Versatile Padding Schemes for Joint Signature and Encryption
Yevgeni Dodis, Michael J. Freedman, Stanislaw Jarecki, Shabsi Walfish


We build several highly-practical and optimized signcryption constructions directly from trapdoor permutations, in the random oracle model.  All our constructions share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the stronger known qualitative security (so-called IND-CCA and sUF-CMA) and, finally, compatibility with the PKCS#1 infrastructure.  While some of these features are present in previous works to various extents, we believe that our schemes improve on earlier proposals in at least several dimensions.