The authenticated encryption scheme allows the specified receiver to simultaneously recover and verify a message. Recently,
to protect the receiver’s benefit of a later dispute, Wu and Hsu proposed a convertible authenticated encryption scheme in
which the receiver can convert the signature into an ordinary one that can be verified by anyone. However, Wu and Hsu’s scheme
doesn’t consider that once the intruder knows the message then the intruder can also easily convert a signature into an ordinary
digital signature. In this situation, the intruder may force the signer to be responsible for the terms of agreement of the
documents and cause confusion. In this paper, we propose an efficient convertible authenticated encryption scheme which can
provide better protection for both the signer and the specified receiver. On the other hand, we also propose an efficient
and lower communication convertible authenticated encryption scheme with message linkages. It can be regarded as a variant
of the convertible authenticated encryption scheme in that it is designed to link up the message blocks to avoid the message
block being reordered, replicated, or partially deleted during the transmission.