An Efficient Convertible Authenticated Encryption Scheme and Its Variant

  • Hui-Feng Huang
  • Chin-Chen Chang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2836)


The authenticated encryption scheme allows the specified receiver to simultaneously recover and verify a message. Recently, to protect the receiver’s benefit of a later dispute, Wu and Hsu proposed a convertible authenticated encryption scheme in which the receiver can convert the signature into an ordinary one that can be verified by anyone. However, Wu and Hsu’s scheme doesn’t consider that once the intruder knows the message then the intruder can also easily convert a signature into an ordinary digital signature. In this situation, the intruder may force the signer to be responsible for the terms of agreement of the documents and cause confusion. In this paper, we propose an efficient convertible authenticated encryption scheme which can provide better protection for both the signer and the specified receiver. On the other hand, we also propose an efficient and lower communication convertible authenticated encryption scheme with message linkages. It can be regarded as a variant of the convertible authenticated encryption scheme in that it is designed to link up the message blocks to avoid the message block being reordered, replicated, or partially deleted during the transmission.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Araki, S., Uehara, S., Imamura, K.: Convertible Limited Verifier Signature Based on Horster’s Authenticated Encryption. In: 1998 Symposium on Cryptography and Information Security (1998) Google Scholar
  2. 2.
    Araki, S., Uehara, S., Imamura, K.: The Limited Verifier Signature and Its Application. IEICE Transactions on Fundamentals E82-A(1), 63–68 (1999)Google Scholar
  3. 3.
    ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 30(4), 469–472 (1985)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Horster, P., Michels, M., Petersen, H.: Authenticated Encryption Schemes with Low Communication Costs. Electronics Letters 30(15), 1212–1213 (1994)CrossRefGoogle Scholar
  5. 5.
    Nyberg, K., Rueppel, R.A.: Message Recover for Signature Schemes Based on the Discrete Logarithm Problem. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 182–193. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  6. 6.
    Petersen, H., Michels, M.: Cryptanalysis and Improvement of Signcryption Schemes. IEE Proceedings-Computers and Digital Techniques 145(2), 149–151 (1998)CrossRefGoogle Scholar
  7. 7.
    Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 339–351. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Wu, T.S., Hsu, C.L.: Convertible Authenticated Encryption Scheme. The Journal of Systems and Software 62, 205–209 (2002)CrossRefGoogle Scholar
  9. 9.
    Zheng, Y.: Signcryption and Its Applications in Efficient Public Key Solutions. In: Okamoto, E. (ed.) ISW 1997. LNCS, vol. 1396, pp. 291–312. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Hui-Feng Huang
    • 1
  • Chin-Chen Chang
    • 1
  1. 1.Department of Computer Science and Information EngineeringNational Chung Cheng UniversityChiayiTaiwan

Personalised recommendations