The authenticated encryption scheme allows the specified receiver to simultaneously recover and verify a message. Recently, to protect the receiver's benefit of a later dispute, Wu and Hsu proposed a convertible authenticated encryption scheme in which the receiver can convert the signature into an ordinary one that can be verified by anyone. However, Wu and Hsu's scheme doesn't consider that once the intruder knows the message then the intruder can also easily convert a signature into an ordinary digital signature. In this situation, the intruder may force the signer to be responsible for the terms of agreement of the documents and cause confusion. In this paper, we propose an efficient convertible authenticated encryption scheme which can provide better protection for both the signer and the specified receiver. On the other hand, we also propose an efficient and lower communication convertible authenticated encryption scheme with message linkages. It can be regarded as a variant of the convertible authenticated encryption scheme in that it is designed to link up the message blocks to avoid the message block being reordered, replicated, or partially deleted during the transmission.
展开▼
