IEEE P1363: Hybrid Schemes

Shortened Digital Signature, Signcryption and Compact and Unforgeable Key Agreement Schemes
Yuliang Zheng, July 1998.
Presented at the August 1998 meeting.

This submission consists of three separate parts. Although these parts are technically related, each addresses a different issue in cryptography and can serve as an independent contribution to the standard. Schemes described in this submission can play a role complementary to those designed in a different approach. A common feature of these schemes is that they all attemp to minimize computational efforts and communication overhead involved in a cryptographic operation.

PostScript File (973K)
Zipped PostScript File (217K)
Adobe Acrobat (.pdf) File (495K)

Certification of DL/EC keys
Benjamin Arazi, August 1998 (updated May 1999).
Presented at the August 1998 meeting.

It is shown that the explicit certification of public keys in customary DL/EC (Discrete-Log/ Elliptic-Curve) applications, ranging from digital signatures of the DSA type to key agreements of the DH type, can be abolished. This facilitates highly efficient implementations in terms of the total number of exponentiations needed to be executed, the ability of having parallel processing, and communication overhead.

At the fundamental level it is shown how to integrate the processing of the public key of the trusted third party (needed, by definition, in establishing the validity of static public values submitted by a user) and the dynamic processing associated with the actual cryptographic process. This reduces, by a factor of at least 2, the processing time when compared to standard signature and key-agreement techniques, while further reducing communication overhead.

It is then shown how the performance of the introduced key-agreement techniques is further enhanced, by utilizing a principle termed "you are OK if I am OK". Here, the processing of the public key of Alice's trusted third party is not performed by Bob after he receives the values submitted by Alice, as customarily done. Instead, Bob refers to the said public key prior to his communication with Alice (utilizing the realistic observation under which Bob is supposed to know in any case the public key of Alice's trusted third party regardless of his communication with Alice). Here, if Bob is assured that his secret and public values are valid then he is subsequently assured that the public values submitted by Alice are valid as well.

Postscript File (602K)
Zipped Postscript File (158K)
Adobe Acrobat (.pdf) File (82K)
MSWord for Windows File (113K)

An Inversionless DL/EC Signature Facilitating Chaining
Benjamin Arazi, April 11, 2000.
Presented at the March 2000 meeting.

I want to add more information regarding the "Arazi signature" that was debated in the Berlin meeting. Beside being inversionless (for both the signer and the verifier) the method naturally facilitates chained certification, and chained signature verification. This crucial feature, shown in detail in the attached short MS Word document, stems from the fact that the signer uses his private key as a free addend in the generation of the signature. (That is, the private key is not multiplied by any scalar during signature generation.)

Postscript File (56K)
Adobe Acrobat (.pdf) File (13K)
MSWord for Windows File (36K)

This site was last modified on April 11, 2000.
IEEE Logo IEEE Standards Logo P1363 Logo
IEEE Home Page IEEE Standards P1363 Home Page