School of Computer and Information Engineering;
Hohai University;
Nanjing 210098;
China;
School of Computer Science and Technology;
Harbin Institute of Technology;
Harbin 150001;
China;
Dept. of Computer Science and Engineering;
Shanghai Jiaotong University;
Shanghai 200030;
China;
School of Computer and Information Engineering;
Hohai University;
Nanjing 210098;
Chinan 1996;
Mambo et al introduced the concept of proxy signature. However;
proxy signature can only provide the delegated authenticity and cannot provide confidentiality. Recently;
Gamage et al and Chan and Wei proposed different proxy signcryption schemes respectively;
which extended the concept of proxy signature. However;
only the specified receiver can decrypt and verify the validity of proxy signcryption in their schemes. To protect the receiver's benefit in case of a later dispute;
Wu and Hsu proposed a convertible authenticated encryption scheme;
which can enable the receiver to convert signature into an ordinary one that can be verified by anyone. Based on Wu and Hsu' s scheme and improved Kim's scheme;
we propose a convertible proxy signcryption scheme. The security of the proposed scheme is based on the intractability of reversing the one-way hash function and solving the discrete logarithm problem. The proposed scheme can satisfy all properties of strong proxy signature and withstand the public key substitution attack and does not use secure channel. In addition;
the proposed scheme can be extended to convertible threshold proxy signcryption scheme.;
数字签名; 代理签名; 认证; 代理签章加密; 离散对数问题;