基于几类典型非交换代数结构的公钥密码体制的研究
|
摘要
自公钥密码学概念提出以来,许多优秀的公钥密码体制相继被提出并得到完善。目前,大多数未被攻破的公钥密码体制都是基于交换代数结构的困难问题,如大整数分解问题、有限域上的离散对数问题等。然而,由于量子计算的最新研究成果,许多基于交换代数结构的难题假设不再困难。于是,为了能够抵抗已有的量子算法攻击,人们开始积极寻求基于某些非交换代数结构的难题假设,并且基于这些难题假设构造安全的公钥密码体制。
迄今为止,人们已经提出了许多基于非交换代数结构的公钥密码体制,特别是辫群密码体制吸引了大量的研究。但是,几乎所有发表的基于辫群的密码方案遭到了攻击。因此人们又开始积极探索除辫群以外的其他非交换代数结构以及它们在公钥密码体制中的应用。特别是,寻找合适的非交换代数结构及其相关的密码学难题假设,以及对成熟的基于交换代数结构的公钥密码体制给出非交换的模拟是一个挑战。在此背景下,本文对基于几类典型非交换代数结构上的公钥密码体制进行了深入的研究,所取得的主要研究成果如下:
1.在环Z12上截断多元多项式的矩阵半群上共轭搜索问题(CSP)困难假设的基础上,给出了两个新的密码学难题假设:基于共轭搜索问题的哈希Diffie-Hellman假设(简称CSP-HDH)和基于共轭搜索问题的预言Diffie-Hellman假设(简称CSP-ODH),并且基于这些难题假设构造了新的公钥加密方案,即CSP-DHIES。该方案是首次对DHIES加密体制的非交换模拟。分别在CSP-HDH假设和CSP-ODH假设下,CSP-DHIES方案在标准模型下各自达到选择明文攻击下的不可区分性安全和自适应选择密文攻击下的不可区分安全。
2.基于内自同构群上的离散对数问题困难假设下,构造了一类变色龙哈希函数和强不可伪造的一次签名方案。由于该方案可取得较小的运行参数,使得其运行时间和存储空间具有很大的优势。该方案是首次基于非交换群上的一类变色龙哈希函数和强不可伪造的一次签名方案。
3.基于内自同构群上的离散对数问题困难假设下,提出了三个签名方案。这些签名方案可分别看作是Schnorr签名方案、DSA签名方案和mNyberg-Rueppel签名方案的非交换模拟。
4.基于内自同构群上的离散对数问题困难假设下,提出了三个盲签名方案:Inn-Schnorr盲签名方案、Inn-DSA盲签名方案和Inn-mNyberg-Rueppel盲签名方案。这些盲签名方案可分别看作是Schnorr盲签名方案、DSA盲签名方案和mNyberg-Rueppel盲签名方案的非交换模拟。另外,这些盲签名方案均满足盲性和适应性选择消息攻击下的“多一”不可伪造性。
5.基于内自同构群上的离散对数问题困难假设下,提出了非交互式可验证秘密分享方案。该秘密分享方案在秘密的保密性上是无条件安全,而子秘密的正确性依赖于内自同构群上的离散对数问题困难假设。该秘密分享方案可看作是Pederson秘密分享方案的非交换模拟。
Since the inception of public key cryptography, many excellent publickey cryptosystems (PKCs) have been proposed and improved. At present, most of unbroken PKCs are based on difficult problems from commutative algebraic structures, such as integer factoring problem, discrete logarithm problem, etc. However, since recent development of quantum computation, many intractability assumptions based on commutative algebraic structures are no longer difficult. Therefore, in order to resist currently known quantum algorithm attacks, reseachers pay attention to new difficult problems from non-commutative algebraic structures and building secure PKCs based thereon.
Up to date, many PKCs based on non-commutative algebraic structures have been proposed. In particular, cryptosystems based on braid groups attracted a great deal of research. Unfortunately, almost all published braid-based cryptographic schemes have been shown to be insecure. Thus, people have made lots of effort on developing PKCs based on other non-commutative algebraic structures. Moreover, it is a challenge to find suitable non-commutative algebraic structures and relevant cryptographic assumptions, and then to construct non-commutative variants of mature PKCs based on commutative algebraic structures. Under this background, this dissertation focus on studying PKCs based on several kinds of typical non-commutative algebraic structures.
The main originalities and results of this dissertation are summarized as follows:
1. Propose two new conjugation-related cryptography assumptions, CSP-based hash Diffie-Hellman problem (CSP-HDH) and CSP-based oracle Diffie-Hellman problem (CSP-ODH), based on a special monoid of matrices of truncated multi-variable polynomials over the ring Z12, where the conjugacy search problem is assumed to be intractable. Moreover, based onthe above assumptions, a new public-key cryptosystem, CSP-based Diffie-Hellman integrated encryption scheme (CSP-DHIES), is proposed. The construction can be viewed as the first non-communicativevariant of the well-known DHIES cryptosystem. Under the intractability assumptions of CSP-HDH and CSP-ODH, the scheme is both indistinguishable against chosen-plaintext attacks and self-adaptively chosen-ciphertext attacks in the standard model, respectively.
2. Propose a family of chameleon hash functions and strongly unforgeable one-time signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. Since the sizes of the working parameters used in the constructions can be shorter significantly, this leads to remarkable gains for both in running time and in storage space. As far as we know, this is the first time to build a family of chameleon hash functions and one-time signature schemes based on non-commutative groups.
3. Propose three signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. These schemes can be viewed as non-communicative variants of Schnorr signature scheme, DSA signature scheme and mNyberg-Rueppel signature scheme.
4. Propose three blind signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. The proposed schemes are proved to be blind and one-more unforgery against adaptively chosen-message attacks. These schemes can be seen as non-communicative variants of Schnorr blind signature scheme, DSA blind signature scheme and mNyberg-Rueppel blind signature scheme, respectively.
5. Propose a non-interactive verifiable secret sharing scheme based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. The secret sharing scheme protects the privacy of the secret unconditionally, but the correctness of the shares depends on DLP-IAG assumption. As far as we know, this is the first time to build a non-interactive verifiable secret sharing scheme based on non-commutative groups.
迄今为止,人们已经提出了许多基于非交换代数结构的公钥密码体制,特别是辫群密码体制吸引了大量的研究。但是,几乎所有发表的基于辫群的密码方案遭到了攻击。因此人们又开始积极探索除辫群以外的其他非交换代数结构以及它们在公钥密码体制中的应用。特别是,寻找合适的非交换代数结构及其相关的密码学难题假设,以及对成熟的基于交换代数结构的公钥密码体制给出非交换的模拟是一个挑战。在此背景下,本文对基于几类典型非交换代数结构上的公钥密码体制进行了深入的研究,所取得的主要研究成果如下:
1.在环Z12上截断多元多项式的矩阵半群上共轭搜索问题(CSP)困难假设的基础上,给出了两个新的密码学难题假设:基于共轭搜索问题的哈希Diffie-Hellman假设(简称CSP-HDH)和基于共轭搜索问题的预言Diffie-Hellman假设(简称CSP-ODH),并且基于这些难题假设构造了新的公钥加密方案,即CSP-DHIES。该方案是首次对DHIES加密体制的非交换模拟。分别在CSP-HDH假设和CSP-ODH假设下,CSP-DHIES方案在标准模型下各自达到选择明文攻击下的不可区分性安全和自适应选择密文攻击下的不可区分安全。
2.基于内自同构群上的离散对数问题困难假设下,构造了一类变色龙哈希函数和强不可伪造的一次签名方案。由于该方案可取得较小的运行参数,使得其运行时间和存储空间具有很大的优势。该方案是首次基于非交换群上的一类变色龙哈希函数和强不可伪造的一次签名方案。
3.基于内自同构群上的离散对数问题困难假设下,提出了三个签名方案。这些签名方案可分别看作是Schnorr签名方案、DSA签名方案和mNyberg-Rueppel签名方案的非交换模拟。
4.基于内自同构群上的离散对数问题困难假设下,提出了三个盲签名方案:Inn-Schnorr盲签名方案、Inn-DSA盲签名方案和Inn-mNyberg-Rueppel盲签名方案。这些盲签名方案可分别看作是Schnorr盲签名方案、DSA盲签名方案和mNyberg-Rueppel盲签名方案的非交换模拟。另外,这些盲签名方案均满足盲性和适应性选择消息攻击下的“多一”不可伪造性。
5.基于内自同构群上的离散对数问题困难假设下,提出了非交互式可验证秘密分享方案。该秘密分享方案在秘密的保密性上是无条件安全,而子秘密的正确性依赖于内自同构群上的离散对数问题困难假设。该秘密分享方案可看作是Pederson秘密分享方案的非交换模拟。
Since the inception of public key cryptography, many excellent publickey cryptosystems (PKCs) have been proposed and improved. At present, most of unbroken PKCs are based on difficult problems from commutative algebraic structures, such as integer factoring problem, discrete logarithm problem, etc. However, since recent development of quantum computation, many intractability assumptions based on commutative algebraic structures are no longer difficult. Therefore, in order to resist currently known quantum algorithm attacks, reseachers pay attention to new difficult problems from non-commutative algebraic structures and building secure PKCs based thereon.
Up to date, many PKCs based on non-commutative algebraic structures have been proposed. In particular, cryptosystems based on braid groups attracted a great deal of research. Unfortunately, almost all published braid-based cryptographic schemes have been shown to be insecure. Thus, people have made lots of effort on developing PKCs based on other non-commutative algebraic structures. Moreover, it is a challenge to find suitable non-commutative algebraic structures and relevant cryptographic assumptions, and then to construct non-commutative variants of mature PKCs based on commutative algebraic structures. Under this background, this dissertation focus on studying PKCs based on several kinds of typical non-commutative algebraic structures.
The main originalities and results of this dissertation are summarized as follows:
1. Propose two new conjugation-related cryptography assumptions, CSP-based hash Diffie-Hellman problem (CSP-HDH) and CSP-based oracle Diffie-Hellman problem (CSP-ODH), based on a special monoid of matrices of truncated multi-variable polynomials over the ring Z12, where the conjugacy search problem is assumed to be intractable. Moreover, based onthe above assumptions, a new public-key cryptosystem, CSP-based Diffie-Hellman integrated encryption scheme (CSP-DHIES), is proposed. The construction can be viewed as the first non-communicativevariant of the well-known DHIES cryptosystem. Under the intractability assumptions of CSP-HDH and CSP-ODH, the scheme is both indistinguishable against chosen-plaintext attacks and self-adaptively chosen-ciphertext attacks in the standard model, respectively.
2. Propose a family of chameleon hash functions and strongly unforgeable one-time signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. Since the sizes of the working parameters used in the constructions can be shorter significantly, this leads to remarkable gains for both in running time and in storage space. As far as we know, this is the first time to build a family of chameleon hash functions and one-time signature schemes based on non-commutative groups.
3. Propose three signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. These schemes can be viewed as non-communicative variants of Schnorr signature scheme, DSA signature scheme and mNyberg-Rueppel signature scheme.
4. Propose three blind signature schemes based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. The proposed schemes are proved to be blind and one-more unforgery against adaptively chosen-message attacks. These schemes can be seen as non-communicative variants of Schnorr blind signature scheme, DSA blind signature scheme and mNyberg-Rueppel blind signature scheme, respectively.
5. Propose a non-interactive verifiable secret sharing scheme based on the intractability assumption of the discrete logarithm problem over inner automorphism groups. The secret sharing scheme protects the privacy of the secret unconditionally, but the correctness of the shares depends on DLP-IAG assumption. As far as we know, this is the first time to build a non-interactive verifiable secret sharing scheme based on non-commutative groups.
引文
[1]C. Shannon. Communication Theory of Secrecy Systems, Bell Systems Tech-nical Journal 28,1949,656-715.
[2]W. Diffie, M. E. Hellman. New directions in cryptography, IEEE Transactions on Information Theory, IT-22(6),1976,644-654.
[3]W. Diffie, M. E. Hellman. Multiuser cryptographic techniques, In Procee-dings of AFIPS 1976, AFIPS Press,1976,109-112.
[4]W. Mao. Modem Cryptography:Theory and Practice, published by Prentice Hall PTR,2003.
[5]R. L. Rivest, A. Shamir, L. Adleman. A Method for Obtaining Digital Sign-atures and Public Key Cryptosystem, Comm. ACM.21,1978,120-126.
[6]J. H. Loxton, D. Bird, et al. A cubic RSA code equivalent to factorization, Journal of Cryptology,1992,5(2):139-150.
[7]N. Demytko. A new elliptic curce based analogue of RSA:Proc. of Eurocrypt' 93. Berlin, Springer-Verlag,1993,765,40-49.
[8]K. Koyama, M. Maurer, et al. New public-key schemes based on elliptic cruves over ring Zn, Proc. of Crypto'91, Berlin, Springer-Verlag,1992,576: 252-266.
[9]M. O. Rabin. Digital signatures and public-key functions as intractable as factorization.Technical Report LCS/TR-212, MIT Library for Computer Science,1979.
[10]T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, IT-31(4),1985, 469-472.
[11]L. Hard, Y. Xu. Design of generalized ElGamal type digital scheme based ondiscrete logarithm, Electronics letters,1994,31(24),2025-2026.
[12]C. P. Schnorr. Efficient identification and signature for smart cards, In Adva-nces in Cryptology-Crypto'89, LNCS 435, Berlin, Springer-Verlag,1990, 239-252.
[13]C. P. Schnorr. Efficient identification and signature for smart cards, Journal of Cryptography,4(3),1991,161-174.
[14]NIST, A Proposed Federal Information Processing Standard for Digital Signature Standard (DSS), Federal Register Announcement August 30,1991.
[15]NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186,1994.
[16]K. Nyberg, R. Rueppel, Message recovery for signature schemes based on the discrete logarithm, Advances in Cryptology-Eurocrypt'94, Berlin, Springer-Verlag,1994,175-190.
[17]R. Merkle, M. Hellman. Hiding information and signatures in trapdoor knapsack. Information Theory, IEEE Transactions 24 (5):525-530.
[18]R. Merkle, M. Hellman. On the security of multiple encryption, Com-munication of the ACM,1981,24:465-467.
[19]N. Koblitz. Elliptic Curve Cryptosystems, Mathematics of Computation,48, 1987,203-209.
[20]V. Moller. Uses of elliptic curves in cryptography, In Advances in Cryptology Crypto'85, LNCS 218, Berlin, Springer-Verlag,1986,417-426.
[21]M. Ajtai. Generating hard instances of lattice problems. Quaderni di Matematica, Preliminary version in STOC 1996,13:1-32.
[22]O. Goldreich, S. Goldwasser, S. Halevi. Collision-free hashing from latticeproblem Technical report, TR96-056, Electronic Colloquium on Computational Complexity (ECCC),1996.
[23]J. Hoffstein, J. Pipher, J. H. Silverman. NTRU:a ring based public key cryptosystem. In Proceedings of ANTS-Ⅲ, LNCS 1423,267-288. Springer, June 1998.
[24]O. Regev. On lattices, learning with errors, random linear codes, and cryptography, STOC, ACM,2005,84-93.
[25]V. Lyubashevsky, D. Micciancio. Asymptotically efficient lattice-based digital signatures. In fifth Theory of Cryptography Conference (TCC), LNCS 948, Springer,2008.
[26]Gentry C, Peikert C, Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions, STOC, ACM,2008,197-206.
[27]Peikert C. Bonsai trees (or, arboriculture in lattice-based cryptography). Cryptology ePrint Archive, Report 2009/359,2009. http://eprint.iacr.org
[28]R. McElience. A Public-key Cryptosystem Based on AlgebraicCoding Theory. DSN Progress Reprot 42-44. JPL, Pasadena,1978:114-116.
[29]戚余录,陈世华,陶仁骥.一种有限自动化密码及其软件实现[J].计算机研究与发展,1987,24(5).
[30]D.Pointcheval. Contemporary Cryptology Provable Security for Public Key Scheme, Advanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, June 2005,133-189.
[31]S.Goldwasser, S.Micali.Probabilistic Encryption, Journal of Computer and System Sciences,28,270-299,1984.
[32]D. Dolev, C. Dwork, M. Naor. Non-Malleable Cryptography, SIAM Journal on Computing,30(2):391-437,2000.
[33]M. Naor, M.Yung. Public-Key Cryptosystems Provably Secure against Chosen CiphertextAttacks, In Proc.of the 22nd STOC,427-437, ACM Press, New York,1990.
[34]C. Rackof, D.R.Simon. Non-Interactive Zero-Knowledge Proof of Know-ledge and ChosenCiphertext Attack,In Crypto'91, LNCS 576,433-444.
[35]M. Bellare, A. Desai, D. Pointcheval, P. Rogaway. Relations among notions of security for public-key encryption schemes, Crypto'98,1462,26-46, 1998.
[36]M. Bellare, P. Rogaway. Optimal asymmetric encryption-how to encrypt with RSA. EUROCRPT'94,950,92-112,1994.
[37]E. Fujisaki, T. Okamoto. How to enhance the security of public-key encryption at minimum cost:Proc. of PKC'99. Springer-Verlag,1999,1560, 53-68.
[38]S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. Journal of Computing,17(2),1988, 281-308.
[39]J. An, Y. Dodis, T. Rabin. On the security of joint signature and encryption, In Advances in Cryptology-Eurocrypt'02, LNCS 2332, Springer-Verlag, 2002,83-107.
[40]J. Cha, J. Choen. An identity-based signature from gap Diffie-Hellman groups, In PKC'03, LNCS 2567, Berlin, Springer-Verlag,2003,18-30.
[41]Y. Dodis, J. Katz, M. Yung. Strong key-insulated signature schemes, In PKC'03, LNCS 2567, Spinger,2003,130-144.
[42]P. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantumcomputer. SIAM J. Comput.5(1997),1484-1509.
[43]A. Kitaev. Quantum measurements and the Abelian Stabilizer Problem, Preprint, http://axiv.org/quant-ph/9511026.1995.
[44]J. Proos, C. Zalka. Shor's discrete logarithm quantum algorithm for elliptic curves, QuantumInformation and Computation 3(2003),317-344.
[45]C. H. Bennett, G. Brassard. Quantum cryptography:public-key distribution and coin tossing. In Proceeding of IEEE International Conference on Computers, Systems and Signal Processing, IEEE, NewYork, Bangalore, India (1984)175-179.
[46]H. S. Kwok, Wallace. Online secure chatting system using discrete chaotic map, Int. JBC,2004,14(1):285-292.
[47]L. M. Adleman. Molecular computation of solutionsto combinatorial problems, Science, November 1994,266,1021-1024.
[48]J. Patarin. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP):Two New Families of Asymmetric Algorithms, In Advances in Cryptology-EUROCRYPT'96, LNCS 1070, Springer-Verlag,1996:33-48.
[49]N. R. Wagner, M. R. Magyarik, A public key cryptosystem based on the word problem, Crypto'84, LNCS 209,1984,19-36.
[50]Wang L, Wang L, Cao Z, E. Okamoto, Shao J. New Constructions of Public-key Encryption Schemes from Conjugacy Search Problems. In Inscrypt 2010, LNCS 6584, Springer-Verlag:New York,2011,1-17.
[51]J. S. Birman, V. Gebhardt, Gonzalez-Meneses J. Conjugacy in garside grou-ps I:Cyclings, powers, and rigidity. Groups, Geometry and Dynamics 2007, 1(3),221-279.
[52]I. Anshel, M. Anshel, D.Goldfeld. An algebraic method for public-key cryptography, Math. Research Letters 6,1999,287-291.
[53]K. H.Ko, S. J. Lee, J. H. Cheon et al. New Public-Key Cryptosystem Using Braid Groups, In Advances in Cryptology-Crypto'00, LNCS 1880,2000, 166-183.
[54]J. Hughes. The Left SSS attack on Ko-Lee-Cheon-Han-Kang-Park Key Agreement Protocol in B45. Rump Session Crypto 2000.
[55]I. Anshel, M. Anshel, B. Fisher, et al. New key agreement protocols in braid group cryptography, In CT-RSA'01, LNCS 2020, Springer,2001,1-15.
[56]A. Myasnikov, A. Ushakov. Length Based Attack and Braid Groups: Cryptanalysis of Anshel-Anshel-Goldfeld Key Exchange Protocol, In PKC'07, LNCS 4450, Springer,2007,76-88.
[57]P. Dehornoy. Using shifted conjugacy in braid-based cryptography. Contem- porary Mathematics 2006,418:65-74.
[58]Wang L, Wang L, Cao Z et al, Conjugate adjoining problem in braid groups and new design of braid-based singatures, Science in China Series F,53 (3), 524-536,2010.
[59]S. H. Paeng, K. C.Ha, J. H.Kim, et al. New Public key cryptosystem using finite non abelian groups, CRYPTO2001, LNCS 2139, Springer-Verlag Berlin Heidelberg,470-485,2001.
[60]S. Paeng, D. Kwon, K. Ha, J. Kim. Improved public key cryptosystem using finite nonabelian groups, Cryptology ePrint Archive, Report 2001/066, http://eprint.iacr.org/2001/066/.
[61]C. Tobias. Security Analysis of the MOR Cryptosystem, PKC 2003, LNCS 2567, Springer-Verlag Berlin Heidelberg,175-186,2003.
[62]S. Paeng. On the security of cryptosystem using the automorphism groups, Information Processing Letters 88,293-298,2003.
[63]C. Tobias. Security analysis of MOR using GL(2, R)×Zp. WOSIS 2,170-179, 2004.
[64]A. Korsten. Cryptanalysis of MOR and Discrete Logarithms in Inner Automorphism Groups, WEWoRC 2007, LNCS 4945,78-89,2008. Springer-Verlag, Berlin, Heidelberg,2008.
[65]I. S. Lee, W. H. Kim, D. Kwon, S. Nahm, N. S. Kwak, Y. J. Baek. On the security of MOR public key cryptosystem, Asiacrypt 2004 (P.J.Lee, ed.), LNCS 3329, Springer-Verlag,387-400,2004.
[66]A. Mahalanobis. A SIMPLE GENERALIZATION OF THE ELGAMAL CRYPTOSYSTEM TO NON-ABELIAN GROUPS Ⅱ. arXiv:0706.3305v5.2011.
[67]B. Eick, D. Kahrobaei. Polycyclic groups:A new platform for cryptology? arXiv:math/0411077vl.2004.
[68]V.Shpilrain, A.Ushakov,Thompson's group and public key cryptography, ACNS 2005, LNCS 3531, Springer-Verlag Berlin Heidelberg,151-163, 2005.
[69]D. Ruinskiy, A. Shamir, B. Tsaban. Length-based cryptanalysis:The case of Thompson's Group, Journal of Mathematical Cryptology 1,359-372,2007.
[70]K. U. Bux, D. Sonkin. Some Remarks on the Braided Thompson Group BV, preprint (2008):arXiv:0807.0061.
[71]D.Gligoroski. Candidate One-Way Functions and One-Way Permutations Based on QuasigroupString Transformations, Preprint. http://arxiv.org/abs/cs/0510018,2005.
[72]I. Anshel, M. Anshel, D. Goldfeld, et al. Key agreement, the Algebraic EraserTM and Lightweight Cryptography, Algebraic Methods in Crypto-graphy, Contemporary Mathematics, Vol.418,1-34, American Mathematical Society,2006.
[73]N. Vats. NNRU, a noncommutative analogue of NTRU, In Proceedings of CoRR,2009.
[74]D. Grigoriev, V. Shpilrain. Authentication from matrix conjugation. Groups, Complexity and Cryptology 2009,1(2):199-205.
[75]G. Baumslag, N. Fazio, A. R. Nicolosi, et al.Generalized learning problems and applications to non-commutative cryptography. In ProvSec'11. Springer, 2011. LNCS 6980,324-339.
[76]E. Chida, H. Shizuya, T. Nishizeki, One-Way Functions over Finite Near-Rings, IEICE TRANS. FUNDEMENTALS, VOL.E78-A,1,1-6, JANUARY 1995.
[77]M. Ohmori, E. Chida, H. Shizuya, et al. A Note on theMultisignature over a Non-commutative Ring, TECHNICAL REPORT OF IEICE. IT95-50, ISEC95-45, SST95-111,1-6, MARCH 1996.
[78]N. Yanai, E. Chida, M. Mambo. A structured multisignature based on a non-commutative ring homomorphism, JWIS 2009, IB3,1-15,2009.
[79]N. Yanai, E. Chida, M. Mambo. A secure structured multi signature based on a non-commutative ring homomorphism, IEICE Trans. Fundamentals, E94-A, 6,1346-1355,2011.
[80]S. S. Magliveras, D. R. Stinson, T. van Trung, New Approaches to Designing Public Key Cryptosystems Using One-Way Functions and Trapdoors in Finite Groups, to appear in Journal of Cryptology.
[81]M. I. Gonz'alez Vasco, C. Mart'inez, R. Steinwandt, Towards a Uniform Description of Several Group Based Cryptographic Primitives, submitted. See also Cryptology ePrint Archive:Report 2002/048,2002.
[82]D. Grigoriev. I. Ponomarenko. Homomorphic public-key cryptosystems and encrypting boolean circuits, IACR Cryptology ePrint Archive 2003,25.
[83]P. Ackermann, M. Kreuzer. Grobner Basis Cryptosystems, In Proceedings of Appl. Algebra Eng. Commun. Comput,173-194,2006.
[84]Z.Cao, X.Dong, L.Wang, New Public Key Cryptosystems Using Polyno-mials over Non-commutative Rings, Cryptology ePrint Archive:Report 2007 /009,2007.
[85]G. Maze, C. Monico, J. Rosenthal. Public Key Cryptography based on Semigroup Actions, Advances in Mathematics of Communications, Vol.1(4), 489-507,2007.
[86]Sandra Sze, Delaram Kahrobaei, Renald Dambreville, Makenson Dupas. Finding n-th roots in nilpotent groups and applications in cryptology, International Journal of Pure and Applied Mathematics, Vol.70(4),571-593, 2011.
[87]N. A. Moldovyan, P. A. Moldovyanu. Vector form of the finite fields GF(pm), Bui.Acad. Stinte Repub. Mold. Mat., No.3,57-63,2009.
[88]A. G. Myasnikov, V. Shpilrain, A. Ushakov. Non-commutative Crypto-graphy and Complexity of Group-theoretic Problems, Amer. Math. Soc. Surveys and Monographs,2011.
[89]R. Canetti, O. Goldgreich, S. Halevi. The random oracle methodology, Pro. of the 30th Annual ACM Symposium on the Theory of Computing,1998, 209-218.
[90]祝亚飞,张亚娟.公钥密码学设计原理与可证安全[M].北京:高等教育出版社,2009.
[91]W. Eric. Conjugate Element. http://mathworld.wolfram.com/ConjugateElement.html.
[92]Wang L, Wang L, Cao Z, et al. Conjugate Adjoining Problem in Braid Groups and New Design of Braid-based Signatures, Science in China Series F:Information Sciences 2010,53(3),524-536.
[93]M. Abdalla, M. Bellare, P. Rogaway. The oracle diffie-hellman assumptions and an analysis of dhies, In CT-RSA 2001,143-158,2001.
[94]M. Prasolov. Small braids having a big ultra summit set. http://arxiv.org/abs/0906.0076.
[95]M. Bellare, P. Rogaway. Minimizing the use of random oracles in authen-ticated encryption schemes. In ICICS'97, LNCS 1334, Yongfei Han, Tatsuaki Okamoto, Sihan Qing (Eds). Spring-Verlag:New York,1-16,1997.
[96]M. Bellare, A. Desai, D. Pointcheval, P. Rogaway. Relations among notions of security for public-key encryption schemes, Advances in Cryptology-CRYPTO'98, LNCS 1462, Krawczyk H (ed). Springer,26-45,1998.
[97]J. S. Birman, V. Gebhardt, J. Gonzalez-Meneses. Conjugacy in garside grou-ps Ⅱ:Structure of the ultra summit set. Groups, Geometry and Dynamics 2008,2(1),16-31.
[98]P. Mohassel. One-time signature and chameleon hash function, SAC 2010, 2010.
[99]L. Lamport. Constructing digital signatures from a one-way function, Techni-cal Report SRI-CSL-98, SRI International, Palo Alto, October 1979.
[100]O. Goldreich. Two remarks concerning the Goldwasser-Micali-Rivest signaturescheme, In Andrew M. Odlyzko, editor, Advances in Cryptology-CRYPTO'86, LNCS 263,104-110. Springer, August1987.
[101]S. Goldwasser, S. Micali, R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281-308, April 1988.
[102]R. Merkle. A certified digital signature, CRYPTO'89, LNCS 435,218-238, 1989.
[103]S. Even, O. Goldreich, S. Micali. On-line/off-line digital signatures, Journal of Cryptology,9,35-67,1996.
[104]D. Boneh, R.Canetti, S. Halevi, et al. Chosen-ciphertext security from identity-based encryption. SIAM Journal on Computing,36(5):915-942, 2006.
[105]Q. Huang, D. S. Wong, Y. Zhao. Generic transformation tostrongly un-forgeable signatures. In Jonathan Katz and Moti Yung, editors, ACNS'07, LNCS 4521,1-17. Springer, June 2007.
[106]M. Bellare, S. Shoup. Two-tier signatures, strongly unforgeable signatures, and fiat-shamir without random oracles, In Tatsuaki Okamoto and Xiaoyun Wang, editors, In PKC 2007, LNCS 4450,201-216. Springer, April 2007.
[107]Y. Dodis, J. Katz. Chosen-ciphertext security of multiple encryption, In Joe Kilian, editor, In TCC 2005, LNCS 3378,188-209. Springer, February 2005.
[108]E. Dahmen, C. Krauβ. Short Hash-Based Signatures for Wireless Sensor Networks, CANS'09,463-476,2009.
[109]A. Perrig. The BiBa one time signature and broadcast authentication protocol, CCS'01, ACM Press, New York,28-37,2001.
[110]H. Krawczyk, T. Rabin. Chameleon Hashing and Signatures, Cryptology ePrint Archive:Report 1998/010.
[111]H. Krawczyk, T. Rabin. Chameleon signatures, NDSS 2000. The Internet Society,143-154, February 2000.
[112]G. Ateniese, D. H. Chou, B. De Medeiros, G.Tsudik. Sanitizable signatures, Computer Security-ESORICS 2005, LNCS 3679,159-177,2005.
[113]Zhang R. Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions, ACNS'07,2007.
[114]E. Heyst, P. Pedersen. How to make efficient fail-stop signatures, In Rainer A. Rueppel, editor, Advances in Cryptology-EUROCRYPT'92, LNCS 658, 366-377. Springer, May1992.
[115]J. Groth. Simulation-sound nizk proofs for a practical language and constant size group signatures, Advances in Cryptology-ASIACRYPT'06, 444-459,2006.
[116]G. M. Zaverucha, D. R. Stinson. Short one-time signatures, Cryptology ePrint Archive:Report 2010/446,2010.
[117]G. Bleumer, B. Pfitzmann, M. Waidner. A Remark on a Signature Scheme where Forgery can be Proved, Advances in CryptologyEUROCRYPT'90, 441-445,1990.
[118]T. P. Pedersen, B. Pfitzmann. Fail-stop signatures, SIAM Journal on Computing,26:291-330,1997.
[119]V. Lyubashevsky, D. Micciancio. Asymptotically efficient lattice based digital signatures, In Ran Canetti, editor, TCC 2008, LNCS 4948,37-54, Springer, March 2008.
[120]C. Peikert. Bonsai trees (or, arboriculture in lattice-based cryptography), Cryptology ePrint Archive:Report 2009/359,2009.
[121]Gao W, Li F, Wang X. Chameleon hash without key exposure based on Schnorr signature, Comput Stand Interf 31(2). Elsevier; 2009,282-295.
[122]Chen X-F., Zhang F-G, Tian H-B., Wei B-D., K. Kim. Discrete logarithm based chameleon hashing and signatures without key exposure, Computers and Electrical Engineering,37,614-623,2011.
[123]A. Shamir, Y. Tauman. Improved online/offline signature schemes, In Joe Kilian, editor, CRYPTO 2001, LNCS 2139,355-367, Springer, August 2001.
[124]F. Zhang, R. Safavi-Naini, W. Susilo. ID-Based Chameleon Hashes from Bilinear Pairings, Cryptology ePrint Archive:Report 2003/208.
[125]Chen X, Zhang F, Kim K. Chameleon hashing without key exposure, ISC 2004, LNCS 3225, Springer-Verlag,87-98,2004..
[126]G. Ateniese, B. Medeiros. On the key exposure problem in chameleon hashes, SCN 2004, LNCS 3352, Springer-Verlag,165-179,2005.
[127]C. Gentry, C. Peikert, V. Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions, In Richard E. Ladner and Cynthia Dwork, editors, ACM,197-206, May 2008.
[128]D. Chaum. Blind Signatures for Untraceable Payments, Crypto 1982, California,1983.
[129]D. Pointcheval, J. Stern. Security Argument for Digital Signatures and Blind Signatures, Journal of Cryptology, Vol.13,3,361-396, Springer-Verlag, 2000.
[130]T. Okamoto. Efficient Blind and Partially Blind Signatures without Ran-dom Oracles, TCC 2006, LNCS 3876, New York,2006.
[131]J. Camenisch, J. Piveteau, M. Stadler. Blind Signatures Based on the Discrete Logarithm Problem, Eurocrypt'94, LNCS 950, Springer-Verlga, 1995,428-432.
[132]M. Abe. A Secure Three-Move Blind Signature Scheme for Polynomially Many Signature, Eurocryp'01, LNCS 2045,136-151, Springer-Verlag, 2001.
[133]L. T. Phone, W. Ogata. Blind HIBE and its Applications to Identity-Based Blind Signature and Blind Decryption, Cryptology ePrint Archive, Report 2008/327,2008.
[134]M. Bellare, C. Namprempre, D. Pointcheval, M. Semanko. The power of RSA inversion oracles and the security of Chaum's RSA-based blind signature scheme, Financial Cryptography'01, Springer-Verlag,2001.
[135]F. Zhang, K. Kim. ID-based blind signature and ring signature from pairings, Advances in Cryptology-Asiacrpt 2002, LNCS 2501, Springer-Verlag,2002,533-547.
[136]D.Wagner. A generalized birthday problem, Advances in Cryptology-Crypto'02, LNCS 2442,288-303, Springer-Verlag,2002.
[137]F. Zhang, K.Kim. Efficient ID-based blind signature and proxy signature from bilinear pairings, Proc. Of ACISP2003, LNCS 2727, Springer-Verlag, 2003,312-323.
[138]T. Okamoto. Efficient Blind and Partially Blind Signatures Without Random Oracles, TCC'06, Springer-Verlag,80-99,2006.
[139]M. Ruckert. Lattice-based Blind Signatures [OL]. http://eprint.iacr.org.2008/322,2008.
[140]G. Ateniese.D. Medeiros.A Provably Secure Nyberg-Rueppel Signature Variant with Applications,//http://eprint.iacr.org.2004/093,2004.
[141]A. Shamir. How to share a secret, CACM 22,1979,612-612.
[142]G. R. Blakley. Safeguarding cryptographic keys, In Proceedings AFIPS 1979 of the National Computer Conference.1979,313-319.
[143]B. Chor, S. Goldwaser, S. Micali, et al. Verifiable secret sharing and ach-ieving simultaneity in the presence of faults, In Proceedings of 26th IEEE Symposium on Foundations of Computer Science, Berlin:Springer-Verlag, 1985,383-395.
[144]J. C. Benloh. Secret sharing homoramorphisms:Keeping shares of a secret, In Advance in Cryptology-Crypto'86, Berlin:Springer-Verlag,1986,251-260.
[145]P. Feldman. A Practical scheme for non-interaction verifiable secret sharing, In Proceedings of 28 IEEE Symposium on Foundations of Computer Science, Berlin:Springer-Verlag,1987,427-437.
[146]T. P. Pedersen. Non-interactive and information-theoretic secure verifyable secret sharing, In Cryptology-Crypto'91, Berlin:Springer-Verlag,129-139, 1991.
[2]W. Diffie, M. E. Hellman. New directions in cryptography, IEEE Transactions on Information Theory, IT-22(6),1976,644-654.
[3]W. Diffie, M. E. Hellman. Multiuser cryptographic techniques, In Procee-dings of AFIPS 1976, AFIPS Press,1976,109-112.
[4]W. Mao. Modem Cryptography:Theory and Practice, published by Prentice Hall PTR,2003.
[5]R. L. Rivest, A. Shamir, L. Adleman. A Method for Obtaining Digital Sign-atures and Public Key Cryptosystem, Comm. ACM.21,1978,120-126.
[6]J. H. Loxton, D. Bird, et al. A cubic RSA code equivalent to factorization, Journal of Cryptology,1992,5(2):139-150.
[7]N. Demytko. A new elliptic curce based analogue of RSA:Proc. of Eurocrypt' 93. Berlin, Springer-Verlag,1993,765,40-49.
[8]K. Koyama, M. Maurer, et al. New public-key schemes based on elliptic cruves over ring Zn, Proc. of Crypto'91, Berlin, Springer-Verlag,1992,576: 252-266.
[9]M. O. Rabin. Digital signatures and public-key functions as intractable as factorization.Technical Report LCS/TR-212, MIT Library for Computer Science,1979.
[10]T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, IT-31(4),1985, 469-472.
[11]L. Hard, Y. Xu. Design of generalized ElGamal type digital scheme based ondiscrete logarithm, Electronics letters,1994,31(24),2025-2026.
[12]C. P. Schnorr. Efficient identification and signature for smart cards, In Adva-nces in Cryptology-Crypto'89, LNCS 435, Berlin, Springer-Verlag,1990, 239-252.
[13]C. P. Schnorr. Efficient identification and signature for smart cards, Journal of Cryptography,4(3),1991,161-174.
[14]NIST, A Proposed Federal Information Processing Standard for Digital Signature Standard (DSS), Federal Register Announcement August 30,1991.
[15]NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186,1994.
[16]K. Nyberg, R. Rueppel, Message recovery for signature schemes based on the discrete logarithm, Advances in Cryptology-Eurocrypt'94, Berlin, Springer-Verlag,1994,175-190.
[17]R. Merkle, M. Hellman. Hiding information and signatures in trapdoor knapsack. Information Theory, IEEE Transactions 24 (5):525-530.
[18]R. Merkle, M. Hellman. On the security of multiple encryption, Com-munication of the ACM,1981,24:465-467.
[19]N. Koblitz. Elliptic Curve Cryptosystems, Mathematics of Computation,48, 1987,203-209.
[20]V. Moller. Uses of elliptic curves in cryptography, In Advances in Cryptology Crypto'85, LNCS 218, Berlin, Springer-Verlag,1986,417-426.
[21]M. Ajtai. Generating hard instances of lattice problems. Quaderni di Matematica, Preliminary version in STOC 1996,13:1-32.
[22]O. Goldreich, S. Goldwasser, S. Halevi. Collision-free hashing from latticeproblem Technical report, TR96-056, Electronic Colloquium on Computational Complexity (ECCC),1996.
[23]J. Hoffstein, J. Pipher, J. H. Silverman. NTRU:a ring based public key cryptosystem. In Proceedings of ANTS-Ⅲ, LNCS 1423,267-288. Springer, June 1998.
[24]O. Regev. On lattices, learning with errors, random linear codes, and cryptography, STOC, ACM,2005,84-93.
[25]V. Lyubashevsky, D. Micciancio. Asymptotically efficient lattice-based digital signatures. In fifth Theory of Cryptography Conference (TCC), LNCS 948, Springer,2008.
[26]Gentry C, Peikert C, Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions, STOC, ACM,2008,197-206.
[27]Peikert C. Bonsai trees (or, arboriculture in lattice-based cryptography). Cryptology ePrint Archive, Report 2009/359,2009. http://eprint.iacr.org
[28]R. McElience. A Public-key Cryptosystem Based on AlgebraicCoding Theory. DSN Progress Reprot 42-44. JPL, Pasadena,1978:114-116.
[29]戚余录,陈世华,陶仁骥.一种有限自动化密码及其软件实现[J].计算机研究与发展,1987,24(5).
[30]D.Pointcheval. Contemporary Cryptology Provable Security for Public Key Scheme, Advanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, June 2005,133-189.
[31]S.Goldwasser, S.Micali.Probabilistic Encryption, Journal of Computer and System Sciences,28,270-299,1984.
[32]D. Dolev, C. Dwork, M. Naor. Non-Malleable Cryptography, SIAM Journal on Computing,30(2):391-437,2000.
[33]M. Naor, M.Yung. Public-Key Cryptosystems Provably Secure against Chosen CiphertextAttacks, In Proc.of the 22nd STOC,427-437, ACM Press, New York,1990.
[34]C. Rackof, D.R.Simon. Non-Interactive Zero-Knowledge Proof of Know-ledge and ChosenCiphertext Attack,In Crypto'91, LNCS 576,433-444.
[35]M. Bellare, A. Desai, D. Pointcheval, P. Rogaway. Relations among notions of security for public-key encryption schemes, Crypto'98,1462,26-46, 1998.
[36]M. Bellare, P. Rogaway. Optimal asymmetric encryption-how to encrypt with RSA. EUROCRPT'94,950,92-112,1994.
[37]E. Fujisaki, T. Okamoto. How to enhance the security of public-key encryption at minimum cost:Proc. of PKC'99. Springer-Verlag,1999,1560, 53-68.
[38]S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. Journal of Computing,17(2),1988, 281-308.
[39]J. An, Y. Dodis, T. Rabin. On the security of joint signature and encryption, In Advances in Cryptology-Eurocrypt'02, LNCS 2332, Springer-Verlag, 2002,83-107.
[40]J. Cha, J. Choen. An identity-based signature from gap Diffie-Hellman groups, In PKC'03, LNCS 2567, Berlin, Springer-Verlag,2003,18-30.
[41]Y. Dodis, J. Katz, M. Yung. Strong key-insulated signature schemes, In PKC'03, LNCS 2567, Spinger,2003,130-144.
[42]P. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantumcomputer. SIAM J. Comput.5(1997),1484-1509.
[43]A. Kitaev. Quantum measurements and the Abelian Stabilizer Problem, Preprint, http://axiv.org/quant-ph/9511026.1995.
[44]J. Proos, C. Zalka. Shor's discrete logarithm quantum algorithm for elliptic curves, QuantumInformation and Computation 3(2003),317-344.
[45]C. H. Bennett, G. Brassard. Quantum cryptography:public-key distribution and coin tossing. In Proceeding of IEEE International Conference on Computers, Systems and Signal Processing, IEEE, NewYork, Bangalore, India (1984)175-179.
[46]H. S. Kwok, Wallace. Online secure chatting system using discrete chaotic map, Int. JBC,2004,14(1):285-292.
[47]L. M. Adleman. Molecular computation of solutionsto combinatorial problems, Science, November 1994,266,1021-1024.
[48]J. Patarin. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP):Two New Families of Asymmetric Algorithms, In Advances in Cryptology-EUROCRYPT'96, LNCS 1070, Springer-Verlag,1996:33-48.
[49]N. R. Wagner, M. R. Magyarik, A public key cryptosystem based on the word problem, Crypto'84, LNCS 209,1984,19-36.
[50]Wang L, Wang L, Cao Z, E. Okamoto, Shao J. New Constructions of Public-key Encryption Schemes from Conjugacy Search Problems. In Inscrypt 2010, LNCS 6584, Springer-Verlag:New York,2011,1-17.
[51]J. S. Birman, V. Gebhardt, Gonzalez-Meneses J. Conjugacy in garside grou-ps I:Cyclings, powers, and rigidity. Groups, Geometry and Dynamics 2007, 1(3),221-279.
[52]I. Anshel, M. Anshel, D.Goldfeld. An algebraic method for public-key cryptography, Math. Research Letters 6,1999,287-291.
[53]K. H.Ko, S. J. Lee, J. H. Cheon et al. New Public-Key Cryptosystem Using Braid Groups, In Advances in Cryptology-Crypto'00, LNCS 1880,2000, 166-183.
[54]J. Hughes. The Left SSS attack on Ko-Lee-Cheon-Han-Kang-Park Key Agreement Protocol in B45. Rump Session Crypto 2000.
[55]I. Anshel, M. Anshel, B. Fisher, et al. New key agreement protocols in braid group cryptography, In CT-RSA'01, LNCS 2020, Springer,2001,1-15.
[56]A. Myasnikov, A. Ushakov. Length Based Attack and Braid Groups: Cryptanalysis of Anshel-Anshel-Goldfeld Key Exchange Protocol, In PKC'07, LNCS 4450, Springer,2007,76-88.
[57]P. Dehornoy. Using shifted conjugacy in braid-based cryptography. Contem- porary Mathematics 2006,418:65-74.
[58]Wang L, Wang L, Cao Z et al, Conjugate adjoining problem in braid groups and new design of braid-based singatures, Science in China Series F,53 (3), 524-536,2010.
[59]S. H. Paeng, K. C.Ha, J. H.Kim, et al. New Public key cryptosystem using finite non abelian groups, CRYPTO2001, LNCS 2139, Springer-Verlag Berlin Heidelberg,470-485,2001.
[60]S. Paeng, D. Kwon, K. Ha, J. Kim. Improved public key cryptosystem using finite nonabelian groups, Cryptology ePrint Archive, Report 2001/066, http://eprint.iacr.org/2001/066/.
[61]C. Tobias. Security Analysis of the MOR Cryptosystem, PKC 2003, LNCS 2567, Springer-Verlag Berlin Heidelberg,175-186,2003.
[62]S. Paeng. On the security of cryptosystem using the automorphism groups, Information Processing Letters 88,293-298,2003.
[63]C. Tobias. Security analysis of MOR using GL(2, R)×Zp. WOSIS 2,170-179, 2004.
[64]A. Korsten. Cryptanalysis of MOR and Discrete Logarithms in Inner Automorphism Groups, WEWoRC 2007, LNCS 4945,78-89,2008. Springer-Verlag, Berlin, Heidelberg,2008.
[65]I. S. Lee, W. H. Kim, D. Kwon, S. Nahm, N. S. Kwak, Y. J. Baek. On the security of MOR public key cryptosystem, Asiacrypt 2004 (P.J.Lee, ed.), LNCS 3329, Springer-Verlag,387-400,2004.
[66]A. Mahalanobis. A SIMPLE GENERALIZATION OF THE ELGAMAL CRYPTOSYSTEM TO NON-ABELIAN GROUPS Ⅱ. arXiv:0706.3305v5.2011.
[67]B. Eick, D. Kahrobaei. Polycyclic groups:A new platform for cryptology? arXiv:math/0411077vl.2004.
[68]V.Shpilrain, A.Ushakov,Thompson's group and public key cryptography, ACNS 2005, LNCS 3531, Springer-Verlag Berlin Heidelberg,151-163, 2005.
[69]D. Ruinskiy, A. Shamir, B. Tsaban. Length-based cryptanalysis:The case of Thompson's Group, Journal of Mathematical Cryptology 1,359-372,2007.
[70]K. U. Bux, D. Sonkin. Some Remarks on the Braided Thompson Group BV, preprint (2008):arXiv:0807.0061.
[71]D.Gligoroski. Candidate One-Way Functions and One-Way Permutations Based on QuasigroupString Transformations, Preprint. http://arxiv.org/abs/cs/0510018,2005.
[72]I. Anshel, M. Anshel, D. Goldfeld, et al. Key agreement, the Algebraic EraserTM and Lightweight Cryptography, Algebraic Methods in Crypto-graphy, Contemporary Mathematics, Vol.418,1-34, American Mathematical Society,2006.
[73]N. Vats. NNRU, a noncommutative analogue of NTRU, In Proceedings of CoRR,2009.
[74]D. Grigoriev, V. Shpilrain. Authentication from matrix conjugation. Groups, Complexity and Cryptology 2009,1(2):199-205.
[75]G. Baumslag, N. Fazio, A. R. Nicolosi, et al.Generalized learning problems and applications to non-commutative cryptography. In ProvSec'11. Springer, 2011. LNCS 6980,324-339.
[76]E. Chida, H. Shizuya, T. Nishizeki, One-Way Functions over Finite Near-Rings, IEICE TRANS. FUNDEMENTALS, VOL.E78-A,1,1-6, JANUARY 1995.
[77]M. Ohmori, E. Chida, H. Shizuya, et al. A Note on theMultisignature over a Non-commutative Ring, TECHNICAL REPORT OF IEICE. IT95-50, ISEC95-45, SST95-111,1-6, MARCH 1996.
[78]N. Yanai, E. Chida, M. Mambo. A structured multisignature based on a non-commutative ring homomorphism, JWIS 2009, IB3,1-15,2009.
[79]N. Yanai, E. Chida, M. Mambo. A secure structured multi signature based on a non-commutative ring homomorphism, IEICE Trans. Fundamentals, E94-A, 6,1346-1355,2011.
[80]S. S. Magliveras, D. R. Stinson, T. van Trung, New Approaches to Designing Public Key Cryptosystems Using One-Way Functions and Trapdoors in Finite Groups, to appear in Journal of Cryptology.
[81]M. I. Gonz'alez Vasco, C. Mart'inez, R. Steinwandt, Towards a Uniform Description of Several Group Based Cryptographic Primitives, submitted. See also Cryptology ePrint Archive:Report 2002/048,2002.
[82]D. Grigoriev. I. Ponomarenko. Homomorphic public-key cryptosystems and encrypting boolean circuits, IACR Cryptology ePrint Archive 2003,25.
[83]P. Ackermann, M. Kreuzer. Grobner Basis Cryptosystems, In Proceedings of Appl. Algebra Eng. Commun. Comput,173-194,2006.
[84]Z.Cao, X.Dong, L.Wang, New Public Key Cryptosystems Using Polyno-mials over Non-commutative Rings, Cryptology ePrint Archive:Report 2007 /009,2007.
[85]G. Maze, C. Monico, J. Rosenthal. Public Key Cryptography based on Semigroup Actions, Advances in Mathematics of Communications, Vol.1(4), 489-507,2007.
[86]Sandra Sze, Delaram Kahrobaei, Renald Dambreville, Makenson Dupas. Finding n-th roots in nilpotent groups and applications in cryptology, International Journal of Pure and Applied Mathematics, Vol.70(4),571-593, 2011.
[87]N. A. Moldovyan, P. A. Moldovyanu. Vector form of the finite fields GF(pm), Bui.Acad. Stinte Repub. Mold. Mat., No.3,57-63,2009.
[88]A. G. Myasnikov, V. Shpilrain, A. Ushakov. Non-commutative Crypto-graphy and Complexity of Group-theoretic Problems, Amer. Math. Soc. Surveys and Monographs,2011.
[89]R. Canetti, O. Goldgreich, S. Halevi. The random oracle methodology, Pro. of the 30th Annual ACM Symposium on the Theory of Computing,1998, 209-218.
[90]祝亚飞,张亚娟.公钥密码学设计原理与可证安全[M].北京:高等教育出版社,2009.
[91]W. Eric. Conjugate Element. http://mathworld.wolfram.com/ConjugateElement.html.
[92]Wang L, Wang L, Cao Z, et al. Conjugate Adjoining Problem in Braid Groups and New Design of Braid-based Signatures, Science in China Series F:Information Sciences 2010,53(3),524-536.
[93]M. Abdalla, M. Bellare, P. Rogaway. The oracle diffie-hellman assumptions and an analysis of dhies, In CT-RSA 2001,143-158,2001.
[94]M. Prasolov. Small braids having a big ultra summit set. http://arxiv.org/abs/0906.0076.
[95]M. Bellare, P. Rogaway. Minimizing the use of random oracles in authen-ticated encryption schemes. In ICICS'97, LNCS 1334, Yongfei Han, Tatsuaki Okamoto, Sihan Qing (Eds). Spring-Verlag:New York,1-16,1997.
[96]M. Bellare, A. Desai, D. Pointcheval, P. Rogaway. Relations among notions of security for public-key encryption schemes, Advances in Cryptology-CRYPTO'98, LNCS 1462, Krawczyk H (ed). Springer,26-45,1998.
[97]J. S. Birman, V. Gebhardt, J. Gonzalez-Meneses. Conjugacy in garside grou-ps Ⅱ:Structure of the ultra summit set. Groups, Geometry and Dynamics 2008,2(1),16-31.
[98]P. Mohassel. One-time signature and chameleon hash function, SAC 2010, 2010.
[99]L. Lamport. Constructing digital signatures from a one-way function, Techni-cal Report SRI-CSL-98, SRI International, Palo Alto, October 1979.
[100]O. Goldreich. Two remarks concerning the Goldwasser-Micali-Rivest signaturescheme, In Andrew M. Odlyzko, editor, Advances in Cryptology-CRYPTO'86, LNCS 263,104-110. Springer, August1987.
[101]S. Goldwasser, S. Micali, R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281-308, April 1988.
[102]R. Merkle. A certified digital signature, CRYPTO'89, LNCS 435,218-238, 1989.
[103]S. Even, O. Goldreich, S. Micali. On-line/off-line digital signatures, Journal of Cryptology,9,35-67,1996.
[104]D. Boneh, R.Canetti, S. Halevi, et al. Chosen-ciphertext security from identity-based encryption. SIAM Journal on Computing,36(5):915-942, 2006.
[105]Q. Huang, D. S. Wong, Y. Zhao. Generic transformation tostrongly un-forgeable signatures. In Jonathan Katz and Moti Yung, editors, ACNS'07, LNCS 4521,1-17. Springer, June 2007.
[106]M. Bellare, S. Shoup. Two-tier signatures, strongly unforgeable signatures, and fiat-shamir without random oracles, In Tatsuaki Okamoto and Xiaoyun Wang, editors, In PKC 2007, LNCS 4450,201-216. Springer, April 2007.
[107]Y. Dodis, J. Katz. Chosen-ciphertext security of multiple encryption, In Joe Kilian, editor, In TCC 2005, LNCS 3378,188-209. Springer, February 2005.
[108]E. Dahmen, C. Krauβ. Short Hash-Based Signatures for Wireless Sensor Networks, CANS'09,463-476,2009.
[109]A. Perrig. The BiBa one time signature and broadcast authentication protocol, CCS'01, ACM Press, New York,28-37,2001.
[110]H. Krawczyk, T. Rabin. Chameleon Hashing and Signatures, Cryptology ePrint Archive:Report 1998/010.
[111]H. Krawczyk, T. Rabin. Chameleon signatures, NDSS 2000. The Internet Society,143-154, February 2000.
[112]G. Ateniese, D. H. Chou, B. De Medeiros, G.Tsudik. Sanitizable signatures, Computer Security-ESORICS 2005, LNCS 3679,159-177,2005.
[113]Zhang R. Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions, ACNS'07,2007.
[114]E. Heyst, P. Pedersen. How to make efficient fail-stop signatures, In Rainer A. Rueppel, editor, Advances in Cryptology-EUROCRYPT'92, LNCS 658, 366-377. Springer, May1992.
[115]J. Groth. Simulation-sound nizk proofs for a practical language and constant size group signatures, Advances in Cryptology-ASIACRYPT'06, 444-459,2006.
[116]G. M. Zaverucha, D. R. Stinson. Short one-time signatures, Cryptology ePrint Archive:Report 2010/446,2010.
[117]G. Bleumer, B. Pfitzmann, M. Waidner. A Remark on a Signature Scheme where Forgery can be Proved, Advances in CryptologyEUROCRYPT'90, 441-445,1990.
[118]T. P. Pedersen, B. Pfitzmann. Fail-stop signatures, SIAM Journal on Computing,26:291-330,1997.
[119]V. Lyubashevsky, D. Micciancio. Asymptotically efficient lattice based digital signatures, In Ran Canetti, editor, TCC 2008, LNCS 4948,37-54, Springer, March 2008.
[120]C. Peikert. Bonsai trees (or, arboriculture in lattice-based cryptography), Cryptology ePrint Archive:Report 2009/359,2009.
[121]Gao W, Li F, Wang X. Chameleon hash without key exposure based on Schnorr signature, Comput Stand Interf 31(2). Elsevier; 2009,282-295.
[122]Chen X-F., Zhang F-G, Tian H-B., Wei B-D., K. Kim. Discrete logarithm based chameleon hashing and signatures without key exposure, Computers and Electrical Engineering,37,614-623,2011.
[123]A. Shamir, Y. Tauman. Improved online/offline signature schemes, In Joe Kilian, editor, CRYPTO 2001, LNCS 2139,355-367, Springer, August 2001.
[124]F. Zhang, R. Safavi-Naini, W. Susilo. ID-Based Chameleon Hashes from Bilinear Pairings, Cryptology ePrint Archive:Report 2003/208.
[125]Chen X, Zhang F, Kim K. Chameleon hashing without key exposure, ISC 2004, LNCS 3225, Springer-Verlag,87-98,2004..
[126]G. Ateniese, B. Medeiros. On the key exposure problem in chameleon hashes, SCN 2004, LNCS 3352, Springer-Verlag,165-179,2005.
[127]C. Gentry, C. Peikert, V. Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions, In Richard E. Ladner and Cynthia Dwork, editors, ACM,197-206, May 2008.
[128]D. Chaum. Blind Signatures for Untraceable Payments, Crypto 1982, California,1983.
[129]D. Pointcheval, J. Stern. Security Argument for Digital Signatures and Blind Signatures, Journal of Cryptology, Vol.13,3,361-396, Springer-Verlag, 2000.
[130]T. Okamoto. Efficient Blind and Partially Blind Signatures without Ran-dom Oracles, TCC 2006, LNCS 3876, New York,2006.
[131]J. Camenisch, J. Piveteau, M. Stadler. Blind Signatures Based on the Discrete Logarithm Problem, Eurocrypt'94, LNCS 950, Springer-Verlga, 1995,428-432.
[132]M. Abe. A Secure Three-Move Blind Signature Scheme for Polynomially Many Signature, Eurocryp'01, LNCS 2045,136-151, Springer-Verlag, 2001.
[133]L. T. Phone, W. Ogata. Blind HIBE and its Applications to Identity-Based Blind Signature and Blind Decryption, Cryptology ePrint Archive, Report 2008/327,2008.
[134]M. Bellare, C. Namprempre, D. Pointcheval, M. Semanko. The power of RSA inversion oracles and the security of Chaum's RSA-based blind signature scheme, Financial Cryptography'01, Springer-Verlag,2001.
[135]F. Zhang, K. Kim. ID-based blind signature and ring signature from pairings, Advances in Cryptology-Asiacrpt 2002, LNCS 2501, Springer-Verlag,2002,533-547.
[136]D.Wagner. A generalized birthday problem, Advances in Cryptology-Crypto'02, LNCS 2442,288-303, Springer-Verlag,2002.
[137]F. Zhang, K.Kim. Efficient ID-based blind signature and proxy signature from bilinear pairings, Proc. Of ACISP2003, LNCS 2727, Springer-Verlag, 2003,312-323.
[138]T. Okamoto. Efficient Blind and Partially Blind Signatures Without Random Oracles, TCC'06, Springer-Verlag,80-99,2006.
[139]M. Ruckert. Lattice-based Blind Signatures [OL]. http://eprint.iacr.org.2008/322,2008.
[140]G. Ateniese.D. Medeiros.A Provably Secure Nyberg-Rueppel Signature Variant with Applications,//http://eprint.iacr.org.2004/093,2004.
[141]A. Shamir. How to share a secret, CACM 22,1979,612-612.
[142]G. R. Blakley. Safeguarding cryptographic keys, In Proceedings AFIPS 1979 of the National Computer Conference.1979,313-319.
[143]B. Chor, S. Goldwaser, S. Micali, et al. Verifiable secret sharing and ach-ieving simultaneity in the presence of faults, In Proceedings of 26th IEEE Symposium on Foundations of Computer Science, Berlin:Springer-Verlag, 1985,383-395.
[144]J. C. Benloh. Secret sharing homoramorphisms:Keeping shares of a secret, In Advance in Cryptology-Crypto'86, Berlin:Springer-Verlag,1986,251-260.
[145]P. Feldman. A Practical scheme for non-interaction verifiable secret sharing, In Proceedings of 28 IEEE Symposium on Foundations of Computer Science, Berlin:Springer-Verlag,1987,427-437.
[146]T. P. Pedersen. Non-interactive and information-theoretic secure verifyable secret sharing, In Cryptology-Crypto'91, Berlin:Springer-Verlag,129-139, 1991.