可证明安全的基于身份加密方案及其应用
|
摘要
1984年Shamir首次创造性地提出了基于身份密码体制的概念,即希望由用户的身份信息作为公钥实现公钥密码,但是直到2001年第一个实用的基于身份加密方案(简称为IBE方案)才被提出。与传统的公钥基础设施相比,IBE方案由于无需在线的可信任第三方,因此在根本上解决了传统公钥加密方案中可信第三方的性能瓶颈问题。目前,IBE方案还处于理论研究状态,虽然已有部分应用,但要实现全面地工业化还有很多问题需要解决,主要问题包括:IBE方案的可证明安全性和执行效率问题;IBE方案的密钥托管问题;IBE方案的匿名性问题;以及IBE方案创新性应用等。
在已有知名IBE方案的基础上,通过分析影响可证明安全性和执行效率的主要因素,分别提出了两种不同类型的IBE方案:其一实现了标准模型下基于强安全性定义和弱困难性假设,具有更有效归约的可证明安全性,而且与同类IBE方案相比,该创新性方案在执行效率上具有目前最优的性能指标;其二通过避免使用时间复杂度较高的双线性映射,在常规的椭圆曲线群中实现了高效的IBE方案,而且该提出方案在随机预言机模型(简称为RO模型)下,同样基于强安全性定义和弱困难性假设,完成了“紧”的安全性归约,因此尽可能地减少了安全性退化,其执行效率与同类方案相比,不仅其密文长度更短、执行效率也更高。
IBE方案的成功工业化不仅依赖于方案本身的安全性和效率,也依赖于其在实用中的适用性。由于IBE方案中私钥通常完全由第三方生成,因此其密钥托管问题很难适用于实际环境。虽然目前已有若干解决方案,但它们依然存在明显的缺陷。因此在已有工作的基础上,提出了一种更高效的第三方权利受约束的IBE方案,该方案不仅在标准模型下,基于更强的安全性定义和更弱的困难性假设,具有更“紧”的安全性归约;而且其性能方面,由于双线性映射单次计算的时间复杂度很大,因此通过降低该计算的次数为为常数次,使得该创新性方案具有了明显的性能优势,不仅如此,当某些参数的选取在一定范围内时,其综合计算效率也比已有方案要低。
IBE方案作为一种全新的公钥加密方案,在实现保密传输的基础上,也被进一步扩展其功能。公钥加密方案的匿名性是目前应用中广受推崇的特性之一,关于该领域的研究虽已取得若干成果,但是要实现IBE方案的匿名性,其工作远比传统的公钥密码体制要复杂。基于匿名性的形式化定义,通过对匿名性的直觉性理解,提出了一次性加密密钥的思想,并作为一种实例将该思想用于实现传统离散对数体制的公钥加密方案的匿名性,与已有成果相比,一次性加密密钥思想仅需更少的充分条件,即可实现该实例的强匿名性;进一步推广一次性加密密钥思想到IBE方案中,从宏观角度提出了基于一次性加密密钥思想的IBE方案的形式化模型,并分析该模型中各主要函数为实现匿名性所应具有的性质,因此为其实例方案的提出提供了重要的指导。
扩展IBE方案所采用的基于身份作为公钥的特点,国际上提出了基于具有匿名性的IBE方案构造可搜索公钥加密方案的新思路,并且随着研究地深入,具有更多新特性的可搜索公钥加密方案陆续提出,例如:具有临时关键字可搜索的公钥加密方案(简称为PETKS方案)。在已有PETKS方案的基础上,提出了针对执行性能方面的改进方案,并基于该创新方案进一步扩展其功能,分别实现了可搜索性在接收者指定时间内有效和发送者指定时间内有效的两个新方案。
众多实用IBE方案的成功提出主要依赖于双线性映射的出现,而受IBE方案的启发,双线性映射也有了更多新的用途。针对Burmester和Desmedt提出的知名组密钥协商方案存在内部不同密钥攻击的缺陷,基于双线性映射提出了改进方案,与原有方案相比该改进方案不仅能抵抗该攻击,而且不会增加时间复杂性和通信量;与同类的其它改进方案相比,提出方案则具有明显的执行效率优势。
IBE方案的研究是目前密码学领域的重要课题,随着研究地深入很多更新更好的方案将会被提出,同时它的研究也决不仅仅局限于方案本身,新的应用也将会出现,甚至会引发研究者们对一些深层次的数学问题的研究和发现。
Shamir had creatively proposed the concept of Identity-Based cryptosystem in 1984, in which the identity of user was took as public-key, but until in 2001 the first efficient and provably secure identity-based encryption scheme (IBE) had just been proposed. In contrast with the widely used Public-Key Infrastructure (PKI), the IBE scheme can independently work without online trusted third part. Therefore it fully avoids the performance bottlenecks problem of the third part of PKI scheme. Currently the research of IBE scheme is mainly on the theoretic researches, such as the provable security, the key escrow, the anonymity problem and so on. And in practice, several applications based on it had been proposed, such as the Public-Key Encryption with Keyword Searchable scheme (PEKS).
Basing on the informed well-known IBE schemes, we analyzed the main factors of affecting the provable security and the performance of them, and then creatively propose two improved IBE schemes that:one can achieve a tighter reduction of security, based on a strong security definition and a weak hardness assumption under the standard model. And with respect to the performace of this new sheme, by comparing with the informed congeneric IBE schemes, we can find that this new scheme has the best performance; the other one fully avoids the bilinear map to construct itself, and with the respect to the provable security, achieves the "tight" security reduction, based on a strong security definition and a weak hardness assumption under the random oracle model. At last, also compared with the other congeneric schemes, the second scheme not only has shorter ciphertext but also has better performance. In summary, these two proposed scheme, proposed in this paper, respectively achieve tighter reduction in security proof and more efficient performance.
For successfully achieving the economization of IBE scheme, it not only needs to improve the provable security and the performance of IBE scheme, but also to adapt the practice is important, too. Currently, in the most of existing IBE schemes, it is irrational that the private-key of user were fully generated by the third part (this flaw was called the key escrow problem). So far there were some methods had been proposed to solve it, but they also had several flaws. Based on the work of Goyal's in 2007, a more efficient accountable authority IBE scheme is proposed in this paper. With the respect of provable security, this new scheme has a tighter security reduction, based on a stronger security definition and a weaker hardness assumption under the standard model. In addition, for enhancing the performance, by contriving to reduce the times of the implementations of bilinear map as many as possible, only two times of this operation are needed in this new scheme. Furthuremore, when some system parameters in this new scheme are properly chosen, then the performance of it will be better than Goyal's.
Recently, following the development of cryptosystem, a public-key encryption scheme not only needs to achieve the data privacy, but also needs to protect the identity of the receiver of ciphertext, namely to keep the anonymity of reciever. The IBE scheme is a special public-key encryption scheme; and it is much harder to achieve its anonymity, compared with the other kinds of scheme. Therefore, for more efficiently solving the anonymity of IBE scheme, we were inspired from the rigorous definition of anonymity, and then creatively propose a new concept of anonymity. For verifying the avalidity of this new concept, we construct an instantiated technique for achieving the anonymity of traditional DL-based encryption scheme. Furthermore, for expanding this new concept to the IBE scheme, a macroscopically general framework is proposed for analyzing the requirements of a successful expansion. As a result, several requirements proposed in this paper can theoreticly guide the instantiation of this expansion for future research.
Took advantage of the identity-based character in IBE scheme, PEKS scheme was invented based on the anonymous IBE scheme in 2004. And then an expansion of PEKS, called Public-Key Encryption with Temporary Keyword Searchable (PETKS) scheme, was proposed. Based on these informed researches, two new expanded schemes of PETKS are built to constrain the searchability respectively by the chosen time of receiver and sender.
Refering to the first efficient IBE scheme, it should owe its success to the bilinear map. Currently, inspired by the IBE scheme, the bilinear map has been used in many other fields. For overcoming the internal different key attack in a well-known key agreement protocol, proposed by Burmester and Desmedt, in this paper an improved protocol is creatively constructed based on the bilinear map. Compared with the original protocol, this new protocol not only resists that attack, but also does not increase the time complexity and communications; furthermore, compared with other existing improved protocols, this new protocol is also more efficient than them.
Indubitability, the IBE scheme is an important and current research field in cryptography. And following the development of research on it, the better IBE scheme should be proposed in future; and analogously to the PEKS scheme, the new application should also be introduced; and even that the new mathematic theorem may be discovered.
在已有知名IBE方案的基础上,通过分析影响可证明安全性和执行效率的主要因素,分别提出了两种不同类型的IBE方案:其一实现了标准模型下基于强安全性定义和弱困难性假设,具有更有效归约的可证明安全性,而且与同类IBE方案相比,该创新性方案在执行效率上具有目前最优的性能指标;其二通过避免使用时间复杂度较高的双线性映射,在常规的椭圆曲线群中实现了高效的IBE方案,而且该提出方案在随机预言机模型(简称为RO模型)下,同样基于强安全性定义和弱困难性假设,完成了“紧”的安全性归约,因此尽可能地减少了安全性退化,其执行效率与同类方案相比,不仅其密文长度更短、执行效率也更高。
IBE方案的成功工业化不仅依赖于方案本身的安全性和效率,也依赖于其在实用中的适用性。由于IBE方案中私钥通常完全由第三方生成,因此其密钥托管问题很难适用于实际环境。虽然目前已有若干解决方案,但它们依然存在明显的缺陷。因此在已有工作的基础上,提出了一种更高效的第三方权利受约束的IBE方案,该方案不仅在标准模型下,基于更强的安全性定义和更弱的困难性假设,具有更“紧”的安全性归约;而且其性能方面,由于双线性映射单次计算的时间复杂度很大,因此通过降低该计算的次数为为常数次,使得该创新性方案具有了明显的性能优势,不仅如此,当某些参数的选取在一定范围内时,其综合计算效率也比已有方案要低。
IBE方案作为一种全新的公钥加密方案,在实现保密传输的基础上,也被进一步扩展其功能。公钥加密方案的匿名性是目前应用中广受推崇的特性之一,关于该领域的研究虽已取得若干成果,但是要实现IBE方案的匿名性,其工作远比传统的公钥密码体制要复杂。基于匿名性的形式化定义,通过对匿名性的直觉性理解,提出了一次性加密密钥的思想,并作为一种实例将该思想用于实现传统离散对数体制的公钥加密方案的匿名性,与已有成果相比,一次性加密密钥思想仅需更少的充分条件,即可实现该实例的强匿名性;进一步推广一次性加密密钥思想到IBE方案中,从宏观角度提出了基于一次性加密密钥思想的IBE方案的形式化模型,并分析该模型中各主要函数为实现匿名性所应具有的性质,因此为其实例方案的提出提供了重要的指导。
扩展IBE方案所采用的基于身份作为公钥的特点,国际上提出了基于具有匿名性的IBE方案构造可搜索公钥加密方案的新思路,并且随着研究地深入,具有更多新特性的可搜索公钥加密方案陆续提出,例如:具有临时关键字可搜索的公钥加密方案(简称为PETKS方案)。在已有PETKS方案的基础上,提出了针对执行性能方面的改进方案,并基于该创新方案进一步扩展其功能,分别实现了可搜索性在接收者指定时间内有效和发送者指定时间内有效的两个新方案。
众多实用IBE方案的成功提出主要依赖于双线性映射的出现,而受IBE方案的启发,双线性映射也有了更多新的用途。针对Burmester和Desmedt提出的知名组密钥协商方案存在内部不同密钥攻击的缺陷,基于双线性映射提出了改进方案,与原有方案相比该改进方案不仅能抵抗该攻击,而且不会增加时间复杂性和通信量;与同类的其它改进方案相比,提出方案则具有明显的执行效率优势。
IBE方案的研究是目前密码学领域的重要课题,随着研究地深入很多更新更好的方案将会被提出,同时它的研究也决不仅仅局限于方案本身,新的应用也将会出现,甚至会引发研究者们对一些深层次的数学问题的研究和发现。
Shamir had creatively proposed the concept of Identity-Based cryptosystem in 1984, in which the identity of user was took as public-key, but until in 2001 the first efficient and provably secure identity-based encryption scheme (IBE) had just been proposed. In contrast with the widely used Public-Key Infrastructure (PKI), the IBE scheme can independently work without online trusted third part. Therefore it fully avoids the performance bottlenecks problem of the third part of PKI scheme. Currently the research of IBE scheme is mainly on the theoretic researches, such as the provable security, the key escrow, the anonymity problem and so on. And in practice, several applications based on it had been proposed, such as the Public-Key Encryption with Keyword Searchable scheme (PEKS).
Basing on the informed well-known IBE schemes, we analyzed the main factors of affecting the provable security and the performance of them, and then creatively propose two improved IBE schemes that:one can achieve a tighter reduction of security, based on a strong security definition and a weak hardness assumption under the standard model. And with respect to the performace of this new sheme, by comparing with the informed congeneric IBE schemes, we can find that this new scheme has the best performance; the other one fully avoids the bilinear map to construct itself, and with the respect to the provable security, achieves the "tight" security reduction, based on a strong security definition and a weak hardness assumption under the random oracle model. At last, also compared with the other congeneric schemes, the second scheme not only has shorter ciphertext but also has better performance. In summary, these two proposed scheme, proposed in this paper, respectively achieve tighter reduction in security proof and more efficient performance.
For successfully achieving the economization of IBE scheme, it not only needs to improve the provable security and the performance of IBE scheme, but also to adapt the practice is important, too. Currently, in the most of existing IBE schemes, it is irrational that the private-key of user were fully generated by the third part (this flaw was called the key escrow problem). So far there were some methods had been proposed to solve it, but they also had several flaws. Based on the work of Goyal's in 2007, a more efficient accountable authority IBE scheme is proposed in this paper. With the respect of provable security, this new scheme has a tighter security reduction, based on a stronger security definition and a weaker hardness assumption under the standard model. In addition, for enhancing the performance, by contriving to reduce the times of the implementations of bilinear map as many as possible, only two times of this operation are needed in this new scheme. Furthuremore, when some system parameters in this new scheme are properly chosen, then the performance of it will be better than Goyal's.
Recently, following the development of cryptosystem, a public-key encryption scheme not only needs to achieve the data privacy, but also needs to protect the identity of the receiver of ciphertext, namely to keep the anonymity of reciever. The IBE scheme is a special public-key encryption scheme; and it is much harder to achieve its anonymity, compared with the other kinds of scheme. Therefore, for more efficiently solving the anonymity of IBE scheme, we were inspired from the rigorous definition of anonymity, and then creatively propose a new concept of anonymity. For verifying the avalidity of this new concept, we construct an instantiated technique for achieving the anonymity of traditional DL-based encryption scheme. Furthermore, for expanding this new concept to the IBE scheme, a macroscopically general framework is proposed for analyzing the requirements of a successful expansion. As a result, several requirements proposed in this paper can theoreticly guide the instantiation of this expansion for future research.
Took advantage of the identity-based character in IBE scheme, PEKS scheme was invented based on the anonymous IBE scheme in 2004. And then an expansion of PEKS, called Public-Key Encryption with Temporary Keyword Searchable (PETKS) scheme, was proposed. Based on these informed researches, two new expanded schemes of PETKS are built to constrain the searchability respectively by the chosen time of receiver and sender.
Refering to the first efficient IBE scheme, it should owe its success to the bilinear map. Currently, inspired by the IBE scheme, the bilinear map has been used in many other fields. For overcoming the internal different key attack in a well-known key agreement protocol, proposed by Burmester and Desmedt, in this paper an improved protocol is creatively constructed based on the bilinear map. Compared with the original protocol, this new protocol not only resists that attack, but also does not increase the time complexity and communications; furthermore, compared with other existing improved protocols, this new protocol is also more efficient than them.
Indubitability, the IBE scheme is an important and current research field in cryptography. And following the development of research on it, the better IBE scheme should be proposed in future; and analogously to the PEKS scheme, the new application should also be introduced; and even that the new mathematic theorem may be discovered.
引文
[1]A. Shamir. Identity-based cryptosystems and signature schemes. In:G. R. Blakley, D. C. Chaum (ed.), Advances in Cryptology-Proceedings of CRYPTO'84. California: Springer-Verlag, LNCS, Vol.196,1985.48~53
[2]James Backhouse, Carol Hsu and Aidan McDonnell. Toward Public Key Infrastructure Interoperability. Communications of the ACM,2003,46(6):98~100
[3]P. Gutman. PKI:It's Not Dead, Just Resting. Computer,2002,35(8):41~49
[4]D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In:J. Kilian (ed.), Advances in Cryptology-Crypto 2001. California:Springer-Verlag, LNCS, Vol.2139,2001.231~229
[5]V. Goyal. Reducing Trust in the PKG in Identity-Based Cryptosystems. In:A. Menezes (ed.), Advances in Cryptology-Crypto 2007. California:Springer-Verlag, LNCS, Vol. 4622,2007.430~447
[6]X. Boyen and B. Waters. Anonymous Hierarchical Identity-Based Encryption. In: Dwork, Cynthia (ed.), Advances in Cryptology-Crypto 2006. California: Springer-Verlag, LNCS, Vol.4117,2006.290~307
[7]M. Bellare, C. Namprempre and Gregory Neven. Security Proofs for Identity-Based Identification and Signature Schemes. In:C. Cachin and J. Camenisch (ed.), Advances in EUROCRYPT 2004. Switzerland:Springer-Verlag, LNCS, Vol.3027,2004. 268~286
[8]D. Boneh and X. Boyen. Secure Identity Based Encryption Without Random Oracles. In:M. K. Franklin (ed.), Advances in Cryptology-Crypto 2004. California: Springer-Verlag, LNCS, Vol.3152,2004.443~459
[9]D. Boneh and X. Boyen. Efficient Selective-ID Identity Based Encryption Without Random Oracles. In:C. Cachin, J. Camenisch (ed.), Advances in Cryptology-EUROCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027, 2004.223~238
[10]B. Waters. Efficient Identity-Based Encryption Without Random Oracles. In:R. Cramer (ed.), Advances in Cryptology-EUROCRYPT'2005. Denmark: Springer-Verlag, LNCS, Vol.3494,2005.114~127
[11]C. Gentry. Practical Ientity-Based Encyrption Without Random Oracles. In:S. Vaudenay (ed.), Advances in Cryptology-EUROCRYPT'2006. Russia: Springer-Verlag, LNCS, Vol.4004,2006.445~464
[12]S. Al-Riyami, K. Paterson. Certificateless Public Key Cryptography. In:Chi-Sung Laih (ed.), Advances in Cryptology-Asiacrypt'2003. Taiwan:Springer-Verlag, LNCS, Vol.2332,2003.452~473
[13]V. Goyal. Reducing Trust in the PKG in Identity-Based Cryptosystems. In:A. Menezes (ed.), Advances in Cryptology-Crypto 2007. California:Springer-Verlag, LNCS, Vol.4622,2007.430~447
[14]C. J. Lu. On the Security Loss in Cryptographic Reductions. In:A. Joux (ed.), Advances in Cryptology-EUROCRYPT'2009. Germany:Springer-Verlag, LNCS, Vol. 5479,2009.72~87
[15]Felix Brandt and Tuomas Sandholm. Efficient Privacy-Preserving Protocols for Multi-unit Auctions. In A.S. Patrick and M. Yung (ed.), FC 2005, LNCS, Vol.3570, Springer-Verlag,2005.298~312
[16]M. R. Clarkson, S. Chong and A.C. Myers. Civitas:Toward a secure voting system. In Proceeding of SP 2008.354~368
[17]D. Boneh, G. D. Crescenzo, and R. Ostrovsky et al. Public Key Encryption with Keyword Search. In C. Cachin, J. Camenisch (ed.), Advances in Cryptology-EUROCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027, 2004.506~522
[18]M. Abdalla, M. Bellare and D. Catalano et al. Searchable Encryption Revisited: Consistency Properties Relation to Anonymous IBE, and Extensions. In:V. Shoup and S. Barbara (ed.), Advances in Cryptology-Crypto 2005. California:Springer-Verlag, LNCS, Vol.3621,2005.205~222
[19]B.R. Waters, D. Balfanz and G. Durfee et al. Building an encrypted and searchable audit log. In:ISOC Network and Distributed System Security Symposium—NDSS 2004, San Diego, CA,2004.
[20]D. Boneh. The Decision Diffie-Hellman Problem. In:Renyi model, J.P. Buhler (ed.), proceeding of the Third Algorithmic Number Theory Symposium. Orgeon: Springer-Verlag, LNCS, Vol.1423,1998.48~63
[21]Feng Bao, Robert H. Deng and Huafei Zhu. Variations of Diffie-Hellman Problem. In ICICS 2003, Singapore:Springer-Verlag, LNCS, Vol.2836,2003.301~312
[22]C. DWORK, M. NAOR and A. SAHAI. Concurrent Zero-Knowledge. Journal of the ACM,2004,51(6):851~898
[23]Clifford Cocks. An identity based encryption scheme based on quadratic residues. In Proceedings of the 8th IMA International Conference on Cryptography and Coding, 2001.8~26
[24]R. L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM,1978,21(2):120~126
[25]C. Gentry, C. Peikert and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In Annual ACM Symposium on Theory of Computing, ACM,2008.197~206
[26]A. J. Menezes, T. Okamoto and S. A. Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. IEEE TRANSACTIONS ON INFORMATION THEORY,1993,39(5):1639~1646
[27]S. Patel and G. S. Sundaram. An Efficient Discrete Log Pseudo Random Generator. In: H. Krawczyk (ed.), Advances in Cryptology-Crypto 1998. California:Springer-Verlag, LNCS, Vol.1462,1998.304~317
[28]N. Koblitz and A. Menezes. Pairing-Based Cryptography at High Security Levels. In: N. P. Smart (ed.), Cryptography and Coding 2005, Springer-Verlag, LNCS, Vol.3796, 2005.13~36
[29]P. S.L.M. Barreto, Hae Y. Kim and B. Lynn et al. Efficient Algorithms for Pairing-Based Cryptosystems. In:M. Yung (ed.), Advances in Cryptology-Crypto 2002. California:Springer-Verlag, LNCS, Vol.2442,2002.354~369
[30]A. Miyaji, M. Nakabayashi and S. Takano. New Explicit Conditions of Elliptic Curve Traces for FR-Reduction. IEICE TRANS. FUNDAMENTALS,2001, E84-A(5): 1234~1243
[31]N. Attrapadung, J. Furukawa, T. Gomi et al. Efficient Identity-Based Encryption with Tight Security Reduction. In Proceedings of CANS'2006, Chicago:Springer-Verlag, LNCS, Vol.4301,2006.19~36
[32]J. Katz and N. Wang. Efficiency Improvements for Signature Scheme with Tight Security Reductions. In ACM-CCS'2003, Washington, DC, USA:ACM,2003. 155~164
[33]M. Bellare. Practice-Oriented Provable-Security. In:I. Damgard (ed.), Lectures on Data Security, Springer-Verlag, LNCS, Vol.1561,1999.1~15
[34]R. Canetti, O. Goldreich and S. Halevi. The Random Oracle Methodology, Revisited. Journal of the ACM,2004,51(4):557~594
[35]J. S. Coron, J. Patarin and Y. Seurin. The Random Oracle Model and the Ideal Cipher Model Are Equivalent. In:D. Wagner (ed.) CRYPTO 2008, California: Springer-Verlag, LNCS, Vol.5157,2008.1~20
[36]M. Bellare, A. Boldyreva and A. Palacio. An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem. In:Christian Cachin, Jan Camenisch (ed.), Advances in Cryptology-EUROENCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027,2004.171~188
[37]S. Chatterjee and P. Sarkar. Trading Time for Space:Towards an Efficient IBE Scheme with Shorts(er) Public Parameters in the Standard Model. In:D. Won and S. Kim (ed.), ICISC 2005, Springer-Verlag, LNCS, Vol.3935,2006.424~440
[38]D. Naccache. Secure and Practical Identity-Based Encryption. Cryptology ePrint Archive, Report 2005/369,2005
[39]B. Waters。Dual System Encryption:Realizing Fully Secure IBE and HIBE under Simple Assumption. In:S. Halevi (ed.), CRYPTO 2009, California:Springer-Verlag, LNCS, Vol.5677,2009.619~636
[40]Clifford Cocks. An identity based encryption sheme based on quadratic residues. In Proceedins of the 8th IMA International Conference on Cryptography and Coding, Cirencester, UK:Springer-Verlag, LNCS, Vol.2260,2001.360~363
[41]Wenbo Mao. Modern Cryptography:Theory and Practice. Upper Saddle River, New Jersey:Prentice Hall,2003,189-191,198-200,410~416
[42]D. Boneh, C. Gentry and M. Hamburg. Space-Efficient Identity Based Encryption Without Pairings. In proceedings of FOGS'2007, Providence, RI, USA:IEEE Computer Society,2007.647~657
[43]D. Micciancio. Complexity of Lattice Problems A Cryptographic Perspective. Norwell, Massachusetts:Kluwer Academic Publishers,2002,46~47
[44]U. M. Maurer. Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithm. In:Yvo Desmedt (ed.), Advances in CRYPTO 1994, California:Springer-Verlag, LNCS, Vol.839,1994.271~281
[45]D. Aharonov and O. Regev. Lattice Problems in NP and coNP. Journal of the ACM, 2005,52(5):749~756
[46]D. Micciancio. The Hardness of the Closest Vector Problem with Preprocessing. IEEE TRANSACTIONS ON INFORMATION THEORY,2001,47(3):1212~1215
[47]C. Gentry, C. Peikert and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In:STOC'08, Victoria, British Columbia, Canada,2008. 197~206
[48]O. Regev. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In:STOC 2005, Baltimore, Maryland, USA,2005.22~24
[49]O. Goldreich, S. Goldwasser and S. Halevi. Public-Key Cryptosystems from Lattice Redcuction Problems. In:B. S. Kaliski (ed.) Advances in CRYPTO 1997, California: Springer-Verlag, LNCS, Vol.1294,1997.112~131
[50]A. Shamir. How to Share a Secret. Communications of the ACM,1979,22(11): 612~613
[51]S. S. Al-Riyami and K. G. Paterson. Certificateless Public Key Cryptography. In:C.S. Laih (ed.), ASIACRYPT 2003, Taiwan:Springer-Verlag, LNCS 2894,2003.452~473
[52]Joonsang Baek, Reihaneh Safavi-Naini, and Willy Susilo. Certificateless Public Key Encryption Without Pairing. Information Security, LNCS, Vol.3650,2005.134~148
[53]Qiong Huang and Duncan S. Wong. Generic Certificateless Encryption in the Standard Model. In:A. Miyaji, H. Kikuchi, and K. Rannenberg (ed.), IWSEC 2007, Springer-Verlag, LNCS 4752,2007.278~291
[54]Alexander W. Dent, Benolt Libert and Kenneth G. Paterson. Certificateless Encryption Schemes Strongly Secure in the Standard Model.In:R. Cramer (ed.), PKC 2008, Springer-Verlag, LNCS 4939,2008.344~359
[55]Yong Ho Hwang, Joseph K. Liu and Sherman S.M. Chow. Certificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model. Journal of Universal Computer Science,2008,14(3):463~480
[56]Shuang Chang, Duncan S. Wong and Yi Mu et al. Certificateless Threshold Ring Signature. Information Sciences,2009,179 (20):3685~3696
[57]R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext. In:Hugo Krawczyk (ed.), Advances in Cryptology-Crypto'98. California:Springer-Verlag, LNCS, Vol.1462,1998.13~25
[58]Chien-Lung Hsu, Yu-Hao Chuang. A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. Information sciences 2009,179 (4):422~429
[59]H. Krawczyk. SKEME:A Versatile Secure Key Exchange Mechanism for Internet. In Proceedings of SNDSS'96,1996.114~127
[60]J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In B. Pfitzmann (ed.), EUROCRYPT 2001, Springer-Verlag, L NCS, Vol.2045,2001.93~118
[61]T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory,1985, IT-31(4):469~472
[62]Kazue Sako. An Auction Protocol Which Hides Bids of Losers. In:H. Imai, Y. Zheng (ed.), PKC 2000, Springer-Verlag, LNCS 1751,2000.422-432
[63]Felix Brandt and Tuomas Sandholm. Efficient Privacy-Preserving Protocols for Multi-unit Auctions. In A.S. Patrick and M. Yung (ed.), FC 2005, Springer-Verlag, LNCS, Vol.3570,2005.298~312
[64]Sheng Zhong, Zhiqiang Yang and Tingting Chen, k-Anonymity data collection. Information sciences 2009,179 (17):2948~2963
[65]M. Bellare, A. Boldyreva, A. Desai, A. Pointchal. Key-Privacy in Public-Key Encryption. In:C. Boyd (ed.), ASIACRYPT 2001, Springer-Verlag LNCS, Vol.2248, 2001.566~582
[66]R. Zhang, G. Hanaoka and H. Imai. Orthogonality between Key Privacy and Data Privacy, Revisited. Information Security and Cryptology, LNCS, Vol.4990,2008. 313~327
[67]S.D. Galbraith and W. Mao. Invisibility and Anonymity of Undenial and Confirmer Signatures. In M. Joye (ed.), CT-RSA 2003, Springer-Verlage, LNCS, Vol.2612,2003. 80~97
[68]Y. Desmedt. Securing Traceability of Ciphertexts:Towards a Secure Software Escrow Scheme. In L.C. Guillou et al. (ed.), EUROCYRPT'95, Springer-Verlage, LNCS, Vol. 921,1995.147~157
[69]R. Hayashi, T. Okamoto and K. Tanaka. An RSA Family of Trap-Door Permutations with a Common Domain and Its Applications. In F. Bao et al. (ed.), PKC 2004, Springer-Verlage, LNCS,2947,2004.291~304
[70]R. Hayashi, K. Tanaka. The Sampling Twice Technique for the RSA-based Cryptosystems with Anonymity. In S. Vaudenay (ed.), PKC 2005, Springer-Verlage, LNCS, Vol.3386,2005.216~233
[71]R. Hayashi and K. Tananka. Anonymity on Paillier's Trap-Door Permutation. In J. Pieprzyk et al. (ed.), ACISP 2007, Springer-Verlage, LNCS, Vol.4586,2007.200~214
[72]R. Hayashi and K. Tanaka. PA in the Two-Key Setting and a Generic Conversion for Encryption with Anonymity. In L. Batten and R. Safavi-Naini, ACISP 2006, Springer-Verlage, LNCS, Vol.4058,2006.271~282
[73]M. Burmester and Y. Desmedt. A secure and efficient conference key distribution system. Euocrypt'94, Italy, Springer-Verlag, LNCS, Vol.950,1994.275~286
[74]Qiang Tang and Chris J. Mitchell. Security Properties of Two Authenticated Conference Key Agreement Protocols. In:S. Qing et al. (ed.) ICICS 2005, Springer-Verlag, LNCS, Vol.3783,2005.304~314
[75]Jonathan Katzy and Moti Yung. Scalable Protocols for Authenticated Group Key Exchange. In:B. D. Boneh (ed.) Advances in CRYPTO 2003, California: Springer-Verlag, LNCS, Vol.2729,2003.110~125
[76]Jonathan Katz and Ji Sun Shin. Modeling Insider Attacks on Group Key-Exchange Protocols. In:Proceedings of the 12th ACM conference on Computer and communications security, ACM press,2005.180~189
[77]Ran Canetti. Universally Composable Security:A New Paradigm for Cryptographic Protocols. In:FOCS'01, IEEE Computer Society,2001.136~145
[78]崔国华,郑明辉和粟栗.一种抗阻断攻击的认证组密钥协商协议.计算机科学,2008,35(1):77-79
[79]A. Joux. A one round protocol for tripartite Diffie-Hellman. ANTS IV, Springer-Verlag, LNCS, Vol.1838,2000.385~394
[80]X. Du, Y. Wang, J. Ge and Y. Wang. ID-based Authenticated Two Round Multi-Party Key Agreement. Cryptology ePrint Archive, Report 2003/247,2003
[81]K. Y Choi, J. Y. Hwang and D. H. Lee. Efficient ID-based Group Key Agreement with Bilinear Maps. In:F. Bao et al. (ed.) the proceeding of 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC'04), Springer-Verlag, LNCS, Vol.2947,2004.130~144
[82]F. G. Zhang and X. F. Chen. Attack on an ID-based authenticated group key agreement scheme from PKC 2004. Information Processing Letters,2004,91(4): 191~193,
[83]X. J. Du, Y. Wang, J. H. Ge, and Y. M. Wang. An improved ID-based authenticated group key agreement scheme. Cryptology ePrint Archive, Report 2003/260,2003
[84]Qiang Tang and Chris J. Mitchell. Rethinking the security of some authenticated group key agreement schemes. Cryptology ePrint Archive, Report 2004/363,2004
[85]Lung-Chung Li, Yao-Pin Tsai and Ru-Sheng Liu. A Novel ID-based Authenticated Group Key Agreement Protocol Using Bilinear Pairings. In:Wireless and Optical Communications Networks,2008. WOCN'08.5th IFIP International Conference on, IEEE Conference,2008.1~5
[86]SHANNON C E. Communication theory of secrecy system. Bell Systems Technical Journal,1949,28:656~715
[87]J. E. Hopcroft, R. Motwani and J. D. Ullman著,刘田等译.自动机理论、语言和计算导论.北京:机械工业出版社,2004,289-357
[88]E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Scheme. In:M. Wiener (ed.) Advances in Cryptology-Crypto'99, Santa Barbara, California, USA:Springer-Verlag, LNCS, Vol.1666,1999.537~554
[89]M. Bellare, A. Desai and D. Pointcheval et al. Relations Among Notions of Security for Public-Key Encryption Schemes. In:H. Krawczyk (ed.) Advances in Cryptology-Crypto'98, Santa Barbara, California, USA:Springer-Verlag, LNCS, Vol. 1462,1998.26~46
[90]Takashi Kitagawa, Peng Yang and Goichiro Hanaoka et al. Generic Transforms to Acquire CCA-Security for Identity Based Encryption:the Cases of FOpkc and REACT. Information Security and Privacy, Springer-Verlag, LNCS, Vol.4058,2006. 348~359
[91]钟旭,陆浪如,南湘浩等.一种基于种子密钥SPK的IBE加密体制设计方案.微计算机信息,2005,21(4):226-227
[92]陈华平,关志.关于CPK若干问题的说明.信息安全与通讯保密,2007,160(9):47-49
[93]徐鹏,崔国华,雷凤宇,汤学明,陈晶.标准模型下一种实用的和可证明安全的IBE方案.计算机学报,2009,33(2):335-344
[94]Paulo S. L. M. Barreto, Steven Galbraith and Colm O hEigeartaigh et al. Efficient Pairing Computation on Supersingular Abelian Varieties. Designs, Codes and Cryptography,2007,42(3):239~271
[95]S. D. Galbraith. Supersingular Curves in Cryptography. In:C. Boyd (ed.) ASIACRYPTO 2001, Australia:Springer-Verlag, LNCS, Vol.2248,2001.495~513
[96]徐鹏,崔国华,雷凤宇.非双线性映射下一种实用的和可证明安全的IBE方案.计算机研究与发展,2008,45(10):1687-1695
[97]P. Mackenzie and S. Patel. Hard Bits of the Discrete Log with Applications to Password Authentication. In:A. J. Menezes (ed.) CT-RSA 2005, Springer-Verlag, LNCS, Vol.3376,2005.209~226
[98]Xu Peng, Cui Guohua, Fu Cai, Tang Xueming. A more efficient accountable authority IBE scheme under the DL assumption. SCIENCE CHINA Information Sciences,2010, 53(3):581~592
[99]徐鹏,崔国华,付才,汤学明.DL假设下一种更高效的第三方权利受约束的IBE 方案.中国科学信息科学,2010,40(2):285-297
[100]W. G. Tzeng. Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters. IEEE TRANSACTIONS ON COMPUTERS,2004,53(2):232~240
[101]M. Naor, B. Pinkas. Oblivious Transfer and Polynomial Evaluation. In:Proc.31st ACM Symp. Theory of Computing. Atlanta, Georgia, USA:Elsvier,1999.145~254
[102]M. Burmester and Y. Desmedt. A secure and scalable group key exchange system. Information Processing Letters,2005,94(3):137~143
[103]D. Boneh, B. Lynn and H. Shacham. Short Signatures from the Weil Pairing. In Advances in ASIACRYPT 2001, Springer-Verlag, LNCS 2248,2001.514~532
[104]Peng Xu, Guohua Cui, Fengyu Lei, Jingfang Xu. One-Time Encryption Key for the Tranditional DL-based Encryption Scheme with Anonymity. INFORMATION SCIENCES, Elsevier.
[105]Deukjo Hong, Bart Preneel and Sangjin Lee. Higher Order Universal One-Way Hash Functions. In J. Pieprzyk et al. (ed.), ASIACRYPTO 2004, Springer-Verlage, LNCS, Vol.3329,2004.201~213
[106]W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. Info. Theory,1976, IT-22(6):644~654
[107]崔国华,徐鹏,雷凤宇.一种改进的PETKS原型方案及其扩展.计算机科学,2009,36(3):58-60,64
[108]徐鹏,崔国华,郑明辉.高效的抗阻断攻击的非认证组密钥协商方案.通信学报,2009,30(10):75-80
[2]James Backhouse, Carol Hsu and Aidan McDonnell. Toward Public Key Infrastructure Interoperability. Communications of the ACM,2003,46(6):98~100
[3]P. Gutman. PKI:It's Not Dead, Just Resting. Computer,2002,35(8):41~49
[4]D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In:J. Kilian (ed.), Advances in Cryptology-Crypto 2001. California:Springer-Verlag, LNCS, Vol.2139,2001.231~229
[5]V. Goyal. Reducing Trust in the PKG in Identity-Based Cryptosystems. In:A. Menezes (ed.), Advances in Cryptology-Crypto 2007. California:Springer-Verlag, LNCS, Vol. 4622,2007.430~447
[6]X. Boyen and B. Waters. Anonymous Hierarchical Identity-Based Encryption. In: Dwork, Cynthia (ed.), Advances in Cryptology-Crypto 2006. California: Springer-Verlag, LNCS, Vol.4117,2006.290~307
[7]M. Bellare, C. Namprempre and Gregory Neven. Security Proofs for Identity-Based Identification and Signature Schemes. In:C. Cachin and J. Camenisch (ed.), Advances in EUROCRYPT 2004. Switzerland:Springer-Verlag, LNCS, Vol.3027,2004. 268~286
[8]D. Boneh and X. Boyen. Secure Identity Based Encryption Without Random Oracles. In:M. K. Franklin (ed.), Advances in Cryptology-Crypto 2004. California: Springer-Verlag, LNCS, Vol.3152,2004.443~459
[9]D. Boneh and X. Boyen. Efficient Selective-ID Identity Based Encryption Without Random Oracles. In:C. Cachin, J. Camenisch (ed.), Advances in Cryptology-EUROCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027, 2004.223~238
[10]B. Waters. Efficient Identity-Based Encryption Without Random Oracles. In:R. Cramer (ed.), Advances in Cryptology-EUROCRYPT'2005. Denmark: Springer-Verlag, LNCS, Vol.3494,2005.114~127
[11]C. Gentry. Practical Ientity-Based Encyrption Without Random Oracles. In:S. Vaudenay (ed.), Advances in Cryptology-EUROCRYPT'2006. Russia: Springer-Verlag, LNCS, Vol.4004,2006.445~464
[12]S. Al-Riyami, K. Paterson. Certificateless Public Key Cryptography. In:Chi-Sung Laih (ed.), Advances in Cryptology-Asiacrypt'2003. Taiwan:Springer-Verlag, LNCS, Vol.2332,2003.452~473
[13]V. Goyal. Reducing Trust in the PKG in Identity-Based Cryptosystems. In:A. Menezes (ed.), Advances in Cryptology-Crypto 2007. California:Springer-Verlag, LNCS, Vol.4622,2007.430~447
[14]C. J. Lu. On the Security Loss in Cryptographic Reductions. In:A. Joux (ed.), Advances in Cryptology-EUROCRYPT'2009. Germany:Springer-Verlag, LNCS, Vol. 5479,2009.72~87
[15]Felix Brandt and Tuomas Sandholm. Efficient Privacy-Preserving Protocols for Multi-unit Auctions. In A.S. Patrick and M. Yung (ed.), FC 2005, LNCS, Vol.3570, Springer-Verlag,2005.298~312
[16]M. R. Clarkson, S. Chong and A.C. Myers. Civitas:Toward a secure voting system. In Proceeding of SP 2008.354~368
[17]D. Boneh, G. D. Crescenzo, and R. Ostrovsky et al. Public Key Encryption with Keyword Search. In C. Cachin, J. Camenisch (ed.), Advances in Cryptology-EUROCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027, 2004.506~522
[18]M. Abdalla, M. Bellare and D. Catalano et al. Searchable Encryption Revisited: Consistency Properties Relation to Anonymous IBE, and Extensions. In:V. Shoup and S. Barbara (ed.), Advances in Cryptology-Crypto 2005. California:Springer-Verlag, LNCS, Vol.3621,2005.205~222
[19]B.R. Waters, D. Balfanz and G. Durfee et al. Building an encrypted and searchable audit log. In:ISOC Network and Distributed System Security Symposium—NDSS 2004, San Diego, CA,2004.
[20]D. Boneh. The Decision Diffie-Hellman Problem. In:Renyi model, J.P. Buhler (ed.), proceeding of the Third Algorithmic Number Theory Symposium. Orgeon: Springer-Verlag, LNCS, Vol.1423,1998.48~63
[21]Feng Bao, Robert H. Deng and Huafei Zhu. Variations of Diffie-Hellman Problem. In ICICS 2003, Singapore:Springer-Verlag, LNCS, Vol.2836,2003.301~312
[22]C. DWORK, M. NAOR and A. SAHAI. Concurrent Zero-Knowledge. Journal of the ACM,2004,51(6):851~898
[23]Clifford Cocks. An identity based encryption scheme based on quadratic residues. In Proceedings of the 8th IMA International Conference on Cryptography and Coding, 2001.8~26
[24]R. L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM,1978,21(2):120~126
[25]C. Gentry, C. Peikert and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In Annual ACM Symposium on Theory of Computing, ACM,2008.197~206
[26]A. J. Menezes, T. Okamoto and S. A. Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. IEEE TRANSACTIONS ON INFORMATION THEORY,1993,39(5):1639~1646
[27]S. Patel and G. S. Sundaram. An Efficient Discrete Log Pseudo Random Generator. In: H. Krawczyk (ed.), Advances in Cryptology-Crypto 1998. California:Springer-Verlag, LNCS, Vol.1462,1998.304~317
[28]N. Koblitz and A. Menezes. Pairing-Based Cryptography at High Security Levels. In: N. P. Smart (ed.), Cryptography and Coding 2005, Springer-Verlag, LNCS, Vol.3796, 2005.13~36
[29]P. S.L.M. Barreto, Hae Y. Kim and B. Lynn et al. Efficient Algorithms for Pairing-Based Cryptosystems. In:M. Yung (ed.), Advances in Cryptology-Crypto 2002. California:Springer-Verlag, LNCS, Vol.2442,2002.354~369
[30]A. Miyaji, M. Nakabayashi and S. Takano. New Explicit Conditions of Elliptic Curve Traces for FR-Reduction. IEICE TRANS. FUNDAMENTALS,2001, E84-A(5): 1234~1243
[31]N. Attrapadung, J. Furukawa, T. Gomi et al. Efficient Identity-Based Encryption with Tight Security Reduction. In Proceedings of CANS'2006, Chicago:Springer-Verlag, LNCS, Vol.4301,2006.19~36
[32]J. Katz and N. Wang. Efficiency Improvements for Signature Scheme with Tight Security Reductions. In ACM-CCS'2003, Washington, DC, USA:ACM,2003. 155~164
[33]M. Bellare. Practice-Oriented Provable-Security. In:I. Damgard (ed.), Lectures on Data Security, Springer-Verlag, LNCS, Vol.1561,1999.1~15
[34]R. Canetti, O. Goldreich and S. Halevi. The Random Oracle Methodology, Revisited. Journal of the ACM,2004,51(4):557~594
[35]J. S. Coron, J. Patarin and Y. Seurin. The Random Oracle Model and the Ideal Cipher Model Are Equivalent. In:D. Wagner (ed.) CRYPTO 2008, California: Springer-Verlag, LNCS, Vol.5157,2008.1~20
[36]M. Bellare, A. Boldyreva and A. Palacio. An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem. In:Christian Cachin, Jan Camenisch (ed.), Advances in Cryptology-EUROENCRYPT'2004. Switzerland:Springer-Verlag, LNCS, Vol.3027,2004.171~188
[37]S. Chatterjee and P. Sarkar. Trading Time for Space:Towards an Efficient IBE Scheme with Shorts(er) Public Parameters in the Standard Model. In:D. Won and S. Kim (ed.), ICISC 2005, Springer-Verlag, LNCS, Vol.3935,2006.424~440
[38]D. Naccache. Secure and Practical Identity-Based Encryption. Cryptology ePrint Archive, Report 2005/369,2005
[39]B. Waters。Dual System Encryption:Realizing Fully Secure IBE and HIBE under Simple Assumption. In:S. Halevi (ed.), CRYPTO 2009, California:Springer-Verlag, LNCS, Vol.5677,2009.619~636
[40]Clifford Cocks. An identity based encryption sheme based on quadratic residues. In Proceedins of the 8th IMA International Conference on Cryptography and Coding, Cirencester, UK:Springer-Verlag, LNCS, Vol.2260,2001.360~363
[41]Wenbo Mao. Modern Cryptography:Theory and Practice. Upper Saddle River, New Jersey:Prentice Hall,2003,189-191,198-200,410~416
[42]D. Boneh, C. Gentry and M. Hamburg. Space-Efficient Identity Based Encryption Without Pairings. In proceedings of FOGS'2007, Providence, RI, USA:IEEE Computer Society,2007.647~657
[43]D. Micciancio. Complexity of Lattice Problems A Cryptographic Perspective. Norwell, Massachusetts:Kluwer Academic Publishers,2002,46~47
[44]U. M. Maurer. Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithm. In:Yvo Desmedt (ed.), Advances in CRYPTO 1994, California:Springer-Verlag, LNCS, Vol.839,1994.271~281
[45]D. Aharonov and O. Regev. Lattice Problems in NP and coNP. Journal of the ACM, 2005,52(5):749~756
[46]D. Micciancio. The Hardness of the Closest Vector Problem with Preprocessing. IEEE TRANSACTIONS ON INFORMATION THEORY,2001,47(3):1212~1215
[47]C. Gentry, C. Peikert and V. Vaikuntanathan. Trapdoors for Hard Lattices and New Cryptographic Constructions. In:STOC'08, Victoria, British Columbia, Canada,2008. 197~206
[48]O. Regev. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In:STOC 2005, Baltimore, Maryland, USA,2005.22~24
[49]O. Goldreich, S. Goldwasser and S. Halevi. Public-Key Cryptosystems from Lattice Redcuction Problems. In:B. S. Kaliski (ed.) Advances in CRYPTO 1997, California: Springer-Verlag, LNCS, Vol.1294,1997.112~131
[50]A. Shamir. How to Share a Secret. Communications of the ACM,1979,22(11): 612~613
[51]S. S. Al-Riyami and K. G. Paterson. Certificateless Public Key Cryptography. In:C.S. Laih (ed.), ASIACRYPT 2003, Taiwan:Springer-Verlag, LNCS 2894,2003.452~473
[52]Joonsang Baek, Reihaneh Safavi-Naini, and Willy Susilo. Certificateless Public Key Encryption Without Pairing. Information Security, LNCS, Vol.3650,2005.134~148
[53]Qiong Huang and Duncan S. Wong. Generic Certificateless Encryption in the Standard Model. In:A. Miyaji, H. Kikuchi, and K. Rannenberg (ed.), IWSEC 2007, Springer-Verlag, LNCS 4752,2007.278~291
[54]Alexander W. Dent, Benolt Libert and Kenneth G. Paterson. Certificateless Encryption Schemes Strongly Secure in the Standard Model.In:R. Cramer (ed.), PKC 2008, Springer-Verlag, LNCS 4939,2008.344~359
[55]Yong Ho Hwang, Joseph K. Liu and Sherman S.M. Chow. Certificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model. Journal of Universal Computer Science,2008,14(3):463~480
[56]Shuang Chang, Duncan S. Wong and Yi Mu et al. Certificateless Threshold Ring Signature. Information Sciences,2009,179 (20):3685~3696
[57]R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext. In:Hugo Krawczyk (ed.), Advances in Cryptology-Crypto'98. California:Springer-Verlag, LNCS, Vol.1462,1998.13~25
[58]Chien-Lung Hsu, Yu-Hao Chuang. A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. Information sciences 2009,179 (4):422~429
[59]H. Krawczyk. SKEME:A Versatile Secure Key Exchange Mechanism for Internet. In Proceedings of SNDSS'96,1996.114~127
[60]J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In B. Pfitzmann (ed.), EUROCRYPT 2001, Springer-Verlag, L NCS, Vol.2045,2001.93~118
[61]T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory,1985, IT-31(4):469~472
[62]Kazue Sako. An Auction Protocol Which Hides Bids of Losers. In:H. Imai, Y. Zheng (ed.), PKC 2000, Springer-Verlag, LNCS 1751,2000.422-432
[63]Felix Brandt and Tuomas Sandholm. Efficient Privacy-Preserving Protocols for Multi-unit Auctions. In A.S. Patrick and M. Yung (ed.), FC 2005, Springer-Verlag, LNCS, Vol.3570,2005.298~312
[64]Sheng Zhong, Zhiqiang Yang and Tingting Chen, k-Anonymity data collection. Information sciences 2009,179 (17):2948~2963
[65]M. Bellare, A. Boldyreva, A. Desai, A. Pointchal. Key-Privacy in Public-Key Encryption. In:C. Boyd (ed.), ASIACRYPT 2001, Springer-Verlag LNCS, Vol.2248, 2001.566~582
[66]R. Zhang, G. Hanaoka and H. Imai. Orthogonality between Key Privacy and Data Privacy, Revisited. Information Security and Cryptology, LNCS, Vol.4990,2008. 313~327
[67]S.D. Galbraith and W. Mao. Invisibility and Anonymity of Undenial and Confirmer Signatures. In M. Joye (ed.), CT-RSA 2003, Springer-Verlage, LNCS, Vol.2612,2003. 80~97
[68]Y. Desmedt. Securing Traceability of Ciphertexts:Towards a Secure Software Escrow Scheme. In L.C. Guillou et al. (ed.), EUROCYRPT'95, Springer-Verlage, LNCS, Vol. 921,1995.147~157
[69]R. Hayashi, T. Okamoto and K. Tanaka. An RSA Family of Trap-Door Permutations with a Common Domain and Its Applications. In F. Bao et al. (ed.), PKC 2004, Springer-Verlage, LNCS,2947,2004.291~304
[70]R. Hayashi, K. Tanaka. The Sampling Twice Technique for the RSA-based Cryptosystems with Anonymity. In S. Vaudenay (ed.), PKC 2005, Springer-Verlage, LNCS, Vol.3386,2005.216~233
[71]R. Hayashi and K. Tananka. Anonymity on Paillier's Trap-Door Permutation. In J. Pieprzyk et al. (ed.), ACISP 2007, Springer-Verlage, LNCS, Vol.4586,2007.200~214
[72]R. Hayashi and K. Tanaka. PA in the Two-Key Setting and a Generic Conversion for Encryption with Anonymity. In L. Batten and R. Safavi-Naini, ACISP 2006, Springer-Verlage, LNCS, Vol.4058,2006.271~282
[73]M. Burmester and Y. Desmedt. A secure and efficient conference key distribution system. Euocrypt'94, Italy, Springer-Verlag, LNCS, Vol.950,1994.275~286
[74]Qiang Tang and Chris J. Mitchell. Security Properties of Two Authenticated Conference Key Agreement Protocols. In:S. Qing et al. (ed.) ICICS 2005, Springer-Verlag, LNCS, Vol.3783,2005.304~314
[75]Jonathan Katzy and Moti Yung. Scalable Protocols for Authenticated Group Key Exchange. In:B. D. Boneh (ed.) Advances in CRYPTO 2003, California: Springer-Verlag, LNCS, Vol.2729,2003.110~125
[76]Jonathan Katz and Ji Sun Shin. Modeling Insider Attacks on Group Key-Exchange Protocols. In:Proceedings of the 12th ACM conference on Computer and communications security, ACM press,2005.180~189
[77]Ran Canetti. Universally Composable Security:A New Paradigm for Cryptographic Protocols. In:FOCS'01, IEEE Computer Society,2001.136~145
[78]崔国华,郑明辉和粟栗.一种抗阻断攻击的认证组密钥协商协议.计算机科学,2008,35(1):77-79
[79]A. Joux. A one round protocol for tripartite Diffie-Hellman. ANTS IV, Springer-Verlag, LNCS, Vol.1838,2000.385~394
[80]X. Du, Y. Wang, J. Ge and Y. Wang. ID-based Authenticated Two Round Multi-Party Key Agreement. Cryptology ePrint Archive, Report 2003/247,2003
[81]K. Y Choi, J. Y. Hwang and D. H. Lee. Efficient ID-based Group Key Agreement with Bilinear Maps. In:F. Bao et al. (ed.) the proceeding of 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC'04), Springer-Verlag, LNCS, Vol.2947,2004.130~144
[82]F. G. Zhang and X. F. Chen. Attack on an ID-based authenticated group key agreement scheme from PKC 2004. Information Processing Letters,2004,91(4): 191~193,
[83]X. J. Du, Y. Wang, J. H. Ge, and Y. M. Wang. An improved ID-based authenticated group key agreement scheme. Cryptology ePrint Archive, Report 2003/260,2003
[84]Qiang Tang and Chris J. Mitchell. Rethinking the security of some authenticated group key agreement schemes. Cryptology ePrint Archive, Report 2004/363,2004
[85]Lung-Chung Li, Yao-Pin Tsai and Ru-Sheng Liu. A Novel ID-based Authenticated Group Key Agreement Protocol Using Bilinear Pairings. In:Wireless and Optical Communications Networks,2008. WOCN'08.5th IFIP International Conference on, IEEE Conference,2008.1~5
[86]SHANNON C E. Communication theory of secrecy system. Bell Systems Technical Journal,1949,28:656~715
[87]J. E. Hopcroft, R. Motwani and J. D. Ullman著,刘田等译.自动机理论、语言和计算导论.北京:机械工业出版社,2004,289-357
[88]E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Scheme. In:M. Wiener (ed.) Advances in Cryptology-Crypto'99, Santa Barbara, California, USA:Springer-Verlag, LNCS, Vol.1666,1999.537~554
[89]M. Bellare, A. Desai and D. Pointcheval et al. Relations Among Notions of Security for Public-Key Encryption Schemes. In:H. Krawczyk (ed.) Advances in Cryptology-Crypto'98, Santa Barbara, California, USA:Springer-Verlag, LNCS, Vol. 1462,1998.26~46
[90]Takashi Kitagawa, Peng Yang and Goichiro Hanaoka et al. Generic Transforms to Acquire CCA-Security for Identity Based Encryption:the Cases of FOpkc and REACT. Information Security and Privacy, Springer-Verlag, LNCS, Vol.4058,2006. 348~359
[91]钟旭,陆浪如,南湘浩等.一种基于种子密钥SPK的IBE加密体制设计方案.微计算机信息,2005,21(4):226-227
[92]陈华平,关志.关于CPK若干问题的说明.信息安全与通讯保密,2007,160(9):47-49
[93]徐鹏,崔国华,雷凤宇,汤学明,陈晶.标准模型下一种实用的和可证明安全的IBE方案.计算机学报,2009,33(2):335-344
[94]Paulo S. L. M. Barreto, Steven Galbraith and Colm O hEigeartaigh et al. Efficient Pairing Computation on Supersingular Abelian Varieties. Designs, Codes and Cryptography,2007,42(3):239~271
[95]S. D. Galbraith. Supersingular Curves in Cryptography. In:C. Boyd (ed.) ASIACRYPTO 2001, Australia:Springer-Verlag, LNCS, Vol.2248,2001.495~513
[96]徐鹏,崔国华,雷凤宇.非双线性映射下一种实用的和可证明安全的IBE方案.计算机研究与发展,2008,45(10):1687-1695
[97]P. Mackenzie and S. Patel. Hard Bits of the Discrete Log with Applications to Password Authentication. In:A. J. Menezes (ed.) CT-RSA 2005, Springer-Verlag, LNCS, Vol.3376,2005.209~226
[98]Xu Peng, Cui Guohua, Fu Cai, Tang Xueming. A more efficient accountable authority IBE scheme under the DL assumption. SCIENCE CHINA Information Sciences,2010, 53(3):581~592
[99]徐鹏,崔国华,付才,汤学明.DL假设下一种更高效的第三方权利受约束的IBE 方案.中国科学信息科学,2010,40(2):285-297
[100]W. G. Tzeng. Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters. IEEE TRANSACTIONS ON COMPUTERS,2004,53(2):232~240
[101]M. Naor, B. Pinkas. Oblivious Transfer and Polynomial Evaluation. In:Proc.31st ACM Symp. Theory of Computing. Atlanta, Georgia, USA:Elsvier,1999.145~254
[102]M. Burmester and Y. Desmedt. A secure and scalable group key exchange system. Information Processing Letters,2005,94(3):137~143
[103]D. Boneh, B. Lynn and H. Shacham. Short Signatures from the Weil Pairing. In Advances in ASIACRYPT 2001, Springer-Verlag, LNCS 2248,2001.514~532
[104]Peng Xu, Guohua Cui, Fengyu Lei, Jingfang Xu. One-Time Encryption Key for the Tranditional DL-based Encryption Scheme with Anonymity. INFORMATION SCIENCES, Elsevier.
[105]Deukjo Hong, Bart Preneel and Sangjin Lee. Higher Order Universal One-Way Hash Functions. In J. Pieprzyk et al. (ed.), ASIACRYPTO 2004, Springer-Verlage, LNCS, Vol.3329,2004.201~213
[106]W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. Info. Theory,1976, IT-22(6):644~654
[107]崔国华,徐鹏,雷凤宇.一种改进的PETKS原型方案及其扩展.计算机科学,2009,36(3):58-60,64
[108]徐鹏,崔国华,郑明辉.高效的抗阻断攻击的非认证组密钥协商方案.通信学报,2009,30(10):75-80