Comments on the security of Chen's authenticated encryption scheme

Chen (Computers and Electrical Engineering, vol. 30, 2004) illustrated that Tseng et al.'s authenticated encryption schemes, with message linkages for message flows, do not achieve their claimed integrity and authenticity properties. Furthermore, Chen presented some modified schemes to repair these flaws. In this paper, we show that the modified schemes proposed by Chen are not secure. In particular, we present an attack that allows a dishonest referee, in case of a dispute, to decrypt all the future and past authenticated ciphertext between the contended parties. We also present a simple fix to prevent this attack.

[1]  Chin-Chen Chang,et al.  Authenticated encryption scheme without using a one way function , 1995 .

[2]  Guozhen Xiao,et al.  Improvement of Tseng et al.'s authenticated encryption scheme with message linkages , 2005, Appl. Math. Comput..

[3]  Chin-Chen Chang,et al.  Authenticated Encryption Schemes with Linkage Between Message Blocks , 1997, Inf. Process. Lett..

[4]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1996, Des. Codes Cryptogr..

[5]  Patrick Horster,et al.  Authenticated encryption schemes with low communication costs , 1994 .

[6]  Min-Shiang Hwang,et al.  Improvement of Authenticated Encryption Schemes with Message Linkages for Message Flows , 2006, IEICE Trans. Inf. Syst..

[7]  Hung-Yu Chien,et al.  Authenticated encryption schemes with message linkages for message flows , 2003, Comput. Electr. Eng..

[8]  Bi-Hui Chen Improvements of authenticated encryption schemes with message linkages for message flows , 2004, Comput. Electr. Eng..

[9]  吳宗杉,et al.  Authenticated encryption schemes with double linkage , 1999 .

[10]  Kefei Chen Authenticated encryption scheme based on quadratic residue , 1998 .

[11]  LI Shu-dong A New Authenticated Encryption Scheme with Public Verifiability , 2007 .

[12]  Chin-Chen Chang,et al.  An ElGamal-Like Cryptosystem for Enciphering Large Messages , 2002, IEEE Trans. Knowl. Data Eng..

[13]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[14]  Min-Shiang Hwang,et al.  Authenticated Encryption Schemes: Current Status and Key Issues , 2005, Int. J. Netw. Secur..

[15]  Tzong-Chen Wu,et al.  Authenticated encryption scheme with (t, n) shared verification , 1998 .

[16]  David Chaum,et al.  Convertible Undeniable Signatures , 1990, CRYPTO.

[17]  R. A. Rueppel,et al.  Message recovery for signature schemes based on the discrete logarithm problem , 1994, EUROCRYPT.

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.