Convertible Multi-authenticated Encryption Scheme for Data Communication

A convertible authenticated encryption scheme allows the signer to create a valid authenticated ciphertext such that only the specified receiver can simultaneously recover and verify the message. To protect the receiver’s benefit of a later dispute on repudiation, the receiver has the ability to convert the signature into an ordinary one that can be verified by anyone. However, the previous proposed convertible authenticated encryption schemes are not adequate when the signers are more than one. Based on elliptic curve cryptography, this paper will propose a new efficient convertible multi-authenticated encryption scheme for mobile communication or hardware-limited users. The proposed scheme provides the following advantages: (1) The size of the generated authenticated ciphertext is independent of the number of total signers. (2) The signature is cooperatively produced by a group of signers instead of a signal signer. (3) Except for the designated recipient, no one can derive the signed message and verify its corresponding signature. (4) When a later dispute on repudiation, the receiver has the ability to prove the dishonesty of the signers by revealing an ordinary signature that can be verified by any verifier (or judge) without the cooperation of the signers. (5) The computation costs for the verifier will not significantly increase even if the signer group is expanded. Moreover, we also proposed the convertible multi-authenticated encryption protocol in multi-verifier setting for applications.