Informatica

A convertible authenticated encryption scheme allows a specified recipient to recover and verify a message simultaneously. Moreover the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. Recently, Lv et al. (2005) showed that the Wu et al.'s (1999) and the Huang et al.'s (2003) convertible authenticated encryption schemes cannot provide the semantic security of encrypted messages. Then they proposed a practical convertible authenticated encryption scheme using self-certified public keys, and extended it to one with message linkages when the signed message is large. In this paper, we show that the verifier can recover messages if given many triples of message, signature and ciphertext in the Lv et al.'s basic convertible authenticated encryption scheme. Finally we propose a new improvement to these schemes to overcome this weakness and to improve its efficiency.