Informatica

An authenticated encryption allows the designated recipient to verify the authenticity while recovering the message. To protect the recipient's benefit in case of a later dispute, a convertible authenticated encryption scheme allows the recipient to convert the authenticated encryption into an ordinary signature so that it becomes a publicly verifiable. This paper shows a universal forgery attack on Araki et al.'s convertible authenticated encryption scheme, and proposes a new convertible authenticated encryption scheme. Without using any conventional one‐way function, the proposed scheme simplifies its security assumption on only a public hard problem – the discrete logarithm problem.