Cryptanalysis of Tseng et al.'s authenticated encryption schemes

摘要

In 2003, Tseng et al. proposed two types of authenticated encryption schemes with message recovery using self-certified public keys. One is suitable for the short message. To the large message, they proposed the other authenticated encryption scheme with message linkages for message flows. An attack is proposed to show that the Tseng et al.'s schemes are not secure in the following cases, which the specified verifier substitutes his secret key, or the signer generates the signature with these schemes for two or more specified verifiers. A small modification to their schemes can satisfy the security requirement.