Practical convertible authenticated encryption schemes using self-certified public keys

A convertible authenticated encryption scheme allows a designated receiver to recover and verify a message simultaneously, during which the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. In this paper, after showing some weaknesses in Wu et al.’s [21] and Huang et al ’s [10] convertible authenticated encryption schemes, we propose a practical convertible authenticated encryption scheme using self-certified public keys and then extend it to one with message linkages when the signing message is large. Each scheme could provide semantic security of the message, the signer’s public key can be simultaneously authenticated in checking a signature’ validity and only under the cooperation of the recipient could a verifier know to whom a specific signature is sent. Finally, we give a variant that could make a verifier know to whom a signature is sent while verifying its validity.