Novel convertible authenticated encryption schemes without using hash functions

An authenticated encryption scheme allows a designated recipient to recover the message and then verify its authenticity while keeping the message secret from the public, and a convertible authenticated encryption scheme enables the recipient to convert the signature to an ordinary one so that any third party can verify its validity. The paper shows a weaknesses in Chien's [3] convertible authenticated encryption scheme, then based on the public discrete logarithm hard problem solely, we propose a novel convertible authenticated encryption scheme without using hash functions, and extend it to a (t, n) threshold scheme. The proposed schemes have the following characteristics: Each scheme provides semantic security of the message, that is, after getting a valid signature, any adversary cannot determine whether his guessed message is the actual message signed by the sender by checking if it satisfies the verification equalities. If the signer repudiates her signature, the recipient can prove, without the cooperation with the signer, the dishonesty of the signer to any third party by revealing the message and its converted signature; If the recipient does not reveal the converted signature, any third party cannot check the validity of the message even though he gets the message and its corresponding signature; There are no hash functions in the proposed convertible authenticated encryption schemes.