Nyberg and Ruppel first proposed a signature scheme with message recovery based on DSA in 1993, and the authenticated encryption scheme is a special application of their scheme. Afterward, there are many papers proposed about the authenticated encryption schemes. The signature scheme can reduce the transmitted cost, because the message has been contained in the signature of the message and the signer does not necessary to send the receiver the message and the signature. The scheme is very suitable for the key agreement application, because a key is a small amount of a message. In order to comprehend and interpret the authenticated encryption schemes overall, we discuss the evolution and the existed problems of authenticated encryption schemes.
International Journal of Network Security; 1(2):61–73