Self-certified proxy convertible authenticated encryption: Formal definitions and a provably secure scheme
In 2009, Wu and Lin introduced the concept of self-certified proxy convertible authenticated encryption (SP-CAE) by integrating self-certified public-key system and designated verifier proxy signature with message recovery. They also presented the first SP-CAE scheme which is based the discrete logarithm problem. However, Wu-Lin scheme is not secure as Xie et al. recently showed that this scheme is existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. In this paper, we first discuss the security requirements of SP-CAE and then formally define unforgeability, message confidentiality, and unverifiability. Consequently, the first complete formal model of SP-CAE is proposed. After that, we propose a provably secure SP-CAE scheme by using two-party Schnorr signature introduced by Nicolosi et al. in 2003. Finally, we prove the formal security of the proposed scheme in the random oracle model under the discrete logarithm assumption.