Signcryption, first proposed by Zheng [4,5], is a cryptographic primitive which combines both the functions of digital signature and public key encryption in a logical single step, and with a computational cost significantly lower than that needed by the traditional signature-thenencryption approach. In Zheng's scheme, the signature verification can be done either by the recipient directly (using his private key) or by engaging a zero-knowledge interactive protocol with a third party, without disclosing recipient's private key. In this note, we modify Zheng's scheme so that the recipient's private key is no longer needed in signature verification. The computational cost of the modified scheme is higher than that of Zheng's scheme but lower than that of the signaturethen-encryption approach.
Feng Bao, Robert H. Deng