Efficient verifiably encrypted signatures from lattices

Kee Sung Kim, Ik Rae Jeong

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Verifiably encrypted signature schemes can convince a verifier that a given ciphertext is an encryption of an ordinary signature on a given message and the ordinary signature can be recovered by the third party, called adjudicator. In 2010, Rückert et al. proposed a general construction for the verifiably encrypted signatures, and then, they also showed that there exist the lattice-based verifiably encrypted signature schemes. Their constructions are very insightful, but their schemes need an extra adjudication setup phase and Merkle trees, so they have large parameters and keys, that is, they are inefficient. Also, their schemes provide only the limited signature capacity because the signing keys should be reissued after generating kth verifiably encrypted signatures. To overcome the weaknesses of Rückert et al.'s scheme, we construct a verifiably encrypted signature scheme based on the hard lattice problems. Our scheme provides the full functionality, i.e., the signatures can be generated without any limitations and does not need any extra adjudication setup phases. Moreover, the size of the secret keys in our scheme is constant. Our scheme provides unforgeability, opacity, extractability, and abuse-freeness in the random oracle model.

Original languageEnglish
Pages (from-to)305-314
Number of pages10
JournalInternational Journal of Information Security
Issue number4
Publication statusPublished - 2014 Aug


  • Abuse-freeness
  • Extractability
  • Lattice
  • Opacity
  • Verifiably encrypted signature

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Efficient verifiably encrypted signatures from lattices'. Together they form a unique fingerprint.

Cite this