Versatile padding schemes for joint signature and encryption

Yevgeniy Dodis, Stanislaw Jarecki, Michael J. Freedman, Shabsi Walfish

Research output: Contribution to journalConference articlepeer-review


We propose several highly-practical and optimized constructions for joint signature and encryption primitives often referred to as signcryption. All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security and, finally, complete compatibility with the PKCS#1 infrastructure. Similar to the design of plain RSA-based signature and encryption schemes, such as RSA-FDH and RSA-OAEP, our signcryption schemes are constructed by designing appropriate padding schemes suitable for use with trapdoor permutations. We build a general and flexible framework for the design and analysis of secure Feistel-based padding schemes, as well as three composition paradigms for using such paddings to build optimized signcryption schemes. To unify many secure padding options offered as special cases of our framework, we construct a single versatile padding scheme PSEP which, by simply adjusting the parameters, can work optimally with any of the three composition paradigms for either signature, encryption, or signcryption. We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.

Original languageEnglish (US)
Pages (from-to)344-353
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
StatePublished - 2004
EventProceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004 - Washington, DC, United States
Duration: Oct 25 2004Oct 29 2004


  • Extractable commitments
  • Feistel Transform
  • Joint signature and encryption
  • Signcryption
  • Universal padding schemes

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Versatile padding schemes for joint signature and encryption'. Together they form a unique fingerprint.

Cite this