Sign and Encrypt Strategies and Protocol in Data Authentication and Entity Authentication

Sign and Encrypt

Naïve Sign & Encrypt appears in file-security and mail-security applications. Users need simple security semantics, and that symmetric-key semantics are sufficient for most users and most applications’ needs. symmetric-key semantics are easy for users to understand. Naïve Sign & Encrypt has different security semantics from symmetric encryption, but the difference is subtle, perhaps too subtle for non-specialist users and programmers to grasp.

Principle: Signs then performs authenticated encryption, hence, signs-then-encrypt-then-macs. If the MAC is good, then decrypt and verify the signature to verify who sent the message.

Repair Schemes For Sign-Then-Encrypt

Repair Options (to detect alterations)

5 independent and equivalently-secure ways to fix naïve Sign & Encrypt:

1. Sign recipient's name into plaintext, (r, msg)ˢ // prevent `surreptitious forwarding`
2.Encrypt the sender's name into plaintext, (s, msg)ʳ // exclusion for recipient, however, sender's name w/o signature is flawed
3.Incorporate both names;
4.Sign again the signed-&-encrypted message; // S/E/S
5.Encrypt again the signed ciphertext. // E/S/E