Convertible Authenticated Encryption Scheme with Hierarchical Access Control

Convertible authenticated encryption (CAE) scheme with hierarchical access control has crucial benefits to the transmission of digital evidence. Such a scheme allows a judicial policeman to generate an authenticated ciphertext and only a designated investigator of Investigation of Bureau, Ministry of Justice (MJIB) has the ability to decrypt the ciphertext and verify the corresponding signature. The designated investigator can further convert the ciphertext into an ordinary signature and give it to a judge or a prosecutor for the litigation process. A senior manager of MJIB also has the right to take over either one or all ciphertext, i.e., digital evidence, intended for his subordinate. The underlying security assumption of our proposed scheme is based on the bilinear Diffie-Hellman problem (BDHP). We prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) in the random oracle model. Compared with related works, the proposed scheme not only provides better functionalities, but also has provable security.