A key encapsulation mechanism (KEM) that takes as input an arbitrary string, i.e., a tag, is known as tag-KEM, while a scheme that combines signature and encryption is called signcryption. In this paper, we present a code-based signcryption tag-KEM scheme. We utilize a code-based signature and an IND-CCA2 (adaptive chosen ciphertext attack) secure version of McEliece's encryption scheme. The proposed scheme uses an equivalent subcode as a public code for the receiver, making the NPcompleteness of the subcode equivalence problem to be one of our main security assumptions. We then base the signcryption tag-KEM to design a code-based hybrid signcryption scheme. A hybrid scheme deploys asymmetric- as well as symmetric-key encryption. We give security analyses of both our schemes in the standard model and prove that they are secure against IND-CCA2 (indistinguishability under adaptive chosen ciphertext attack) and SUF-CMA (strong existential unforgeability under chosen message attack).

翻译：密钥封装机制（KEM）若以任意字符串（即标签）作为输入，则称为标签KEM；而将签名与加密相结合的方案称为签密。本文提出一种基于编码的签密标签KEM方案。我们采用基于编码的签名方案以及具有IND-CCA2（适应性选择密文攻击）安全性的McEliece加密方案增强版。该方案使用接收方等价子码作为公开码，使得子码等价问题的NP完全性成为主要安全假设之一。进而基于签密标签KEM设计一种基于编码的混合签密方案，该混合方案同时部署非对称密钥加密与对称密钥加密。我们在标准模型下对两种方案进行安全性分析，证明其能够抵御IND-CCA2（适应性选择密文攻击下的不可区分性）和SUF-CMA（选择消息攻击下的强存在不可伪造性）攻击。