- J. Ida, J. Shikata, and Y. Watanabe
- ISITA 2020
Signcryption (SC) achieves the goal with lower computational costs than simply combining public-key encryption (PKE) and digital signatures (DS). Meanwhile, at SCN 2014, Dodis and Fiore formalized interactive PKE and DS. In particular, in the interactive setting, they showed a CCA-secure PKE scheme can be constructed assuming only CPA-secure PKE schemes in a black-box manner. In this paper, we focus on SC schemes in the interactive setting (ISC for short). Specifically, we newly define a model and security notions for ISC schemes. We then propose generic constructions of ISC schemes by using CPA-secure PKE schemes rather than CCA-secure ones, whereas such a realization is unknown in the context of non-interactive SC schemes. We show that two rounds are sufficient to construct an ISC scheme from only CPA-secure PKE schemes. Furthermore, we also show the first SC scheme that can be efficiently instantiated from simple assumptions in the standard model without pairings or lattices by allowing interaction.