Coron et al. proposed the ES scheme PSS-ES which realizes an encryption scheme and a signature scheme with a unique padding technique and key pair, and gave security proofs. PSS-ES is not only suitable for an implementation with a restriction to a program size because it needs a unique padding technique for both an encryption and a signature, but also it makes a key management simple because each entity needs only one key pair. Its reduction efficiency is, however, not good because its security as an encryption scheme depends on the encryption permutation's partial-domain one-wayness. In this paper, we propose new ES schemes REACT-ES and OAEP++-ES based on REACT and OAEP++, respectively, and give the security proofs. As a result, REACT-ES and OAEP++-ES are much tighter than OAEP-ES. Moreover, since REACT-ES is superior to other schemes in communication efficiency, we conclude that REACT-ES is most practical scheme.
展开▼