Convertible Authenticated Encryption Scheme Without Using Conventional One‐Way Function
Volume 14, Issue 4 (2003), pp. 445–454
Pub. online: 1 January 2003
Type: Research Article
Received
1 January 2003
1 January 2003
Published
1 January 2003
1 January 2003
Abstract
An authenticated encryption allows the designated recipient to verify the authenticity while recovering the message. To protect the recipient's benefit in case of a later dispute, a convertible authenticated encryption scheme allows the recipient to convert the authenticated encryption into an ordinary signature so that it becomes a publicly verifiable. This paper shows a universal forgery attack on Araki et al.'s convertible authenticated encryption scheme, and proposes a new convertible authenticated encryption scheme. Without using any conventional one‐way function, the proposed scheme simplifies its security assumption on only a public hard problem – the discrete logarithm problem.