Recently, Tseng et al. proposed an authenticated encryption scheme using self-certi-
fied public keys. In their scheme, only the specified receiver can verify and recover the
message. In this article, we will demonstrate their scheme cannot withstand the known
plaintext-ciphertext attack. The intruder has ability to expose every message sent
between the signer and the specified receiver.
