Improvement of convertible authenticated encryption schemes and its multiple recipients version

A convertible authenticated encryption scheme simultaneously provides the functions of integration, authentication, confidentiality, and non-repudiation. A signer generates an au-thenticated ciphertext signature on the chosen message. So that only a designated recipient can recover the message by using her/his secret key and verify the message by using the signer's public key. If there is a dispute, the recipient is able to convert the authenticated ciphertext signature into an ordinary signature that can be verified by anyone. This paper separately points out that any adversary can forge a converted signature in Araki's scheme and Ma-Chen's scheme. Moreover, we further improve the weakness in Wu-Hsu's scheme, which is to convert the signature into an ordinary one should divulge the message. The im-proved scheme not only solves the weakness but also reduces the computational complexities in both sides of signer and recipient. Furthermore, the proposed convertible authenticated encryption scheme is extended for multiple recipients. The message can be recovered and verified by a group with multiple recipients.