摘要:Conventional authenticated encryption (AE) schemes put emphasis on the single-user setting, which only allow one signer to produce an authenticated ciphertext such that merely the designated recipient is capable of recovering the message and verifying its corresponding signature. In the multi-user environments, e.g., organizational operations, several senior managers might cooperatively sign a confidential business contract according to the organizational signing policies. To fulfill such application requirements, in this paper, we propose a secure (t, n) threshold convertible authenticated encryption (TCAE) scheme and its variant with message linkages for the multi-user environment. In our proposed scheme, any t or more signers can cooperatively generate a valid authenticated ciphertext while less than or equal to t–1 cannot. In case of a later dispute over repudiation, the designated recipient can solely convert the authenticated ciphertext into an ordinary multi-signature without extra computational efforts for protecting his benefits. Moreover, the security requirement of confidentiality against adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery on adaptive chosen-message attacks (EF-CMA) are proved in the random oracle model. Compared with related works, our scheme provides not only better functionalities, but also lower computational costs. DOI: http://dx.doi.org/10.5755/j01.itc.43.3.5708