可信密码学计算的关键技术及其在电子商务中的应用
|
摘要
本文对可信密码学计算的关键技术进行比较深入的研究,内容包括高效的知识证明协议、可信的公钥加密与不经意加密、高安全性的数字签字与匿名数字签字、可信的电子商务协议设计等问题,提高这些密码学原型与系统的安全性与效率。主要成果有:
1、在知识证明技术方面,给出一个简单的知识证明协议,证明一个秘密整数在特定区间内,用于电子商务系统和论文中其它协议的设计。该协议比Boudot给出的协议更简单,效率更高。
2、在加密和可信加密技术方面,首次将对称密码的核心技术非线性S盒用于设计公钥密码系统,给出基于子集和问题的公钥密码体制的新设计,改进可验证的ElGamal加密和RSA加密。提出利用迭代S盒模拟指数运算,从而模拟基于离散对数问题的密钥协商,公钥加密和数字签字。给出一个实例,在该实例中S盒的迭代远远快于模指数计算。其模拟的离散对数密码系统较RSA和ElGamal系统快大约300倍。由于从S盒的输入和输出计算S盒的迭代次数不比离散对数容易,因此该系统可以使用更短的公钥和私钥达到同等的安全性。这一方法有很高的应用前景。使用高密度随机背包问题,模拟ElGamal密码体制和McEliece密码体制。在高密度随机背包困难性假设下,可以证明方案在唯密文攻击下是安全的。在计算上的效率大约是RSA体制的14000倍。由于背包问题是NP-完全问题,该方案有望抗击未来的量子敌手。改进Stadler的ElGamal可验证加密方案,使可公开验证的ElGamal加密仍然具有语义安全性,并推广到多接收者的ElGamal加密情形;给出可公开验证的RSA加密,效率较通用构造方法高。
3、在数字签字与认证方面,给出对抗量子敌手的数字签字的计算复杂性假设和签字模型,提出基于随机高密度背包问题的数字签字方案。在合理的参数设置和复杂性假设下,该方案具有接近于RSA签字的复杂性,并可能抗击量子敌手的攻击。首次提出利用不可逆物理过程的数字签字,基于热力学第二定律建议一个数字签字方案,对签字的实现进行离散化处理。扩展Able等的环签字通用方法,使其可以用于使用分割-选择技术的知识签字。利用该方法,基于图同构问题给出一个环签字。首次提出共享公钥但私钥独立的匿名签字概念,从原理上解决在Ad Hoc群体中匿名签字复杂性线性增长的问题。基于NP-完全的弱独立性问题,给出一个具体的签字方案。
4、在可信不经意加密方面,基于离散对数问题,给出具有最优在线效率的适应性和非适应性不经意传输。该方案最先实现具有最优在线效率的适应性和非适应性不经意传输,也不可能有更高在线效率的设计。提高上述方案的安全性,使得不经意传输具有可公开验证性,保证协议的输入和输出是可信的。
An investigation of the key techniques of trusted cryptographic computation is taken in this thesis, including efficient knowledge proofs, trusted public-key encryptions and oblivious encryptions, digital signatures and anonymous signatures with high security, and trusted electronic commerce. Attention is focused on improving the security and efficiency of such cryptographic primitives. The main contributions follow below.
1. The first aspect is about knowledge proof techniques. A simple knowledge proof to prove that one secret integer lies in a specific interval is proposed. The proposal is much simpler but more efficient than the proof protocol due to Boudot.
2. The second aspect is about encryptions and trusted encryptions. The core technique in symmetric cryptosystem, i.e., nonlinear S-Box, is first introduced to public-key cryptosystem. Novel public-key cryptosystems are suggested using random high-density knapsack problem to simulate ElGamal/McEliece cryptosystems. Improvements of ElGamal encryption and RSA encryption are proposed. An approach is proposed to efficiently simulate exponentiation operation using iteration of S-Box, and then to implement the key agreement, public-key encryption and digital signature based on discrete logarithm problem. A concrete instance is presented in which the S-Box iteration is much less time-consuming than modular exponentiation. The analog of DLP-based cryptosystems is about 300 times more efficient than RSA cryptosystem or ElGamal cryptosystem. Since it is more difficult to determine the times of iterations from the input and output of S-Box than to compute discrete logarithm, smaller key size is possible to achieve the same security. Therefore, the new method to design public-key cryptosystem is enjoying a promising application. Under the assumption that the random high-density knapsack problem is infeasible, the proposed schemes are provably secure against ciphertext-only attack. The schemes are computationally 14000 times more efficient than RSA cryptosystem. Since knapsack problem is NP-complete, the scheme seems secure against quantum adversaries in the future. The publicly verifiable ElGamal encryption due to Stadler is improved to meet semantic security and extended to multiple-receiver settings. Also, a new publicly verifiable RSA encryption is suggested, which is more efficient than the generic construction.
3. The third aspect is about digital signatures. The computation complexity assumptions and signature pattern are formalized against quantum adversaries. According to the pattern, a digital signature based on random high-density knapsack problem is proposed. Under rational complexity assumptions and security parameters, the scheme enjoys the same computation cost as that of RSA signature but plausible security against quantum adversaries. Digital signatures are first proposed using irreversible physical process. Based on the second principle of thermodynamics, a digital signature is presented and its implementation in discrete model is considered. The generic ring signature method due to Abe is extended to meet knowledge signature using cut-and-choose technique. Based on the graphic isomorphism problem, a ring signature is proposed using the extended method. The concept of shared-key signature is first formalized to implement anonymous signature. It overcomes the born
inefficiency of ring signature in which the complexity of signature grows with the possible number of ring members. Based on the NP-complete weak independence problem, a concrete scheme is proposed to exemplify the shared-key signature.
4. The fourth aspect is about trusted oblivious encryptions. Based on discrete logarithm problem, adaptive and non-adaptive oblivious transfers are proposed with optimal online complexity. The schemes are the first ones to realized oblivious transfers with optimal online complexity, i.e., there exists no design with more online efficiency than our schemes. The schemes are also improved to meet public verifiability and ensure the outputs of the protocols are trustable.
5. The fifth aspect is about applications of trusted cryptographic computations. Publicly verifiable electronic auctions are proposed to break the trust bottleneck in electronic auction. The first cryptographic bargain is implemented to ensure the output of protocol is trustable. The scheme is efficient and simple to implement.
The thesis implements the trustworthiness of the cryptographic primitives and protocols without trusted third parties. Their trustworthiness is based on computational complexity assumptions rather than trust assumptions.
1、在知识证明技术方面,给出一个简单的知识证明协议,证明一个秘密整数在特定区间内,用于电子商务系统和论文中其它协议的设计。该协议比Boudot给出的协议更简单,效率更高。
2、在加密和可信加密技术方面,首次将对称密码的核心技术非线性S盒用于设计公钥密码系统,给出基于子集和问题的公钥密码体制的新设计,改进可验证的ElGamal加密和RSA加密。提出利用迭代S盒模拟指数运算,从而模拟基于离散对数问题的密钥协商,公钥加密和数字签字。给出一个实例,在该实例中S盒的迭代远远快于模指数计算。其模拟的离散对数密码系统较RSA和ElGamal系统快大约300倍。由于从S盒的输入和输出计算S盒的迭代次数不比离散对数容易,因此该系统可以使用更短的公钥和私钥达到同等的安全性。这一方法有很高的应用前景。使用高密度随机背包问题,模拟ElGamal密码体制和McEliece密码体制。在高密度随机背包困难性假设下,可以证明方案在唯密文攻击下是安全的。在计算上的效率大约是RSA体制的14000倍。由于背包问题是NP-完全问题,该方案有望抗击未来的量子敌手。改进Stadler的ElGamal可验证加密方案,使可公开验证的ElGamal加密仍然具有语义安全性,并推广到多接收者的ElGamal加密情形;给出可公开验证的RSA加密,效率较通用构造方法高。
3、在数字签字与认证方面,给出对抗量子敌手的数字签字的计算复杂性假设和签字模型,提出基于随机高密度背包问题的数字签字方案。在合理的参数设置和复杂性假设下,该方案具有接近于RSA签字的复杂性,并可能抗击量子敌手的攻击。首次提出利用不可逆物理过程的数字签字,基于热力学第二定律建议一个数字签字方案,对签字的实现进行离散化处理。扩展Able等的环签字通用方法,使其可以用于使用分割-选择技术的知识签字。利用该方法,基于图同构问题给出一个环签字。首次提出共享公钥但私钥独立的匿名签字概念,从原理上解决在Ad Hoc群体中匿名签字复杂性线性增长的问题。基于NP-完全的弱独立性问题,给出一个具体的签字方案。
4、在可信不经意加密方面,基于离散对数问题,给出具有最优在线效率的适应性和非适应性不经意传输。该方案最先实现具有最优在线效率的适应性和非适应性不经意传输,也不可能有更高在线效率的设计。提高上述方案的安全性,使得不经意传输具有可公开验证性,保证协议的输入和输出是可信的。
An investigation of the key techniques of trusted cryptographic computation is taken in this thesis, including efficient knowledge proofs, trusted public-key encryptions and oblivious encryptions, digital signatures and anonymous signatures with high security, and trusted electronic commerce. Attention is focused on improving the security and efficiency of such cryptographic primitives. The main contributions follow below.
1. The first aspect is about knowledge proof techniques. A simple knowledge proof to prove that one secret integer lies in a specific interval is proposed. The proposal is much simpler but more efficient than the proof protocol due to Boudot.
2. The second aspect is about encryptions and trusted encryptions. The core technique in symmetric cryptosystem, i.e., nonlinear S-Box, is first introduced to public-key cryptosystem. Novel public-key cryptosystems are suggested using random high-density knapsack problem to simulate ElGamal/McEliece cryptosystems. Improvements of ElGamal encryption and RSA encryption are proposed. An approach is proposed to efficiently simulate exponentiation operation using iteration of S-Box, and then to implement the key agreement, public-key encryption and digital signature based on discrete logarithm problem. A concrete instance is presented in which the S-Box iteration is much less time-consuming than modular exponentiation. The analog of DLP-based cryptosystems is about 300 times more efficient than RSA cryptosystem or ElGamal cryptosystem. Since it is more difficult to determine the times of iterations from the input and output of S-Box than to compute discrete logarithm, smaller key size is possible to achieve the same security. Therefore, the new method to design public-key cryptosystem is enjoying a promising application. Under the assumption that the random high-density knapsack problem is infeasible, the proposed schemes are provably secure against ciphertext-only attack. The schemes are computationally 14000 times more efficient than RSA cryptosystem. Since knapsack problem is NP-complete, the scheme seems secure against quantum adversaries in the future. The publicly verifiable ElGamal encryption due to Stadler is improved to meet semantic security and extended to multiple-receiver settings. Also, a new publicly verifiable RSA encryption is suggested, which is more efficient than the generic construction.
3. The third aspect is about digital signatures. The computation complexity assumptions and signature pattern are formalized against quantum adversaries. According to the pattern, a digital signature based on random high-density knapsack problem is proposed. Under rational complexity assumptions and security parameters, the scheme enjoys the same computation cost as that of RSA signature but plausible security against quantum adversaries. Digital signatures are first proposed using irreversible physical process. Based on the second principle of thermodynamics, a digital signature is presented and its implementation in discrete model is considered. The generic ring signature method due to Abe is extended to meet knowledge signature using cut-and-choose technique. Based on the graphic isomorphism problem, a ring signature is proposed using the extended method. The concept of shared-key signature is first formalized to implement anonymous signature. It overcomes the born
inefficiency of ring signature in which the complexity of signature grows with the possible number of ring members. Based on the NP-complete weak independence problem, a concrete scheme is proposed to exemplify the shared-key signature.
4. The fourth aspect is about trusted oblivious encryptions. Based on discrete logarithm problem, adaptive and non-adaptive oblivious transfers are proposed with optimal online complexity. The schemes are the first ones to realized oblivious transfers with optimal online complexity, i.e., there exists no design with more online efficiency than our schemes. The schemes are also improved to meet public verifiability and ensure the outputs of the protocols are trustable.
5. The fifth aspect is about applications of trusted cryptographic computations. Publicly verifiable electronic auctions are proposed to break the trust bottleneck in electronic auction. The first cryptographic bargain is implemented to ensure the output of protocol is trustable. The scheme is efficient and simple to implement.
The thesis implements the trustworthiness of the cryptographic primitives and protocols without trusted third parties. Their trustworthiness is based on computational complexity assumptions rather than trust assumptions.
引文
[AD96] Miklos Ajtai, Cynthia Dwork, A Public Key Cryptosystem with worst-case/average-case Equivalence, November 8,1996.
[Adl83] L. M. Adleman: On breaking generalized knapsack public key cryptosystems, Proceedings of the 15th ACM Symposium on Theory of Computing, pages 402-412,1983.
[AH01] M. Abe and F. Hoshino. Remarks on mix-network based on permutation network. In Proc. PKC’01, LNCS 1992, pp. 317-324, Springer-Verlag, 2001.
[Ahu996] Ahuja, V., Network and security, Academic Press, 1996.
[Ajt96] Miklos Ajtai, Gnenerating Hard Instances of Lattice Problems, In proceedings of the 28th Annual ACM symposium on Theory of computing, pages 99-108, 1996.
[AOS02] M. Abe, M. Ohkubo, and K. Suzuki: 1-out-of-n Signatures from a Variety of Keys, Asiacrypt’02, 2002, Springer-Verlag, pages 415-432, 2002.
[AS01] P. D’Arco, D. R. Stinson: Generalized Zig-zag Functions and Oblivious Transfer Reductions, SAC 2001, LNCS 2259, pages 87-103, 2001.
[AS02] M. Abe and K. Suzuki: M+1-st price auction using homomorphic encryption, In Proceedings of the 5th International Conference on Public Key Cryptography (PKC-02), Springer-Verlag, pages 115-124 , 2002.
[AS97] M. Abe and K. Suzuki: M+1-st price auction using homomorphic encryption, In Proceedings of Public Key Cryptography (PKC02), Springer-Verlag, pp.115-124, 2002.
[ASW98] N. Asokan, Victor Shoup, Michael Waidner: Asynchronous Protocols for Optimistic Fair Exchange; 1998 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos, 86-99, 1998.
[ASW98]Asokan N, Shoup V, Waidner M. Optimistic fair exchange of digital signatures. In EUROCRYPT’98, Paris, France, Springer Verlag, LNCS, 1998, vol. 1403: 591-606.
[BB87] Bennett C, Brassard G. Quantum cryptography reinvented. SIGACT News, 1987,18: 51-53.
[BBBV97] C. H. Bennett, E. Bernstein, G. Brassard, and U. Vazirani. Strengths and weaknesses of quantum computing. SIAM J. Comput.26, 5, pp.1510 –1523, 1997.
[BC97] G. Brassard, C. Crépeau: Oblivious Transfers and Privacy Amplification, Eurocrypt’97, Lecture Notes in Computer Science 1233, Springer-Verlag, pages 334-346, 1997.
[BCDV88] Brickell, E. Chanum, D., Damgard, I., Van de Graaf, J. Gradual and verifiable release of a secret [A], Proceedings of CRYPTO’87 [C]. Berlin: Springer-Verlag, 1988.156-166.
[BCGST02] H. Barnum, C. Crepeau, D. Gottesman, A. Smith, and A. Tapp, “Authentication of quantum messages,”Manuscript, 2002.
[BCR86] G. Brassard, C. Crépeau, J.-M. Robert: Information theoretic reduction among disclosure problems, In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 168-173, 1986.
[BCR87] G. Brassard, C. Crepeau, J.-M. Roberts: All-or-Nothing Disclosure of Secrets, CRYPTO’86, LNCS 263, Springer-Verlag, pp. 234-238, 1987.
[BCS96]G. Brassard, C. Crepeau, M. Santha: Oblivious Transfer and Intersecting Codes, IEEE Trans. on Inf. Th., special issue in coding and complexity, Vol. 42, No. 6, pages 1769-1780, 1996.
[BDF00] F. Bao, R. Deng, P. Feng: An Efficient and Practical Scheme for Privacy Protection in E-Commerce of Digital Goods, Proceedings of The 3rd International Conference on Information Security and Cryptology, LNCS 2015, Springer-Verlag, pages 162-170, 2000.
[Bea93] D. Beaver: How to Break a “Secure”Oblivious Transfer Protocols, Eurocrypt’92, Lecture Notes in Computer Science 658, Springer-Verlag, pages 285-196, 1993.
[BFKR97] D. Beaver, J. Feigenbaum, J. Kilian, P.Rogaway: Locally Random Reductions: Improvements and Applications, Journal of Cryptology 10 (1), pages 17-36, 1997.
[BGGY98] M. Bellare, J. Garay, C. Jutla and M. Yung. VarietyCash: A Multi-purpose Electronic Payment System. In Proceedings of the 3rd Usenix Workshop on Electronic Commerce, Usenix, 1998.
[BGH00] Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herrreweghen, Michael Waidner: Design, implementation and deployment of the iKP secure electronic payment system; IEEE Journal on Selected Areas in Communications, 18(4), April 2000, 2000.
[BGW88] M. Ben-Or, S. Goldwasser, A. Wigderson: Completeness Theorems for Non-cryptographic Fault-tolerant Distributed Computation, Proceedings of the 20th ACM Symposium on the Theory of Computing, pages1-10, 1988.
[BL95] Dan Boneh and Richard J. Lipton. Quantum cryptanalysis of hidden linear functions (extended abstract). In Don Coppersmith, editor, Advances in Cryptology-CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages pp. 424-437. Springer-Verlag,1995.
[Blu86] M. Blum. How to prove a theorem so no one else can claim it. In Proc. of the International Congress of Mathematicians, Berkeley, CA, pp. 1444-1451, 1986.
[BM90] M. Bellare, S. Micali: Non-interactive Oblivious Transfer, Proceedings of Advances in Crypto’89, Lecture Notes in Computer Science 435, Springer-Verlag, pages 547-557, 1990.
[Boe91] B. den Boer: Oblivious Transfer Protecting Secrecy, Proceedings of Advances in Cryptology-Eurocrypt’90, Lecture Notes in Computer Science 473, Springer-Verlag, pages 31-45, 1991.
[Bou00] Fabrice Boudot. Efficient proofs that a committed number lies in an interval. Proceedings of Eurocrypt’00. pp.431-444. Springer-Verlag, 2000.
[Boy89] J. Boyar. Inferring sequences produced by pseudo-random number generators. J. of the ACM, 36(1):129-141, January 1989.
[Bra02] F. Brandt: Secure and private auctions without auctioneers, Technical Report FKI-245-02, Institut füInformatik, Technische University Muhen, 2002.
[BRGL02] S. Berninghaus, H.-J. Ramser, W. Güth, R. Lechler: Decentralized versus collective bargaining-An experimental study, International Journal of Game Theory, Vol.30 pp. 437-448, 2002.
[Bri88] Brickell, E. F.,“The cryptanalysis of knapsack cryptosystems,”R.D. Ringeisen and F.S. Roberts (Eda.), Applications of Discrete Mathematics, pp.3-23, SIAM, 1988
[BSZ02] E. Bresson, J. Stern and M. Szydlo: Threshold ring signature for ad-hoc groups. In Proc. Crypto’02, LNCS 2442, pp. 465-480, Springer-verlag, 2002. The full version is available online at www.di.ens.fr/~bresson.
[BW88] J. Buchmann and H.C. Williams. A key-exchange system based on imaginary quadratic fields. Journal of Cryptology, 1(3): pp. 107-118, 1988.
[BW89] J. Buchmann and H.C. Williams. A key exchange system based on real quadratic fields. In G. Brassard, editor, Advances in Cryptology -CRYPT '89, volume 435 of Lecture Notes in Computer Science, pages pp 335-343. Springer-Verlag, 1989.
[Cac98] C. Cachin: On the Foundations of Oblivious Transfer, Proceedings of Advances in Cryptology-Eurocrypt’98, Lecture Notes in Computer Science 1403, Springer-Verlag, pages 361-374, 1998.
[Cam97] J. Camenisch: Efficient and generalized group signatures. In Proc.Eurocrypt’97, LNCS 1233, pp. 465-479, Springer-verlag, 1997.
[Can03] Richard Cannings: A Quantum Algorithm to Break the Key Exchange System over Imaginary Quadratic Fields.
[CDKS98] B. Chor, O. Goldreich, E. Kushilevitz, M. Susdan: Private Information Retrieval, Journal of the ACM 45(6), pages 965-982, 1998.
[CDS94] R. Cramer, I. Damgard, and B. Schoenmakers: Proofs of partial knowledge and simplified design of witness hiding protocols, In Y. G. Desmedt, editor, Advances in Cryptology-CRYPTO’94, volume 839 of Lecture Notes in Computer Science, Springer-Verlag, pages174-187, 1994.
[CEG87] D. Chaum, J. H. Evertse, Van de Graaf, J. An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations. Proceedings of Eurocrypt’87. pp.127-141. Springer-Verlag, 1987.
[CEVG87] Chaum, D., Evertse, J. H., Van de Graaf, J. An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations [A]. Proceedings of EUROCRYPT’87 [C]. Berlin: Springer-Verlag, 1987,127-141.
[CFN90] David Chaum, Amos Fiat, Moni Naor: Untraceable Electronic Cash; Crypto'88, LNCS 403, Springer-Verlag, pp.319-327, 1990.
[CFTE98] Chan, A., Frankel, Y., Tsiounis, Y. Easy come-easy go divisible cash [A]. Proceedings of EUROCRYPT’98[C]. Berlin: Springer-Verlag, 1998. 561-575.
[CGS02] C. Crepeau, D. Gottesman, and A. Smith: Quantum multi-party computation. In Proceedings of STOC 2002, May 2002.
[CGS97] R. Cramer, R. Gennarro, and B. Schoenmakers: A secure and optimally efficient multi-authority election scheme. In Proc. Eurocrypt’97, LNCS 1233, pp.103-118. Springer-Verlag, 1997.
[CGT95] C. Crépeau, J. van de Graff, A. Tapp: Committed Oblivious Transfer and Private Multi-party Computations, Proceedings of Advances in Cryptology-Crypto 95, Lecture Notes in Computer Science 963, Springer-Verlag, pages 110-123, 1995.
[CH03] H. F. Chau1y and Hoi-Kwong Lo: Making An Empty Promise With A Quantum Computer. HKUPHYS-HFC-03.
[CH92] D. Chaum and E. van Heyst: Group signatures. In Proc. Eurocrypt’91, LNCS 547, pp. 257-265, Springer-Verlag, 1992.
[Cha87] D. Chaum. Demonstrating that a public predicate can be satis_ed without revealing any information about how. In A.M. Odlyzko, editor, Advances in Cryptology Proceedings of CRYPTO'86, Lecture Notes in Computer Science 263, pages 195-199. Springer-Verlag, 1987.
[Cha89] David Chaum: Privacy Protected Payments Unconditional Payer and/or Payee Untrace-ability; SMART CARD 2000: The Future of IC Cards, Proceedings of the IFIP WG 11.6 International Conference, pp. 69-93, 1989.
[Che92] T. M. Chee: The Cryptanalysis of a New Public-key Cryptosystem Based on Modular Knapsacks, Advances in Cryptology-CRYPTO’91, Springer-Verlag, pages 204-212, 1992.
[Che93] Chee, T.M.,“The cryptanalysis of a new public-key cryptosystem based on modular knapsacks, ”Advances in Cryptology-CRYPTO’91 Proceedings, Springer-Verlag, pp.204-212, 1992
[CKM01] K. Chida, K. Kobayashi, and H. Morita G. D.: Efficient Sealed-Bid Auctions for Massive Numbers of Bidders with Lump Comparison, Davida and Y. Frankel (Eds.): ISC 2001, LNCS 2200, pages 408–419, 2001.
[CMS96] Camenisch J, Maurer U, Stadler M. Digital payment systems with passive anonymity revoking trustees. In Computer Security—ESORICS’96, Berlin, German, Springer-Verlag, LNCS,1996, vol. 1146: 33-43.
[Cop96] D. Coppersmith. Finding a small root of a univariate modular equation. In Eurocrypt '96, 1996.
[CP93] Chaum D, Pedersen T R. Wallet databases with observers. In CRYPTO’92, Florida, America, Springer-Verlag. LNCS, 1993, vol.740: 89-105.
[CR85] Chor, Ben-zion. And Rivest, R. L.,“A knapsack type public-key cryptosystem based on arithmetic in finite field,”Advances in Cryptology-CRYPTO’84 Proceedings, pp.54-65, Springer-Verlag, 1985
[Cré88] C. Crépeau: Equivalence between Two Flavors of Oblivious Transfers, Proceedings of Advances in Cryptology-Crypto’87, Lecture Notes in Computer Science 293, Springer-Verlag, pages 350-354, 1988.
[Cre94] Cr?peau, C., “Quantum Oblivious Transfer", Journal of Modern Optics, vol. 41, no 12, December 1994, pp. 2445-2454.
[Des88] Desmedt, Y.,“What happened with knapsack cryptographic schemes,”Performance Limits in Communication, Theory and Practice, NADTO ASI Series E: Applied Sciences, Vol. 142, Kluwer Academic Publishers, pp.113-134, 1988
[Des88] Y. Desmedt: What Happened with Knapsack Cryptographic Schemes, Performance Limits in Communication, Theory and Practice, NADTO ASI Series E: Applied Sciences, Vol. 142, Kluwer Academic Publishers, pages 113-134, 1988.
[DH76] W. Di_e and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22:644-654, November 1976.
[DM99] Y. Dodis, S. Micali: Lower Bounds for Oblivious Transfer Reduction, EUROCRYPT’99, LNCS 1592, Springer -Verlag, pages 42-54, 1999.
[DMS00] Dumais, P., D. Mayers, and L. Salvail, “Perfectly Concealing Quantum Bit Commitment From Any Quantum One-Way Permutation", Advances in Cryptology:
EUROCRYPT’00: Proceedings, Lecture Notes in Computer Science, vol. 1807,
Springer-Verlag, 2000, pp. 300-315.
[Dwo98] C. Dwork. Lattices and their application to cryptography. Stanford University, Springer Quarter Press. 1998.
[EGL85] S. Even, O. Goldreich, A. Lempel: A Randomized Protocol for Signing Contracts, Communications of the ACM 28, pages 637-647, 1985.
[ElG85] T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, CRYPRO’84, pp.10-18, Springer-verlag 1985.
[ElG85] T. ElGamal: A public-key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31 (1985) pp.469-473.
[FFS87] U. Feige, A. Fiat and A. Shamir: Zero-knowledge proofs of identity. ACM Special Interest Group on Algorithms and Computation Theory (SIGACT), pp. 210-217, 1987.
[FHKS88] A. M. Frieze, J. Hastad, R. Kannan, J. C. Lagarias, and A. Shamir. Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Comput., 17(2), April 1988.
[FO97] Fujisaki, E., Okamoto, T. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO’97, Francisco, America, Springer Verlag, LNCS, 1997, vol.1294: 16-30.
[FR96] M. Franklin and M. Reiter: The design and implementation of a secure auction service, IEEE Trans. on Software Engineering, 22(5): 302-312, 1996.
[FS87] A. Fiat and A. Shamir. How to prove yourself: practical solutions of identification and signature problems. In Proc. Crypto’86, LNCS 263, pp. 186-194, Springer-Verlag, 1987.
[FS96] Fischer, J. B. and J. Stern, “An efficient pseudo-random generator provably as secure as syndrome decoding", Advances in Cryptology: EUROCRYPT’96: Proceedings, Lecture Notes in Computer Science, vol. 1070, Springer-Verlag, 1996, pp. 245 -255.
[FTY96] Frankel Y, Tsiounis Y, Yung M. Indirect discourse proofs: achieving efficient fair on-line e-cash. In ASIACRYPT’96, Tokyo, Japan, Springer-Verlag, LNCS, 1996, vol. 1163: 68-82.
[GC01] Gottesman D, Chuang I. Quantum digital signatures, http://arxiv.org/abs/quant-ph/ 0105032, 2001.
[GGH96] Oded Goldreich, Shafi Goldwasser, Shai Halevi, Public Key Cryptosystem from Lattice Reduction Problems, November 12, 1996
[GMR89] S. Goldreich, S. Micali and C. Rackoff: The knowledge complexity of interactive proof systems,SIAM J. Comptuting, vol. 18, pp. 186-208, 1989.
[GMW87] O. Goldreich, S. Micali and A. Wigderson: How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design. In Proc. Crypto’86, pp. 171-185, Springer-verlag, 1987.
[Gord93] Daniel M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. discrete Math. 6 (1993), no. 1, 124–138.
[GS98] David M. Goldschlag, Stuart G. Stubblebine: Publicly Verifiable Lotteries: Applications of Delaying Functions. In Financial Cryptography 1998, LNCS1465, Anguilla, British West Indies, February 1998.
[GV88] O. Goldreich, R. Vainish: How to Solve any Protocol Problem: An Efficient Improvement, Proceedings of Advances in Cryptology–Crypto’87, Lecture Notes in Computer Science 293, Springer-Verlag, pages73-86, 1988.
[Hal02] Sean Hallgren. Polynomial-time quantum algorithms for pell's equation and the principal ideal problem. To appear in proceedings of STOC'02, 2002.
[HDK98] Michael Harkav, J. D. Tygar, Hiroaki Kikuchi: Electronic Auctions with Private Bids; 3rd USENIX Workshop on Electronic Commerce, 61-73, 1998.
[HKI03] W. Ham, K. Kim, H. Imai: Yet Another Strong Sealed-Bid Auctions. To appear at Proceedings of SCIS 2003.
[HPS98] J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed public key cryptosystem, in Algorithmic Number Theory (ANTS III), Portland, OR, June 1998, Lecture Notes in Computer Science 1423 (J.P. Buhler, ed.), Springer-Verlag, Berlin, 1998, 267–288.
[HS03] Norbert Hungerbüuhler and Michael Struwe: A one-way function from thermodynamics and applications to cryptography,Elem. Math. 58 (2003) 1 –16,013-6018/03/020001-16。
[HSK91] H. A. Hussain, J. W. A. Sada, and S. M. Kalipha: New Multistage Knapsack Public-key Cryptosystem, International Journal of Systems Science, Vol. 22, No. 11, pages 2313-2320, Nov. 1991.
[IR89] R. Impagliazzo and S. Rudich: Limits on the Provable Consequences of One-Way Permutations, 20th ACM Symp. on the Theory of Computing, pages 44-61, 1989.
[JS92] A. Joux, and J.Stern: Cryptanalysis of Another Knapsack Cryptosystem, Advances in Cryptology-ASIACRYPT’91 Proceedings, Springer-Verlag, pages 470-476, 1992.
[JS93] Joux, A. and Stern, J.,“Cryptanalysis of another knapsack cryptosystem,”Advances in Cryptology-ASIACRYPT’91 Proceedings, Springer-Verlag, pp.470-476, 1993
[JSI96] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Proc. Eurocrypt’96, LNCS 1070, pp. 143-154, Springer-Verlag, 1996.
[KC97] Lo, H.-K. and H. F. Chau, “Is quantum Bit Commitment Really Possible?", Physical Review Letters, vol. 78, no 17, April 1997, pp. 3410-3413.
[KHAN00] H. Kikuchi, S. Hotta, K. Abe, and S. Nakanishi: Resolving winner and winning bid without revealing privacy of bids, In Proceedings of the International Workshop on Next Generation Internet (NGITA), pages 307-312, 2000.
[Kil88] J. Kilian: Founding Cryptography on Oblivious Transfer, Proceedings of the 20th ACM Symposium on Theory of Computing, pages 20-31, 1988.
[Kob87] N. Koblitz. Elliptic curve cryptosytems. Mathematics of Computation, 48(177): 203-209, 1987.
[KSL03] Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le: Lightweight Mobile Credit-Card Payment Protocol, INDOCRYPT 2003, LNCS 2904, Springer-Verlag, pp. 295-308, 2003.
[LAN02] H. Lipmaa, N. Asokan, and V. Niemi: Secure Vickrey auctions without threshold trust, In Proceedings of the 6th Annual Conference on Financial Cryptography, 2002.
[LC99] Lo H, Chau H F. Unconditional Security Of Quantum Key Distribution Over Arbitrarily Long Distances. Science, 1999, 283: 2050-2056.
[LCOS91] B. A. LaMacchia M.J. Coster, A. M. Odlyzko, and C. P. Schnorr. An improved low-density subset sum algorithm. In EUROCRYPT, 1991.
[Lib] Richard L. Libo: Introductory Quantum Mechanics. Addison-Wesley Publishing Company, 2nd edition.
[LL79] Lu S. C. and Lee, L.N., A simple and efficient public-key cryptosystem, COMSAT Technical review, pp. 15-24,1979
[LL79] S. C. Lu and L. N. Lee: A Simple and Efficient Public-key Cryptosystem, COMSAT Technical review, pages 15-24, 1979.
[LLHS89] C. S. Laih, J. Y. Lee, L. Harn and Y. K. Su: Linearly shift knapsack public key cryptosystem, IEEE J. SAC-7 No.4 534-539, 1989.
[LLHS89] Laih C. S., Lee J. Y., Harn L. and Su Y. K.,“Linearly shift knapsack public key cryptosystem,”IEEE J. SAC-7 No.4 534-539, 1989
[LLL82] A. K Lenstra, Jr. H. W. Lenstra, and Lovasz. Factorization polynomials with rational coefficients, Mathematische Annalen, 261, pp.515-534, 1982.
[LO83] J. C. Lagarias, and A. M. OdlyPKo: Solving Low-density Subset Sum Problems, Proceedings of the 24th IEEE Symposium on Foundations of Computer Science, pages 1-10, 1983.
[LY01] Y. H. Lin and S. T. Yuan, Negotiation-Credit Driven Coalition Formation in E-Markets, Lecture Notes in Artificial Intelligence, Vol. 2132, pp. 222-238, 2001.
[Mao98] Mao, W. Guaranteed correct sharing of integer factorization with off-lines share-holders [A]. Proceedings of Public Key Cryptography 98 [C]. Berlin: Springer-Verlag, 1998.27-42.
[May97] Mayers, D., “Unconditionally Secure Quantum Bit Commitment is Impossible", Physical Review Letters, vol. 78, no 17, April 1997, pp. 3414-3417.
[McE78] J. McEliece, “A public-key cryptosystem based on algebraic theory,”Deep Space Network Progress Report Jet Propulsion Labs, California Institute of Technology, pp.42-44 1978
[MH78] R. C. Merkle, and M. Hellman: Hiding Information and Signatures in Trapdoor Knapsack, IEEE Transactions on Information Theory, Vol.24, No.5, pages 525-530, 1978.
[Mil85] Victor S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology: CRYPTO '85: Proceedings [Int85], pages 417-426.
[MK88] M. Morii, M. Kasahara, New public key cryptosystem using discrete Logarithms over GF(p ).Trans. of the IEICE J71-D ,2 (Feb.1988),448 –453.
[MvOV96] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
[MZV02] Yi Mu, Junqi Zhang, and Vijay Varadharajan. m out of n oblivious transfer. In Proceedings of the 7th Australasian Conference on Information Security and Privacy (ACISP ’02), volume 2384 of LNCS, pages 395–405. Springer-Verlag, 2002.
[Nao89] M. Naor: Bit commitment using pseudo-randomness, Proceedings of Crypto 89, Springer.
[Nie91] Niemi, V.,“A new trapdoor in knapsacks,”Advances in Cryptology -EUROCRYPT’90 proceedings, Springer-Verlag, pp.405-411, 1991
[Nie91] V. Niemi: A New Trapdoor in Knapsacks, Advances in Cryptology-EUROCRYPT’90 proceedings, Springer -Verlag, pages 405-411, 1991.
[NM47] John von Neumann and Oskar Morgenstern. Theory of Games and Economic Behavior. Princeton University Press, 1947.
[NOVY98] M. Naor, R. Ostrovsky, S. Venkatesan, M. Yung: Perfect zero-knowledge arguments for NP using any one-way permutation, J. Cryptology, vol.11(1998), 87-108.
[NP99] M. Naor, B. Pinkas: Oblivious Transfer and Polynomial Evaluation, Proceedings of the 31st ACM Symposium on Theory of Computing, pages 145-254, 1999.
[NP99] M. Naor, B. Pinkas: Oblivious Transfer and Polynomial Evaluation, Proceedings of the 31st ACM Symposium on Theory of Computing, pages 145-254, 1999.
[NPS99] M. Naor, B. Pinkas, R. Sumner: Privacy Preserving Auctions and Mechanism Design, ACM Conference on Electronic Commerce, 1999, available at http://www.wisdom.weizmann.ac.il/ naor/onpub.html.
[NR94] V. Niemi, A. Renvall: Cryptographic Protocols and Voting, In Result and Trends in Theoretical Computer Science, Lecture Notes in Computer Science 812, pages 307-316, 1994.
[NS97] D. Naccache, and Stern, J. A new public-key cryptosystem. In Advances in Cryptology -EUROCRYPT ’97 (1997), pp.27-36, Springer-Verlag, 1997.
[NY89] M. Naor, M. Yung: Universal one-way hash functions and their cryptographic applications, Proc. of STOC’89, 33-43.
[Odl84] A. M. Odlyzko, Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir ’s fast signature scheme. IEEE Trans. on Information Theory IT-30, pp. 594-601, 1984.
[Ort95] Orton, G.,“A multiple-iterated trapdoor for dense compact knapsacks,”Advances in Cryptology—EUROCRYPT’94, LNCS 950, pp.112-130, 1995
[OTU00] T. Okamoto, K. Tanaka, and S. Uchiyama, Quantum Public-Key Cryptosystems, CRYPTO 2000, LNCS 1880, pp.147-165, Springer-Verlag 2000.
[Pai99] P. Paillier: Public-key cryptosystems based on composite degree residuosity classes, Eurocrypt’99, Springer-Verlag, pp. 223-238, 1999.
[Pie86] J. Pieprzyk: On Public-key Cryptosystems Built Using Polynomial Rings, Advances in Cryptology -EUROCRYPT’85 Proceedings, Springer-Verlag, pages 73-80, 1986.
[PS00] Poupard G, Stern J. Fair encryption of RSA keys. In EUROCRYPT’00, LNCS, Springer-Verlag, 2000,pp. 173-190.
[PS00] Poupard G, Stern J. Fair encryption of RSA keys. In EUROCRYPT’00, LNCS, Springer-Verlag, 2000, pp. 173-190.
[QV94] Qu M. and Vanstone, S. A.,“The knapsack problem in cryptography,”Contemporary Mathematics, Vol. 168, pp. 291-308, 1994
[Rab81] M. Rabin: How to Exchange Secrets by Oblivious Transfer, Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.
[Riv97] Ronald Rivest: Electronic Lottery Tickets as Micro-Cash, 1997. Financial Cryptography 97, LNCS 1318, Springer-Verlag, 1997.
[RS60] I. S. Reed and G. Solomon: Polynomial Codes over finite field. SIAM J. Applied Math., 8:300-304, June 1960.
[RSA78] R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of ACM, Vol.21, No.2, pp.120-126, 1978.
[RST01] R. L. Rivest, A. Shamir, and Y. Tauman: How to leak a secret. In Proc. Asiacrypt’01, LNCS 2248, pp. 552-565, Springer-Verlag, 2001.
[Sak99] Kazue Sako: Implementation of a Digital Lottery Server on WWW. CQRE'99, LNCS 1740, Springer-Verlag, 1999.
[Sch87] C.P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53:201-224, 1987.
[Sch89] C. P. Schnorr. E_cient identi_cation and signatures for smart cards. In Advances in Cryptology: CRYPTO '89: Proceedings [Int89], pages 239-252.
[Sch91] C. P. Schnorr: Efficient signature generation for smart cards. J. Cryptology, 4(3): 239-52, 1991.
[Sch99] Oliver Schirokauer, Using number fields to compute logarithms in finite fields, Mathematics of Computation 69 (1999), no. 231, 1267–1283.
[SE94] C. P. Schnorr and M. Euchner. Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Prog., 66:181-199, 1994.
[SF80] Shamir, A., and Fiat, A.,“On the security of the Merkle--Hellman cryptographic scheme,”IEEE Trans. On Information Theory, Vol.26, No.3, pp.339-340, May 1980
[SH95] Schnorr and H?rner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Eurocrypt '95, 1995.
[Sha83] Shamir, A., A polynomial time algorithm for breaking the basic Merkle--Hellman cryptosystem, Advances in Cryptology—CRYPTO’82 Proceedings, Springer-Verlag, pp.280-281, 1983
[Sho97] P.W. Shor. Polynomial-time algorithm for prime factorization and discretelogarithms on a quantum computer. SIAM Journal of Computing, 26:1484-1509,1997.
[SS90] A. Salomaa, L. Santean: Secret Selling of Secrets with Several Buyers, In the 42nd EATCS Bulletin, pages 178-186, 1990.
[Sta96] Stadler M. Publicly verifiable secret sharing. In EUROCRYPT’96, Brussels, Belgium, Springer Verlag, LNCS, 1996, vol. 1070: 191-199.
[Ste98] J. P. Stern: A New and Efficient All-or-nothing Disclosure of Secrets Protocol, In Proceedings of Advances in Cryptology-Asiacrypt 98, Lecture Notes in Computer Science 1514, Springer-Verlag, pages 357-371, 1998.
[Ste98] J. P. Stern: A New and Efficient All-or-nothing Disclosure of Secrets Protocol, In Proceedings of Advances in Cryptology-Asiacrypt 98, Lecture Notes in Computer Science 1514, Springer-Verlag, pages 357-371, 1998.
[Tyc02] Tomaj?s Tyc: How to share a continuous-variable quantum secret by optical interferometry. PHYSICAL REVIEW A, VOLUME 65, 2002.
[Tze02] W. Tzeng: Efficient 1-out-of-n Oblivious Transfer Schemes, In Proceedings PKC2002, LNCS 2274, Springer-Verlag, pp. 159-171, 2002.
[Vau03] Steven J. Vaughan-Nichols, How trustworthy is trusted computing, IEEEE Transaction on Computer, March 2003.
[Vau98] Vaudenay, S. Cryptanalysis of the Chor-Rivest cryptosystem, Advances in Cryptology-Crypto’98, Springer-Verlag, pages 243-256, 1998.
[Vic61] W. Vickrey: Counter speculation, auctions, and competitive sealed tenders, Journal of Finance, 16(1): 8-37, 1961.
[Wen03] Wenbo M ao: Modern Cryptography——Theory & Practice, Prentice Hall PTR, Prentice-Hall, Inc. Upper Saddler River, New Jersey 07458, 2003.
[WFLW03] D. S. Wong, K. Fung, J. K. Liu and V. K. Wei: On the RS-code construction of ring signature schemes and a threshold setting of RST. In Proc. ICICS’03, LNCS 2836, pp. 34-46, Springer-verlag, 2003.
[Wil72] R. J. Wilson: Introduction to graph theory. Oliver and Boyd, Edinburgh, 1972.
[Yao82] A. Yao, Protocols of for secure computation, Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS’82), 160—164, IEEE Computer Security, 1982.
[YS02] M. Yokoo and K. Suzuki: Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions, In Proceedings of the First International Joint Conference on Autonomous Agents and Multi-Agent Systems, ACM Press, pp. 112-119, 2002.
[YY98] Young A, Yung M. Auto-recoverable auto-certifiable cryptosystems. In EUROCRYPT’98, Paris, France, Springer Verlag, LNCS, 1998, vol. 1403: 17-31.
[ZC01] Zeng GH, Christoph K. An arbitrated quantum signature scheme, http://arxiv.org/ abs/quant-ph /0109007, 2001.
[ZK02] F. Zhang and K. Kim: ID-Based blind signature and ring signature from pairings. In Proc. Asiacrypt’02, LNCS 2501, pp.533-547, Springer-Verlag, 2002.
[ZT01] Jianying Zhou, Chunfu Tan: Playing Lottery on the Internet. ICICS2001, LNCS 2229, Springer-Verlag, 2001.
[YJ99]王育民,刘建伟. 通信网的安全——理论与技术. 西安,西安电子科技大学出版社,1999 。
[Adl83] L. M. Adleman: On breaking generalized knapsack public key cryptosystems, Proceedings of the 15th ACM Symposium on Theory of Computing, pages 402-412,1983.
[AH01] M. Abe and F. Hoshino. Remarks on mix-network based on permutation network. In Proc. PKC’01, LNCS 1992, pp. 317-324, Springer-Verlag, 2001.
[Ahu996] Ahuja, V., Network and security, Academic Press, 1996.
[Ajt96] Miklos Ajtai, Gnenerating Hard Instances of Lattice Problems, In proceedings of the 28th Annual ACM symposium on Theory of computing, pages 99-108, 1996.
[AOS02] M. Abe, M. Ohkubo, and K. Suzuki: 1-out-of-n Signatures from a Variety of Keys, Asiacrypt’02, 2002, Springer-Verlag, pages 415-432, 2002.
[AS01] P. D’Arco, D. R. Stinson: Generalized Zig-zag Functions and Oblivious Transfer Reductions, SAC 2001, LNCS 2259, pages 87-103, 2001.
[AS02] M. Abe and K. Suzuki: M+1-st price auction using homomorphic encryption, In Proceedings of the 5th International Conference on Public Key Cryptography (PKC-02), Springer-Verlag, pages 115-124 , 2002.
[AS97] M. Abe and K. Suzuki: M+1-st price auction using homomorphic encryption, In Proceedings of Public Key Cryptography (PKC02), Springer-Verlag, pp.115-124, 2002.
[ASW98] N. Asokan, Victor Shoup, Michael Waidner: Asynchronous Protocols for Optimistic Fair Exchange; 1998 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos, 86-99, 1998.
[ASW98]Asokan N, Shoup V, Waidner M. Optimistic fair exchange of digital signatures. In EUROCRYPT’98, Paris, France, Springer Verlag, LNCS, 1998, vol. 1403: 591-606.
[BB87] Bennett C, Brassard G. Quantum cryptography reinvented. SIGACT News, 1987,18: 51-53.
[BBBV97] C. H. Bennett, E. Bernstein, G. Brassard, and U. Vazirani. Strengths and weaknesses of quantum computing. SIAM J. Comput.26, 5, pp.1510 –1523, 1997.
[BC97] G. Brassard, C. Crépeau: Oblivious Transfers and Privacy Amplification, Eurocrypt’97, Lecture Notes in Computer Science 1233, Springer-Verlag, pages 334-346, 1997.
[BCDV88] Brickell, E. Chanum, D., Damgard, I., Van de Graaf, J. Gradual and verifiable release of a secret [A], Proceedings of CRYPTO’87 [C]. Berlin: Springer-Verlag, 1988.156-166.
[BCGST02] H. Barnum, C. Crepeau, D. Gottesman, A. Smith, and A. Tapp, “Authentication of quantum messages,”Manuscript, 2002.
[BCR86] G. Brassard, C. Crépeau, J.-M. Robert: Information theoretic reduction among disclosure problems, In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 168-173, 1986.
[BCR87] G. Brassard, C. Crepeau, J.-M. Roberts: All-or-Nothing Disclosure of Secrets, CRYPTO’86, LNCS 263, Springer-Verlag, pp. 234-238, 1987.
[BCS96]G. Brassard, C. Crepeau, M. Santha: Oblivious Transfer and Intersecting Codes, IEEE Trans. on Inf. Th., special issue in coding and complexity, Vol. 42, No. 6, pages 1769-1780, 1996.
[BDF00] F. Bao, R. Deng, P. Feng: An Efficient and Practical Scheme for Privacy Protection in E-Commerce of Digital Goods, Proceedings of The 3rd International Conference on Information Security and Cryptology, LNCS 2015, Springer-Verlag, pages 162-170, 2000.
[Bea93] D. Beaver: How to Break a “Secure”Oblivious Transfer Protocols, Eurocrypt’92, Lecture Notes in Computer Science 658, Springer-Verlag, pages 285-196, 1993.
[BFKR97] D. Beaver, J. Feigenbaum, J. Kilian, P.Rogaway: Locally Random Reductions: Improvements and Applications, Journal of Cryptology 10 (1), pages 17-36, 1997.
[BGGY98] M. Bellare, J. Garay, C. Jutla and M. Yung. VarietyCash: A Multi-purpose Electronic Payment System. In Proceedings of the 3rd Usenix Workshop on Electronic Commerce, Usenix, 1998.
[BGH00] Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herrreweghen, Michael Waidner: Design, implementation and deployment of the iKP secure electronic payment system; IEEE Journal on Selected Areas in Communications, 18(4), April 2000, 2000.
[BGW88] M. Ben-Or, S. Goldwasser, A. Wigderson: Completeness Theorems for Non-cryptographic Fault-tolerant Distributed Computation, Proceedings of the 20th ACM Symposium on the Theory of Computing, pages1-10, 1988.
[BL95] Dan Boneh and Richard J. Lipton. Quantum cryptanalysis of hidden linear functions (extended abstract). In Don Coppersmith, editor, Advances in Cryptology-CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages pp. 424-437. Springer-Verlag,1995.
[Blu86] M. Blum. How to prove a theorem so no one else can claim it. In Proc. of the International Congress of Mathematicians, Berkeley, CA, pp. 1444-1451, 1986.
[BM90] M. Bellare, S. Micali: Non-interactive Oblivious Transfer, Proceedings of Advances in Crypto’89, Lecture Notes in Computer Science 435, Springer-Verlag, pages 547-557, 1990.
[Boe91] B. den Boer: Oblivious Transfer Protecting Secrecy, Proceedings of Advances in Cryptology-Eurocrypt’90, Lecture Notes in Computer Science 473, Springer-Verlag, pages 31-45, 1991.
[Bou00] Fabrice Boudot. Efficient proofs that a committed number lies in an interval. Proceedings of Eurocrypt’00. pp.431-444. Springer-Verlag, 2000.
[Boy89] J. Boyar. Inferring sequences produced by pseudo-random number generators. J. of the ACM, 36(1):129-141, January 1989.
[Bra02] F. Brandt: Secure and private auctions without auctioneers, Technical Report FKI-245-02, Institut füInformatik, Technische University Muhen, 2002.
[BRGL02] S. Berninghaus, H.-J. Ramser, W. Güth, R. Lechler: Decentralized versus collective bargaining-An experimental study, International Journal of Game Theory, Vol.30 pp. 437-448, 2002.
[Bri88] Brickell, E. F.,“The cryptanalysis of knapsack cryptosystems,”R.D. Ringeisen and F.S. Roberts (Eda.), Applications of Discrete Mathematics, pp.3-23, SIAM, 1988
[BSZ02] E. Bresson, J. Stern and M. Szydlo: Threshold ring signature for ad-hoc groups. In Proc. Crypto’02, LNCS 2442, pp. 465-480, Springer-verlag, 2002. The full version is available online at www.di.ens.fr/~bresson.
[BW88] J. Buchmann and H.C. Williams. A key-exchange system based on imaginary quadratic fields. Journal of Cryptology, 1(3): pp. 107-118, 1988.
[BW89] J. Buchmann and H.C. Williams. A key exchange system based on real quadratic fields. In G. Brassard, editor, Advances in Cryptology -CRYPT '89, volume 435 of Lecture Notes in Computer Science, pages pp 335-343. Springer-Verlag, 1989.
[Cac98] C. Cachin: On the Foundations of Oblivious Transfer, Proceedings of Advances in Cryptology-Eurocrypt’98, Lecture Notes in Computer Science 1403, Springer-Verlag, pages 361-374, 1998.
[Cam97] J. Camenisch: Efficient and generalized group signatures. In Proc.Eurocrypt’97, LNCS 1233, pp. 465-479, Springer-verlag, 1997.
[Can03] Richard Cannings: A Quantum Algorithm to Break the Key Exchange System over Imaginary Quadratic Fields.
[CDKS98] B. Chor, O. Goldreich, E. Kushilevitz, M. Susdan: Private Information Retrieval, Journal of the ACM 45(6), pages 965-982, 1998.
[CDS94] R. Cramer, I. Damgard, and B. Schoenmakers: Proofs of partial knowledge and simplified design of witness hiding protocols, In Y. G. Desmedt, editor, Advances in Cryptology-CRYPTO’94, volume 839 of Lecture Notes in Computer Science, Springer-Verlag, pages174-187, 1994.
[CEG87] D. Chaum, J. H. Evertse, Van de Graaf, J. An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations. Proceedings of Eurocrypt’87. pp.127-141. Springer-Verlag, 1987.
[CEVG87] Chaum, D., Evertse, J. H., Van de Graaf, J. An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations [A]. Proceedings of EUROCRYPT’87 [C]. Berlin: Springer-Verlag, 1987,127-141.
[CFN90] David Chaum, Amos Fiat, Moni Naor: Untraceable Electronic Cash; Crypto'88, LNCS 403, Springer-Verlag, pp.319-327, 1990.
[CFTE98] Chan, A., Frankel, Y., Tsiounis, Y. Easy come-easy go divisible cash [A]. Proceedings of EUROCRYPT’98[C]. Berlin: Springer-Verlag, 1998. 561-575.
[CGS02] C. Crepeau, D. Gottesman, and A. Smith: Quantum multi-party computation. In Proceedings of STOC 2002, May 2002.
[CGS97] R. Cramer, R. Gennarro, and B. Schoenmakers: A secure and optimally efficient multi-authority election scheme. In Proc. Eurocrypt’97, LNCS 1233, pp.103-118. Springer-Verlag, 1997.
[CGT95] C. Crépeau, J. van de Graff, A. Tapp: Committed Oblivious Transfer and Private Multi-party Computations, Proceedings of Advances in Cryptology-Crypto 95, Lecture Notes in Computer Science 963, Springer-Verlag, pages 110-123, 1995.
[CH03] H. F. Chau1y and Hoi-Kwong Lo: Making An Empty Promise With A Quantum Computer. HKUPHYS-HFC-03.
[CH92] D. Chaum and E. van Heyst: Group signatures. In Proc. Eurocrypt’91, LNCS 547, pp. 257-265, Springer-Verlag, 1992.
[Cha87] D. Chaum. Demonstrating that a public predicate can be satis_ed without revealing any information about how. In A.M. Odlyzko, editor, Advances in Cryptology Proceedings of CRYPTO'86, Lecture Notes in Computer Science 263, pages 195-199. Springer-Verlag, 1987.
[Cha89] David Chaum: Privacy Protected Payments Unconditional Payer and/or Payee Untrace-ability; SMART CARD 2000: The Future of IC Cards, Proceedings of the IFIP WG 11.6 International Conference, pp. 69-93, 1989.
[Che92] T. M. Chee: The Cryptanalysis of a New Public-key Cryptosystem Based on Modular Knapsacks, Advances in Cryptology-CRYPTO’91, Springer-Verlag, pages 204-212, 1992.
[Che93] Chee, T.M.,“The cryptanalysis of a new public-key cryptosystem based on modular knapsacks, ”Advances in Cryptology-CRYPTO’91 Proceedings, Springer-Verlag, pp.204-212, 1992
[CKM01] K. Chida, K. Kobayashi, and H. Morita G. D.: Efficient Sealed-Bid Auctions for Massive Numbers of Bidders with Lump Comparison, Davida and Y. Frankel (Eds.): ISC 2001, LNCS 2200, pages 408–419, 2001.
[CMS96] Camenisch J, Maurer U, Stadler M. Digital payment systems with passive anonymity revoking trustees. In Computer Security—ESORICS’96, Berlin, German, Springer-Verlag, LNCS,1996, vol. 1146: 33-43.
[Cop96] D. Coppersmith. Finding a small root of a univariate modular equation. In Eurocrypt '96, 1996.
[CP93] Chaum D, Pedersen T R. Wallet databases with observers. In CRYPTO’92, Florida, America, Springer-Verlag. LNCS, 1993, vol.740: 89-105.
[CR85] Chor, Ben-zion. And Rivest, R. L.,“A knapsack type public-key cryptosystem based on arithmetic in finite field,”Advances in Cryptology-CRYPTO’84 Proceedings, pp.54-65, Springer-Verlag, 1985
[Cré88] C. Crépeau: Equivalence between Two Flavors of Oblivious Transfers, Proceedings of Advances in Cryptology-Crypto’87, Lecture Notes in Computer Science 293, Springer-Verlag, pages 350-354, 1988.
[Cre94] Cr?peau, C., “Quantum Oblivious Transfer", Journal of Modern Optics, vol. 41, no 12, December 1994, pp. 2445-2454.
[Des88] Desmedt, Y.,“What happened with knapsack cryptographic schemes,”Performance Limits in Communication, Theory and Practice, NADTO ASI Series E: Applied Sciences, Vol. 142, Kluwer Academic Publishers, pp.113-134, 1988
[Des88] Y. Desmedt: What Happened with Knapsack Cryptographic Schemes, Performance Limits in Communication, Theory and Practice, NADTO ASI Series E: Applied Sciences, Vol. 142, Kluwer Academic Publishers, pages 113-134, 1988.
[DH76] W. Di_e and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22:644-654, November 1976.
[DM99] Y. Dodis, S. Micali: Lower Bounds for Oblivious Transfer Reduction, EUROCRYPT’99, LNCS 1592, Springer -Verlag, pages 42-54, 1999.
[DMS00] Dumais, P., D. Mayers, and L. Salvail, “Perfectly Concealing Quantum Bit Commitment From Any Quantum One-Way Permutation", Advances in Cryptology:
EUROCRYPT’00: Proceedings, Lecture Notes in Computer Science, vol. 1807,
Springer-Verlag, 2000, pp. 300-315.
[Dwo98] C. Dwork. Lattices and their application to cryptography. Stanford University, Springer Quarter Press. 1998.
[EGL85] S. Even, O. Goldreich, A. Lempel: A Randomized Protocol for Signing Contracts, Communications of the ACM 28, pages 637-647, 1985.
[ElG85] T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, CRYPRO’84, pp.10-18, Springer-verlag 1985.
[ElG85] T. ElGamal: A public-key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31 (1985) pp.469-473.
[FFS87] U. Feige, A. Fiat and A. Shamir: Zero-knowledge proofs of identity. ACM Special Interest Group on Algorithms and Computation Theory (SIGACT), pp. 210-217, 1987.
[FHKS88] A. M. Frieze, J. Hastad, R. Kannan, J. C. Lagarias, and A. Shamir. Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Comput., 17(2), April 1988.
[FO97] Fujisaki, E., Okamoto, T. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO’97, Francisco, America, Springer Verlag, LNCS, 1997, vol.1294: 16-30.
[FR96] M. Franklin and M. Reiter: The design and implementation of a secure auction service, IEEE Trans. on Software Engineering, 22(5): 302-312, 1996.
[FS87] A. Fiat and A. Shamir. How to prove yourself: practical solutions of identification and signature problems. In Proc. Crypto’86, LNCS 263, pp. 186-194, Springer-Verlag, 1987.
[FS96] Fischer, J. B. and J. Stern, “An efficient pseudo-random generator provably as secure as syndrome decoding", Advances in Cryptology: EUROCRYPT’96: Proceedings, Lecture Notes in Computer Science, vol. 1070, Springer-Verlag, 1996, pp. 245 -255.
[FTY96] Frankel Y, Tsiounis Y, Yung M. Indirect discourse proofs: achieving efficient fair on-line e-cash. In ASIACRYPT’96, Tokyo, Japan, Springer-Verlag, LNCS, 1996, vol. 1163: 68-82.
[GC01] Gottesman D, Chuang I. Quantum digital signatures, http://arxiv.org/abs/quant-ph/ 0105032, 2001.
[GGH96] Oded Goldreich, Shafi Goldwasser, Shai Halevi, Public Key Cryptosystem from Lattice Reduction Problems, November 12, 1996
[GMR89] S. Goldreich, S. Micali and C. Rackoff: The knowledge complexity of interactive proof systems,SIAM J. Comptuting, vol. 18, pp. 186-208, 1989.
[GMW87] O. Goldreich, S. Micali and A. Wigderson: How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design. In Proc. Crypto’86, pp. 171-185, Springer-verlag, 1987.
[Gord93] Daniel M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. discrete Math. 6 (1993), no. 1, 124–138.
[GS98] David M. Goldschlag, Stuart G. Stubblebine: Publicly Verifiable Lotteries: Applications of Delaying Functions. In Financial Cryptography 1998, LNCS1465, Anguilla, British West Indies, February 1998.
[GV88] O. Goldreich, R. Vainish: How to Solve any Protocol Problem: An Efficient Improvement, Proceedings of Advances in Cryptology–Crypto’87, Lecture Notes in Computer Science 293, Springer-Verlag, pages73-86, 1988.
[Hal02] Sean Hallgren. Polynomial-time quantum algorithms for pell's equation and the principal ideal problem. To appear in proceedings of STOC'02, 2002.
[HDK98] Michael Harkav, J. D. Tygar, Hiroaki Kikuchi: Electronic Auctions with Private Bids; 3rd USENIX Workshop on Electronic Commerce, 61-73, 1998.
[HKI03] W. Ham, K. Kim, H. Imai: Yet Another Strong Sealed-Bid Auctions. To appear at Proceedings of SCIS 2003.
[HPS98] J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed public key cryptosystem, in Algorithmic Number Theory (ANTS III), Portland, OR, June 1998, Lecture Notes in Computer Science 1423 (J.P. Buhler, ed.), Springer-Verlag, Berlin, 1998, 267–288.
[HS03] Norbert Hungerbüuhler and Michael Struwe: A one-way function from thermodynamics and applications to cryptography,Elem. Math. 58 (2003) 1 –16,013-6018/03/020001-16。
[HSK91] H. A. Hussain, J. W. A. Sada, and S. M. Kalipha: New Multistage Knapsack Public-key Cryptosystem, International Journal of Systems Science, Vol. 22, No. 11, pages 2313-2320, Nov. 1991.
[IR89] R. Impagliazzo and S. Rudich: Limits on the Provable Consequences of One-Way Permutations, 20th ACM Symp. on the Theory of Computing, pages 44-61, 1989.
[JS92] A. Joux, and J.Stern: Cryptanalysis of Another Knapsack Cryptosystem, Advances in Cryptology-ASIACRYPT’91 Proceedings, Springer-Verlag, pages 470-476, 1992.
[JS93] Joux, A. and Stern, J.,“Cryptanalysis of another knapsack cryptosystem,”Advances in Cryptology-ASIACRYPT’91 Proceedings, Springer-Verlag, pp.470-476, 1993
[JSI96] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Proc. Eurocrypt’96, LNCS 1070, pp. 143-154, Springer-Verlag, 1996.
[KC97] Lo, H.-K. and H. F. Chau, “Is quantum Bit Commitment Really Possible?", Physical Review Letters, vol. 78, no 17, April 1997, pp. 3410-3413.
[KHAN00] H. Kikuchi, S. Hotta, K. Abe, and S. Nakanishi: Resolving winner and winning bid without revealing privacy of bids, In Proceedings of the International Workshop on Next Generation Internet (NGITA), pages 307-312, 2000.
[Kil88] J. Kilian: Founding Cryptography on Oblivious Transfer, Proceedings of the 20th ACM Symposium on Theory of Computing, pages 20-31, 1988.
[Kob87] N. Koblitz. Elliptic curve cryptosytems. Mathematics of Computation, 48(177): 203-209, 1987.
[KSL03] Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le: Lightweight Mobile Credit-Card Payment Protocol, INDOCRYPT 2003, LNCS 2904, Springer-Verlag, pp. 295-308, 2003.
[LAN02] H. Lipmaa, N. Asokan, and V. Niemi: Secure Vickrey auctions without threshold trust, In Proceedings of the 6th Annual Conference on Financial Cryptography, 2002.
[LC99] Lo H, Chau H F. Unconditional Security Of Quantum Key Distribution Over Arbitrarily Long Distances. Science, 1999, 283: 2050-2056.
[LCOS91] B. A. LaMacchia M.J. Coster, A. M. Odlyzko, and C. P. Schnorr. An improved low-density subset sum algorithm. In EUROCRYPT, 1991.
[Lib] Richard L. Libo: Introductory Quantum Mechanics. Addison-Wesley Publishing Company, 2nd edition.
[LL79] Lu S. C. and Lee, L.N., A simple and efficient public-key cryptosystem, COMSAT Technical review, pp. 15-24,1979
[LL79] S. C. Lu and L. N. Lee: A Simple and Efficient Public-key Cryptosystem, COMSAT Technical review, pages 15-24, 1979.
[LLHS89] C. S. Laih, J. Y. Lee, L. Harn and Y. K. Su: Linearly shift knapsack public key cryptosystem, IEEE J. SAC-7 No.4 534-539, 1989.
[LLHS89] Laih C. S., Lee J. Y., Harn L. and Su Y. K.,“Linearly shift knapsack public key cryptosystem,”IEEE J. SAC-7 No.4 534-539, 1989
[LLL82] A. K Lenstra, Jr. H. W. Lenstra, and Lovasz. Factorization polynomials with rational coefficients, Mathematische Annalen, 261, pp.515-534, 1982.
[LO83] J. C. Lagarias, and A. M. OdlyPKo: Solving Low-density Subset Sum Problems, Proceedings of the 24th IEEE Symposium on Foundations of Computer Science, pages 1-10, 1983.
[LY01] Y. H. Lin and S. T. Yuan, Negotiation-Credit Driven Coalition Formation in E-Markets, Lecture Notes in Artificial Intelligence, Vol. 2132, pp. 222-238, 2001.
[Mao98] Mao, W. Guaranteed correct sharing of integer factorization with off-lines share-holders [A]. Proceedings of Public Key Cryptography 98 [C]. Berlin: Springer-Verlag, 1998.27-42.
[May97] Mayers, D., “Unconditionally Secure Quantum Bit Commitment is Impossible", Physical Review Letters, vol. 78, no 17, April 1997, pp. 3414-3417.
[McE78] J. McEliece, “A public-key cryptosystem based on algebraic theory,”Deep Space Network Progress Report Jet Propulsion Labs, California Institute of Technology, pp.42-44 1978
[MH78] R. C. Merkle, and M. Hellman: Hiding Information and Signatures in Trapdoor Knapsack, IEEE Transactions on Information Theory, Vol.24, No.5, pages 525-530, 1978.
[Mil85] Victor S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology: CRYPTO '85: Proceedings [Int85], pages 417-426.
[MK88] M. Morii, M. Kasahara, New public key cryptosystem using discrete Logarithms over GF(p ).Trans. of the IEICE J71-D ,2 (Feb.1988),448 –453.
[MvOV96] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
[MZV02] Yi Mu, Junqi Zhang, and Vijay Varadharajan. m out of n oblivious transfer. In Proceedings of the 7th Australasian Conference on Information Security and Privacy (ACISP ’02), volume 2384 of LNCS, pages 395–405. Springer-Verlag, 2002.
[Nao89] M. Naor: Bit commitment using pseudo-randomness, Proceedings of Crypto 89, Springer.
[Nie91] Niemi, V.,“A new trapdoor in knapsacks,”Advances in Cryptology -EUROCRYPT’90 proceedings, Springer-Verlag, pp.405-411, 1991
[Nie91] V. Niemi: A New Trapdoor in Knapsacks, Advances in Cryptology-EUROCRYPT’90 proceedings, Springer -Verlag, pages 405-411, 1991.
[NM47] John von Neumann and Oskar Morgenstern. Theory of Games and Economic Behavior. Princeton University Press, 1947.
[NOVY98] M. Naor, R. Ostrovsky, S. Venkatesan, M. Yung: Perfect zero-knowledge arguments for NP using any one-way permutation, J. Cryptology, vol.11(1998), 87-108.
[NP99] M. Naor, B. Pinkas: Oblivious Transfer and Polynomial Evaluation, Proceedings of the 31st ACM Symposium on Theory of Computing, pages 145-254, 1999.
[NP99] M. Naor, B. Pinkas: Oblivious Transfer and Polynomial Evaluation, Proceedings of the 31st ACM Symposium on Theory of Computing, pages 145-254, 1999.
[NPS99] M. Naor, B. Pinkas, R. Sumner: Privacy Preserving Auctions and Mechanism Design, ACM Conference on Electronic Commerce, 1999, available at http://www.wisdom.weizmann.ac.il/ naor/onpub.html.
[NR94] V. Niemi, A. Renvall: Cryptographic Protocols and Voting, In Result and Trends in Theoretical Computer Science, Lecture Notes in Computer Science 812, pages 307-316, 1994.
[NS97] D. Naccache, and Stern, J. A new public-key cryptosystem. In Advances in Cryptology -EUROCRYPT ’97 (1997), pp.27-36, Springer-Verlag, 1997.
[NY89] M. Naor, M. Yung: Universal one-way hash functions and their cryptographic applications, Proc. of STOC’89, 33-43.
[Odl84] A. M. Odlyzko, Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir ’s fast signature scheme. IEEE Trans. on Information Theory IT-30, pp. 594-601, 1984.
[Ort95] Orton, G.,“A multiple-iterated trapdoor for dense compact knapsacks,”Advances in Cryptology—EUROCRYPT’94, LNCS 950, pp.112-130, 1995
[OTU00] T. Okamoto, K. Tanaka, and S. Uchiyama, Quantum Public-Key Cryptosystems, CRYPTO 2000, LNCS 1880, pp.147-165, Springer-Verlag 2000.
[Pai99] P. Paillier: Public-key cryptosystems based on composite degree residuosity classes, Eurocrypt’99, Springer-Verlag, pp. 223-238, 1999.
[Pie86] J. Pieprzyk: On Public-key Cryptosystems Built Using Polynomial Rings, Advances in Cryptology -EUROCRYPT’85 Proceedings, Springer-Verlag, pages 73-80, 1986.
[PS00] Poupard G, Stern J. Fair encryption of RSA keys. In EUROCRYPT’00, LNCS, Springer-Verlag, 2000,pp. 173-190.
[PS00] Poupard G, Stern J. Fair encryption of RSA keys. In EUROCRYPT’00, LNCS, Springer-Verlag, 2000, pp. 173-190.
[QV94] Qu M. and Vanstone, S. A.,“The knapsack problem in cryptography,”Contemporary Mathematics, Vol. 168, pp. 291-308, 1994
[Rab81] M. Rabin: How to Exchange Secrets by Oblivious Transfer, Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.
[Riv97] Ronald Rivest: Electronic Lottery Tickets as Micro-Cash, 1997. Financial Cryptography 97, LNCS 1318, Springer-Verlag, 1997.
[RS60] I. S. Reed and G. Solomon: Polynomial Codes over finite field. SIAM J. Applied Math., 8:300-304, June 1960.
[RSA78] R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of ACM, Vol.21, No.2, pp.120-126, 1978.
[RST01] R. L. Rivest, A. Shamir, and Y. Tauman: How to leak a secret. In Proc. Asiacrypt’01, LNCS 2248, pp. 552-565, Springer-Verlag, 2001.
[Sak99] Kazue Sako: Implementation of a Digital Lottery Server on WWW. CQRE'99, LNCS 1740, Springer-Verlag, 1999.
[Sch87] C.P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53:201-224, 1987.
[Sch89] C. P. Schnorr. E_cient identi_cation and signatures for smart cards. In Advances in Cryptology: CRYPTO '89: Proceedings [Int89], pages 239-252.
[Sch91] C. P. Schnorr: Efficient signature generation for smart cards. J. Cryptology, 4(3): 239-52, 1991.
[Sch99] Oliver Schirokauer, Using number fields to compute logarithms in finite fields, Mathematics of Computation 69 (1999), no. 231, 1267–1283.
[SE94] C. P. Schnorr and M. Euchner. Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Prog., 66:181-199, 1994.
[SF80] Shamir, A., and Fiat, A.,“On the security of the Merkle--Hellman cryptographic scheme,”IEEE Trans. On Information Theory, Vol.26, No.3, pp.339-340, May 1980
[SH95] Schnorr and H?rner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Eurocrypt '95, 1995.
[Sha83] Shamir, A., A polynomial time algorithm for breaking the basic Merkle--Hellman cryptosystem, Advances in Cryptology—CRYPTO’82 Proceedings, Springer-Verlag, pp.280-281, 1983
[Sho97] P.W. Shor. Polynomial-time algorithm for prime factorization and discretelogarithms on a quantum computer. SIAM Journal of Computing, 26:1484-1509,1997.
[SS90] A. Salomaa, L. Santean: Secret Selling of Secrets with Several Buyers, In the 42nd EATCS Bulletin, pages 178-186, 1990.
[Sta96] Stadler M. Publicly verifiable secret sharing. In EUROCRYPT’96, Brussels, Belgium, Springer Verlag, LNCS, 1996, vol. 1070: 191-199.
[Ste98] J. P. Stern: A New and Efficient All-or-nothing Disclosure of Secrets Protocol, In Proceedings of Advances in Cryptology-Asiacrypt 98, Lecture Notes in Computer Science 1514, Springer-Verlag, pages 357-371, 1998.
[Ste98] J. P. Stern: A New and Efficient All-or-nothing Disclosure of Secrets Protocol, In Proceedings of Advances in Cryptology-Asiacrypt 98, Lecture Notes in Computer Science 1514, Springer-Verlag, pages 357-371, 1998.
[Tyc02] Tomaj?s Tyc: How to share a continuous-variable quantum secret by optical interferometry. PHYSICAL REVIEW A, VOLUME 65, 2002.
[Tze02] W. Tzeng: Efficient 1-out-of-n Oblivious Transfer Schemes, In Proceedings PKC2002, LNCS 2274, Springer-Verlag, pp. 159-171, 2002.
[Vau03] Steven J. Vaughan-Nichols, How trustworthy is trusted computing, IEEEE Transaction on Computer, March 2003.
[Vau98] Vaudenay, S. Cryptanalysis of the Chor-Rivest cryptosystem, Advances in Cryptology-Crypto’98, Springer-Verlag, pages 243-256, 1998.
[Vic61] W. Vickrey: Counter speculation, auctions, and competitive sealed tenders, Journal of Finance, 16(1): 8-37, 1961.
[Wen03] Wenbo M ao: Modern Cryptography——Theory & Practice, Prentice Hall PTR, Prentice-Hall, Inc. Upper Saddler River, New Jersey 07458, 2003.
[WFLW03] D. S. Wong, K. Fung, J. K. Liu and V. K. Wei: On the RS-code construction of ring signature schemes and a threshold setting of RST. In Proc. ICICS’03, LNCS 2836, pp. 34-46, Springer-verlag, 2003.
[Wil72] R. J. Wilson: Introduction to graph theory. Oliver and Boyd, Edinburgh, 1972.
[Yao82] A. Yao, Protocols of for secure computation, Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS’82), 160—164, IEEE Computer Security, 1982.
[YS02] M. Yokoo and K. Suzuki: Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions, In Proceedings of the First International Joint Conference on Autonomous Agents and Multi-Agent Systems, ACM Press, pp. 112-119, 2002.
[YY98] Young A, Yung M. Auto-recoverable auto-certifiable cryptosystems. In EUROCRYPT’98, Paris, France, Springer Verlag, LNCS, 1998, vol. 1403: 17-31.
[ZC01] Zeng GH, Christoph K. An arbitrated quantum signature scheme, http://arxiv.org/ abs/quant-ph /0109007, 2001.
[ZK02] F. Zhang and K. Kim: ID-Based blind signature and ring signature from pairings. In Proc. Asiacrypt’02, LNCS 2501, pp.533-547, Springer-Verlag, 2002.
[ZT01] Jianying Zhou, Chunfu Tan: Playing Lottery on the Internet. ICICS2001, LNCS 2229, Springer-Verlag, 2001.
[YJ99]王育民,刘建伟. 通信网的安全——理论与技术. 西安,西安电子科技大学出版社,1999 。