多签名和聚合签名及其应用的研究
|
摘要
随着计算机与网络的发展,数字签名产生了很多形式的变种,多签名与聚合签名就是其中很重要的两种。多签名与聚合签名可以统称为多消息签名技术(或多参与者签名技术),它允许多个参与者对消息进行签名,生成一个完整的紧凑的签名,并能够认证所有签名者的签名行为,保证消息的不可否认性、认证性和完整性。由此可见,多消息签名技术的最直接的优势就在于减少了签名的数量和提高了验证的效率。与此同时,多消息签名的安全问题也油然而生。为此,学者们围绕着如何提高多消息签名的安全问题与效率问题展开了广泛而深入的研究。多消息签名技术的研究,不仅具有重要的理论价值,而且在现实网络环境(如容迟/容断网络、云计算、数据命名网等)具有实际的需求与广泛的应用,更对国家的信息化建设具有极为重要的意义。
本文对多消息签名及其多种扩展形式与应用展开了研究,主要研究成果如下:
(1)对交互式多签名的形式化安全模型进行了研究,提出了若干基于大整数分解难题假设的身份基多签名方案。
由于目前大多数的身份基多签名方案都采用的配对技术或者是依赖于非标准的难题假设,基于标准大整数分解难题假设的身份基多签名方案仍属空白。为此,本文提出了若干基于大整数分解难题假设的身份基多签名方案。首先,提出了一个三轮通信的交互式身份基多签名方案,在随机预言机模型下证明其安全性可归约到二次剩余假设上,达到了自适应地选择消息攻击安全与选择身份攻击安全。随后,结合乘法同态的承诺协议,提出了一个更高效的身份基多签名方案。新方案仅需要两轮通信交互,特别适合在无线网络等通信受限网络环境中。该方案仍在随机预言机模型下证明其安全性归约到二次剩余假设上。最后,提出了一个基于三次剩余假设的身份基多签名方案,在随机预言机模型下证明其安全性可以归约到三次剩余难题假设上,达到了自适应地选择消息攻击安全与选择身份攻击安全。这个方案为基于大整数分解问题的密码方案打开了新的设计思路。
(2)对有序多签名的形式化安全模型进行了研究,提出了高效安全的基于PKI的有序多签名方案。
由于目前大多数的多签名采用了交互式方式生成,非交互的多签名方案以其在网络环境中避免了复杂的多轮通信开销的优势,一直受到密码学家的追捧。为此,本文指出Boldyreva等人在国际会议ACM CCS2007上提出有序多签名方案的局限性,给出了有序多签名中抗合谋攻击等新的安全性定义与属性,建立了新的安全模型,并基于BLS短签名的构造思想,提出了一个高效且安全的基于PKI的有序多签名方案,不仅可以克服Boldyreva等人方案的局限性,而且实现了所有提出的安全属性,最后,证明了这一方案是在随机预言机模型下基于CDH假设是安全的。在效率上,不管存在多少个原始签名人,多签名的长度总是恒定的,签名验证的开销也是常数级的。
(3)结合容迟/容断网络的特点,对该网络下的激励机制展开研究,利用多消息签名技术,建立了两套声誉激励方案。
由于容迟/容断网络存在链路延迟大、频繁中断、不能提供持续完整的端到端连接以及存储与计算资源有限等独特的网络特点,使得通信过程依赖于节点间相互协作与转发数据。当存在自私节点或者恶意节点的时候,它们的不愿意协作和转发会导致网络性能效率低下。
首先,本文从DTN的网络特点入手,建立相应的网络及攻击者模型,采用身份基聚合签名以及批量验证方法,设计了一套声誉激励系统。该系统以用户为中心,由用户自身携带声誉证据(身份基签名)并主动出示给证明者;当证明者验证声誉证据时采用批量验证方法;还根据用户的转发记录构建了基于用户转发记录的社会关系,将节点分成不同的社区,使得声誉信息在社区内可以快速扩散传播,进一步完善声誉激励系统。最后,把系统中的声誉传播过程建模为流行病传播过程,从而对参数进行优化选择;通过实验仿真,表明该声誉激励系统的有效性与高效性。
其次,本文提出了数据包的激励衰减模型,建立了以用户为中心的声誉激励系统,由用户自己来管理转发记录,采用接收者的签名来保证该记录的不可伪造性;在签名与验证过程中,采用短签名与批量验证的方法,来节约通信带宽与节点的验证开销。同时,定义了一个基于博弈论的系统框架去设计合理的开销与奖励的参数,达到完美贝叶斯均衡,实现节点间的相互协作与数据转发。通过实验仿真,表明该声誉激励系统的有效性与高效性。
(4)结合云计算的特点,对云计算中的安全与隐私协议展开研究,利用多消息签名技术,提出了安全与隐私保护的云计算协议。
云计算中的安全与隐私问题已经越来越受到学术节与工业界的广泛关注与重视。本文考虑了云计算中的存储安全性与计算安全性,提出了不可欺骗的云计算的概念,定义了云计算下的隐私保护模型,构造了基于身份的指定验证者签名方案,从一个全新的角度实现了云计算中的数据存储安全与隐私保护。同时,采用批量验证的方法,可以对来自不同用户的不同请求进行批量验证,提高了数据存储的验证效率。在计算安全上,构造Merkle哈希树来对计算结果做出承诺,并通过对结果采样检验的方法,有效地保证计算结果的正确性与安全性,并得到了最优情况下的结果采样集合的大小。最后,本文通过在云计算环境上系统的负载与协议的运行效率的测试,由实验数据表明该协议是云计算中的一个可行的且轻量级的解决方案,实现了云计算中安全存储、安全计算与隐私保护。
综上所述,本文对多消息签名理论及其多种扩展形式与应用展开了系统研究,提出的密码算法与应用协议不仅在理论上有重要意义,而且在工程上具有实际应用价值。
With the development of computers and networks, various digital signature variation-s appear. Multi-signature and aggregate signature, denoted as multi-message (or multi-participator) digital signature, play an essential role among the variations of ordinary digitalsignature schemes. Multi-message digital signature enables different signers to sign on themessage and generate a single compact signature to authenticate the message under a set ofdifferent signers, which keeps the message and signature non-repudiation, authenticity andintegrity. Thus, researchers all over the world focus on how to achieve security and improveefficiency of multi-message digital signature in the signing and verification algorithms. Theresearches on the multi-message digital signature play an important role both in theoreti-cal and in practical, which could wildly apply in the real networks such as delay/disruptiontolerant networks (DTNs), cloud computing and wireless sensor networks and contribute tonational construction of information technology.
This thesis focuses on the researches of multi-message digital signature and their appli-cations. The main work and contributions of the present thesis are as follows:
(1) Through the deep research on the formal security models of interactive multi-signature,this thesis proposes several identity based multi-signature (IBMS) schemes basedon the large integer factoring assumptions.
Currently, most of the IBMS schemes rely on bilinear pairings or non-standard assump-tions. We propose several IBMS schemes based on the large integer factoring assumptions.Firstly, we propose an IBMS scheme with three interactive rounds under quadratic residue as-sumption, which equals to integer factoring assumption. By using the technique of quadraticresidue-based multiplicatively homomorphic equivocable commitment, an advanced IBMSscheme is proposed to achieve reducing the interactive round complexity to two rounds. Fur-thermore, we propose an IBMS scheme based under cubic residue assumption. We give theformal security proof that our IBMS schemes are existentially unforgeable under adaptivelychosen message attacks and chosen identity attacks in the random oracle model. Compared with the previous work, our schemes are very efficient. In particular, our schemes are fea-tured by the weak assumption and the efficient signing and verification procedures.
(2) Through the deep research on the formal security models of ordered multi-signature,this thesis proposes an efficient and secure PKI-based ordered multi-signature scheme.
Most of the multi-signature schemes are generated in an interactive way. However,non-interactive multi-signature shows its advantage in avoiding complicated communicationround costs and attracting more attention by cryptographic scientists. Thus, we point out thelimitation of the Boldyreva et al.’s schemes in ACM CCS2007, introduce the new securitydefinition and properties such as resisting to adversatively uncombined, give the new secu-rity models and through the idea of BLS short signature scheme propose an efficient andsecure PKI-based ordered multi-signature scheme. Our scheme is proven secure under com-putational Diffie-Hellman assumption in the random oracle model. Our scheme has shorterpublic key which is suitable to application under current PKI.
(3) This thesis focuses on the incentive mechanisms in the DTNs and builds two repu-tation based incentive schemes by taking the multi-message signature techniques.
DTNs are self-organized wireless ad-hoc networks, where end-to-end connectivity cannot be guaranteed and communications rely on the assumption that the nodes are willing tostore-carry-and-forward bundles in an opportunistic way. However, this assumption wouldbe easily violated due to the selfish nodes that are unwilling to consume precious wirelessresources by serving as bundle relays, which suffers from serious performance degradation.
To tackle this issue, we model the networks and attacks’ behaves, employ the tech-niques of identity based aggregate signature scheme and batch verification, and propose asecure user-centric and social-aware reputation based incentive scheme for DTNs. Differentfrom conventional reputation schemes which rely on neighboring nodes to monitor the trafficand keep tracks of each other’s reputation, our scheme allows a node to manage its reputa-tion evidence and demonstrate its reputation whenever necessary. Two concepts, self-checkand community-check, are defined for reputation evaluation according to the candidate’sforwarding competency and the sufficiency of the evidence shown by the node itself, andfor speeding up reputation establishment and forming consensus views towards targets in thesame community, respectively. Extensive performance analysis based on epidemic modeland simulations are given to demonstrate the effectiveness and efficiency of the proposedscheme.
We also propose a novel user-centric reputation based incentive protocol for DTNs,which allows a node to manage its reputation evidence. Through short signature and batch verification in the reputation ticket generation and verification, it achieves to reduce the com-munication overhead and computation overhead. To achieve the cooperation and the fairnessrequirements in the bundle forwarding, we define a game-theoretic framework to designreasonable costs and reward parameters, which leads to a Perfect Bayesian Equilibrium.Performance simulations are given to show the effectiveness and efficiency.
(4) This thesis focuses on the security and privacy issues of cloud computing andproposed secure and privacy preserving protocol in cloud computing by taking the multi-message signature techniques.
Cloud computing emerges as a new computing paradigm in which security and privacyissues have been widespread concerned in academia and industry. In the thesis, we take bothcloud storage security and computation security into consideration and propose the definitionof uncheatable and privacy cheating discourage. We construct an identity based designatedverifier signature scheme to achieve cloud storage security and privacy cheating discourage-ment. To improve the efficiency of cloud storage security, different users’ requests can beconcurrently handled through the batch verification technique. From the computation securi-ty aspect, we build Merkle hash tree to make commitments on the computing results and findthe cheating behaves through probabilistic sampling technique. To minimize the auditingcost, detailed analysis is given to obtain an optimal sampling size. By testing the overheadand performance of the proposed scheme in the simulation environment, the experiment re-sults demonstrate that it is indeed a viable, lightweight solution for secure storage, securecomputation and privacy preserving in the cloud computing.
In summary, this thesis focuses on both the theory and application of the multi-messagesignature and its variations. The proposed cryptographic schemes and application proto-cols not only deserve deep research in theory, but also have further application values forengineering in practical.
本文对多消息签名及其多种扩展形式与应用展开了研究,主要研究成果如下:
(1)对交互式多签名的形式化安全模型进行了研究,提出了若干基于大整数分解难题假设的身份基多签名方案。
由于目前大多数的身份基多签名方案都采用的配对技术或者是依赖于非标准的难题假设,基于标准大整数分解难题假设的身份基多签名方案仍属空白。为此,本文提出了若干基于大整数分解难题假设的身份基多签名方案。首先,提出了一个三轮通信的交互式身份基多签名方案,在随机预言机模型下证明其安全性可归约到二次剩余假设上,达到了自适应地选择消息攻击安全与选择身份攻击安全。随后,结合乘法同态的承诺协议,提出了一个更高效的身份基多签名方案。新方案仅需要两轮通信交互,特别适合在无线网络等通信受限网络环境中。该方案仍在随机预言机模型下证明其安全性归约到二次剩余假设上。最后,提出了一个基于三次剩余假设的身份基多签名方案,在随机预言机模型下证明其安全性可以归约到三次剩余难题假设上,达到了自适应地选择消息攻击安全与选择身份攻击安全。这个方案为基于大整数分解问题的密码方案打开了新的设计思路。
(2)对有序多签名的形式化安全模型进行了研究,提出了高效安全的基于PKI的有序多签名方案。
由于目前大多数的多签名采用了交互式方式生成,非交互的多签名方案以其在网络环境中避免了复杂的多轮通信开销的优势,一直受到密码学家的追捧。为此,本文指出Boldyreva等人在国际会议ACM CCS2007上提出有序多签名方案的局限性,给出了有序多签名中抗合谋攻击等新的安全性定义与属性,建立了新的安全模型,并基于BLS短签名的构造思想,提出了一个高效且安全的基于PKI的有序多签名方案,不仅可以克服Boldyreva等人方案的局限性,而且实现了所有提出的安全属性,最后,证明了这一方案是在随机预言机模型下基于CDH假设是安全的。在效率上,不管存在多少个原始签名人,多签名的长度总是恒定的,签名验证的开销也是常数级的。
(3)结合容迟/容断网络的特点,对该网络下的激励机制展开研究,利用多消息签名技术,建立了两套声誉激励方案。
由于容迟/容断网络存在链路延迟大、频繁中断、不能提供持续完整的端到端连接以及存储与计算资源有限等独特的网络特点,使得通信过程依赖于节点间相互协作与转发数据。当存在自私节点或者恶意节点的时候,它们的不愿意协作和转发会导致网络性能效率低下。
首先,本文从DTN的网络特点入手,建立相应的网络及攻击者模型,采用身份基聚合签名以及批量验证方法,设计了一套声誉激励系统。该系统以用户为中心,由用户自身携带声誉证据(身份基签名)并主动出示给证明者;当证明者验证声誉证据时采用批量验证方法;还根据用户的转发记录构建了基于用户转发记录的社会关系,将节点分成不同的社区,使得声誉信息在社区内可以快速扩散传播,进一步完善声誉激励系统。最后,把系统中的声誉传播过程建模为流行病传播过程,从而对参数进行优化选择;通过实验仿真,表明该声誉激励系统的有效性与高效性。
其次,本文提出了数据包的激励衰减模型,建立了以用户为中心的声誉激励系统,由用户自己来管理转发记录,采用接收者的签名来保证该记录的不可伪造性;在签名与验证过程中,采用短签名与批量验证的方法,来节约通信带宽与节点的验证开销。同时,定义了一个基于博弈论的系统框架去设计合理的开销与奖励的参数,达到完美贝叶斯均衡,实现节点间的相互协作与数据转发。通过实验仿真,表明该声誉激励系统的有效性与高效性。
(4)结合云计算的特点,对云计算中的安全与隐私协议展开研究,利用多消息签名技术,提出了安全与隐私保护的云计算协议。
云计算中的安全与隐私问题已经越来越受到学术节与工业界的广泛关注与重视。本文考虑了云计算中的存储安全性与计算安全性,提出了不可欺骗的云计算的概念,定义了云计算下的隐私保护模型,构造了基于身份的指定验证者签名方案,从一个全新的角度实现了云计算中的数据存储安全与隐私保护。同时,采用批量验证的方法,可以对来自不同用户的不同请求进行批量验证,提高了数据存储的验证效率。在计算安全上,构造Merkle哈希树来对计算结果做出承诺,并通过对结果采样检验的方法,有效地保证计算结果的正确性与安全性,并得到了最优情况下的结果采样集合的大小。最后,本文通过在云计算环境上系统的负载与协议的运行效率的测试,由实验数据表明该协议是云计算中的一个可行的且轻量级的解决方案,实现了云计算中安全存储、安全计算与隐私保护。
综上所述,本文对多消息签名理论及其多种扩展形式与应用展开了系统研究,提出的密码算法与应用协议不仅在理论上有重要意义,而且在工程上具有实际应用价值。
With the development of computers and networks, various digital signature variation-s appear. Multi-signature and aggregate signature, denoted as multi-message (or multi-participator) digital signature, play an essential role among the variations of ordinary digitalsignature schemes. Multi-message digital signature enables different signers to sign on themessage and generate a single compact signature to authenticate the message under a set ofdifferent signers, which keeps the message and signature non-repudiation, authenticity andintegrity. Thus, researchers all over the world focus on how to achieve security and improveefficiency of multi-message digital signature in the signing and verification algorithms. Theresearches on the multi-message digital signature play an important role both in theoreti-cal and in practical, which could wildly apply in the real networks such as delay/disruptiontolerant networks (DTNs), cloud computing and wireless sensor networks and contribute tonational construction of information technology.
This thesis focuses on the researches of multi-message digital signature and their appli-cations. The main work and contributions of the present thesis are as follows:
(1) Through the deep research on the formal security models of interactive multi-signature,this thesis proposes several identity based multi-signature (IBMS) schemes basedon the large integer factoring assumptions.
Currently, most of the IBMS schemes rely on bilinear pairings or non-standard assump-tions. We propose several IBMS schemes based on the large integer factoring assumptions.Firstly, we propose an IBMS scheme with three interactive rounds under quadratic residue as-sumption, which equals to integer factoring assumption. By using the technique of quadraticresidue-based multiplicatively homomorphic equivocable commitment, an advanced IBMSscheme is proposed to achieve reducing the interactive round complexity to two rounds. Fur-thermore, we propose an IBMS scheme based under cubic residue assumption. We give theformal security proof that our IBMS schemes are existentially unforgeable under adaptivelychosen message attacks and chosen identity attacks in the random oracle model. Compared with the previous work, our schemes are very efficient. In particular, our schemes are fea-tured by the weak assumption and the efficient signing and verification procedures.
(2) Through the deep research on the formal security models of ordered multi-signature,this thesis proposes an efficient and secure PKI-based ordered multi-signature scheme.
Most of the multi-signature schemes are generated in an interactive way. However,non-interactive multi-signature shows its advantage in avoiding complicated communicationround costs and attracting more attention by cryptographic scientists. Thus, we point out thelimitation of the Boldyreva et al.’s schemes in ACM CCS2007, introduce the new securitydefinition and properties such as resisting to adversatively uncombined, give the new secu-rity models and through the idea of BLS short signature scheme propose an efficient andsecure PKI-based ordered multi-signature scheme. Our scheme is proven secure under com-putational Diffie-Hellman assumption in the random oracle model. Our scheme has shorterpublic key which is suitable to application under current PKI.
(3) This thesis focuses on the incentive mechanisms in the DTNs and builds two repu-tation based incentive schemes by taking the multi-message signature techniques.
DTNs are self-organized wireless ad-hoc networks, where end-to-end connectivity cannot be guaranteed and communications rely on the assumption that the nodes are willing tostore-carry-and-forward bundles in an opportunistic way. However, this assumption wouldbe easily violated due to the selfish nodes that are unwilling to consume precious wirelessresources by serving as bundle relays, which suffers from serious performance degradation.
To tackle this issue, we model the networks and attacks’ behaves, employ the tech-niques of identity based aggregate signature scheme and batch verification, and propose asecure user-centric and social-aware reputation based incentive scheme for DTNs. Differentfrom conventional reputation schemes which rely on neighboring nodes to monitor the trafficand keep tracks of each other’s reputation, our scheme allows a node to manage its reputa-tion evidence and demonstrate its reputation whenever necessary. Two concepts, self-checkand community-check, are defined for reputation evaluation according to the candidate’sforwarding competency and the sufficiency of the evidence shown by the node itself, andfor speeding up reputation establishment and forming consensus views towards targets in thesame community, respectively. Extensive performance analysis based on epidemic modeland simulations are given to demonstrate the effectiveness and efficiency of the proposedscheme.
We also propose a novel user-centric reputation based incentive protocol for DTNs,which allows a node to manage its reputation evidence. Through short signature and batch verification in the reputation ticket generation and verification, it achieves to reduce the com-munication overhead and computation overhead. To achieve the cooperation and the fairnessrequirements in the bundle forwarding, we define a game-theoretic framework to designreasonable costs and reward parameters, which leads to a Perfect Bayesian Equilibrium.Performance simulations are given to show the effectiveness and efficiency.
(4) This thesis focuses on the security and privacy issues of cloud computing andproposed secure and privacy preserving protocol in cloud computing by taking the multi-message signature techniques.
Cloud computing emerges as a new computing paradigm in which security and privacyissues have been widespread concerned in academia and industry. In the thesis, we take bothcloud storage security and computation security into consideration and propose the definitionof uncheatable and privacy cheating discourage. We construct an identity based designatedverifier signature scheme to achieve cloud storage security and privacy cheating discourage-ment. To improve the efficiency of cloud storage security, different users’ requests can beconcurrently handled through the batch verification technique. From the computation securi-ty aspect, we build Merkle hash tree to make commitments on the computing results and findthe cheating behaves through probabilistic sampling technique. To minimize the auditingcost, detailed analysis is given to obtain an optimal sampling size. By testing the overheadand performance of the proposed scheme in the simulation environment, the experiment re-sults demonstrate that it is indeed a viable, lightweight solution for secure storage, securecomputation and privacy preserving in the cloud computing.
In summary, this thesis focuses on both the theory and application of the multi-messagesignature and its variations. The proposed cryptographic schemes and application proto-cols not only deserve deep research in theory, but also have further application values forengineering in practical.
引文
[1] C. E. Shannon. Communication Theory of Secrecy Systems. Bell System Rechnical Journal,28(4):656–715,1949.
[2] National Bureau of Standards. Data Encryption Standard. Fips-pub.46, National Bureau of Stan-dards, Department of Commerce, U.S., Washington D. C., January1977.
[3] J. Daemen and V. Rijmen. AES proposal: Rijndael. Technical report, National Instititute of Stan-dards and Technology (NIST), October1998.
[4] W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on InformationTheory,22(6):644–654,1976.
[5] RL Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-keycryptosystems. Communications of the ACM,21(2):126,1978.
[6] M. O. Rabin. Digitalized signatures and public-key functions as intractable as factorization. Tech-nical report, Cambridge, MA, USA,1979.
[7] T. ELGAMAL. A public key cryptosystem and a signature scheme based on the discrete logarithm.IEEE Transactions on Information theory,31(04):469–472,1985.
[8] C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology,4(3):161–174,1991.
[9] National Instititute of Standards and Technology (NIST). Digital signature standard. Technicalreport, Federal Information Processing Standards Publication186,1994.
[10] L. M. Kohnfelder. Towards a practical public-key cryptosystem. PhD thesis, Massachusetts Insti-tute of Technology,1978.
[11] A. Shamir. Identity-based cryptosystems and signature schemes. In4th International CryptologyConference (CRYPTO’84), Santa Barbara, California, USA, August19-22,1984.
[12] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM Journal onComputing,32(3):586–615,2003.
[13] K. Ashton. That‘internet of things’thing. RFID Journal,22:97–114,2009.
[14] M. Armbrust, A. Fox, R. Griffith, et al. A view of cloud computing. Communications of the ACM,53(4):50–58,2010.
[15] L. Zhang, D. Estrin, J. Burke, et al. Named data networking (NDN) project. Technical report,PARC, Tech. Report NDN-0001, October31,2010.
[16] Zhenfu Cao. New Directions of Modern Cryptography. CRC Press,2012.
[17] K. Itakura and K. Nakamura. A public-key cryptosystem suitable for digital multisignatures. NECresearch and development,(71):1–8,1983.
[18] K. Ohta and T. Okamoto. A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme.In International Conference on the Theory and Applications of Cryptology (ASIACRYPT’91), Fu-jiyoshida, Japan, November11-14,1991.
[19] L. Harn. Group-oriented (t, n) threshold digital signature scheme anddigital multisignature. IEEProceedings-Computers and Digital Techniques,141(5):307–313,1994.
[20] C. Li, T. Hwang, and N. Lee. Threshold-Multisignature Schemes where Suspected Forgery ImpliesTraceability of Adversarial Shareholders. In12th Annual International Conference on the Theoryand Application of Cryptographic Techniques (EUROCRYPT’94), Perugia, Italy, May9-12,1994.
[21] M. Michels and P. Horster. On the Risk of Disruption in Several Multiparty Signature Schemes. InInternational Conference on the Theory and Applications of Cryptology and Information Security(ASIACRYPT’96), Kyongju, Korea, November3-7,1996.
[22] K. Ohta and T. Okamoto. Multi-signature schemes secure against active insider attacks. IE-ICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences,82(1):21–31,1999.
[23] S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures: extended abstract. In8th ACM Conference on Computer and Communications Security (CCS’01), Philadelphia, Penn-sylvania, USA, November6-8,2001.
[24] R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509public key infrastructure certificate andcertificate revocation list (CRL) profile,2002.
[25] J. Schaad. Internet X.509public key infrastructure certificate request message format (CRMF).Technical report, RFC4211, September2005.
[26] A. Boldyreva. Efficient threshold signature, multisignature, and blind signature schemes based onthe gap-Diffie-Hellman-group signature scheme. In6th International Workshop on Theory andPractice in Public Key Cryptography (PKC’03), Miami, USA, January6-8,2003.
[27] S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. Sequential aggregate signatures andmultisignatures without random oracles. In25th Annual International Conference on the Theoryand Applications of Cryptographic Techniques (EUROCRYPT’06), Saint Petersburg, Russia, May28-June1,2006.
[28] M. Bellare and G. Neven. Multi-signatures in the plain public-Key model and a general forkinglemma. In13th ACM conference on Computer and communications security (CCS’06), Alexandria,USA, October30-November3,2006.
[29] D. Pointcheval and J. Stern. Security proofs for signature schemes. In14th Annual Internation-al Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’96),1996.
[30] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journalof cryptology,13(3):361–396,2000.
[31] A. Bagherzandi, J.H. Cheon, and S. Jarecki. Multisignatures secure under the discrete logarithmassumption and a generalized forking lemma. In15th ACM conference on Computer and commu-nications security (CCS’08), Alexandria, USA, October27-31,2009.
[32] C. Ma, J. Weng, Y. Li, and R. Deng. Efficient discrete logarithm based multi-signature scheme inthe plain public key model. Designs, Codes and Cryptography,54(2):121–133,2010.
[33] D.P. Le, A. Bonnecaze, and A. Gabillon. Multisignatures as Secure as the Diffie-Hellman Problemin the Plain Public-Key Model. In3rd International Conference on Pairing-Based Cryptography(Pairing’09),2009.
[34] S. Micali and L. Reyzin. Improving the exact security of digital signature schemes. Journal ofCryptology,15(1):1–18,2002.
[35] J. Katz and N. Wang. Efficiency improvements for signature schemes with tight security reduc-tions. In Conference on Computer and Communications Security: Proceedings of the10th ACMconference on Computer and communications security,2003.
[36] L.C. Guillou and J.J. Quisquater. A Paradoxical Indentity-Based Signature Scheme Resulting fromZero-Knowledge. In8th Annual International Cryptology Conference (CRYPTO’88),1988.
[37] C. C. Chang, I. C. Lin, and K. Y. Lam. An ID-based multisignature scheme without reblocking andpredetermined signing order. Computer Standards&Interfaces,27(4):407–413,2005.
[38] D. Galindo, J. Herranz, and E. Kiltz. On the generic construction of identity-based signatureswith additional properties. In12th International Conference on the Theory and Application ofCryptology and Information Security (ASIACRYPT’06), Shanghai, China, December3-7,2006.
[39] C. Gentry and Z. Ramzan. Identity-based aggregate signatures. In9th International Conference onTheory and Practice of Public-Key Cryptography (PKC’06), New York, USA, April24-26,2006.
[40] T. Meng, X. Zhang, and S. Sun. An ID-based Multi-signature Scheme. In Intelligent InformationHiding and Multimedia Signal Processing,2007. IIHMSP2007. Third International Conferenceon, volume2,2007.
[41] M. Bellare and G. Neven. Identity-Based Multi-signatures from RSA. In the Cryptographers’Track at the RSA Conference2007(CT-RSA’07), San Francisco, USA, February5-9,2007.
[42] A. Bagherzandi and S. Jarecki. Identity-Based Aggregate and Multi-Signature Schemes Basedon RSA. In13th International Conference on Practice and Theory in Public Key Cryptography(PKC’10), Paris, France, May26-28,2010.
[43] Z. Chai, Z. Cao, and X. Dong. Identity-based signature scheme based on quadratic residues. Sci-ence in China Series F: Information Sciences,50(3):373–380,2007.
[44] D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity-Based Encryption Without RandomOracles. In International Conference on the Theory and Applications of Cryptographic Techniques(EUROCRYPT’04), Interlaken, Switzerland, May2-6,2004.
[45] B. Waters. Efficient identity-based encryption without random oracles. In24th Annual Internation-al Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’05),2005.
[46] C. Gentry. Practical Identity-Based Encryption Without Random Oracles. In24th Annual Inter-national Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYP-T’06), St. Petersburg, Russia, May28-June1,2006.
[47] A. Boldyreva, C. Gentry, A. O’Neill, and D.H. Yum. Ordered multisignatures and identity-basedsequential aggregate signatures, with applications to secure routing. In14th ACM conference onComputer and communications security (CCS’07), Alexandria, USA, Oct.29-Nov.2,2007.
[48] M. Burmester, Y. Desmedt, H. Doi, M. Mambo, E. Okamoto, M. Tada, and Y. Yoshifuji. A struc-tured ElGamal-type multisignature scheme. Lecture Notes in Computer Science,1751:466–484,2000.
[49] L. Harn, CY Lin, and TC Wu. Structured multisignature algorithms. IEE Proceedings-Computersand Digital Techniques,151(3):231–234,2004.
[50] M. Tada. An order-specified multisignature scheme secure against active insider attacks. Informa-tion Security and Privacy, pages57–106,2002.
[51] A. Fiat. Batch RSA. Journal of Cryptology,10(2):75–88,1997.
[52] D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signaturesfrom bilinear maps. In26th Annual International Conference on the Theory and Applications ofCryptographic Techniques (EUROCRYPT’03), Warsaw, Poland, May4-8,2003.
[53] D.AZTEC. New technical trends in asymmetric cryptography. Technical report, ECRYPT: Euro-pean Network of Excellence in Cryptology, February2007.
[54] D. Boneh and H. Shacham. Fast variants of RSA. CryptoBytes (RSA Laboratories),5:1–9,2002.
[55] M. Beller and Y. Yacobi. Batch Diffie-Hellman key agreement systems and their application toportable communications. In11th Annual International Conference on the Theory and Applicationsof Cryptographic Techniques (EUROCRYPT’92),1992.
[56] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. Journal of Cryptology,17(4):297–319,2004.
[57] M. Bellare, C. Namprempre, and G. Neven. Unrestricted Aggregate Signatures. In34th Interna-tional Colloquium on Automata, Languages and Programming (ICALP’07), Wroclaw, Poland, July9-13,2007.
[58] L. Zhang and F. Zhang. A new certificateless aggregate signature scheme. Computer Communica-tions,32(6):1079–1085,2009.
[59] A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. Sequential Aggregate Signatures fromTrapdoor Permutations. In23th Annual International Conference on the Theory and Applicationsof Cryptographic Techniques (EUROCRYPT’04), Interlaken, Switzerland, May2-6,2004.
[60] Y. Mu, W. Susilo, and H. Zhu. Compact sequential aggregate signatures. In Proceedings of the2007ACM symposium on Applied computing, page253. ACM,2007.
[61] G. Neven. Efficient sequential aggregate signed data. In27th Annual International Conferenceon the Theory and Applications of Cryptographic Techniques (EUROCRYPT’08), Istanbul, Turkey,April13-17,2008.
[62] J.K. Liu, J. Baek, and J. Zhou. Certificate-based sequential aggregate signature. In Proceedings ofthe second ACM conference on Wireless network security, pages21–28. ACM,2009.
[63] J.Y. Hwang, D.H. Lee, and M. Yung. Universal forgery of the identity-based sequential aggregatesignature scheme. In Proceedings of the4th International Symposium on Information, Computer,and Communications Security, pages157–160. ACM,2009.
[64] J. Camenisch, S. Hohenberger, and M.O. Pedersen. Batch Verification of Short Signatures. In26thannual international conference on Advances in Cryptology (EUROCRYPT’07), Barcelona, Spain,May20-24,2007.
[65] A.L. Ferrara, M. Green, S. Hohenberger, et al. Practical Short Signature Batch Verification. InProceedings of the The Cryptographers’ Track at the RSA Conference2009on Topics in Cryptology(CT-RSA’09), San Francisco, USA, April20-24,2009.
[66] B.J. Matt. Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures. InProceedings of the12th International Conference on Practice and Theory in Public Key Cryptog-raphy (PKC’09), Irvine, CA, USA, March18-20,2009.
[67] F. Qi, W. Jia, F. Bao, and Y. Wu. Batching SSL/TLS Handshake Improved. Information andCommunications Security, pages402–413,2005.
[68] A.C. Yao. Theory and application of trapdoor functions. In23rd Annual Symposium on Founda-tions of Computer Science, pages80–91,1982.
[69] S. Goldwasser and S. Micali. Probabilistic encryption. Journal of computer and system sciences,28(2):270–299,1984.
[70] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signatureproblems. In6th Annual International Cryptology Conference (CRYPTO’86),1986.
[71] M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficientprotocols. In Proceedings of the1st ACM conference on Computer and communications security,pages62–73. ACM,1993.
[72] W. Mao. Modern Cryptography: Theory and Practice. Prentice Hall PTR,2003.
[73] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of theACM (JACM),51(4):557–594,2004.
[74] R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive cho-sen ciphertext attack. In18th Annual International Cryptology Conference (CRYPTO’98),1998.
[75] S. Goldwasser, S. Micali, and R.L. Rivest. A digital signature scheme secure against adaptivechosen-message attacks. SIAM Journal on Computing,17:281,1988.
[76] C. Castelluccia, S. Jarecki, J. Kim, and G. Tsudik. A robust multisignature scheme with application-s to acknowledgement aggregation. In4th International Conference on Security in CommunicationNetworks (SCN’04), Amalfi, Italy, September8-10,2004.
[77] J.H. Ahn, M. Green, and S. Hohenberger. Synchronized aggregate signatures: new definitions,constructions and applications. In17th ACM conference on Computer and communications security(CCS’10), Chicago, USA, October4-8,2010.
[78] H.C. Hsiao, A. Studer, C. Chen, et al. Flooding-resilient broadcast authentication for vanets. In17th annual international conference on Mobile computing and networking (MOBICOM’11), LasVegas, USA, September20-22,2011.
[79] Kenneth C. Barr and Krste Asanovic′. Energy-aware lossless data compression. ACM Trans. Com-put. Syst.,24(3):250–291,2006.
[80] N. Koblitz. Elliptic curve cryptosystems. Mathematics of computation,48(177):203–209,1987.
[81] K. Kawauchi and M. Tada. On the exact security of multi-signature schemes based on RSA. In8thAustralasian Conference on Information Security and Privacy (ACISP’03), Wollongong, Australia,July9-11,2003.
[82] C. Cocks. An identity based encryption scheme based on quadratic residues. Cryptography andCoding,2260:360–363,2001.
[83] V. Shoup. A computational introduction to number theory and algebra. Cambridge Univ Press,2009.
[84] M. Abdalla and L. Reyzin. A new forward-secure digital signature scheme. In6th InternationalConference on the Theory and Application of Cryptology and Information Security (ASIACRYP-T’00), Kyoto, Japan, December3-7,2000.
[85] J.S. Coron. On the Exact Security of Full Domain Hash. In20th Annual International CryptologyConference (CRYPTO’00), Santa Barbara, California, USA, August20-24,2000.
[86] D. Xing, Z. Cao, and X. Dong. Identity based signature scheme based on cubic residues. SCIENCECHINA Information Sciences,54(10):2001–2012,2011.
[87] M. Yang, F. Hong, J. Li, et al. Secure Threshold Order-Specified Multi-signature Scheme inMANET. In International Conference on Computational Intelligence and Security,2006.
[88] H. Qian and S. Xu. Non-interactive multisignatures in the plain public-key model with efficientverification. Information Processing Letters,111(2):82–89,2010.
[89] K. Fall and S. Farrell. DTN: an architectural retrospective. IEEE Journal on Selected Areas inCommunications,26(5):828–836,2008.
[90] X. Dong, L. Wei, H. Zhu, Z. Cao, and L. Wang. EP2DF: An Efficient Privacy Preserving Da-ta Forwarding Scheme for Service-oriented Vehicular Ad Hoc Networks. IEEE Transactions onVehicular Technology,60(2):580–591,2011.
[91] Y. Zhou, H. Qian, and X. Li. Non-interactive cdh-based multisignature scheme in the plain publickey model with tighter security. pages341–354, Xi’an, China, October26-29,2011. Springer.
[92] H. Zhu, X. Lin, R. Lu, et al. SMART: A Secure Multilayer Credit-Based Incentive Scheme forDelay-Tolerant Networks. IEEE Transactions on Vehicular Technology,58(8):4628–4639,2009.
[93] B.B. Chen and M.C. Chan. MobiCent: a Credit-Based Incentive System for Disruption TolerantNetwork. In29th IEEE Conference on Computer Communications (INFOCOM’10), San Diego,USA, March2010.
[94] R. Lu, X. Lin, H. Zhu, et al. Pi: a practical incentive protocol for delay tolerant networks. IEEETrans. on Wireless Communications,9(4):1483–1493,2010.
[95] T. Ning, Z. Yang, X. Xie, et al. Incentive-aware data dissemination in delay-tolerant mobile net-works. In8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad HocCommunications and Networks (SECON’11), Salt Lake City, USA, June2011.
[96] Y. Cui, H. Wang, and X. Cheng. Multi-hop access pricing in public area wlans. In30th IEEEConference on Computer Communications (INFOCOM’11), pages2678–2686, Shanghai, China,April2011.
[97] C. Zhang, X. Zhu, Y. Song, et al. C4: A new paradigm for providing incentives in multi-hop wire-less networks. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai,China, April2011.
[98] M. E. Mahmoud and X. Shen. ESIP: Secure Incentive Protocol with Limited Use of Public-KeyCryptography for Multi-hop Wireless Networks. IEEE Trans. on Mobile Computing,10(7):997–1010,2011.
[99] U. Shevade, H. Song, L. Qiu, and Y. Zhang. Incentive-Aware Routing in DTNs. In the6th IEEEInternational Conference on Network Protocols (ICNP’08), Orlando, Florida, USA, October,2008.
[100] S. Marti, T.J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc net-works. In the6th annual international conference on Mobile computing and networking (MOBI-COM’00), Boston, MA, USA, August,2000.
[101] A. Josang and R. Ismail. The beta reputation system. In Proceedings of the15th Bled ElectronicCommerce Conference, pages324–337,2002.
[102] P. Michiardi and R. Molva. Core: a collaborative reputation mechanism to enforce node coop-eration in mobile ad hoc networks. In Sixth Joint Working Conference on Communications andMultimedia Security, Portorozˇ, Slovenia, September2002.
[103] S. Bansal and M. Baker. Observation-based cooperation enforcement in ad hoc networks. Arxivpreprint cs/0307012,2003.
[104] Q. He, D. Wu, and P. Khosla. SORI: A Secure and Objective Reputation-based Incentive Schemefor Ad hoc Networks. In IEEE Wireless Communications and Networking Conference (WCNC’04),2004.
[105] T. Anantvalee and J. Wu. Reputation-based system for encouraging the cooperation of nodes inmobile ad hoc networks. In IEEE International Conference on Communications (ICC’07), SECC,Glasgow, Scotland, June2007.
[106] A. Josang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online serviceprovision. Decision Support Systems,43(2):618–644,2007.
[107] N. Li and S.K. Das. RADON: reputation-assisted data forwarding in opportunistic networks. InProceedings of the Second International Workshop on Mobile Opportunistic Networking (MobiOp-p’10), Pisa, Italy, February2010.
[108] A. Mei and J. Stefa. Give2get: Forwarding in social mobile wireless networks of selfish individuals.In30th International Conference on Distributed Computing Systems (ICDCS’10), Genova, Italy,June2010.
[109] Q. Li, S. Zhu, and G. Cao. Routing in socially selfish delay tolerant networks. In29th IEEEConference on Computer Communications (INFOCOM’10), San Diego, USA, March2010.
[110] L. Wei, H. Zhu, Z. Cao, and X. Shen. Mobiid: A user-centric and social-aware reputation basedincentive scheme for delay/disruption tolerant networks. In The10th International Conference onAd Hoc Networks and Wireless (ADHOC-NOW’11), Paderborn, Germany, July2011.
[111] Z. Li and H. Shen. A hierarchical account-aided reputation management system for large-scalemanets. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai, Chi-na, April2011.
[112] F. Li, Y. Yang, and J. Wu. CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks. In29th IEEE Conference on Computer Communications (INFOCOM’10),San Diego, USA, March2010.
[113] U. Von Luxburg. A tutorial on spectral clustering. Statistics and Computing,17(4):395–416,2007.
[114] M. Mahmoud and X.S. Shen. An integrated stimulation and punishment mechanism for thwartingpacket dropping attack in multihop wireless networks. IEEE Transactions on Vehicular Technology,60(8):3947–3962,2011.
[115] J. C. Cha and J. H. Cheon. An identity-based signature from gap Diffie-Hellman groups. In6thInternational Workshop on Theory and Practice in Public Key Cryptography (PKC’03), Miami,Florida, USA, January6-8,2003.
[116] G. Shafer. A mathematical theory of evidence. Princeton university press Princeton, NJ,1976.
[117] V. Capasso. Mathematical structures of epidemic systems. Springer Verlag,1993.
[118] B. Lynn. The Pairing-Based Cryptography Library (PBC). http://crypto.stanford.edu/pbc/.
[119] A. Kera¨nen, J. Ott, and T. Ka¨rkka¨inen. The ONE Simulator for DTN Protocol Evaluation. In the2nd International Conference on Simulation Tools and Techniques (SIMUTools’09),2009.
[120] H. Takabi, J.B.D. Joshi, and G.J. Ahn. Security and privacy challenges in cloud computing envi-ronments. IEEE Security&Privacy,8(6):24–31,2010.
[121] M. Castro and B. Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Trans-action on Computer Systems,20(4):398–461,2002.
[122] C. Wang, Q. Wang, K. Ren, and W. Lou. Privacy-Preserving Public Auditing for Data StorageSecurity in Cloud Computing. In29th IEEE Conference on Computer Communications (INFO-COM’10), San Diego, California, USA, March14-19,2010.
[123] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. Enabling public verifiability and data dynamicsfor storage security in cloud computing. In14th European Symposium on Research in ComputerSecurity (ESORICS’09), Saint Malo, France, September21-23,2009.
[124] G. Karame, M. Strasser, and S. Capkun. Secure Remote Execution of Sequential Computations. In11th International Conference on Information and Communications Security (ICICS’09), Beijing,China, December14-17,2009.
[125] W. Itani, A. I. Kayssi, and A. Chehab. Privacy as a service: Privacy-aware data storage and process-ing in cloud computing architectures. In8th International Conference on Dependable, Autonomicand Secure Computing (DASC’09), Chengdu, China, December12-14,2009.
[126] Siani Pearson, Yun Shen, and Miranda Mowbray. A privacy manager for cloud computing. In FirstInternational Conference (CloudCom’09), Beijing, China, December1-4,2009.
[127] W. Du, J. Jia, M. Mangal, and M. Murugesan. Uncheatable Grid Computing. In Proceedings of the24th International Conference on Distributed Computing Systems (ICDCS’04), Hachioji, Tokyo,Japan, March24-26,2004.
[128] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provabledata possession at untrusted stores. In Proceedings of the14th ACM conference on Computer andcommunications security (CCS’07), Alexandria, Virginia, USA, October28-31,2007.
[129] G. Ateniese, R. Di Pietro, L.V. Mancini, and G. Tsudik. Scalable and efficient provable data posses-sion. In Proceedings of the4th international conference on Security and privacy in communicationnetowrks, Istanbul, Turkey, September22-26,2008.
[130] A. Juels and B.S. Kaliski Jr. PORs: Proofs of retrievability for large files. In Proceedings of the14th ACM conference on Computer and communications security (CCS’07), Alexandria, Virginia,USA, October28-31,2007.
[131] R. Merkle. Protocols for public key cryptosystems. In IEEE Symposium on Security and Privacy,Oakland, California, USA, April,1980.
[132] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. InProceedings of the16th ACM conference on Computer and communications security (CCS’09),Chicago, Illinois, USA, November9-13,2009.
[133] P. Golle and I. Mironov. Uncheatable distributed computations. In The Cryptographers’ Track atRSA Conference2001, San Francisco, CA, USA, April8-12,2001.
[134] F. Monrose, P. Wyckoff, and A. Rubin. Distributed execution with remote audit. In Proceedings ofthe Network and Distributed Systems Security Symposium (NDSS’99), San Diego, USA,1999.
[135] L. Wei, H. Zhu, Z. Cao, W. Jia, and A.V. Vasilakos. Seccloud: Bridging secure storage and com-putation in cloud. In30th International Conference on Distributed Computing Systems Workshops(ICDCSW’10), Genova, Italy, June21-25,2010.
[136] R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing com-putation to untrusted workers. In30th International Cryptology Conference (CRYPTO’10), SantaBarbara, California, USA, August15-19,2010.
[137] R. Canetti, B. Riva, and G. Rothblum. Verifiable computation with two or more clouds. In Work-shop on Cryptography and Security in Clouds, Zurich, Switzerland, March15-16,2011.
[138] A.R. Sadeghi, T. Schneider, and M. Winandy. Token-based cloud computing: Secure outsourcingof data and arbitrary computations with lower latency. In Trust and Trustworthy Computing, Berlin,Germany, June21-23,2010.
[139] J. Zhang and J. Mao. A novel ID-based designated verifier signature scheme. Information sciences,178(3):766–773,2008.
[140] B. Kang, C. Boyd, and E. Dawson. A novel identity-based strong designated verifier signaturescheme. Journal of Systems&Software,82(2):270–273,2009.
[141] J. Dean and S. Ghemawat. MapReduce: Simplified Data Processing on Large Clusters. Communi-cations of the ACM,51(1):107–113,2008.
[142] A. Bialecki, M. Cafarella, D. Cutting, et al. Hadoop: a framework for running applications on largeclusters built of commodity hardware. http://lucene. apache. org/hadoop,2005.
[143] C. Wang, K. Ren, and J. Wang. Secure and practical outsourcing of linear programming in cloudcomputing. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai,China, April11-15,2011.
[144] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In15th Annual International Conference on the Theory and Application of Cryptographic Techniques(EUROCRYPT’96), Zaragoza, Spain, May12-16,1996.
[145] Angelo De Caro. jpbc-java pairing-based cryptography library (technique report), December282010.
[146] How30+enterprises are using hadoop (technique report), October102009. http://www.dbms2.com/2009/10/10/enterprises-using-hadoo/.
[2] National Bureau of Standards. Data Encryption Standard. Fips-pub.46, National Bureau of Stan-dards, Department of Commerce, U.S., Washington D. C., January1977.
[3] J. Daemen and V. Rijmen. AES proposal: Rijndael. Technical report, National Instititute of Stan-dards and Technology (NIST), October1998.
[4] W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on InformationTheory,22(6):644–654,1976.
[5] RL Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-keycryptosystems. Communications of the ACM,21(2):126,1978.
[6] M. O. Rabin. Digitalized signatures and public-key functions as intractable as factorization. Tech-nical report, Cambridge, MA, USA,1979.
[7] T. ELGAMAL. A public key cryptosystem and a signature scheme based on the discrete logarithm.IEEE Transactions on Information theory,31(04):469–472,1985.
[8] C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology,4(3):161–174,1991.
[9] National Instititute of Standards and Technology (NIST). Digital signature standard. Technicalreport, Federal Information Processing Standards Publication186,1994.
[10] L. M. Kohnfelder. Towards a practical public-key cryptosystem. PhD thesis, Massachusetts Insti-tute of Technology,1978.
[11] A. Shamir. Identity-based cryptosystems and signature schemes. In4th International CryptologyConference (CRYPTO’84), Santa Barbara, California, USA, August19-22,1984.
[12] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM Journal onComputing,32(3):586–615,2003.
[13] K. Ashton. That‘internet of things’thing. RFID Journal,22:97–114,2009.
[14] M. Armbrust, A. Fox, R. Griffith, et al. A view of cloud computing. Communications of the ACM,53(4):50–58,2010.
[15] L. Zhang, D. Estrin, J. Burke, et al. Named data networking (NDN) project. Technical report,PARC, Tech. Report NDN-0001, October31,2010.
[16] Zhenfu Cao. New Directions of Modern Cryptography. CRC Press,2012.
[17] K. Itakura and K. Nakamura. A public-key cryptosystem suitable for digital multisignatures. NECresearch and development,(71):1–8,1983.
[18] K. Ohta and T. Okamoto. A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme.In International Conference on the Theory and Applications of Cryptology (ASIACRYPT’91), Fu-jiyoshida, Japan, November11-14,1991.
[19] L. Harn. Group-oriented (t, n) threshold digital signature scheme anddigital multisignature. IEEProceedings-Computers and Digital Techniques,141(5):307–313,1994.
[20] C. Li, T. Hwang, and N. Lee. Threshold-Multisignature Schemes where Suspected Forgery ImpliesTraceability of Adversarial Shareholders. In12th Annual International Conference on the Theoryand Application of Cryptographic Techniques (EUROCRYPT’94), Perugia, Italy, May9-12,1994.
[21] M. Michels and P. Horster. On the Risk of Disruption in Several Multiparty Signature Schemes. InInternational Conference on the Theory and Applications of Cryptology and Information Security(ASIACRYPT’96), Kyongju, Korea, November3-7,1996.
[22] K. Ohta and T. Okamoto. Multi-signature schemes secure against active insider attacks. IE-ICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences,82(1):21–31,1999.
[23] S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures: extended abstract. In8th ACM Conference on Computer and Communications Security (CCS’01), Philadelphia, Penn-sylvania, USA, November6-8,2001.
[24] R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509public key infrastructure certificate andcertificate revocation list (CRL) profile,2002.
[25] J. Schaad. Internet X.509public key infrastructure certificate request message format (CRMF).Technical report, RFC4211, September2005.
[26] A. Boldyreva. Efficient threshold signature, multisignature, and blind signature schemes based onthe gap-Diffie-Hellman-group signature scheme. In6th International Workshop on Theory andPractice in Public Key Cryptography (PKC’03), Miami, USA, January6-8,2003.
[27] S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. Sequential aggregate signatures andmultisignatures without random oracles. In25th Annual International Conference on the Theoryand Applications of Cryptographic Techniques (EUROCRYPT’06), Saint Petersburg, Russia, May28-June1,2006.
[28] M. Bellare and G. Neven. Multi-signatures in the plain public-Key model and a general forkinglemma. In13th ACM conference on Computer and communications security (CCS’06), Alexandria,USA, October30-November3,2006.
[29] D. Pointcheval and J. Stern. Security proofs for signature schemes. In14th Annual Internation-al Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’96),1996.
[30] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journalof cryptology,13(3):361–396,2000.
[31] A. Bagherzandi, J.H. Cheon, and S. Jarecki. Multisignatures secure under the discrete logarithmassumption and a generalized forking lemma. In15th ACM conference on Computer and commu-nications security (CCS’08), Alexandria, USA, October27-31,2009.
[32] C. Ma, J. Weng, Y. Li, and R. Deng. Efficient discrete logarithm based multi-signature scheme inthe plain public key model. Designs, Codes and Cryptography,54(2):121–133,2010.
[33] D.P. Le, A. Bonnecaze, and A. Gabillon. Multisignatures as Secure as the Diffie-Hellman Problemin the Plain Public-Key Model. In3rd International Conference on Pairing-Based Cryptography(Pairing’09),2009.
[34] S. Micali and L. Reyzin. Improving the exact security of digital signature schemes. Journal ofCryptology,15(1):1–18,2002.
[35] J. Katz and N. Wang. Efficiency improvements for signature schemes with tight security reduc-tions. In Conference on Computer and Communications Security: Proceedings of the10th ACMconference on Computer and communications security,2003.
[36] L.C. Guillou and J.J. Quisquater. A Paradoxical Indentity-Based Signature Scheme Resulting fromZero-Knowledge. In8th Annual International Cryptology Conference (CRYPTO’88),1988.
[37] C. C. Chang, I. C. Lin, and K. Y. Lam. An ID-based multisignature scheme without reblocking andpredetermined signing order. Computer Standards&Interfaces,27(4):407–413,2005.
[38] D. Galindo, J. Herranz, and E. Kiltz. On the generic construction of identity-based signatureswith additional properties. In12th International Conference on the Theory and Application ofCryptology and Information Security (ASIACRYPT’06), Shanghai, China, December3-7,2006.
[39] C. Gentry and Z. Ramzan. Identity-based aggregate signatures. In9th International Conference onTheory and Practice of Public-Key Cryptography (PKC’06), New York, USA, April24-26,2006.
[40] T. Meng, X. Zhang, and S. Sun. An ID-based Multi-signature Scheme. In Intelligent InformationHiding and Multimedia Signal Processing,2007. IIHMSP2007. Third International Conferenceon, volume2,2007.
[41] M. Bellare and G. Neven. Identity-Based Multi-signatures from RSA. In the Cryptographers’Track at the RSA Conference2007(CT-RSA’07), San Francisco, USA, February5-9,2007.
[42] A. Bagherzandi and S. Jarecki. Identity-Based Aggregate and Multi-Signature Schemes Basedon RSA. In13th International Conference on Practice and Theory in Public Key Cryptography(PKC’10), Paris, France, May26-28,2010.
[43] Z. Chai, Z. Cao, and X. Dong. Identity-based signature scheme based on quadratic residues. Sci-ence in China Series F: Information Sciences,50(3):373–380,2007.
[44] D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity-Based Encryption Without RandomOracles. In International Conference on the Theory and Applications of Cryptographic Techniques(EUROCRYPT’04), Interlaken, Switzerland, May2-6,2004.
[45] B. Waters. Efficient identity-based encryption without random oracles. In24th Annual Internation-al Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’05),2005.
[46] C. Gentry. Practical Identity-Based Encryption Without Random Oracles. In24th Annual Inter-national Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYP-T’06), St. Petersburg, Russia, May28-June1,2006.
[47] A. Boldyreva, C. Gentry, A. O’Neill, and D.H. Yum. Ordered multisignatures and identity-basedsequential aggregate signatures, with applications to secure routing. In14th ACM conference onComputer and communications security (CCS’07), Alexandria, USA, Oct.29-Nov.2,2007.
[48] M. Burmester, Y. Desmedt, H. Doi, M. Mambo, E. Okamoto, M. Tada, and Y. Yoshifuji. A struc-tured ElGamal-type multisignature scheme. Lecture Notes in Computer Science,1751:466–484,2000.
[49] L. Harn, CY Lin, and TC Wu. Structured multisignature algorithms. IEE Proceedings-Computersand Digital Techniques,151(3):231–234,2004.
[50] M. Tada. An order-specified multisignature scheme secure against active insider attacks. Informa-tion Security and Privacy, pages57–106,2002.
[51] A. Fiat. Batch RSA. Journal of Cryptology,10(2):75–88,1997.
[52] D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signaturesfrom bilinear maps. In26th Annual International Conference on the Theory and Applications ofCryptographic Techniques (EUROCRYPT’03), Warsaw, Poland, May4-8,2003.
[53] D.AZTEC. New technical trends in asymmetric cryptography. Technical report, ECRYPT: Euro-pean Network of Excellence in Cryptology, February2007.
[54] D. Boneh and H. Shacham. Fast variants of RSA. CryptoBytes (RSA Laboratories),5:1–9,2002.
[55] M. Beller and Y. Yacobi. Batch Diffie-Hellman key agreement systems and their application toportable communications. In11th Annual International Conference on the Theory and Applicationsof Cryptographic Techniques (EUROCRYPT’92),1992.
[56] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. Journal of Cryptology,17(4):297–319,2004.
[57] M. Bellare, C. Namprempre, and G. Neven. Unrestricted Aggregate Signatures. In34th Interna-tional Colloquium on Automata, Languages and Programming (ICALP’07), Wroclaw, Poland, July9-13,2007.
[58] L. Zhang and F. Zhang. A new certificateless aggregate signature scheme. Computer Communica-tions,32(6):1079–1085,2009.
[59] A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. Sequential Aggregate Signatures fromTrapdoor Permutations. In23th Annual International Conference on the Theory and Applicationsof Cryptographic Techniques (EUROCRYPT’04), Interlaken, Switzerland, May2-6,2004.
[60] Y. Mu, W. Susilo, and H. Zhu. Compact sequential aggregate signatures. In Proceedings of the2007ACM symposium on Applied computing, page253. ACM,2007.
[61] G. Neven. Efficient sequential aggregate signed data. In27th Annual International Conferenceon the Theory and Applications of Cryptographic Techniques (EUROCRYPT’08), Istanbul, Turkey,April13-17,2008.
[62] J.K. Liu, J. Baek, and J. Zhou. Certificate-based sequential aggregate signature. In Proceedings ofthe second ACM conference on Wireless network security, pages21–28. ACM,2009.
[63] J.Y. Hwang, D.H. Lee, and M. Yung. Universal forgery of the identity-based sequential aggregatesignature scheme. In Proceedings of the4th International Symposium on Information, Computer,and Communications Security, pages157–160. ACM,2009.
[64] J. Camenisch, S. Hohenberger, and M.O. Pedersen. Batch Verification of Short Signatures. In26thannual international conference on Advances in Cryptology (EUROCRYPT’07), Barcelona, Spain,May20-24,2007.
[65] A.L. Ferrara, M. Green, S. Hohenberger, et al. Practical Short Signature Batch Verification. InProceedings of the The Cryptographers’ Track at the RSA Conference2009on Topics in Cryptology(CT-RSA’09), San Francisco, USA, April20-24,2009.
[66] B.J. Matt. Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures. InProceedings of the12th International Conference on Practice and Theory in Public Key Cryptog-raphy (PKC’09), Irvine, CA, USA, March18-20,2009.
[67] F. Qi, W. Jia, F. Bao, and Y. Wu. Batching SSL/TLS Handshake Improved. Information andCommunications Security, pages402–413,2005.
[68] A.C. Yao. Theory and application of trapdoor functions. In23rd Annual Symposium on Founda-tions of Computer Science, pages80–91,1982.
[69] S. Goldwasser and S. Micali. Probabilistic encryption. Journal of computer and system sciences,28(2):270–299,1984.
[70] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signatureproblems. In6th Annual International Cryptology Conference (CRYPTO’86),1986.
[71] M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficientprotocols. In Proceedings of the1st ACM conference on Computer and communications security,pages62–73. ACM,1993.
[72] W. Mao. Modern Cryptography: Theory and Practice. Prentice Hall PTR,2003.
[73] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of theACM (JACM),51(4):557–594,2004.
[74] R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive cho-sen ciphertext attack. In18th Annual International Cryptology Conference (CRYPTO’98),1998.
[75] S. Goldwasser, S. Micali, and R.L. Rivest. A digital signature scheme secure against adaptivechosen-message attacks. SIAM Journal on Computing,17:281,1988.
[76] C. Castelluccia, S. Jarecki, J. Kim, and G. Tsudik. A robust multisignature scheme with application-s to acknowledgement aggregation. In4th International Conference on Security in CommunicationNetworks (SCN’04), Amalfi, Italy, September8-10,2004.
[77] J.H. Ahn, M. Green, and S. Hohenberger. Synchronized aggregate signatures: new definitions,constructions and applications. In17th ACM conference on Computer and communications security(CCS’10), Chicago, USA, October4-8,2010.
[78] H.C. Hsiao, A. Studer, C. Chen, et al. Flooding-resilient broadcast authentication for vanets. In17th annual international conference on Mobile computing and networking (MOBICOM’11), LasVegas, USA, September20-22,2011.
[79] Kenneth C. Barr and Krste Asanovic′. Energy-aware lossless data compression. ACM Trans. Com-put. Syst.,24(3):250–291,2006.
[80] N. Koblitz. Elliptic curve cryptosystems. Mathematics of computation,48(177):203–209,1987.
[81] K. Kawauchi and M. Tada. On the exact security of multi-signature schemes based on RSA. In8thAustralasian Conference on Information Security and Privacy (ACISP’03), Wollongong, Australia,July9-11,2003.
[82] C. Cocks. An identity based encryption scheme based on quadratic residues. Cryptography andCoding,2260:360–363,2001.
[83] V. Shoup. A computational introduction to number theory and algebra. Cambridge Univ Press,2009.
[84] M. Abdalla and L. Reyzin. A new forward-secure digital signature scheme. In6th InternationalConference on the Theory and Application of Cryptology and Information Security (ASIACRYP-T’00), Kyoto, Japan, December3-7,2000.
[85] J.S. Coron. On the Exact Security of Full Domain Hash. In20th Annual International CryptologyConference (CRYPTO’00), Santa Barbara, California, USA, August20-24,2000.
[86] D. Xing, Z. Cao, and X. Dong. Identity based signature scheme based on cubic residues. SCIENCECHINA Information Sciences,54(10):2001–2012,2011.
[87] M. Yang, F. Hong, J. Li, et al. Secure Threshold Order-Specified Multi-signature Scheme inMANET. In International Conference on Computational Intelligence and Security,2006.
[88] H. Qian and S. Xu. Non-interactive multisignatures in the plain public-key model with efficientverification. Information Processing Letters,111(2):82–89,2010.
[89] K. Fall and S. Farrell. DTN: an architectural retrospective. IEEE Journal on Selected Areas inCommunications,26(5):828–836,2008.
[90] X. Dong, L. Wei, H. Zhu, Z. Cao, and L. Wang. EP2DF: An Efficient Privacy Preserving Da-ta Forwarding Scheme for Service-oriented Vehicular Ad Hoc Networks. IEEE Transactions onVehicular Technology,60(2):580–591,2011.
[91] Y. Zhou, H. Qian, and X. Li. Non-interactive cdh-based multisignature scheme in the plain publickey model with tighter security. pages341–354, Xi’an, China, October26-29,2011. Springer.
[92] H. Zhu, X. Lin, R. Lu, et al. SMART: A Secure Multilayer Credit-Based Incentive Scheme forDelay-Tolerant Networks. IEEE Transactions on Vehicular Technology,58(8):4628–4639,2009.
[93] B.B. Chen and M.C. Chan. MobiCent: a Credit-Based Incentive System for Disruption TolerantNetwork. In29th IEEE Conference on Computer Communications (INFOCOM’10), San Diego,USA, March2010.
[94] R. Lu, X. Lin, H. Zhu, et al. Pi: a practical incentive protocol for delay tolerant networks. IEEETrans. on Wireless Communications,9(4):1483–1493,2010.
[95] T. Ning, Z. Yang, X. Xie, et al. Incentive-aware data dissemination in delay-tolerant mobile net-works. In8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad HocCommunications and Networks (SECON’11), Salt Lake City, USA, June2011.
[96] Y. Cui, H. Wang, and X. Cheng. Multi-hop access pricing in public area wlans. In30th IEEEConference on Computer Communications (INFOCOM’11), pages2678–2686, Shanghai, China,April2011.
[97] C. Zhang, X. Zhu, Y. Song, et al. C4: A new paradigm for providing incentives in multi-hop wire-less networks. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai,China, April2011.
[98] M. E. Mahmoud and X. Shen. ESIP: Secure Incentive Protocol with Limited Use of Public-KeyCryptography for Multi-hop Wireless Networks. IEEE Trans. on Mobile Computing,10(7):997–1010,2011.
[99] U. Shevade, H. Song, L. Qiu, and Y. Zhang. Incentive-Aware Routing in DTNs. In the6th IEEEInternational Conference on Network Protocols (ICNP’08), Orlando, Florida, USA, October,2008.
[100] S. Marti, T.J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc net-works. In the6th annual international conference on Mobile computing and networking (MOBI-COM’00), Boston, MA, USA, August,2000.
[101] A. Josang and R. Ismail. The beta reputation system. In Proceedings of the15th Bled ElectronicCommerce Conference, pages324–337,2002.
[102] P. Michiardi and R. Molva. Core: a collaborative reputation mechanism to enforce node coop-eration in mobile ad hoc networks. In Sixth Joint Working Conference on Communications andMultimedia Security, Portorozˇ, Slovenia, September2002.
[103] S. Bansal and M. Baker. Observation-based cooperation enforcement in ad hoc networks. Arxivpreprint cs/0307012,2003.
[104] Q. He, D. Wu, and P. Khosla. SORI: A Secure and Objective Reputation-based Incentive Schemefor Ad hoc Networks. In IEEE Wireless Communications and Networking Conference (WCNC’04),2004.
[105] T. Anantvalee and J. Wu. Reputation-based system for encouraging the cooperation of nodes inmobile ad hoc networks. In IEEE International Conference on Communications (ICC’07), SECC,Glasgow, Scotland, June2007.
[106] A. Josang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online serviceprovision. Decision Support Systems,43(2):618–644,2007.
[107] N. Li and S.K. Das. RADON: reputation-assisted data forwarding in opportunistic networks. InProceedings of the Second International Workshop on Mobile Opportunistic Networking (MobiOp-p’10), Pisa, Italy, February2010.
[108] A. Mei and J. Stefa. Give2get: Forwarding in social mobile wireless networks of selfish individuals.In30th International Conference on Distributed Computing Systems (ICDCS’10), Genova, Italy,June2010.
[109] Q. Li, S. Zhu, and G. Cao. Routing in socially selfish delay tolerant networks. In29th IEEEConference on Computer Communications (INFOCOM’10), San Diego, USA, March2010.
[110] L. Wei, H. Zhu, Z. Cao, and X. Shen. Mobiid: A user-centric and social-aware reputation basedincentive scheme for delay/disruption tolerant networks. In The10th International Conference onAd Hoc Networks and Wireless (ADHOC-NOW’11), Paderborn, Germany, July2011.
[111] Z. Li and H. Shen. A hierarchical account-aided reputation management system for large-scalemanets. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai, Chi-na, April2011.
[112] F. Li, Y. Yang, and J. Wu. CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks. In29th IEEE Conference on Computer Communications (INFOCOM’10),San Diego, USA, March2010.
[113] U. Von Luxburg. A tutorial on spectral clustering. Statistics and Computing,17(4):395–416,2007.
[114] M. Mahmoud and X.S. Shen. An integrated stimulation and punishment mechanism for thwartingpacket dropping attack in multihop wireless networks. IEEE Transactions on Vehicular Technology,60(8):3947–3962,2011.
[115] J. C. Cha and J. H. Cheon. An identity-based signature from gap Diffie-Hellman groups. In6thInternational Workshop on Theory and Practice in Public Key Cryptography (PKC’03), Miami,Florida, USA, January6-8,2003.
[116] G. Shafer. A mathematical theory of evidence. Princeton university press Princeton, NJ,1976.
[117] V. Capasso. Mathematical structures of epidemic systems. Springer Verlag,1993.
[118] B. Lynn. The Pairing-Based Cryptography Library (PBC). http://crypto.stanford.edu/pbc/.
[119] A. Kera¨nen, J. Ott, and T. Ka¨rkka¨inen. The ONE Simulator for DTN Protocol Evaluation. In the2nd International Conference on Simulation Tools and Techniques (SIMUTools’09),2009.
[120] H. Takabi, J.B.D. Joshi, and G.J. Ahn. Security and privacy challenges in cloud computing envi-ronments. IEEE Security&Privacy,8(6):24–31,2010.
[121] M. Castro and B. Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Trans-action on Computer Systems,20(4):398–461,2002.
[122] C. Wang, Q. Wang, K. Ren, and W. Lou. Privacy-Preserving Public Auditing for Data StorageSecurity in Cloud Computing. In29th IEEE Conference on Computer Communications (INFO-COM’10), San Diego, California, USA, March14-19,2010.
[123] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. Enabling public verifiability and data dynamicsfor storage security in cloud computing. In14th European Symposium on Research in ComputerSecurity (ESORICS’09), Saint Malo, France, September21-23,2009.
[124] G. Karame, M. Strasser, and S. Capkun. Secure Remote Execution of Sequential Computations. In11th International Conference on Information and Communications Security (ICICS’09), Beijing,China, December14-17,2009.
[125] W. Itani, A. I. Kayssi, and A. Chehab. Privacy as a service: Privacy-aware data storage and process-ing in cloud computing architectures. In8th International Conference on Dependable, Autonomicand Secure Computing (DASC’09), Chengdu, China, December12-14,2009.
[126] Siani Pearson, Yun Shen, and Miranda Mowbray. A privacy manager for cloud computing. In FirstInternational Conference (CloudCom’09), Beijing, China, December1-4,2009.
[127] W. Du, J. Jia, M. Mangal, and M. Murugesan. Uncheatable Grid Computing. In Proceedings of the24th International Conference on Distributed Computing Systems (ICDCS’04), Hachioji, Tokyo,Japan, March24-26,2004.
[128] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provabledata possession at untrusted stores. In Proceedings of the14th ACM conference on Computer andcommunications security (CCS’07), Alexandria, Virginia, USA, October28-31,2007.
[129] G. Ateniese, R. Di Pietro, L.V. Mancini, and G. Tsudik. Scalable and efficient provable data posses-sion. In Proceedings of the4th international conference on Security and privacy in communicationnetowrks, Istanbul, Turkey, September22-26,2008.
[130] A. Juels and B.S. Kaliski Jr. PORs: Proofs of retrievability for large files. In Proceedings of the14th ACM conference on Computer and communications security (CCS’07), Alexandria, Virginia,USA, October28-31,2007.
[131] R. Merkle. Protocols for public key cryptosystems. In IEEE Symposium on Security and Privacy,Oakland, California, USA, April,1980.
[132] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. InProceedings of the16th ACM conference on Computer and communications security (CCS’09),Chicago, Illinois, USA, November9-13,2009.
[133] P. Golle and I. Mironov. Uncheatable distributed computations. In The Cryptographers’ Track atRSA Conference2001, San Francisco, CA, USA, April8-12,2001.
[134] F. Monrose, P. Wyckoff, and A. Rubin. Distributed execution with remote audit. In Proceedings ofthe Network and Distributed Systems Security Symposium (NDSS’99), San Diego, USA,1999.
[135] L. Wei, H. Zhu, Z. Cao, W. Jia, and A.V. Vasilakos. Seccloud: Bridging secure storage and com-putation in cloud. In30th International Conference on Distributed Computing Systems Workshops(ICDCSW’10), Genova, Italy, June21-25,2010.
[136] R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing com-putation to untrusted workers. In30th International Cryptology Conference (CRYPTO’10), SantaBarbara, California, USA, August15-19,2010.
[137] R. Canetti, B. Riva, and G. Rothblum. Verifiable computation with two or more clouds. In Work-shop on Cryptography and Security in Clouds, Zurich, Switzerland, March15-16,2011.
[138] A.R. Sadeghi, T. Schneider, and M. Winandy. Token-based cloud computing: Secure outsourcingof data and arbitrary computations with lower latency. In Trust and Trustworthy Computing, Berlin,Germany, June21-23,2010.
[139] J. Zhang and J. Mao. A novel ID-based designated verifier signature scheme. Information sciences,178(3):766–773,2008.
[140] B. Kang, C. Boyd, and E. Dawson. A novel identity-based strong designated verifier signaturescheme. Journal of Systems&Software,82(2):270–273,2009.
[141] J. Dean and S. Ghemawat. MapReduce: Simplified Data Processing on Large Clusters. Communi-cations of the ACM,51(1):107–113,2008.
[142] A. Bialecki, M. Cafarella, D. Cutting, et al. Hadoop: a framework for running applications on largeclusters built of commodity hardware. http://lucene. apache. org/hadoop,2005.
[143] C. Wang, K. Ren, and J. Wang. Secure and practical outsourcing of linear programming in cloudcomputing. In30th IEEE Conference on Computer Communications (INFOCOM’11), Shanghai,China, April11-15,2011.
[144] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In15th Annual International Conference on the Theory and Application of Cryptographic Techniques(EUROCRYPT’96), Zaragoza, Spain, May12-16,1996.
[145] Angelo De Caro. jpbc-java pairing-based cryptography library (technique report), December282010.
[146] How30+enterprises are using hadoop (technique report), October102009. http://www.dbms2.com/2009/10/10/enterprises-using-hadoo/.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |