COMMENTS ON A THRESHOLD AUTHENTICATED ENCRYPTION SCHEME

摘要

An authenticated encryption scheme (AE scheme) allows the signer to generate a valid authenticated ciphertext on a message such that the designated recipient can recover the message. AE schemes can achieve confidentiality and authenticity when message is transmitted over an insecure channel. The previous AE scheme only can allow one signer to generate the authenticated ciphertext. Recently, Chung et al. proposed a (t, n) threshold authenticated encryption scheme (TAE scheme) in which any t or more signers cooperate to produce a signature for a message and no one except the designated verifier can obtain the message from the ciphertext and verify the authenticity and integrity of the message. The scheme is based on elliptic curve cryptosystem. Moreover, the scheme applies a division-of-labour signature technique to reduce the load of every signer. In other words, every signer only needs to sign a message block assigned to it. Therefore, the (t, n) TAE scheme is more efficient than other AE schemes. However, some flaws of the scheme are found in this paper. Several security defects of the scheme are elaborated: (i) It suffers from conspiracy attack, (ii) It does not hold robustness, (iii) It is insecure against insider attacks. In addition, there exist some design defects in the TAE scheme. Some measures to remove these weaknesses are given in this paper.