As we draw near to closing out the twentieth century, we see quite clearly that the information-processing and telecommunications revolutions now underway will continue vigorously into the twenty-first. We interact and transact by directing flocks of digital packets towards each other through cyberspace, carrying love notes, digital cash, and secret corporate documents. Our personal and economic lives rely more and more on our ability to let such ethereal carrier pigeons mediate at a distance what we used to do with face-to-face meetings, paper documents, and a firm handshake. Unfortunately, the technical wizardry enabling remote collaborations is founded on broadcasting everything as sequences of zeros and ones that one's own dog wouldn't recognize. What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $10,000,000,000 to another bank? Fortunately, the magical mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information

Signcryption is a public key or asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a lower computational and communication overhead.

Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of one-way hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1

This paper represents their contribution-to-date on the question at hand. We describe two encryption schemes. One is just a way to realize the RSA-based scheme in the current P1363 draft. The second encryption is based on discrete log (DL). It could just as easily be based on elliptic curves. 1.5 A suggestions for RSA-based encryption

) Thomas Hardjono 1 ? and Yuliang Zheng 2 ?? 1 ATR Communications Research Laboratories 2-2 Hikaridai, Seika-Cho, Soraku-gun, Kyoto 619-02, Japan 2 Department of Computer Science, University of Wollongong, Australia Abstract. This paper proposes a practical digital multisignature scheme based on the C ? sig cryptosystem derived from the Csig cryptosystem of Zheng and Seberry (1993). The simple scheme consists of three phases. In the first phase the issuer of the document prepares the document, the list of prospective signatories and a pad on which signatories are to write their signatures. In the second phase each signatory verifies the document, signs it and forwards it to the next signatory. In the third phase a trusted verifier or notary decides on the validity of the signatures. The scheme prevents cheating by dishonest signatories from going undetected. The scheme is practical and offers at least the same security level afforded by its underlying cryptosystem against extern...

This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both con dentiality and sender authentication purposes. 1

Abstract not found

Recently various public key encryption schemes such as DHIES by Abdalla, Bellare and Rogaway and REACT by Okamoto and Pointcheval, whose security against adaptive chosen ciphertext attack (CCA) is based on the Gap problems, have been proposed. Although the Gap problems were proved to be a sufficient assumption for those schemes to be secure against adaptive chosen-cipertext attack, a necessary condition for CCA security of those schemes has not been explicitly discussed.

Abstract. In 1984, H.C. Williams introduced a public key cryptosystem whose security is as intractable as factorization. Motivated by some strong and interesting cryptographic properties of the intrinsic structure of this scheme, we present a practical modification thereof that has very strong security properties. We establish, and prove, a generalization of the “sole-samplability ” paradigm of Zheng-Seberry (1993) which is reminiscent of the plaintext-awareness concept of Bellare et. al. The assumptions that we make are both well-defined and reasonable. In particular, we do not model the functions as random oracles. In essence, the proof of security is based on the factorization problem of any large integer n = pq and Canetti’s “oracle hashing ” construction introduced in 1997. Another advantage of our system is that we do not rely on any special structure of the modulus n = pq, nor do we require any specific form of the primes p and q. As our main result we establish a model which implies security attributes even stronger than semantic security against chosen ciphertext attacks.

s), p.146, 1985. [790] J.L. MASSEY AND X. LAI, "Device for converting a digital block and the use thereof", European Patent # 482,154, 29 Apr 1992. [791] , "Device for the conversion of a digital block and use of same", U.S. Patent # 5,214,703, 25 May 1993. [792] J.L. MASSEY AND J.K. OMURA, "Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission ", U.S. Patent # 4,567,600, 28 Jan 1986. [793] J.L. MASSEY AND R.A. RUEPPEL, "Linear ciphers and random sequence generators with multiple clocks", Advances in Cryptology-- Proceedings of EUROCRYPT 84 (LNCS 209), 74--87, 1985. [794] J.L. MASSEY AND S. SERCONEK, "A Fourier transform approach to the linear complexity of nonlinearly filtered sequences", Advances in Cryptology--CRYPTO '94 (LNCS 839), 332--340, 1994. [795] M. MATSUI, "The first experimental cryptanalysis of the Data Encryption Standard", Advances in Cryptology--CRYPTO '94 (LNCS 839), 1--11, 1994. [796] , "Linear cryptanalysis metho...