. Kurosawa and Y. Desmedt,\nA new paradigm of hybrid encryption scheme,\nAdvances in Cryptology \u2013 CRYPTO 2004,\nLecture Notes in Comput. Sci. 3152,\nSpringer, Berlin (2004), 426\u2013442.","DOI":"10.1007\/978-3-540-28628-8_26"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_029_w2aab3b7b1b1b6b1ab1b7c29Aa","doi-asserted-by":"crossref","unstructured":"B. Libert and J. Quisquater,\nEfficient signcryption with key privacy from gap diffie-hellman groups,\nPublic Key Cryptography \u2013 PKC 2004,\nLecture Notes in Comput. Sci. 2947,\nSpringer, Berlin (2004), 187\u2013200.","DOI":"10.1007\/978-3-540-24632-9_14"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_030_w2aab3b7b1b1b6b1ab1b7c30Aa","doi-asserted-by":"crossref","unstructured":"J. Malone-Lee and W. Mao,\nTwo birds one stone: Signcryption using RSA,\nTopics in Cryptology \u2013 CT-RSA 2003,\nLecture Notes in Comput. Sci. 2612,\nSpringer, Berlin (2003), 211\u2013225.","DOI":"10.1007\/3-540-36563-X_14"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_031_w2aab3b7b1b1b6b1ab1b7c31Aa","doi-asserted-by":"crossref","unstructured":"T. Matsuda, K. Matsuura and J. C. N. Schuldt,\nEfficient constructions of signcryption schemes and signcryption composability,\nProgress in Cryptology \u2013 INDOCRYPT 2009,\nLecture Notes in Comput. Sci. 5922,\nSpringer, Berlin (2009), 321\u2013342.","DOI":"10.1007\/978-3-642-10628-6_22"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_032_w2aab3b7b1b1b6b1ab1b7c32Aa","doi-asserted-by":"crossref","unstructured":"T. Okamoto and D. Pointcheval,\nREACT: Rapid enhanced-security asymmetric cryptosystem transform,\nTopics in Cryptology \u2013 CT-RSA 2001,\nLecture Notes in Comput. Sci. 2020,\nSpringer, Berlin (2001), 159\u2013175.","DOI":"10.1007\/3-540-45353-9_13"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_033_w2aab3b7b1b1b6b1ab1b7c33Aa","doi-asserted-by":"crossref","unstructured":"J. Pieprzyk and D. Pointcheval,\nParallel authentication and public-key encryption,\nInformation Security and Privacy \u2013 ACISP 2003,\nLecture Notes in Comput. Sci. 2727,\nSpringer, Berlin (2003), 387\u2013401.","DOI":"10.1007\/3-540-45067-X_33"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_034_w2aab3b7b1b1b6b1ab1b7c34Aa","doi-asserted-by":"crossref","unstructured":"J. Pieprzyk and D. Pointcheval,\nParallel signcryption,\nPractical Signcryption,\nSpringer, Berlin (2010), 175\u2013192.","DOI":"10.1007\/978-3-540-89411-7_9"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_035_w2aab3b7b1b1b6b1ab1b7c35Aa","doi-asserted-by":"crossref","unstructured":"V. Shoup,\nOAEP reconsidered,\nJ. Cryptology 15 (2002), no. 4, 223\u2013249.\n10.1007\/s00145-002-0133-9","DOI":"10.1007\/s00145-002-0133-9"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_036_w2aab3b7b1b1b6b1ab1b7c36Aa","doi-asserted-by":"crossref","unstructured":"R. Steinfeld and Y. Zheng,\nA signcryption scheme based on integer factorization,\nInformation Security \u2013 ISW 2000,\nLecture Notes in Comput. Sci. 1975,\nSpringer, Berlin (2000), 308\u2013322.","DOI":"10.1007\/3-540-44456-4_23"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_037_w2aab3b7b1b1b6b1ab1b7c37Aa","doi-asserted-by":"crossref","unstructured":"C. H. Tan,\nSigncryption scheme in multi-user setting without random oracles,\nAdvances in Information and Computer Security \u2013 IWSEC 2008,\nLecture Notes in Comput. Sci. 5312,\nSpringer, Berlin (2008), 64\u201382.","DOI":"10.1007\/978-3-540-89598-5_5"},{"key":"2025120600285482014_j_jmc-2018-0006_ref_038_w2aab3b7b1b1b6b1ab1b7c38Aa","doi-asserted-by":"crossref","unstructured":"Y. Zheng,\nDigital signcryption or how to achieve cost(signature & encryption)<