In most of current authenticated encryption schemes,the recipient can not prove to a third party that message m and signature s are indeed originated from a specific sender.