EFFICIENT CONVERTIBLE MULTI-AUTHENTICATED ENCRYPTION SCHEME WITHOUT MESSAGE REDUNDANCY OR ONE-WAY HASH FUNCTION

A convertible multi-authenticated encryption (CMAE) scheme providing confidentiality, authenticity and non-repudiation properties allows a designated recipient to recover and verify an authenticated message which is signed by multiple signers. The recipient has the ability to further prove the dishonesty of signers to any third party if they repudiate their signature latter. In 2008, Wu et al. first proposed a CMAE scheme based on. discrete logarithms, but the computational complexity of their scheme is rather high and the message redundancy is required. To improve the performance and remove the message redundancy, Tsai adopted one-way hash functions (such as MD5) to propose a new scheme. In 2005, however, MD5 was cracked by Wang and Yu, which indicates that the schemes using one-way hash functions might turn out to be vulnerable to such an attack. This paper proposes a new efficient CMAE scheme. Neither the one-way hash, function nor the message redundancy is employed in the proposed scheme. The scheme not only preserves the advantages of Wu et al. 's, but also outperforms their scheme. With low computational cost, our proposed scheme can be practically implemented.