身份签名体制的研究
|
摘要
随着电子商务与电子政务的快速发展,信息安全的重要性与日俱增。这一方面给人类活动带来了巨大的便利和好处,另一方面又带来了前所未有的威胁。由于一些重要数据在网络上的传送,因此必须满足其保密性、完整性、真实性和不可抵赖性四大安全要求。数字签名在现实生活中扮演着越来越重要的角色,提出了越来越多的新需求。数字签名是认证系统的主要内容,它解决了如何远距离地、迅速地用电子签名代替传统的手写签名和印章的问题。
基于身份的签名是对普通数字签名的推广,不同之处在于:普通签名的公钥是随机的,其通过数字证书实现与用户身份的绑定。基于身份的签名体制中,签名公钥就是用户的身份信息,如身份ID、邮件地址。基于身份密码体系的概念和模型由Shamir于1984年首先提出。和传统的基于证书的密码体系相比,任何一对用户都可以安全地通讯,而不需要事先交换他们的公钥证书,不需要使用公钥字典,也不需要使用第三方的在线服务。
基于身份的签名作为一种特殊的数字签名体制,避免了复杂的证书管理,因此有着广泛的应用前景。然而,身份签名要真正在实际生活中得到应用,还有一些问题需要解决,如密钥托管(key escrow)、密钥更新/注销等重要问题。到目前为止,解决这这些问题的身份签名方案还尚存不足。
密钥托管是指将用户使用的私钥或者对称密钥实施集中产生和管理。对于签名私钥应用,密钥托管应该是避免的。但在基于身份的签名体制中,由于用户的私钥是由KGC(Key Generation Center)中心产生的,那么IBE(ID-BasedEncryption)系统中的用户私钥一开始就是密钥托管的。这意味着KGC能够伪造用户的签名,因此IBE方案不适于开放系统环境中的应用。一个具有挑战性的有待解决的问题是设计一个没有上面那种限制的基于身份的签名方案。本文在Hess身份签名方案的基础上提出三种改进方案以解决密钥托管问题,同时对这三种方案的性能、安全性进行了对比及分析证明。
盲签名体制是一个协议,包括两个实体:消息发送者和签名者。它允许发送者让签名者对给定的消息签名,并且没有泄露关于消息和消息签名的任何信息。1982年,Chaum首次提出盲签名概念。它可以完全保护用户的隐私权,因此盲签名技术在诸多电子现金方案中被广泛使用。基于身份的盲签名(IBBS)方案具有很大的吸引力,其优点在于用户的公钥就是他的身份。
出于公正、商业机密和保护用户隐私的动机,客观要求保密用户的身份和位置信息。信息安全和匿名业务的需求使得匿名技术的研究逐步深入。1980年初,Chaum开始注意到安全应用中匿名性的需求,并吸引了很多学者来研究和实现这一问题。本文将一种盲参数签名方案加以改进并与经典短签名方案(BLS)结合起来,提出一种可证身份的匿名ID签名方案。
在通常意义下,当Bob希望使用密码技术秘密向Alice发送一条消息时,他应该首先在他与Alice之间建立一条密钥信道。在传统的基于证书的密码体制下,可能是一条基于目录的密钥信道。在基于身份的密码体制中,密钥信道的建立是不必要的,即密钥协商具有非交互性的特点。一旦Bob和Alice注册了他们的基于身份的公钥以后,甚至不需要任何通信,他们就可以共享一条安全的密钥信道。这种特性使密钥共享协议具有信道开销低,可彻底杜绝在密钥协商过程对密钥的攻击。
在基于证书的密码体系中,由于密钥和用户证书绑定在一起,所以密钥更新/注销是通过证书更新/注销来实现的。而在IBE体制中,密钥更新/注销不能导致用户身份ID的变更,否则便失去了IBE体制的根本优势。因此基于证书的密码体制中所采用的算法和协议并不能直接移植到IBE体制中来。如何设计、实现一种基于IBE的密码体制,并能提供传统PKI体系的基本功能,如密钥发放、密钥更新、密钥注销、密钥恢复及系统的交叉认证等,并且能发挥IBE体制的独特优势,如无复杂的证书管理,通信信道的低开销等,已成为一项重要的研究工作。
本文的主要工作是对上述基于身份的签名体制及其相关应用进行了研究,取得的主要研究成果归纳如下:
1、研究了IBE密码体制中存在的密钥托管问题。针对HESS方案中存在的此安全问题提出了三种改进方案:方案Ⅰ、Ⅱ可完全解决密钥托管问题,方案Ⅲ部分解决密钥托管问题。最后对这三种改进方案做了性能对比及安全性分析证明。
2、研究了基于身份的盲签名体制。对一个盲参数签名方案进行改进并引入经典短签名方案(BLS)算法加以补充构建出可证身份的匿名ID签名方案。在该方案中,匿名用户可进行正常的签名操作,但其他成员甚至是KGC均不能识别出匿名用户的真实身份。当出现争议时,匿名用户可出具证据交由KGC进行验证以证明其真实身份的合法性。
3、研究了基于身份的密钥共享协议体制。对具有非交互特性的SOK密钥共享方案进行了分析并指出其存在已知密钥安全性、完全前向保密性等多个安全性问题。提出了两种改进方案:方案Ⅰ具备非交互特性并解决了SOK方案中的已知密钥安全性问题。方案Ⅱ为单轮交互密钥共享方案,解决了SOK方案及方案Ⅰ存在的完全前向保密性和密钥控制性安全问题。
4、提出两种基于生物特征信息的身份签名方案。方案Ⅰ使用签名者的生物特征信息来构造其私钥,实现了“密钥漫游”功能,并且私钥的存储不依赖于硬件载体,从根本上避免了私钥的损坏或丢失给签名者带来的损失与不便。方案Ⅱ使用签名者的生物特征信息来构造其公钥。验证者完成签名验证后可将该公钥信息转化为生物特征信息与签名者提供的相关信息进行比对,以验证签名者与该公钥的所属关系,使验证操作具有便利性和直观性。最后,对这两种方案可能存在的攻击作了分析并提出防范措施。
5、针对传统的基于证书的PKI认证体系的优缺点,我们在Boneh-Franklin的方案基础上,引入Yum_Lee提出的IBE模型思想,提出了基于IBE的PKI认证体系。在密钥发放、密钥更新、密钥注销、密钥恢复和交叉认证等五方面对现有的方案进行分析并提出了改进方案。
With the fast development of the E-Commerce and Electronic Government Affair, information security becomes more and more important. On the one hand, they bring us much conveniency and advantage. On the other hand, they bring an unparalleled threat. The Confidentiality, Integrity, Authenticity and Non-repudiation should be satisfied because some important data are transferred by network. Digital signature plays a key role in real life, and more and more new security requirement have been proposed. The main content of authentication system is digital signature. It resolves the problem of how to replace traditional handwritten signature and seal with e-signature rapidly from a distant place.
As a special digital signature, IDPKC(identity-based public key cryptosystem) is different from general digital signature in the aspects below: the public key of general signature scheme is stochastic and is binded with signer through digital certificate. In IDPKC, public key of user can be determined by his public identity information (such as ID or email address). Shamir first presented identity-based public key cryptosystem in 1984. Compare with the traditional cryptographic system based on digital certificate, any pair of users can communicate securely without exchanging public key certificates, keeping a public key directory, or using online service of a third party.
In IDPKC, we need not to pay the cost for certificate management . So, the salient features of IDPKC make it attractive for many specialized applications. But there are still some problems need to be resolved before IDPKC is applied in practice. How to resolve the question on key escrow, key update and key revocation are important issues in designing IDPKC signature schemes. Up to now, there are few schemes that can resolve these problems all have drawbacks.
Key escrow means that private keys and symmetric keys of user are generated and managed by Trusted Third Party(TTP). In IDPKC, user's private keys are generated by Key Generator Center(KGC), and that should be avoided for the private key for signature. So, with the key escrow problem, IDPKC does not adapt to open system environment. To design an ID-based signature scheme without that problem is a work that offers a challenge. In this dissertation, three improved schemes that based on HESS signature scheme have been proposed and analysis work of performance and security on them also has been done.
A blind signature scheme is a protocol that involves two entities: the sender and the signer. Without leak of any information about the message and the signature, the sender could get the signature on the given message from the signer through a blind signature scheme. The concept of the blind signature was firstly proposed by Chaum in 1982. It can protect the privacy of the user effectively, so the blind signature was widely applied in many electronic payment systems. Identity-based blind signature (IBBS) is attractive since one's public key is simply his/her identity.
The information about identity and position of a user should be kept secret for the motivation of justness, business secret and privacy protection. The demand for information security and anonymity service has made anonymity technique developed quickly. Chaum had begun to realize the demand for anonymity in security application in 1980, and more and more scholars had begun to study on that. In this dissertation, a blind parameters signature scheme has been improved and combined with BLS scheme, last a anonymous ID signature scheme with identity provable is proposed.
As a rule, Bob should create a channel that connected to Alice for key exchange firstly if he wants to send a message to her using cryptographic technique. In traditional cryptosystem based on digital certificate, the channel for key exchange perhaps rely on directory service. In IDPKC, it is not necessary to create a such channel, that is, when Bob and Alice have registered their public key based on their identity, they could make a security channel without any communications. This characteristic could bring us low costs on communication channel in key share protocol, and could prevent to be attacked in the key share process.
In traditional cryptosystem based on digital certificate, with the binding between key and user certificate, key update and revocation can be realized by certificate update and revocation. But in IDPKC, key update and revocation can not result in the alteration of user identity, otherwise, IBE would lost its prime advantage. So, it is incapable of migrating the algorithms and protocols in cryptosystem based on certificate into IBE system. And it would be a very significative work to design and realize an IBE cryptosystem that can provide the elementary functions, such as key issue, key update, key revocation, key recover and cross authentication.
The main work in this paper is to research on the ID-based signature scheme above-mentioned. The main results are as follows:
1. We have researched on key escrow problem in IBE cryptosystem and pointed out that HESS scheme does not resolve it after analyzing on the scheme's security. To resolve the problem, three improved schemes are presented and security analysis on them are also proposed.
2. We have researched on ID-based blind signature scheme. An anonymous ID signature scheme with identity provable that based on a blind parameters signature scheme and complemented with BLS scheme is presented. In the scheme, anonymous user can perform normal signature operation, and his genuine identity can not be revealed by any other user even the KGC. The user can provide the evidence information to KGC to prove his genuine identity to be legal when disputation occurs.
3. We have researched on ID-based key share protocols. Have analyzed on SOK non-interaction key share scheme and pointed out there are several security problems in the scheme. Then two improved schemes are presented, one is the non-interaction scheme that can resolve known-key security problem in SOK scheme. The other one is one-round scheme that can resolve the forward secrecy and key control problems in SOK scheme.
4. Two biometric identity based signature schemes are proposed. In first scheme, private key is constructed by the biometric information of signer, this can make the "key roaming" to satisfy the practical applies. And private key does not rely on hardware token that can avoid the inconvenience and loss caused by damage and lost of the private key. In second scheme, public key is constructed by biometric information of signer. When verifier finished the verification on the signature, he can compare the biometric information converted by public key with that provided by signer to ensure the relationship between the public key and signer. So, this makes the verification more convenient and intuitionistic. Finally, describe possible attacks on the two schemes and suggest ways to combat it.
5. With the research work on tradition PKI based digital certificate, we present a IBE-PKI system that based on Boneh-Franklin scheme and Yum Lee IBE model. We have analyzed and improved the existing schemes and algorithms in five aspects below: key issue, key update, key revocation, key recover and cross authentication. At last, we present the analysis work on performance and security of the IBE-PKI system.
基于身份的签名是对普通数字签名的推广,不同之处在于:普通签名的公钥是随机的,其通过数字证书实现与用户身份的绑定。基于身份的签名体制中,签名公钥就是用户的身份信息,如身份ID、邮件地址。基于身份密码体系的概念和模型由Shamir于1984年首先提出。和传统的基于证书的密码体系相比,任何一对用户都可以安全地通讯,而不需要事先交换他们的公钥证书,不需要使用公钥字典,也不需要使用第三方的在线服务。
基于身份的签名作为一种特殊的数字签名体制,避免了复杂的证书管理,因此有着广泛的应用前景。然而,身份签名要真正在实际生活中得到应用,还有一些问题需要解决,如密钥托管(key escrow)、密钥更新/注销等重要问题。到目前为止,解决这这些问题的身份签名方案还尚存不足。
密钥托管是指将用户使用的私钥或者对称密钥实施集中产生和管理。对于签名私钥应用,密钥托管应该是避免的。但在基于身份的签名体制中,由于用户的私钥是由KGC(Key Generation Center)中心产生的,那么IBE(ID-BasedEncryption)系统中的用户私钥一开始就是密钥托管的。这意味着KGC能够伪造用户的签名,因此IBE方案不适于开放系统环境中的应用。一个具有挑战性的有待解决的问题是设计一个没有上面那种限制的基于身份的签名方案。本文在Hess身份签名方案的基础上提出三种改进方案以解决密钥托管问题,同时对这三种方案的性能、安全性进行了对比及分析证明。
盲签名体制是一个协议,包括两个实体:消息发送者和签名者。它允许发送者让签名者对给定的消息签名,并且没有泄露关于消息和消息签名的任何信息。1982年,Chaum首次提出盲签名概念。它可以完全保护用户的隐私权,因此盲签名技术在诸多电子现金方案中被广泛使用。基于身份的盲签名(IBBS)方案具有很大的吸引力,其优点在于用户的公钥就是他的身份。
出于公正、商业机密和保护用户隐私的动机,客观要求保密用户的身份和位置信息。信息安全和匿名业务的需求使得匿名技术的研究逐步深入。1980年初,Chaum开始注意到安全应用中匿名性的需求,并吸引了很多学者来研究和实现这一问题。本文将一种盲参数签名方案加以改进并与经典短签名方案(BLS)结合起来,提出一种可证身份的匿名ID签名方案。
在通常意义下,当Bob希望使用密码技术秘密向Alice发送一条消息时,他应该首先在他与Alice之间建立一条密钥信道。在传统的基于证书的密码体制下,可能是一条基于目录的密钥信道。在基于身份的密码体制中,密钥信道的建立是不必要的,即密钥协商具有非交互性的特点。一旦Bob和Alice注册了他们的基于身份的公钥以后,甚至不需要任何通信,他们就可以共享一条安全的密钥信道。这种特性使密钥共享协议具有信道开销低,可彻底杜绝在密钥协商过程对密钥的攻击。
在基于证书的密码体系中,由于密钥和用户证书绑定在一起,所以密钥更新/注销是通过证书更新/注销来实现的。而在IBE体制中,密钥更新/注销不能导致用户身份ID的变更,否则便失去了IBE体制的根本优势。因此基于证书的密码体制中所采用的算法和协议并不能直接移植到IBE体制中来。如何设计、实现一种基于IBE的密码体制,并能提供传统PKI体系的基本功能,如密钥发放、密钥更新、密钥注销、密钥恢复及系统的交叉认证等,并且能发挥IBE体制的独特优势,如无复杂的证书管理,通信信道的低开销等,已成为一项重要的研究工作。
本文的主要工作是对上述基于身份的签名体制及其相关应用进行了研究,取得的主要研究成果归纳如下:
1、研究了IBE密码体制中存在的密钥托管问题。针对HESS方案中存在的此安全问题提出了三种改进方案:方案Ⅰ、Ⅱ可完全解决密钥托管问题,方案Ⅲ部分解决密钥托管问题。最后对这三种改进方案做了性能对比及安全性分析证明。
2、研究了基于身份的盲签名体制。对一个盲参数签名方案进行改进并引入经典短签名方案(BLS)算法加以补充构建出可证身份的匿名ID签名方案。在该方案中,匿名用户可进行正常的签名操作,但其他成员甚至是KGC均不能识别出匿名用户的真实身份。当出现争议时,匿名用户可出具证据交由KGC进行验证以证明其真实身份的合法性。
3、研究了基于身份的密钥共享协议体制。对具有非交互特性的SOK密钥共享方案进行了分析并指出其存在已知密钥安全性、完全前向保密性等多个安全性问题。提出了两种改进方案:方案Ⅰ具备非交互特性并解决了SOK方案中的已知密钥安全性问题。方案Ⅱ为单轮交互密钥共享方案,解决了SOK方案及方案Ⅰ存在的完全前向保密性和密钥控制性安全问题。
4、提出两种基于生物特征信息的身份签名方案。方案Ⅰ使用签名者的生物特征信息来构造其私钥,实现了“密钥漫游”功能,并且私钥的存储不依赖于硬件载体,从根本上避免了私钥的损坏或丢失给签名者带来的损失与不便。方案Ⅱ使用签名者的生物特征信息来构造其公钥。验证者完成签名验证后可将该公钥信息转化为生物特征信息与签名者提供的相关信息进行比对,以验证签名者与该公钥的所属关系,使验证操作具有便利性和直观性。最后,对这两种方案可能存在的攻击作了分析并提出防范措施。
5、针对传统的基于证书的PKI认证体系的优缺点,我们在Boneh-Franklin的方案基础上,引入Yum_Lee提出的IBE模型思想,提出了基于IBE的PKI认证体系。在密钥发放、密钥更新、密钥注销、密钥恢复和交叉认证等五方面对现有的方案进行分析并提出了改进方案。
With the fast development of the E-Commerce and Electronic Government Affair, information security becomes more and more important. On the one hand, they bring us much conveniency and advantage. On the other hand, they bring an unparalleled threat. The Confidentiality, Integrity, Authenticity and Non-repudiation should be satisfied because some important data are transferred by network. Digital signature plays a key role in real life, and more and more new security requirement have been proposed. The main content of authentication system is digital signature. It resolves the problem of how to replace traditional handwritten signature and seal with e-signature rapidly from a distant place.
As a special digital signature, IDPKC(identity-based public key cryptosystem) is different from general digital signature in the aspects below: the public key of general signature scheme is stochastic and is binded with signer through digital certificate. In IDPKC, public key of user can be determined by his public identity information (such as ID or email address). Shamir first presented identity-based public key cryptosystem in 1984. Compare with the traditional cryptographic system based on digital certificate, any pair of users can communicate securely without exchanging public key certificates, keeping a public key directory, or using online service of a third party.
In IDPKC, we need not to pay the cost for certificate management . So, the salient features of IDPKC make it attractive for many specialized applications. But there are still some problems need to be resolved before IDPKC is applied in practice. How to resolve the question on key escrow, key update and key revocation are important issues in designing IDPKC signature schemes. Up to now, there are few schemes that can resolve these problems all have drawbacks.
Key escrow means that private keys and symmetric keys of user are generated and managed by Trusted Third Party(TTP). In IDPKC, user's private keys are generated by Key Generator Center(KGC), and that should be avoided for the private key for signature. So, with the key escrow problem, IDPKC does not adapt to open system environment. To design an ID-based signature scheme without that problem is a work that offers a challenge. In this dissertation, three improved schemes that based on HESS signature scheme have been proposed and analysis work of performance and security on them also has been done.
A blind signature scheme is a protocol that involves two entities: the sender and the signer. Without leak of any information about the message and the signature, the sender could get the signature on the given message from the signer through a blind signature scheme. The concept of the blind signature was firstly proposed by Chaum in 1982. It can protect the privacy of the user effectively, so the blind signature was widely applied in many electronic payment systems. Identity-based blind signature (IBBS) is attractive since one's public key is simply his/her identity.
The information about identity and position of a user should be kept secret for the motivation of justness, business secret and privacy protection. The demand for information security and anonymity service has made anonymity technique developed quickly. Chaum had begun to realize the demand for anonymity in security application in 1980, and more and more scholars had begun to study on that. In this dissertation, a blind parameters signature scheme has been improved and combined with BLS scheme, last a anonymous ID signature scheme with identity provable is proposed.
As a rule, Bob should create a channel that connected to Alice for key exchange firstly if he wants to send a message to her using cryptographic technique. In traditional cryptosystem based on digital certificate, the channel for key exchange perhaps rely on directory service. In IDPKC, it is not necessary to create a such channel, that is, when Bob and Alice have registered their public key based on their identity, they could make a security channel without any communications. This characteristic could bring us low costs on communication channel in key share protocol, and could prevent to be attacked in the key share process.
In traditional cryptosystem based on digital certificate, with the binding between key and user certificate, key update and revocation can be realized by certificate update and revocation. But in IDPKC, key update and revocation can not result in the alteration of user identity, otherwise, IBE would lost its prime advantage. So, it is incapable of migrating the algorithms and protocols in cryptosystem based on certificate into IBE system. And it would be a very significative work to design and realize an IBE cryptosystem that can provide the elementary functions, such as key issue, key update, key revocation, key recover and cross authentication.
The main work in this paper is to research on the ID-based signature scheme above-mentioned. The main results are as follows:
1. We have researched on key escrow problem in IBE cryptosystem and pointed out that HESS scheme does not resolve it after analyzing on the scheme's security. To resolve the problem, three improved schemes are presented and security analysis on them are also proposed.
2. We have researched on ID-based blind signature scheme. An anonymous ID signature scheme with identity provable that based on a blind parameters signature scheme and complemented with BLS scheme is presented. In the scheme, anonymous user can perform normal signature operation, and his genuine identity can not be revealed by any other user even the KGC. The user can provide the evidence information to KGC to prove his genuine identity to be legal when disputation occurs.
3. We have researched on ID-based key share protocols. Have analyzed on SOK non-interaction key share scheme and pointed out there are several security problems in the scheme. Then two improved schemes are presented, one is the non-interaction scheme that can resolve known-key security problem in SOK scheme. The other one is one-round scheme that can resolve the forward secrecy and key control problems in SOK scheme.
4. Two biometric identity based signature schemes are proposed. In first scheme, private key is constructed by the biometric information of signer, this can make the "key roaming" to satisfy the practical applies. And private key does not rely on hardware token that can avoid the inconvenience and loss caused by damage and lost of the private key. In second scheme, public key is constructed by biometric information of signer. When verifier finished the verification on the signature, he can compare the biometric information converted by public key with that provided by signer to ensure the relationship between the public key and signer. So, this makes the verification more convenient and intuitionistic. Finally, describe possible attacks on the two schemes and suggest ways to combat it.
5. With the research work on tradition PKI based digital certificate, we present a IBE-PKI system that based on Boneh-Franklin scheme and Yum Lee IBE model. We have analyzed and improved the existing schemes and algorithms in five aspects below: key issue, key update, key revocation, key recover and cross authentication. At last, we present the analysis work on performance and security of the IBE-PKI system.
引文
[1]R.L.Rivest,A.Shamir,and L.Adleman.A Method for Obtaining Digital Signatures and Public Key Cryptosystems.Communications of the ACM,1978,21(2):120-126.
[2]T.ElGamal.A public key cryptosystem and a signature scheme based on discrete logarithms.IEEE Transactions on Information Theory,1985,31:469-472.
[3]C.P.Schnorr.Efficient Signature Generation of Smart Cards.Journal of Cryptology,1991,4(30):239-252.
[4]Digital Signature Standard(DSS).Federal Information Procee Sing Standards Pbulication(FIPS PUB 186).U.S.Department of Commerce/NIST,National Technical Information Service.Springfield,Virginia,1994.
[5]M.O.Rabin.Digital Signatures and Public-key Functions as Factorization.MIT Laboratory for Computer Science,Technical Report,MIT/LCS/TR-212.Jan.,1979.
[6]K Nyberg,R A Rueppel.Message recovery for signature schemes based on the discrete logarithm[C]//Advances in Cryptology-Eurocrypt' 94.Berlin:Springer-Verlag,1994.175-190
[7]张先红.数字签名原理与技术[M].北京:机械出版社,2004
[8]A Fiat,A Shamir.How to prove yourself:Practical solutions to identification and signature problem[G]//Advances in Cryptology-CRYPTO'86,LNCS 263.Berlin:Springer-Verlag,1986.186-194
[9]K Ohta,E Okamoto.Practical extension of Fiat-Shamir scheme[J].Electr.Lett.1988,24(15):955-956
[10]L Guilou,J Quisquater.A paradoxical identity-based signature scheme resulting from zero-knowledge[G]//Advances in Cryptology-CRYPTO'88,LNCS 403.Berlin:Springer-Verlag,1990.216-231
[11]C Laih,J Lee,L Ham et al.A new scheme for ID-based cryptosystem and signature[C]//INFOCOM'89.Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies.Technology:Emerging or Converging IEEE 23-27,Apr 1989,3:998-1002
[12] C Chang, C Lin. An ID-based signature scheme based upon Rabin's public key cryptosystem[C]/Proceedings 25th Annual IEEE International Carnahan conference on Security Technology, October 1-3, 1991:139-141
[13] G Agnem, R Mullin, S Vanstone. Improve digital signature scheme based on discrete exponentitation[J]. Electron. Lett., 1990,6(14): 1024-1025
[14] L Harn, S Yang. ID-based cryptographic schemesfor user identification, digital signature, and key distribution[J]. IEEE Journal on selected areas in communications, 1993 11(5): 757-760
[15] S Park, S Kim, D Won. ID-based group signature[J]. Electr. Lett. 1997, 33(19): 1616-1617
[16] W Mao, C Lim. Cryptanalysis in prime orer subgroup of Zn[G]Advances in Cryptology-ASIACRYPT'98, LNCS 614. Berlin: Spinger-Verlag, 1999,271-275
[17] Y Tseng, J Jan. A novel ID-based group signature[J]. Information Sciences, 1999,120:131-141
[18] M Joye, S Kim, N Lee. Cryptanalysis of two group signature schemes[G]//information Security, 1999, LNCS 729. Berlin: Spinger-Verlag, 1999, 271-275
[19] S Poescu. An efficient ID-based group signature scheme[J/OL]. Studia Univ. Babes-Bolyai, Information, 2002, XLVII(2): 29-36. http://www.cs.ubbcluj.ro/-studia-i/2002-2/
[20] X Chen, F Zhang, K Kim. A new ID-based group signature scheme from bilinear pairings[J/OL].http://eprint.iacr.org/2003/116.2003
[21] Z Tan, Z Liu. A novel identity-based group signature scheme from bilinear maps, Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center(MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[22] Z Chen, J Huang, D Huang et al. Provablysecure and ID-based group signature scheme. 18th International conference on Advanced Information Networking and Applications (AINA'04), Fukuoka, Japan, 2004,2(9-31): 384-388
[23] F Zhang, K Kim. ID-based blind signature and ring signature from pairings[G]//Advances in Cryptology - ASIACRYPT 2002, LNCS 2501. Berlin: Springer-Verlag, 2002. 533-547
[24]J Herranz.A formal proof of security of Zhang and Kim's ID-based ring signature scheme.Security In Information systems,Proceedings of the 2nd International Worksho on Security In Information Systems,WOSIS 2004,63-72
[25]C Lin,T Wu.An identity-base ring signature scheme from bilinear pairings[J/OL],http://eprint.iacr.org2003/117
[26]C Tang,Z Liu,M Wang.An improved identity-based ring signature scheme from bilinear pairings.Mathematics-Mechanization Research Preprints,Mathematics-Mecha- nization Research Center(MMRC),Institute of Systems Sciences,AMSS,Academia Sinica.No.22,December,2003:31-234.http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[27]J Herranz,C Saez.A provably secure ID-based ring signature scheme[J/OL].http://Eprint.iacr.org/2003/261
[28]S Han,W Yeung,J Wang.Identity-based confirmer signatures from pairings over elliptic curves[G]//Proceedings of the 4th ACM conference on Electronic commerce,Seattle:AMC Press,2003.262-263
[29]F Zhang,R Safavi-Naini,W Susilo.Attack on Han et al.'s ID-based confirmer (undeniable)signature at ACM-EC'03,2003.http://eprint.iacr.org/2003/129
[30]S Chow,L Hui,S Yiu et al.A secure modified id-based undeniable signature scheme based on Han et al.'s Scheme against Zhang et al.'s Attacks.http://eprint.iacr.org/2003/129
[31]F Zhang,K Kim.Efficient ID-based blind signature and proxy signature from bilinear pairings[G]//ACISP 2003,LNCS 2727.Berlin:Springer-Verlag,2003.312-323
[32]J Xu,Z Zhang,D Feng.ID-based proxy signature using bilinear pairings.http://eprint.iacr.org/2003/206
[33]P Barreto,H Kim,B Lynn et al.Efficient algorithms form pairing-based cryptosystems.In:Advances in Cryptology-Crypto 2002,LNCS 2442.Berlin:Springer-Verlag,2002.354-368
[34]A Burnett,A Duffy,T Dowling.A biometric identity based signature scheme.http://Eprint.iacr.org/2004/176
[35]祁明,肖国镇.口令认证方案的安全性改进及其相应的数字签名方案[J],通信学报,1998,19(6):61-64
[36]吕继强,王新梅.两个基于身份的数字签名方案的安全性改进[J].通信学报,2003,24(9):128-131
[37]杨君辉,戴宗铎,杨栋毅等.一种椭圆曲线签名方案与基于身份的签名协议[J].软件学报,2000,11(10):1303-1306
[38]吴克力.数字签名理论与算法研究[D].南京:南京理工大学,2004
[39]傅晓彤.具附加性质的数字签名技术及应用研究[D].西安:西安电子科技大学,2005
[40]黄振杰.具有特殊性质的数字签名体制研究[D].西安:西安电子科技大学,2005
[41]National Bureau of Stardards.Data Encryption.FIPS PUB 46,National Bureau of Stardards,Washington,D.C Jan.,1977.
[42]http://www.nist.gov/aes/.
[43]马春波.基于双线性对的数字签名体制研究[D].程度:西南交通大学,2002
[44]D.Boneh,and M.Franklin.Identity-Based Encryption from the Weil Pairing.Advances in Crptology-Crypto'01,LNCS 2139,J.Kitian ed.,pp.213-229,Berlin:Springer-Verlag,2001.
[45]P.S.L.M.Barreto,H.Y.Kim and M.Scott.Efficient Algorithms for Pairing Based Cryptosystems.Advances in Crptology-Crypto'02,LNCS 2442,M.Yung ed.,pp.354-368,Berlin:Springer-Verlag,2002.
[46]S.Galbraith,K.Harrison and D.Soldera.Implementing the Tate Pairing.ANTS 2002,LNCS 2369,C.Fieker and D.R.Kohel eds.,pp.324-337,Berlin:Springer-Verlag,2002.
[47]K.McCurley.The discrete logarithm problem,In:Cart Pomerance,editor,Cryptolgy and computational number theory,of Proceeding of Sympsia in Applied Mathematics,American Mathematical Society,1990,42:49-74.
[48]M.Andrew,O.dlyzko.Discrete logarithm and smoothpolynomials,In:Gary L.Mullen and Peter Jau Shyong Shine,editors,Finite Fields:Theory,Applications and Algorithms,Contemporary Mathematics,American Mathematical Society,1994,168:269-278.
[49]U.Maurer.Towars the equivalence of breaking the Difie-Hellman protocol and computing discrete logarithms,In Advances in Cryptology-Crypto'94,LNCS,Springer-Verlag,1994,839:271-281
[50] U.Maurer, S.Wolf. On the Complexity of Breaking the Difie-Hellman Protocol. Technical report.Institute for Theoretical Computer Science.ETH Zurich, April, 1996.
[51] X. Y. Wang. Collisions for Some Hash Functions MD4, MD5, HAVAL-128, RIPEMD, Crypto'04,2004.
[52] Xiaoyun Wang, Hongbo Yu, and Yiqun Lisa Yin. Efficient Collision Search Attacks on SHA-0,Crypto'05,2005.
[53] Xiaoyun Wang, Yiqun Yin, and Hongbo Yu. Finding Collisions in the Full SHA-1Collision Search Attacks on SHA1, Crypto'05,2005.
[54] X. Y. Wang, X. J. Lai etc, Cryptanalysis for Hash Functions MD4 and RIPEMD, Eurocrypto'05,2005.
[55] X. Y. Wang, and Hongbo Yu, How to Break MD5 and Other Hash Functions, Eurocrypto'05,2005.
[56] S. Goldwasser, S. Micali, and C. Racko. The knowledge complexity of interactive proof systems. In: Proceedings of the 17th ACM Symposium on the Theory of Computing STOC, ACM Press, pp. 291-304.1985.
[57] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practical and provably secure coalition-resistant group signature scheme. In: Crypto'2000, LNCS 1880, pp. 255-270. Springer-Verlag, 2000.
[58] D.Chaum, J.H.Evertse, J.VD.Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, In Advances in Cryptology-EuroCrypto'87,LNCS, Springer-Verlag,1988,304:127-141.
[59] A Shamir. Identity-based cryptosystems and signature schemes. Advances in Cryptology-Crypto'84, LNCS 196, pp. 47-53, Berlin: Springer-Verlag, 1984.
[60] X. Yi, "An Identity-based Signature Scheme from the Weil Pairing", IEEE Communication Letters, Vol.7, No.2,2003, pp. 76-78.
[61] J.C. Cha and J.H. Cheon, An Identity-Based Signature from Gap Diffie-Hellman Groups. Advances in Public Key Cryptography-PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 18-30, Berlin: Springer-Verlag, 2003.
[62] H. Yoon, J.H. Cheon and Y. Kim. Batch Verifications with ID-based Signatures. ICISC 2004, LNCS 3506, C. Park and S. Chee eds., pp. 233-248, Berlin: Springer-Verlag, 2005.
[63] C.E. Shannon. A mathematical theory of communication. Bell Systems Technical Journal, 27(3): 379-423, July 1948.
[64] C.E. Shannon. A mathematical theory of communication. Bell Systems Technical Journal, 28(3): 656-715, October 1948. Continued from July 1948 issue (i.e., [63]).
[65] D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology- Crypto 88. LNCS 403, pp.319-327. Springer-Verlag, 1990.
[66] Wen-Shenq Juang and Chin-Laung Lei. A Secure and Practical Electronic Voting Scheme for Real World Environments. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1997.
[67] J. Lenti, I. Lovanyi and A. Nagy. Blind Signature Based Steganographic Protocol. IEEE International Workshop on Intelligent Signal Processing, 2001.
[68] T.Okamoto. Provable secure and practical identification schemes and corresponding digital signature scheme[C] //CRYPTO'92.New York: pring-Verlag, 1992.31 -52
[69] C I Fan, C L Lei. Efficient blind signature scheme based on quadratic residues[J]. IEE Electronic Letter, 1996,32(9): 811-813
[70] H Y Chien, J K Jan, Y M Tseng. RSA-Based partially blind signature with low computation[C]//IEEE 8th International Conference on Parallel and Distributed Systems. Kyongju: Institute of Electrical and Electronics Engineers Computer Society, 2001.385-389
[71] D. Chaum. Blind Signature Systems. Advances in Cryptology-Crypto'83, pp. 153-158, New York: Plenum Press, 1983.
[72] F.G. Zhang, K. Kim. ID-Based Blind Signature and Ring Signature from Pairings. Advances in Cryptology-Asiacrypt 2002, LNCS 2501, Y. Zheng ed., pp. 533-547, Berlin: Springer-Verlag, 2002.
[73] F.G. Zhang and K. Kim. Efficient ID-based Blind Signature and Proxy Signature from Bilinear Pairings. ACISP 2003, LNCS 2727, R. Safavi-Naini and J. Seberry eds., pp. 312-323, Berlin: Springer-Verlag, 2003.
[74] T. Okamoto Efficient Blind and Partially Blind Signatures Without Random Oracles. TCC 2006, LNCS 3876, S. Halevi and T. Rabin eds., pp. 80-99, Berlin: Springer-Verlag, 2006.
[75]祁明,林卓声.若干盲签名方案及其在电子商务中的应用[J].计算机工程与设计,2000,21(4):39-41,49
[76]F.Zhang,K.Kim,ID-based blind signature and ring signature from pairings,Advances in Cryptology-Asiacrpt2002,LNCS 2501,Springer-Verlag,2002,pp.533-547.
[77]C.P.Schnorr,Security of blind discrete log signatures against interactive attacks,ICICS 2001,LNCS 2229,pp.1-12,Springer-Verlag,2001.
[78]D.Wagner,A generalized birthday problem,Advances in Cryptology-Crypto 2002,LNCS 2442,pp.288-303,Springer-Verlag,2002.
[79]F.Zhang,K.Kim,Efficient ID-based blind signature and proxy signature from bilinear pairings,Proc.of ACISP2003(The 8th Australasian Conference on Information Security and Privacy),LNCS 2727,Springer-Verlag,2003,pp.312-323.
[80]Z.Huang,K.Chen and Y.Wang,Efficient Identity-Based Signatures and Blind Signatures,CANS 2005,LNCS 3810,2005,pp.120-133.
[81]D.Chaum,Untraceable electronic mail,return addresses,and digital pseudonyms[J].Communications of the ACM,1981,24(2):84-88
[82]A.Pfitzmann,M.Kohntopp.Anonymity,unobservability and pseudonymity[EB/OL].http://www.cert.org/IHW2001/terminology_proposal.pdf,2003
[83]S.Seys.Anonymity and privacy in electronic services[EB/OL].http://www.cosic.esa-t.kuleuven.ac.be/apes/docs/d2_final.pdf,2002
[84]D.Malkhi.Anonymity - Lecture Notes[R].Advanced Course in Computer and Network Security,at the Hebrew University,Jerusalem.2002
[85]赵福祥.网络匿名连接中的安全可靠性技术研究[D].西安电子科技大学,2001
[86]D.Chaum,E.Van Heyst.Group signatures.In D.W.Davies,editor,Proc.Of Eurocrypt'91,LNCS,Springer-Verlag,1992,vol.547:257-265.
[87]J.Camenisch,M.Stadler.Efficient group signature schemes for large groups.In Advances in Cryptology-CRYPYO'97,LNCS,Springer-Verlag,1997,vol.1 296:410-424.
[88]R L.Rivest,A.Shamir,Y.Tauman.How to leak a secret.In C.Boyd,editor,in Proc.Of Asiacrypt'01,LNCS,Springer-Verlag,2001,vol.2248:552-565.
[89]Bresson,Stern,Szydlo.Threshold ring signatures for ad-hoc groups.Cryptology'2002,LNCS,Berlin Heidelberg,Springer-Verlag,2002,vol.242:465-480.
[90]Fangguo Zhang,Kwangjo Kim.ID-Based blind signature and ring signature from pairings.Asiacrypt'2002,LNCS,Berlin Heidelberg Spinger-Verlag,2002,vol.2501:553-547.
[91]赵泽茂,唐向宏,卢家凰.基于身份的盲消息签名和盲参数签名方案.杭州电子科技大学学报,2006,26(3):43-46
[92]D Boneh,B Lynn,H Shacham.Short Signatures from the Weil Pairing[C].ASIACRYPT,LNCS 2248,Springer-Verlag,2001.514-532
[93]M Bellare,R Canetti,H Krawczyk.A modular approach to the design and analysis of authentication and Key exchange protocols[A].In:Proc.Of the 30th Annual Symp.On the Theory of Computing[C].New York:ACM Press,1998.419-428.
[94]R Canetti,H Krawczyk.Analysis of Key-exchange protocols and their use for building secure channels[A].In eurocrypt'01,volume 2045 of Lecture Notes in Computer Science[C].Berlin:Springer-Verlag,2001.453-474.
[95]A.Joux.A one round protocol for tripartite Diffie-Hellman.In:Algorithmic Number Theory IV-th Symposium(ANTS IV),Computer Science,2000:385-394.
[96]S Al Riyami,Paterson K.Authenticated three party key agreement protocols from pairings.Cryptology ePrint Archive,Report 2002/035,available at http://eprint.iacr.org/2002/035/.
[97]K.Shim.Efficient ID-based authenticated key agreement protocol from the Weil pairing.Elec Lett,2002,38(13);630-632.
[98]H.Sun,B.Hsieh.Security analysis of Shim's authenticated key agreement protocols from pairings.Cryptography ePrint Archive.Report 2003/113,available at http://eprint.iacr.org/2003/113,2003.
[99]G.Xie.An ID-based key agreement scheme from pairing.Cryptology ePrint Archive.Report 2005/093,available at http://eprint.iacr.org/2005/093,2005.
[100]Y J Choie,E Jeong,E Lee.Efficient identity-based authenticated key agreement protocol form pairings.Applied Mathematics and Computation,162(1):179-188.
[101]KyungAh Shim.Cryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings.http://eprint.iacr.org/2005.
[102]Y Dodis,L Reyzin,and A Smith.Fuzzy Extractors:How to Generate Strong Keys from Biometrics and Other Noisy Data[J].Proceedings from Advances in Cryptology - EuroCrypt,2004.
[103]刘颖,胡予濮等,一个高效的基于身份的门限签名方案[J].西安电子科技大学学报,2006,33(2):311-315
[104]马春波,基于双线性对的数字签名体制的研究[D].成都:西南交通大学,2002
[105]P S L M Barreto,H Y Kim and M Scott.Efficient Algorithms for Pairing Based Cryptosystems[J].Advances in Crptology-Crypto'02,LNCS 2442,M.Yung ed.,pp.354-368,Berlin:Springer-Verlag,2002.
[106]S Galbrarth,K Harrison and D Soldera.Implementing the Tate Pairing[J].ANTS 2002,LNCS 2369,C.Fieker and D.R.Kohel eds.,pp.324-337,Berlin:Springer-Verlag,2002.
[107]F Hess.Efficient Identity Based Signature Schemes Based on Pairings[J].Selected Areas in Cryptography-SAC'02,LNCS 2595,K.Nyberg ed.,pp.310-324,Berlin:Springer-Verlag,2003.
[108]Xiaofeng Chen,Fangguo Zhang,D M Konidala et al.New ID-based threshold signature scheme from bilinear pairings[J]// Indocrypt 2004:LNCS 3348.Berlin:Springer-Verlag,2004.371-383
[109]D Maltoni,D Mmaio,A Jain,and S Prabhakar.Handbook of Fingerprint Recognition[M].Springer,2003
[110]J E Hutchinson,Fractals,self-similarity,Indiana University Mathematics Journal,1981 / 30 / P713-747
[111]K Falconer,"Fractal Geometry",Wiley&sons,1990
[112]F Michael.Barnsley,"Fractals Everywhere",Morgan Kaufmann,Publishers,April,2000
[113]C.E Shanoon.A mathematical theory of communication.Bell systems Technical Journal,27(3):379-423,July 1948.
[114]C.E Shanoon.A mathematical theory of communication.Bell systems Technical Journal,27:623-656,Oct 1948.Continued from July 1948 issue(i.e.,[113]).
[115]L.M.Kohnfelder.Towards a Practical Public-key Cryptsystem.MIT B.S.Thesis,MIT Department of Electrical engineering,May 1978.
[116]杨义先,钮心忻.网络安全理论与技术[M]。北京:人民邮件出版社,2003.270-277.
[117]D Boneh,M Franklin.Identity-Based Encryption from Weil Pairing[C].Advances in Cryptology,CRYPTO2001,Lecture Notes in Computer Science,Springer-Verlag,2001,213-229.
[118]L Lu,L Hu.Improved ID-based encryption.Journal of th Graduate School of the Chinese Academy of Sciences,2005,22(6):751-760.
[119]S Sattam Al-Riyami,G Kenneth Paterson.Certificateless Public Key Cryptography[EB/OL].http://eprint.iacr.org/2003/126.pdf.
[120]L Benoit,Q Jean-Jacques.New Identity-Base Signature Schemes from Pairings[EB/OL].http://eprint.iacr.org/2003/023.
[12I]J C Cha,J H Cheon.An Identity-Based Signature from Gap Diffie-Hellman Groups[EB/OL].http://eprint.iacr.org/2002/018.
[122]J Caminisch,V Shoup.Practice Verifiable Encryption and Decryption of Discrete Logarithms[C].Proceedings of CRYPTO2003,Springer-Verlag,2003.
[123]G Atenise.Efficient Verifiable Eneryption(and Fair Exchange)of Digital Signatures[C].Singapore:Proceedings of the 6th ACM Conference on Computer and Communications Security,1999.138-146.
[124]Xavier Boyen.Multipurpose Identity-Based Signcryption[EB/OL].http://eprint.iacr.org/2003/163.pdf.
[125]D H Yum,P J Lee.Identity-based Cryptography in Public Key Management[C].Proc.Of EuroPKI'04,2004:71-84.
[126]R Sakai,K Ohgishi,M Kasahara.Cryptosystems based on pairing.In:The 2000 Symposium on Cryptography and Information Security.Okinawa Japan,2000
[127] NP Smart. An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters, 2002,38(13):630-62.
[128] R Cramer, V Shoup. A practical public key cryptosystem provable secure against adaptive chosen cipher text attack. In: Advances in Cryptology Crypto'98. Vol. 1462 of LNCS. Springer-Verlag, 1998. 13-25
[129] O Goldreich, B Pfitzmann, Rivest R. Self-delegation with controlled propagation -or- What if you lose your laptop. In: Advances in Cryptology Crypto'98, Vol.1462 of LNCS, Springer-Verlag, 1998. 153-168
[130] A Joux. Aone round protocol for tripartite Diffie-Hellman. In: Proc. Fourth Algorithmic Number Theory Symposium, Lecture Notes in Computer Science, Springer-Verlag, 2000.385-394.
[131] S Mitsunari., R. Sakai and M. Kasahara. A new traitor tracing, IEICE Trans. Vol. E85-A, No.2, pp.481-484,2002.
[132] Fangguo Zhang, Reihaneh Safavi-Naini, Willy Susilo. An Effcient Signature Scheme from Bilinear Pairings and Its Applications[C]. Proceedings of PKC, 2004
[133] P.R Zimmermann.. The Official GP User's guide. MIT Press, Cambridge, Massachusetts, 1995. Second Printing.
[134] A Shamir. How to Share a Secret. Communications of the ACM, 1979,22(11): 612-613.
[135] G. R.Blakley. Safeguarding cryptographic keys. In Proc. AFIPS 1979 National Computer Conference, Vol. 48, pp. 313-317. AFIPS, 1979.
[136] M Bellare. and P.Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pp. 62-73,1993.
[137] A Fiat. and A. Shamir. How to prove yourself: Practical Solutions to identification and signature problems. Advance in Cryptology-Crypto'86, LNCS 263, A. Odlyzko ed., pp. 186-194, Berlin: Springer-Verlag, 1986.
[138]M. Brown, D. Cheung, D. Hankerson, J. Hernandez, M. Kirkup, and A. Menezes. PGP in constrained wireless devices. In Proceedings of the 9~(th) USENIX Security Symposium, pages 247-261. USENIX, August 2000.
[2]T.ElGamal.A public key cryptosystem and a signature scheme based on discrete logarithms.IEEE Transactions on Information Theory,1985,31:469-472.
[3]C.P.Schnorr.Efficient Signature Generation of Smart Cards.Journal of Cryptology,1991,4(30):239-252.
[4]Digital Signature Standard(DSS).Federal Information Procee Sing Standards Pbulication(FIPS PUB 186).U.S.Department of Commerce/NIST,National Technical Information Service.Springfield,Virginia,1994.
[5]M.O.Rabin.Digital Signatures and Public-key Functions as Factorization.MIT Laboratory for Computer Science,Technical Report,MIT/LCS/TR-212.Jan.,1979.
[6]K Nyberg,R A Rueppel.Message recovery for signature schemes based on the discrete logarithm[C]//Advances in Cryptology-Eurocrypt' 94.Berlin:Springer-Verlag,1994.175-190
[7]张先红.数字签名原理与技术[M].北京:机械出版社,2004
[8]A Fiat,A Shamir.How to prove yourself:Practical solutions to identification and signature problem[G]//Advances in Cryptology-CRYPTO'86,LNCS 263.Berlin:Springer-Verlag,1986.186-194
[9]K Ohta,E Okamoto.Practical extension of Fiat-Shamir scheme[J].Electr.Lett.1988,24(15):955-956
[10]L Guilou,J Quisquater.A paradoxical identity-based signature scheme resulting from zero-knowledge[G]//Advances in Cryptology-CRYPTO'88,LNCS 403.Berlin:Springer-Verlag,1990.216-231
[11]C Laih,J Lee,L Ham et al.A new scheme for ID-based cryptosystem and signature[C]//INFOCOM'89.Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies.Technology:Emerging or Converging IEEE 23-27,Apr 1989,3:998-1002
[12] C Chang, C Lin. An ID-based signature scheme based upon Rabin's public key cryptosystem[C]/Proceedings 25th Annual IEEE International Carnahan conference on Security Technology, October 1-3, 1991:139-141
[13] G Agnem, R Mullin, S Vanstone. Improve digital signature scheme based on discrete exponentitation[J]. Electron. Lett., 1990,6(14): 1024-1025
[14] L Harn, S Yang. ID-based cryptographic schemesfor user identification, digital signature, and key distribution[J]. IEEE Journal on selected areas in communications, 1993 11(5): 757-760
[15] S Park, S Kim, D Won. ID-based group signature[J]. Electr. Lett. 1997, 33(19): 1616-1617
[16] W Mao, C Lim. Cryptanalysis in prime orer subgroup of Zn[G]Advances in Cryptology-ASIACRYPT'98, LNCS 614. Berlin: Spinger-Verlag, 1999,271-275
[17] Y Tseng, J Jan. A novel ID-based group signature[J]. Information Sciences, 1999,120:131-141
[18] M Joye, S Kim, N Lee. Cryptanalysis of two group signature schemes[G]//information Security, 1999, LNCS 729. Berlin: Spinger-Verlag, 1999, 271-275
[19] S Poescu. An efficient ID-based group signature scheme[J/OL]. Studia Univ. Babes-Bolyai, Information, 2002, XLVII(2): 29-36. http://www.cs.ubbcluj.ro/-studia-i/2002-2/
[20] X Chen, F Zhang, K Kim. A new ID-based group signature scheme from bilinear pairings[J/OL].http://eprint.iacr.org/2003/116.2003
[21] Z Tan, Z Liu. A novel identity-based group signature scheme from bilinear maps, Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center(MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[22] Z Chen, J Huang, D Huang et al. Provablysecure and ID-based group signature scheme. 18th International conference on Advanced Information Networking and Applications (AINA'04), Fukuoka, Japan, 2004,2(9-31): 384-388
[23] F Zhang, K Kim. ID-based blind signature and ring signature from pairings[G]//Advances in Cryptology - ASIACRYPT 2002, LNCS 2501. Berlin: Springer-Verlag, 2002. 533-547
[24]J Herranz.A formal proof of security of Zhang and Kim's ID-based ring signature scheme.Security In Information systems,Proceedings of the 2nd International Worksho on Security In Information Systems,WOSIS 2004,63-72
[25]C Lin,T Wu.An identity-base ring signature scheme from bilinear pairings[J/OL],http://eprint.iacr.org2003/117
[26]C Tang,Z Liu,M Wang.An improved identity-based ring signature scheme from bilinear pairings.Mathematics-Mechanization Research Preprints,Mathematics-Mecha- nization Research Center(MMRC),Institute of Systems Sciences,AMSS,Academia Sinica.No.22,December,2003:31-234.http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[27]J Herranz,C Saez.A provably secure ID-based ring signature scheme[J/OL].http://Eprint.iacr.org/2003/261
[28]S Han,W Yeung,J Wang.Identity-based confirmer signatures from pairings over elliptic curves[G]//Proceedings of the 4th ACM conference on Electronic commerce,Seattle:AMC Press,2003.262-263
[29]F Zhang,R Safavi-Naini,W Susilo.Attack on Han et al.'s ID-based confirmer (undeniable)signature at ACM-EC'03,2003.http://eprint.iacr.org/2003/129
[30]S Chow,L Hui,S Yiu et al.A secure modified id-based undeniable signature scheme based on Han et al.'s Scheme against Zhang et al.'s Attacks.http://eprint.iacr.org/2003/129
[31]F Zhang,K Kim.Efficient ID-based blind signature and proxy signature from bilinear pairings[G]//ACISP 2003,LNCS 2727.Berlin:Springer-Verlag,2003.312-323
[32]J Xu,Z Zhang,D Feng.ID-based proxy signature using bilinear pairings.http://eprint.iacr.org/2003/206
[33]P Barreto,H Kim,B Lynn et al.Efficient algorithms form pairing-based cryptosystems.In:Advances in Cryptology-Crypto 2002,LNCS 2442.Berlin:Springer-Verlag,2002.354-368
[34]A Burnett,A Duffy,T Dowling.A biometric identity based signature scheme.http://Eprint.iacr.org/2004/176
[35]祁明,肖国镇.口令认证方案的安全性改进及其相应的数字签名方案[J],通信学报,1998,19(6):61-64
[36]吕继强,王新梅.两个基于身份的数字签名方案的安全性改进[J].通信学报,2003,24(9):128-131
[37]杨君辉,戴宗铎,杨栋毅等.一种椭圆曲线签名方案与基于身份的签名协议[J].软件学报,2000,11(10):1303-1306
[38]吴克力.数字签名理论与算法研究[D].南京:南京理工大学,2004
[39]傅晓彤.具附加性质的数字签名技术及应用研究[D].西安:西安电子科技大学,2005
[40]黄振杰.具有特殊性质的数字签名体制研究[D].西安:西安电子科技大学,2005
[41]National Bureau of Stardards.Data Encryption.FIPS PUB 46,National Bureau of Stardards,Washington,D.C Jan.,1977.
[42]http://www.nist.gov/aes/.
[43]马春波.基于双线性对的数字签名体制研究[D].程度:西南交通大学,2002
[44]D.Boneh,and M.Franklin.Identity-Based Encryption from the Weil Pairing.Advances in Crptology-Crypto'01,LNCS 2139,J.Kitian ed.,pp.213-229,Berlin:Springer-Verlag,2001.
[45]P.S.L.M.Barreto,H.Y.Kim and M.Scott.Efficient Algorithms for Pairing Based Cryptosystems.Advances in Crptology-Crypto'02,LNCS 2442,M.Yung ed.,pp.354-368,Berlin:Springer-Verlag,2002.
[46]S.Galbraith,K.Harrison and D.Soldera.Implementing the Tate Pairing.ANTS 2002,LNCS 2369,C.Fieker and D.R.Kohel eds.,pp.324-337,Berlin:Springer-Verlag,2002.
[47]K.McCurley.The discrete logarithm problem,In:Cart Pomerance,editor,Cryptolgy and computational number theory,of Proceeding of Sympsia in Applied Mathematics,American Mathematical Society,1990,42:49-74.
[48]M.Andrew,O.dlyzko.Discrete logarithm and smoothpolynomials,In:Gary L.Mullen and Peter Jau Shyong Shine,editors,Finite Fields:Theory,Applications and Algorithms,Contemporary Mathematics,American Mathematical Society,1994,168:269-278.
[49]U.Maurer.Towars the equivalence of breaking the Difie-Hellman protocol and computing discrete logarithms,In Advances in Cryptology-Crypto'94,LNCS,Springer-Verlag,1994,839:271-281
[50] U.Maurer, S.Wolf. On the Complexity of Breaking the Difie-Hellman Protocol. Technical report.Institute for Theoretical Computer Science.ETH Zurich, April, 1996.
[51] X. Y. Wang. Collisions for Some Hash Functions MD4, MD5, HAVAL-128, RIPEMD, Crypto'04,2004.
[52] Xiaoyun Wang, Hongbo Yu, and Yiqun Lisa Yin. Efficient Collision Search Attacks on SHA-0,Crypto'05,2005.
[53] Xiaoyun Wang, Yiqun Yin, and Hongbo Yu. Finding Collisions in the Full SHA-1Collision Search Attacks on SHA1, Crypto'05,2005.
[54] X. Y. Wang, X. J. Lai etc, Cryptanalysis for Hash Functions MD4 and RIPEMD, Eurocrypto'05,2005.
[55] X. Y. Wang, and Hongbo Yu, How to Break MD5 and Other Hash Functions, Eurocrypto'05,2005.
[56] S. Goldwasser, S. Micali, and C. Racko. The knowledge complexity of interactive proof systems. In: Proceedings of the 17th ACM Symposium on the Theory of Computing STOC, ACM Press, pp. 291-304.1985.
[57] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practical and provably secure coalition-resistant group signature scheme. In: Crypto'2000, LNCS 1880, pp. 255-270. Springer-Verlag, 2000.
[58] D.Chaum, J.H.Evertse, J.VD.Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, In Advances in Cryptology-EuroCrypto'87,LNCS, Springer-Verlag,1988,304:127-141.
[59] A Shamir. Identity-based cryptosystems and signature schemes. Advances in Cryptology-Crypto'84, LNCS 196, pp. 47-53, Berlin: Springer-Verlag, 1984.
[60] X. Yi, "An Identity-based Signature Scheme from the Weil Pairing", IEEE Communication Letters, Vol.7, No.2,2003, pp. 76-78.
[61] J.C. Cha and J.H. Cheon, An Identity-Based Signature from Gap Diffie-Hellman Groups. Advances in Public Key Cryptography-PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 18-30, Berlin: Springer-Verlag, 2003.
[62] H. Yoon, J.H. Cheon and Y. Kim. Batch Verifications with ID-based Signatures. ICISC 2004, LNCS 3506, C. Park and S. Chee eds., pp. 233-248, Berlin: Springer-Verlag, 2005.
[63] C.E. Shannon. A mathematical theory of communication. Bell Systems Technical Journal, 27(3): 379-423, July 1948.
[64] C.E. Shannon. A mathematical theory of communication. Bell Systems Technical Journal, 28(3): 656-715, October 1948. Continued from July 1948 issue (i.e., [63]).
[65] D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology- Crypto 88. LNCS 403, pp.319-327. Springer-Verlag, 1990.
[66] Wen-Shenq Juang and Chin-Laung Lei. A Secure and Practical Electronic Voting Scheme for Real World Environments. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1997.
[67] J. Lenti, I. Lovanyi and A. Nagy. Blind Signature Based Steganographic Protocol. IEEE International Workshop on Intelligent Signal Processing, 2001.
[68] T.Okamoto. Provable secure and practical identification schemes and corresponding digital signature scheme[C] //CRYPTO'92.New York: pring-Verlag, 1992.31 -52
[69] C I Fan, C L Lei. Efficient blind signature scheme based on quadratic residues[J]. IEE Electronic Letter, 1996,32(9): 811-813
[70] H Y Chien, J K Jan, Y M Tseng. RSA-Based partially blind signature with low computation[C]//IEEE 8th International Conference on Parallel and Distributed Systems. Kyongju: Institute of Electrical and Electronics Engineers Computer Society, 2001.385-389
[71] D. Chaum. Blind Signature Systems. Advances in Cryptology-Crypto'83, pp. 153-158, New York: Plenum Press, 1983.
[72] F.G. Zhang, K. Kim. ID-Based Blind Signature and Ring Signature from Pairings. Advances in Cryptology-Asiacrypt 2002, LNCS 2501, Y. Zheng ed., pp. 533-547, Berlin: Springer-Verlag, 2002.
[73] F.G. Zhang and K. Kim. Efficient ID-based Blind Signature and Proxy Signature from Bilinear Pairings. ACISP 2003, LNCS 2727, R. Safavi-Naini and J. Seberry eds., pp. 312-323, Berlin: Springer-Verlag, 2003.
[74] T. Okamoto Efficient Blind and Partially Blind Signatures Without Random Oracles. TCC 2006, LNCS 3876, S. Halevi and T. Rabin eds., pp. 80-99, Berlin: Springer-Verlag, 2006.
[75]祁明,林卓声.若干盲签名方案及其在电子商务中的应用[J].计算机工程与设计,2000,21(4):39-41,49
[76]F.Zhang,K.Kim,ID-based blind signature and ring signature from pairings,Advances in Cryptology-Asiacrpt2002,LNCS 2501,Springer-Verlag,2002,pp.533-547.
[77]C.P.Schnorr,Security of blind discrete log signatures against interactive attacks,ICICS 2001,LNCS 2229,pp.1-12,Springer-Verlag,2001.
[78]D.Wagner,A generalized birthday problem,Advances in Cryptology-Crypto 2002,LNCS 2442,pp.288-303,Springer-Verlag,2002.
[79]F.Zhang,K.Kim,Efficient ID-based blind signature and proxy signature from bilinear pairings,Proc.of ACISP2003(The 8th Australasian Conference on Information Security and Privacy),LNCS 2727,Springer-Verlag,2003,pp.312-323.
[80]Z.Huang,K.Chen and Y.Wang,Efficient Identity-Based Signatures and Blind Signatures,CANS 2005,LNCS 3810,2005,pp.120-133.
[81]D.Chaum,Untraceable electronic mail,return addresses,and digital pseudonyms[J].Communications of the ACM,1981,24(2):84-88
[82]A.Pfitzmann,M.Kohntopp.Anonymity,unobservability and pseudonymity[EB/OL].http://www.cert.org/IHW2001/terminology_proposal.pdf,2003
[83]S.Seys.Anonymity and privacy in electronic services[EB/OL].http://www.cosic.esa-t.kuleuven.ac.be/apes/docs/d2_final.pdf,2002
[84]D.Malkhi.Anonymity - Lecture Notes[R].Advanced Course in Computer and Network Security,at the Hebrew University,Jerusalem.2002
[85]赵福祥.网络匿名连接中的安全可靠性技术研究[D].西安电子科技大学,2001
[86]D.Chaum,E.Van Heyst.Group signatures.In D.W.Davies,editor,Proc.Of Eurocrypt'91,LNCS,Springer-Verlag,1992,vol.547:257-265.
[87]J.Camenisch,M.Stadler.Efficient group signature schemes for large groups.In Advances in Cryptology-CRYPYO'97,LNCS,Springer-Verlag,1997,vol.1 296:410-424.
[88]R L.Rivest,A.Shamir,Y.Tauman.How to leak a secret.In C.Boyd,editor,in Proc.Of Asiacrypt'01,LNCS,Springer-Verlag,2001,vol.2248:552-565.
[89]Bresson,Stern,Szydlo.Threshold ring signatures for ad-hoc groups.Cryptology'2002,LNCS,Berlin Heidelberg,Springer-Verlag,2002,vol.242:465-480.
[90]Fangguo Zhang,Kwangjo Kim.ID-Based blind signature and ring signature from pairings.Asiacrypt'2002,LNCS,Berlin Heidelberg Spinger-Verlag,2002,vol.2501:553-547.
[91]赵泽茂,唐向宏,卢家凰.基于身份的盲消息签名和盲参数签名方案.杭州电子科技大学学报,2006,26(3):43-46
[92]D Boneh,B Lynn,H Shacham.Short Signatures from the Weil Pairing[C].ASIACRYPT,LNCS 2248,Springer-Verlag,2001.514-532
[93]M Bellare,R Canetti,H Krawczyk.A modular approach to the design and analysis of authentication and Key exchange protocols[A].In:Proc.Of the 30th Annual Symp.On the Theory of Computing[C].New York:ACM Press,1998.419-428.
[94]R Canetti,H Krawczyk.Analysis of Key-exchange protocols and their use for building secure channels[A].In eurocrypt'01,volume 2045 of Lecture Notes in Computer Science[C].Berlin:Springer-Verlag,2001.453-474.
[95]A.Joux.A one round protocol for tripartite Diffie-Hellman.In:Algorithmic Number Theory IV-th Symposium(ANTS IV),Computer Science,2000:385-394.
[96]S Al Riyami,Paterson K.Authenticated three party key agreement protocols from pairings.Cryptology ePrint Archive,Report 2002/035,available at http://eprint.iacr.org/2002/035/.
[97]K.Shim.Efficient ID-based authenticated key agreement protocol from the Weil pairing.Elec Lett,2002,38(13);630-632.
[98]H.Sun,B.Hsieh.Security analysis of Shim's authenticated key agreement protocols from pairings.Cryptography ePrint Archive.Report 2003/113,available at http://eprint.iacr.org/2003/113,2003.
[99]G.Xie.An ID-based key agreement scheme from pairing.Cryptology ePrint Archive.Report 2005/093,available at http://eprint.iacr.org/2005/093,2005.
[100]Y J Choie,E Jeong,E Lee.Efficient identity-based authenticated key agreement protocol form pairings.Applied Mathematics and Computation,162(1):179-188.
[101]KyungAh Shim.Cryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings.http://eprint.iacr.org/2005.
[102]Y Dodis,L Reyzin,and A Smith.Fuzzy Extractors:How to Generate Strong Keys from Biometrics and Other Noisy Data[J].Proceedings from Advances in Cryptology - EuroCrypt,2004.
[103]刘颖,胡予濮等,一个高效的基于身份的门限签名方案[J].西安电子科技大学学报,2006,33(2):311-315
[104]马春波,基于双线性对的数字签名体制的研究[D].成都:西南交通大学,2002
[105]P S L M Barreto,H Y Kim and M Scott.Efficient Algorithms for Pairing Based Cryptosystems[J].Advances in Crptology-Crypto'02,LNCS 2442,M.Yung ed.,pp.354-368,Berlin:Springer-Verlag,2002.
[106]S Galbrarth,K Harrison and D Soldera.Implementing the Tate Pairing[J].ANTS 2002,LNCS 2369,C.Fieker and D.R.Kohel eds.,pp.324-337,Berlin:Springer-Verlag,2002.
[107]F Hess.Efficient Identity Based Signature Schemes Based on Pairings[J].Selected Areas in Cryptography-SAC'02,LNCS 2595,K.Nyberg ed.,pp.310-324,Berlin:Springer-Verlag,2003.
[108]Xiaofeng Chen,Fangguo Zhang,D M Konidala et al.New ID-based threshold signature scheme from bilinear pairings[J]// Indocrypt 2004:LNCS 3348.Berlin:Springer-Verlag,2004.371-383
[109]D Maltoni,D Mmaio,A Jain,and S Prabhakar.Handbook of Fingerprint Recognition[M].Springer,2003
[110]J E Hutchinson,Fractals,self-similarity,Indiana University Mathematics Journal,1981 / 30 / P713-747
[111]K Falconer,"Fractal Geometry",Wiley&sons,1990
[112]F Michael.Barnsley,"Fractals Everywhere",Morgan Kaufmann,Publishers,April,2000
[113]C.E Shanoon.A mathematical theory of communication.Bell systems Technical Journal,27(3):379-423,July 1948.
[114]C.E Shanoon.A mathematical theory of communication.Bell systems Technical Journal,27:623-656,Oct 1948.Continued from July 1948 issue(i.e.,[113]).
[115]L.M.Kohnfelder.Towards a Practical Public-key Cryptsystem.MIT B.S.Thesis,MIT Department of Electrical engineering,May 1978.
[116]杨义先,钮心忻.网络安全理论与技术[M]。北京:人民邮件出版社,2003.270-277.
[117]D Boneh,M Franklin.Identity-Based Encryption from Weil Pairing[C].Advances in Cryptology,CRYPTO2001,Lecture Notes in Computer Science,Springer-Verlag,2001,213-229.
[118]L Lu,L Hu.Improved ID-based encryption.Journal of th Graduate School of the Chinese Academy of Sciences,2005,22(6):751-760.
[119]S Sattam Al-Riyami,G Kenneth Paterson.Certificateless Public Key Cryptography[EB/OL].http://eprint.iacr.org/2003/126.pdf.
[120]L Benoit,Q Jean-Jacques.New Identity-Base Signature Schemes from Pairings[EB/OL].http://eprint.iacr.org/2003/023.
[12I]J C Cha,J H Cheon.An Identity-Based Signature from Gap Diffie-Hellman Groups[EB/OL].http://eprint.iacr.org/2002/018.
[122]J Caminisch,V Shoup.Practice Verifiable Encryption and Decryption of Discrete Logarithms[C].Proceedings of CRYPTO2003,Springer-Verlag,2003.
[123]G Atenise.Efficient Verifiable Eneryption(and Fair Exchange)of Digital Signatures[C].Singapore:Proceedings of the 6th ACM Conference on Computer and Communications Security,1999.138-146.
[124]Xavier Boyen.Multipurpose Identity-Based Signcryption[EB/OL].http://eprint.iacr.org/2003/163.pdf.
[125]D H Yum,P J Lee.Identity-based Cryptography in Public Key Management[C].Proc.Of EuroPKI'04,2004:71-84.
[126]R Sakai,K Ohgishi,M Kasahara.Cryptosystems based on pairing.In:The 2000 Symposium on Cryptography and Information Security.Okinawa Japan,2000
[127] NP Smart. An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters, 2002,38(13):630-62.
[128] R Cramer, V Shoup. A practical public key cryptosystem provable secure against adaptive chosen cipher text attack. In: Advances in Cryptology Crypto'98. Vol. 1462 of LNCS. Springer-Verlag, 1998. 13-25
[129] O Goldreich, B Pfitzmann, Rivest R. Self-delegation with controlled propagation -or- What if you lose your laptop. In: Advances in Cryptology Crypto'98, Vol.1462 of LNCS, Springer-Verlag, 1998. 153-168
[130] A Joux. Aone round protocol for tripartite Diffie-Hellman. In: Proc. Fourth Algorithmic Number Theory Symposium, Lecture Notes in Computer Science, Springer-Verlag, 2000.385-394.
[131] S Mitsunari., R. Sakai and M. Kasahara. A new traitor tracing, IEICE Trans. Vol. E85-A, No.2, pp.481-484,2002.
[132] Fangguo Zhang, Reihaneh Safavi-Naini, Willy Susilo. An Effcient Signature Scheme from Bilinear Pairings and Its Applications[C]. Proceedings of PKC, 2004
[133] P.R Zimmermann.. The Official GP User's guide. MIT Press, Cambridge, Massachusetts, 1995. Second Printing.
[134] A Shamir. How to Share a Secret. Communications of the ACM, 1979,22(11): 612-613.
[135] G. R.Blakley. Safeguarding cryptographic keys. In Proc. AFIPS 1979 National Computer Conference, Vol. 48, pp. 313-317. AFIPS, 1979.
[136] M Bellare. and P.Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pp. 62-73,1993.
[137] A Fiat. and A. Shamir. How to prove yourself: Practical Solutions to identification and signature problems. Advance in Cryptology-Crypto'86, LNCS 263, A. Odlyzko ed., pp. 186-194, Berlin: Springer-Verlag, 1986.
[138]M. Brown, D. Cheung, D. Hankerson, J. Hernandez, M. Kirkup, and A. Menezes. PGP in constrained wireless devices. In Proceedings of the 9~(th) USENIX Security Symposium, pages 247-261. USENIX, August 2000.