Abstract
Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated recipient to reveal an ordinary signature for dealing with a later dispute over repudiation. Based on the ElGamal cryptosystem, in 2009, Lee et al. proposed a CAE scheme with only heuristic security analyses. In this paper, we will demonstrate that their scheme is vulnerable to the chosen-plaintext attack and then further propose an improved variant. Additionally, in the random oracle model, we prove that the improved scheme achieves confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).
Original language | English |
---|---|
Pages (from-to) | 661-666 |
Number of pages | 6 |
Journal | Information Processing Letters |
Volume | 111 |
Issue number | 13 |
DOIs | |
State | Published - 01 07 2011 |
Externally published | Yes |
Keywords
- Authenticated encryption
- Convertible
- Cryptography
- ElGamal system
- Provable security
- Random oracle model