## Cryptology ePrint Archive: Report 2007/372

On the Authentication of One Popular Signcryption Scheme

Zhengjun Cao

Abstract: Whether a recipient \textit{can prove} a signature to others is of great importance. The function is just one reason that we call a signature signature" rather than others. In this paper, we point out that one popular signcryption signature convinces \textit{only} the designated document's recipient that the signer deliberately signed the document. The \textit{designated recipient} can \textit{check} the validity of a given signcryptext but \textit{cannot prove} it to others. We also improve it using the efficient technique developed in Schnorr's signature instead of a zero-knowledge proof such that the receiver can \textit{check} the validity of a given signcryptext and \textit{can prove} it to a third party.

Category / Keywords: cryptographic protocols / signcryption, universal authentication, restrictive authentication, designated authentication