The Joint Signature and Encryption Revisited
This addresses efficiency and security issues in cryptographic protocols for applications requiring authentication and confidentiality, though it appears incremental.
The paper identified weaknesses in existing sign-then-encrypt paradigms for cryptographic primitives like designated confirmer signatures and signcryption, which required expensive encryption for security. It proposed optimizations that eliminate these weaknesses, enabling cheap encryption while maintaining security and adding verifiability.
We study the Sign_then_Encrypt, Commit_then_Encrypt_and_Sign, and Encrypt_then_Sign paradigms in the context of two cryptographic primitives, namely designated confirmer signatures and signcryption. Our study identifies weaknesses in those paradigms which impose the use of expensive encryption (as a building block) in order to meet a reasonable security level. Next, we propose some optimizations which annihilate the found weaknesses and allow consequently cheap encryption without compromising the overall security. Our optimizations further enjoy verifiability, a property profoundly needed in many real-life applications of the studied primitives.