Abstract
SUMMARYSigncryption is a cryptographic primitive that performs simultaneously both the functions of digital signature and public-key encryption, at a cost significantly lower than that required by the traditional signature- then-encryption approach. In this paper, we provide a positive answer to the question of if it is possible to construct signcryption based on lattice problems. More precisely, we design an efficient signcryption scheme that can send a message of length l one time. We prove that the proposed scheme has the indistinguishability against adaptive chosen ciphertext attacks under the learning with errors assumption and strong unforgeability against adaptive chosen messages attacks under the inhomogeneous small integer solution assumption in the random oracle model. Copyright (c) 2012 John Wiley & Sons, Ltd.