Improved convertible authenticated encryption scheme with provable security

Han Yu Lin, Chien Lung Hsu*, Shih-Kun Huang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

11 Scopus citations


Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated recipient to reveal an ordinary signature for dealing with a later dispute over repudiation. Based on the ElGamal cryptosystem, in 2009, Lee et al. proposed a CAE scheme with only heuristic security analyses. In this paper, we will demonstrate that their scheme is vulnerable to the chosen-plaintext attack and then further propose an improved variant. Additionally, in the random oracle model, we prove that the improved scheme achieves confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).

Original languageEnglish
Pages (from-to)661-666
Number of pages6
JournalInformation Processing Letters
Issue number13
StatePublished - 1 Jul 2011


  • Authenticated encryption
  • Convertible
  • Cryptography
  • ElGamal system
  • Provable security
  • Random oracle model


Dive into the research topics of 'Improved convertible authenticated encryption scheme with provable security'. Together they form a unique fingerprint.

Cite this