签密方案的分析、设计和应用研究
|
摘要
可认证性和机密性是信息安全的两大中心需求,而签密能在同一个逻辑步内实现加密和数字签名两项密码功能,是同时实现可认证性和机密性的高效密码技术,因此成为信息安全的核心技术。本文对签密进行研究,重点研究签密方案的分析、设计和应用,所取得的成果如下。
(1)对几个重要签密方案的安全性进行了分析,发现了其中的安全漏洞,给出了相应的改进方案。
(2)对具有前向安全性的签密方案进行研究,给出了两类具有前向安全性的签密方案,增强了签密的安全性,提高了签密方案的实用性。
(3)设计出一类不使用Hash函数和Redundancy函数的签密方案,使签密方案可以免遭因其组件Hash函数等的破译所带来的安全胁威,从而扩展了签密的结构模型。
(4)研究了一种具有特殊性质的多重签密方案的应用问题,将它用于Ad hoc网络路由协议的设计,给出了一个基于签密技术的路由发现协议,分析了该协议的安全性和效率。
(5)对基于身份的签密和多重签密进行研究,分别给出基于身份和双线性对的签密和多重签密方案,并将它们同时应用于移动代理安全协议的设计,给出了一个保护移动代理免遭恶意主机攻击的移动代理协议。
(6)研究签密在密钥协商中的应用,给出了一种基于身份签密的可认证密钥协商协议,并对其安全性、效率及其对Ad hoc网络的适应性进行了分析和说明。
Authenticity and confidentiality are the main goals of information security. Signcryption fulfills both functions of digital signature and encryption in a single logical step. It is a high efficient cryptographic primitive achieving confidentiality and authenticity simultaneously. Therefore, signcryption is a core technique for information security. This dissertation mainly studies the analysis, design and applications of signcryption schemes. The results obtained are as follows.
(1) The securities of some important signcryption schemes are analyzed. We point out their security weaknesses and some improvements of these schemes are given.
(2) We study signcryption schemes with forward secure. As a result, two types of forward secure signcryption schemes are proposed. This enhances the security and practicability of signcryption schemes.
(3) We design one type of signcryption schemes without Hash and Redundancy functions. This type signcryption scheme can avoid the threaten resulting from breaking their component parts such as Hash functions. This work somewhat expands the mold of signcryption schemes.
(4) An application of a typic multi-signcryption scheme is studied. Using this multi-signcryption scheme, we propose a route discovery process protocol in Ad hoc networks and the protocol's security and efficiency are analyzed.
(5) ID-based signcryption schemes and their applications are studied. An ID-based signcryption scheme and an ID-based multi-signcryption scheme using bilinear pairings are proposed. Applying these two ID-based schemes, a new secure protocol for protecting mobile agent from malevolence hosts' attacks is designed, and its security and efficiency are analyzed.
(6) We apply signcryption schemes to the design of key agreement protocols. Anauthenticated key agreement protocol based on our ID-based signcryption scheme isproposed and its security, efficiency and adaptability for Ad hoc networks areanalyzed.
(1)对几个重要签密方案的安全性进行了分析,发现了其中的安全漏洞,给出了相应的改进方案。
(2)对具有前向安全性的签密方案进行研究,给出了两类具有前向安全性的签密方案,增强了签密的安全性,提高了签密方案的实用性。
(3)设计出一类不使用Hash函数和Redundancy函数的签密方案,使签密方案可以免遭因其组件Hash函数等的破译所带来的安全胁威,从而扩展了签密的结构模型。
(4)研究了一种具有特殊性质的多重签密方案的应用问题,将它用于Ad hoc网络路由协议的设计,给出了一个基于签密技术的路由发现协议,分析了该协议的安全性和效率。
(5)对基于身份的签密和多重签密进行研究,分别给出基于身份和双线性对的签密和多重签密方案,并将它们同时应用于移动代理安全协议的设计,给出了一个保护移动代理免遭恶意主机攻击的移动代理协议。
(6)研究签密在密钥协商中的应用,给出了一种基于身份签密的可认证密钥协商协议,并对其安全性、效率及其对Ad hoc网络的适应性进行了分析和说明。
Authenticity and confidentiality are the main goals of information security. Signcryption fulfills both functions of digital signature and encryption in a single logical step. It is a high efficient cryptographic primitive achieving confidentiality and authenticity simultaneously. Therefore, signcryption is a core technique for information security. This dissertation mainly studies the analysis, design and applications of signcryption schemes. The results obtained are as follows.
(1) The securities of some important signcryption schemes are analyzed. We point out their security weaknesses and some improvements of these schemes are given.
(2) We study signcryption schemes with forward secure. As a result, two types of forward secure signcryption schemes are proposed. This enhances the security and practicability of signcryption schemes.
(3) We design one type of signcryption schemes without Hash and Redundancy functions. This type signcryption scheme can avoid the threaten resulting from breaking their component parts such as Hash functions. This work somewhat expands the mold of signcryption schemes.
(4) An application of a typic multi-signcryption scheme is studied. Using this multi-signcryption scheme, we propose a route discovery process protocol in Ad hoc networks and the protocol's security and efficiency are analyzed.
(5) ID-based signcryption schemes and their applications are studied. An ID-based signcryption scheme and an ID-based multi-signcryption scheme using bilinear pairings are proposed. Applying these two ID-based schemes, a new secure protocol for protecting mobile agent from malevolence hosts' attacks is designed, and its security and efficiency are analyzed.
(6) We apply signcryption schemes to the design of key agreement protocols. Anauthenticated key agreement protocol based on our ID-based signcryption scheme isproposed and its security, efficiency and adaptability for Ad hoc networks areanalyzed.
引文
[1] Menezs A J, Van Oorschor P, ane Vanstone S. Handbook of Applied Cryptography, NewYork: CRC Press,1996.
[2] Scheneier B. Applied Cryptography, Protocols, Algorithms and Source Code in C. New York: John Wiley and Sons, 1996.
[3] Shannon C E. Communication Theory of Secret Systems. Bell system technical journal, 28 (4), 1949. 656-715.
[4] W Diffie, M Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, Vol.IT-22, No.6, 1976. 644-654.
[5] Nyberg K, Rueppel R. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. Advances in Cryptology-EUROCRYPT'94, Springer-Verlag. 1995. 182-193.
[6] Horster P, Michels M, and Petersen H. Authenticated Encryption Schemes with Low Communication Costs. Electronics Letters, 30(15).1994.1212-1213.
[7] Lee W, and Chang C. Authenticated Encryption Scheme without Using One Way Function. Electronics Letters, 31(19). 1995. 1656-1657.
[8] Y Zheng. Digital Signcryption or How to Achieve Cost (Signature & Encryption)< [9] Y Zheng. Signcryption and Its Application in Efficient Public Key Solutions. In: Information Security Workshop (ISW '97), LNCS 1396, Springer-Verlag, 1997. 291-312.
[10] Jee Hea An, Yevgeniy Dodis, Tal Rabin. On the Security of Joint Signature and Encryption. In: EUROCRYPT 2002, LNCS 2332, Springer-Verlag, 2002. 83-107.
[11] J Baek, R. Steinfeld, and Y Zheng. Formal Proofs for the Security of Signcryption. In Advances in Cryptology PKC'02, LNCS. Springer-Verlag, 2002.
[12] J H An. Authenticated Encryption in the Public-key Setting: Security Notions and Analyses. Cryptology Eprint Archive. http://eprint.iacr.org/2001/079, 2001.
[13] J Malone-Lee. Signcryption with Non-Repudiation. Technical Report CSTR'02, Department of Computer Science. University of Bristol, 2002.
[14] Y Dodis, M J Freedman, S. Jarecki, and S. Walsh. Versatile Padding Schemes for Joint Signature and Encryption. In Eleventh ACM Conference on Computer and Communication Security. ACM, 2004.
[15] A.Dent. Hybrid Cryptography. Cryptology Eprint Archive. http://eprint.iacr.org/2004/210, 2004.
[16] Ron Steinfeld. Analysis and Design of Public Key Cryptographic Schenmes. PhD thesis. 2003.
[17] J Malone-Lee. On the Security of Signature Schemes and Signcryption Schemes. PhD thesis. 2004.
[18] Joonsang Back. Construction and Formal Security Analysis of Cryptographic Schemes in the Public Key Setting. PhD thesis. 2004.
[19] Hee Yun Jung, Dong Hoon Lee, Jong In Lim. Signcryption Schemes with Forward Secrecy. In Proceedings of WlSA '01, Vol 2, 2001.403-415.
[20] N McCullagh, P. S. L. M. Barreto. Efficient and Forward-secure Identity-based Signcryption. Cryptology ePrint Archive, Report 2004/117, 2004. http://eprint.iacr.org/2004/117/.
[21] S S M. Chow, S M Yiu, L C K Hui. Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. In 6th International Conference on Information Security and Cryptology - ICISC'2003, Springer, LNCS 2971, 2003. 352-369.
[22] Hwang R J, Lai C H and Su F F.An Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve. Applied Mathematics and Computation, 2005, Vol.167, Issue 2, 2005.870-881.
[23] Dong Jin Kwak, Jae Cheol Ha, Hoon Jae Lee and etc. A WTLS Handshake Protocol with User Anonymity and Forward Secrecy. CIC 2002, LNCS 2524, Springer-Verlag Berlin Heidelberg. 2003. 219-230.
[24] 李方伟,王建,陈广辉;前向安全的基于椭圆曲线密码体制的签密方案:北京邮电大学学报,2006 Vol.29(1);22-25。
[25] H Petersen, M Michels. Cryptanalysis and Improvement of Signcryption Schemes. IEE Computers and digital techniques,1998.
[26] W H He, Tc Wu. Cryptanalysis and Improvement of Petersen-Michels'Signcryption Scheme. IEE, IEE Proc-computer and digital techniques.146. 1999.123-126.
[27] F Bao and R H Deng. A Signcryption Scheme with Signature Directly Verifiable by Public Key. In: Public Key Cryptography (PKC'98), LNCS 1431. Springer-Verlag, 1998. 55-59.
[28] Chandana Gamage, Jussipekka Leiwo, Yuliang Zheng. Encrypted Message Authentication by Firewalls. In: PKC 1999, LNCS 1560, Springer-Verlag, 1999. 69-81.
[29] Wu TS, Hsu C L. Convertible Authenticated Encryption Scheme. The Journal of Systems and Software, 62 (3) 2002. 205 - 209.
[30] Araki S, Uehara S and Imamura K, Convertible Limited Verifier Signature Based on Horster's Authenticated Encryption. 1998 Symposium on Cryptography and Information Security. Hamanako, Japan, 32-36.
[31] Huang Hui-Feng, Chang Chin-Chen. An Efficient Convertible Authenticated Encryption Scheme and Its Variant. ICICS 2003, LNCS 2836, Berlin, Heidelberg pringer-Verlag 2003. 382—392.
[32] C Ma and K Chen. Publicly Verifiable Authenticated Encryption. Electronics Letters, 39(3), 2003. 281-282.
[33] M K Lee, D K Kim, and K Park. An Authenticated Encryption Scheme with Public Verifiability. In Korea-Japan Joint Workshop on Algorithms and Computation, 2000. 49-56.
[34] W Hsiang An, L Chein Min, H Tzonelih. Comment on Publicly Verifiable Authenticated Encryption. Electronics letters, Vol. 39 No. 19. 2003.
[35] G. Wang, F Bao, C. Ma, and K Chen. Efficient Authenticated Encryption Schemes with Public Verifiability. IEEE VTC2004, Vehicular Technology Conference, Vol. 5, 2004. 3258-3261.
[36] Y Q Peng, S Y Xie, Y F Chen, etc. A Publicly Verifiable Authenticated Encryption Scheme with Message Linkage. Networking and Mobile Computing: 3rd International Conference ICCNMC 2005, LNCS 3619, 2005. 1271-1276.
[37] J Malone-Lee. Signcryption with Non Repudiation. Technical Report CSTR-02-004, Department of Computer Science. University of Bristol, 2002.
[38] J Malone-Lee, Wenbo Mao. Two Birds One Stone: Signcryption Using RSA. In: CT-RSA 2003, LNCS 2612. Springer-Verlag, 2003. 211-225.
[39] J Malone-Lee. Signcryption with Non-interactive Non-repudiation. Technical Report CSTR-02-004, Department of Computer Science, University of Bristol, 2004. Available at ttp://www.cs.bris.ac.uk/Publications/index.jsp.
[40] Y Gertner, A Herzberg. Committing Encryption and Publicly-Verifiable SignCryption, Cryptology ePrint Archive Report 2003/254.
[41] Tst Hon Yuen, Victor K Wei. Fast and Proven Secure Blind Identity-Based Signcryption from Pairings. In: Topics in Cryptology - CT-RSA 2005, LNCS 3376, Springer-Verlag, 2005. 305-322.
[42] Tor E Bjrstad. Provable Security of Signcryption. Master's thesis, Norwegian University of Technology and Science, 2005. http://www.nwo.no/-tor/pdf/msc thesis.
[43] Yuliang Zheng. Identification, Signature and Signcryption Using High Order Residues Modulo an RSA Composite. Proceedings of 2001 International Workshop on Practice and Theory in Public Key Cryptography (PKC2001). Chejo, Korea, LNCS, Vol.1992, Springer-Verlag, 2001.48-63.
[44] Yevgeniy Dodis, Michael J Freedman, Stanislaw Jarecki, etc. Optimal Signcryption from Any Trapdoor Permutation, 2004. Cryptology ePrint Archive, Report 2004/020. http://eprint.iacr.org/2004/020/.
[45] Bibrarchical Sherman S M, Chow T H Yuen, L C K Hui. Signcryption in Hierarchical Identity Based Cryptosystem. In: Security and Privacy in the Age of Ubiquitous Computing (IFIP/SEC 2005), Springer, 2005. 443-457.
[46] D Nalla, K C Reddy. Signcryption Scheme for Identity-based Cryptosystems. Cryptology ePrint Archive, Report 2003/066, 2002. http://eprint.iacr.org/2003/066.
[47] Y Dodis, J An. Concealment and Its Applications to Authenticated Encryption. In Advances in Cryptology - Eurocrypt'03, LNCS. Springer-Verlag.
[48] Benoit Libert, Jean-Jacques Quisquater. Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups. Public Key Cryptography (PKC '04), LNCS 2947, Springer-Verlag, 2004. 187-200.
[49] Chik How Tan. On the Security of Signcryption Scheme with Key Privacy, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Volume E88-A, Issue 4, 2005. 1093 - 1095.
[50] I R Jeong, H Y Jeong, H S Rhee, etc. Provably Secure Encrypt-then-Sign Composition in Hybrid Signcryption. In Proceedings of ICISC' 02, LNCS 2587, Springer, 2002. 16-34.
[51] X Huang, W Susilo, Y Mu, etc. Identity-based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in the Ubiquitous World. In 19th International Conference on Advanced Information Networking and Applications (AINA'05), Taipei, Taiwan, 2005. 649-654.
[52] R Steinfeld, Y Zheng. A Signcryption Scheme Based on Integer Factorization. in The Third Information Security Workshop (ISW 2000), LNCS 1975, Springer-Verlag, 2000. 308-322.
[53] Xiangxue Li, Kefei Chen. Identity Based Proxy-Signcryption Scheme from Pairings[C]. In:Proceedings of the 2004 IEEE International Conference on Services Computing(SCC'04).
[54] Stephanie Alt. Authenticated Hybrid Encryption for Multiple Recipients, Cryptology ePrint Archive Report 2006/029.
[55] Abe M, R. Gennaro, K. Kurosawa and and etc. Tag-KEM/DEM: A New Framework for Hybrid Encryption and a New Analysis of Kurosawa-Desmedt KEM, EUROCRYPT 2005, LNCS 3494 (2005), 128-146.
[56] Tor E Bjorstad, Alexander W Dent. Building Better Signcryption Schemes with Tag-KEMs, Public Key Cryptography (PKC 2006), LNCS 3958, Springer-Verlag, 2006. 491-507.
[57] S Mitomi, A Miyaji. A General Model of Multisignature Schemes with Message Flexibility, Order Flexibility, and Order Verifiability. IEICE Transaction on Fundamentals, Vol. E84-A, No. 10, 2001.88-2499.
[58] X Pang, B Catania, and K L Tan. Securing Your Data in Agent-based P2P Systems. In Proceedings of Eight International Conference on Database Systems for Advanced Applications (DASFAA '03). Kyoto, Japan: IEEE Computer Society2003.55-65.
[59] S H Seo and S H Lee. A Secure and Flexible Multi-signcryption Scheme. ICCSA 2004, LNCS 3046 [C]. Berlin: Springer-Verlag, 2004. 689-697.
[60] Alexander W Dent. Hybrid Signcryption Schemes with Insider Security. In Proceedings of ACISP 2005, volume 3574 of Lecture Notes in Computer Science, Springer Verlag, 2005. 253-266.
[61] Alexander W Dent. Hybrid Signcryption Schemes with Outsider Security. In Proceedings of ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages Springer Verlag, 2005.203-217.
[62] Maki Yoshida, Toru Fujiwara. On the Security of Tag-KEM for Signcryption.This paper is electronically published in Electronic Notes in Theoretical Computer Science URL: www.elsevier.nl/locate/entcs.
[63] J Malone-Lee. Identity-based Signcryption. Cryptology Eprint Archive. http://eprint.iacr.org/2002/098, 2002.
[64] X Boyen. Multipurpose Identity-based Signcryption: a Swiss Army Knife for Identitybased Cryptography. In Advances in Cryptology - CRYPTO' 03, LNCS. Springer- Verlag, 2003.
[65] B Libert and J Quisquater. New Identity Based Signcryption Schemes from Pairings. In IEEE Information Theory Workshop, Paris, France, 2003. http://eprint.iacr.org/2003/023.
[66] 段姗姗,曹珍富,陆荣幸;基于身份的强壮门限签密方案;上海交通大学学报,Vol.39(12),2005:1946-1949。
[67] Liqun Chen, John Malone-Lee. Improved Identity-Based Signcryption. In: Public Key Cryptography - PKC 2005, LNCS 3386, Springer-Verlag, 2005. 362-379.
[68] Shanshan Duan and Zhenfu Cao. Efficient and Provably Secure Multi-receiver Identity-Based Signcryption_ACISP 2006, LNCS 4058, Springer-Verlag Berlin Heidelberg 2006. 195 - 206.
[69] D Nalla and K C Reddy. Signcryption Scheme for Identity-based Cryptosystems. Cryptology ePrint Archive, Report 2003/066, 2003. http://eprint.iacr.org/2003/066.
[70] 赵泽茂,刘凤玉;基于公钥自证明的认证加密方案;计算机工程与应用,Vol.20,2005:153—155。
[71] C L Hsu and T C Wu. Authenticated Encryption Scheme with (t, n) Shared Verification. IEE Proceedings - Computers and Digital Techniques, Vol. 145(2),1998. 117-120.
[72] C T Wang, C C Chang, and C. H. Lin. Generalization of Threshold Signature and Authenticated Encryption for Group Communications. IEICE Trans. Fundamentals, Vol. E83-A(No. 6), 2000. 1228-1237.
[73] C L Hsu, T S Wu, T C Wu. Improvements of Generalization of Threshold Signature and Authenticated Encryption for Group Communications. Information Processing Lettes, Vol. 81(1), 2002. 41-45.
[74] Tzer Shyong, Chen Kuo Hsuan Huang and Yu-Fang Chung. A Practical Authenticated Encryption Scheme Based on the Elliptic Curve Cryptosystem. Computer Standards & Interfaces 26.2004. 461-469.
[75] S F Tzeng, M S Hwang. Digital Signature with Message Recovery and Its Variants Based on Elliptic Curve Discrete Logarithm Problem. Computer Standards & Interface, Vol.26(2), pp. 61-71, 2004. 61-71.
[76] M S Hwang and C Y Liu. Authenticated Encryption Schemes: Current Status and Key Issues. International Journal of Network Security, Vol. 1 (2), 2005.54-66.
[77] Y M Tseng and J K Jan. An Efficient Authenticated Encryption Scheme with Message Linkages and Low Communication Costs. Journal of Information Science and Engineering, Vol.18, 2002. 41-46.
[78] E J Yoon and K Y Yoo. Robust Authenticated Encryption Scheme with Message Linkages. Information and Engineering System KES 2005, LNAI 3684, 2005.281-288.
[79] Y Zheng, H. Imai. How to Construct Efficient Signcryption Schemes on Elliptic Curves. Information Processing Letters, 68 (5). 1998. 227-233.
[80] Y Zheng, H Imai. Compact and Unforgeable Key Establishment over an ATM Network. Proceedings of IEEE INFOCOM'98, 29/3-3/4, San Francisco.Goichiro Hanaoka. 1998. 411-418.
[81] Y Zheng. Using Signcryption to Build Compact and Efficient Protocols for Unforgeable Session Key Establishment. San Francisco, CA. USA.1999. 411-418.
[82] Hanaoka G, Y Zheng, and H Imai. LITESET: a Light-Weight Secure Electronic Transaction Protocol. In: ACISP 1998, LNCS 1438, Springer-Verlag, 1998. 215-226.
[83] Goichiro Hanaoka, Yuliang Zheng and Hideki Imai. Improving the Secure Electronic Transaction Protocol by Using Signcryption. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science. Vol.E84-A, No.8, 2001.2002-2051.
[84] M Seo and K Kim. Electronic Funds Transfer Protocol using Domain-verifiable Signcryption Scheme. In: Information Security and Cryptology - ICISC'99, LNCS 1787, Springer-Verlag, 2000. 269-277.
[85] D Kwak, J Ha, H Lee, etc. A WTLS Handshake Protocol with User Anonymity and Forward Secrecy. In: CDMA International Conference - CIC'2002, LNCS 2524, Springer-Verlag, 2002. 219-230.
[86] Xiao lin Pang, Kian Lee Tan, Yan Wang. A Secure Agent-Mediated Payment Protocol. In: ICICS 2002, LNCS 2513, Springer-Verlag, 2002. 422-433.
[87] Gamage C, Leiwo J, Zheng Y. An Efficient Scheme for Secure Message Transmission Using Proxy-signcryption. In: Edwards J, ed. Proceedings of the 22th Australasian Computer Science. Auckland: Springer-Verlag, 1999. 420~431.
[88] Chandana Gamage, Jussipekka Leiw and Yuliang Zheng. An Efficient Scheme for Secure Message Transmission using Proxy-Signcryption. Proceedings of the 22nd Australasian Computer Science Conference (ACSC'99), Australian Computer Science Communications, Vol.21, No.1, Springer.1999. 420-431.
[89] Amit K Awasthi. An Efficient Scheme for Sensitive Message Transmission using Blind Signcryption, arXiv:cs.CR/0504095, April 23, 2005.
[90] H F Huang and C C Chang. An Efficient Convertible Authenticated Encryption Scheme and Its Variant. Information and Communications Security (ICICS'03), LNCS 2836, Springer-Verlag, 2003. 382-392.
[91] B N Park and W Lee. ISMANET: A Secure Routing Protocol Using Identity-Based Signcryption Scheme for Mobile Ad-Hoc Networks. IEICE Transations on Comunications, Vol.E88-B, No.66, 2005. 2548-2565.
[92] Deng H, Agrawal D. TIDS:Threshold and Identitybased Security Scheme for Wireless Ad hoc Networks. Ad Hoc Networks, 2004, 2(3).291-307.
[93] Namje Park, Kiyoung Moon, Kyoil Chung, etc. A Security Acceleration Using XML Signcryption Scheme in Mobile Grid Web Services. Proc. of the 5th International Conference on Web Engineering (ICWE 2005), Sydney, Australia, 2005, LNCS Vol. 3579. 91-196.
[94] B Park, J Myung, and W. Lee. ISSRP: A Secure Routing Protocol using Identity-based Signcryption Scheme in Ad-Hoc Networks. Lecture Notes in Computer Science (LNCS), Vol. 3320, Springer-Verlag, 2004. 711-714.
[95] Yah Wang, Tieyan Li. LITESET/A++: A New Agent-Assisted Secure Payment Protocol. CEC, 2004.244-251.
[96] B Park, J Myung, and W. Lee. LSRP: A Lightweight Secure Routing Protocol with Low Cost for Ad-Hoc Networks. Lecture Notes in Computer Science (LNCS), Vol. 3391, Springer-Verlag, February 2005.160-169.
[97] Yi Wang, Jussipekka Leiwo, Thambipillai Srikanthan, etc. FPGA Based DPA-resistant Unified Architecture for Signcryption. Proceedings of the Third International Conference on Information Technology.
[98] DongJin Kwak, JaeCheol Ha, Hoonjae Lee, etc. LM Signcryption and Its Application in WTLS Handshake Protocol for User Anonymity. The 6th Joint Workshop on Modern Electronic Technologies and Applications, Vol. 6, No 1, 2001. 142-153.
[99] Anshuman Rawat and Shabsi Walfish. A Parallel Signcryption Standanard Using RSA with PESE Project Report, May 2003.
[100] D Boneh, M Franklin. Identity Based Encryption From the Weil Pairing. Advances in Cryptology-Crypto'01. Lecture Notes in Computer Science, Vol. 2139. Springer-Verlag, Berlin Heidelberg (2001), 213.
[101] B H Chen. Improvement of Authenticated Encryption Schemes with Message Linkages for Message Flows. Computers and Electrical Engineering, vol. 30, no. 7, 2004. 465-469.
[102] Hwang S, Chang C, Yang W. Authenticated Encryption Schemes with Message Linkages. Information Processing Letters,1996. 189-194.
[103] Lee W B, Chang C C. Authenticated Encryption Schemes with Linkage Between Message Blocks. Information Processing Letters,1997, 63. 247-250.
[104] Y M Tseng and J K Jan. An Efficient Authenticated Encryption Scheme with Message Linkages and Low Communication Cost. Journal of Information Science and Engineering, Vol. 18, No.1, January 2002. 41-46.
[105] Y M Tseng, J K Jan, H Y Chien. Authenticated Encryption Schemes with Message Linkages for Message Flows. Computers and Electrical Engineering, 29 (1) 2003. 101-109.
[106] H H Feng, C C Chang. Enhancement of the Authenticated Encryption Schemes with Message Linkages. The Second International Workshop for Asia Public Key Infrastructure (IWAP2002), 2002.
[107] S Goldwasser and S Micali. Probabilistic Pncryption. Journal of Computer and System Sciences, April 1984, Vol.28. 270-299.
[108] ElGamal T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Information Theory, Vol.IT-31, No.4, 1985. 469-472.
[109] Fiat A and Shamir A. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Advances in Cryptology—CRYPTO'86, Springer-Verlag, LNCS 263. 1986. 186-194.
[110] Miyazaki Shingo and Sakurai Kouichi. A Parallel Withstanding Attack with Forging Key Certificates on an Electronic Cash System Based on Message-recovery Blind Digital Signatures. Proc. of International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). HongKong, 1999.163-167.
[111] National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature Standard", U.S. Department of Commerce, 1994.
[112] Pointcheval D. Strengthened Security for Blind Signatures. Advances in Cryptology—Eurocrypt'98, LCNS 1403, Springer-Verlag, 1998. 91-405.
[113] Rivest R L, Shamir A, and Adleman L M. On Digital Signatures and Public Key Cryptosystems. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, 1979.
[114] Okamoto T. A Digital Multi-signature Scheme Using Bijective Public-key Cryptosystems. ACM Trans. on Computer Sciences, Vol.6, No.8. 1988. 432-441.
[115] Wang Xiaoyun, Feng Dengguo, Yu Xiuyuan, etc. An Attack on Function HAVAL-128, Science in China Series E 2005.
[116] Wang Xiaoyun, Yu Hongbo. How to Break MD5 and Other Hash Functions. Eurocrypt'05.
[117] Wang Xiaoyun, Yin Yiqun Lisa, Yu Hongbo. Finding Collisions in the Full SHA-1. Crypt'2005.
[118] T. Nakanishi. M. Tao, Y. Sugiyama. A Group Signature Scheme Committing the Group. ICIS2002, Springer-Verlag, LNCS2513, 2002. 73-84.
[119] Schnorr C. P. Efficent Signature Generation for Smart Cards. Journal of Cryptology, Vol.4(3), 1991. 161-174.
[120] Sun H. Lee N. Hwang T. Threshold Proxy Signatures. IEE Proc. Computer and Digital Techniques, Vol.146(5),1999. 259-263.
[121] S.Lal and A K Awasthi. Proxy blind signature scheme. Cryptology ePrint Archive, Report 2003/072. Available at http://eprint.iacr.org/, 2003.
[122] M Bellare and P Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. ACM Conference on Computer and Communications Security, Proceedings of ACM CCCS '93, ACM, 1993. 62-73.
[123] Alexandra Boldyreva and Marc Fischlin. Analysis of Random Oracle Instantiation Scenarios for OAEP and other Practical Schemes. Advances in Cryptology-Crypto 2005 Proceedings, Lecture Notes in Computer Science, Vol. 3621, 2005.
[124] C Laih, J Lee, L Ham, etc. A New Scheme for ID-based Cryptosystem and Signature. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies, 1989. 998-1002.
[125] C Chang and C Lin. An ID-based Signature Scheme Based upon Rabin's Public Key Cryptosystem. Proceedings of the 25th Annual IEEE International Carnahan Conference on Security Technology, 1991. 139-141.
[126] G Agnem, R Mullin and S Vanstone. Improved Digital Signature Scheme Based on Discrete Exponentiation. Electronics Letters, 26 (14) 1990.1024-1025.
[127] R Sakai, K Ohgishi and M Kasahara. Cryptosystems Based on Pairing. 2000 Symposium on Cryptography and Information Security (SCIS 2000), Okinawa, 2000. 26-28.
[128] K G. Paterson. ID-based Signatures from Pairings on Elliptic Curves. Electronics Letters, 38(18), 2002. 1025-1026.
[129] F Hess. Efficient Identity Based Signature Schemes Sased on Pairings. Selected Areas in Cryptography-SAC 2002, LNCS 2595, Springer-Verlag, 2003. 310-324.
[130] J C Cha and J H Cheon. An Identity-based Signature from Gap Diffie-Hellman Groups. Practice and Theory in Public Key Cryptography- PKC 2003, LNCS 2567, Springer-Verlag, 2003.18-30.
[131] X Yi. An Identity-based Signature Scheme from the Weil Pairing. IEEE Communications Letters, 7(2), 2003.76-78.
[132] K Ohta and E Okamoto. Practical Extension of Fiat-Shamir Scheme. Electronics Letters, 24(15), 1988. 955-956.
[133] A J Menezes. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993.
[134] J H Silverman. The Arithmetic of Elliptic Curves. Springer-Verlag, New York, 1986.
[135] A Joux. A One Round Protocol for Tripartile Diffie-Hellman. Proc of ANTS 4, LNCS 1838, 2000. 385-394.
[136] D Boneh, M Franklin. Identity Based Encryption From the Weil Pairing. Advances in Cryptology-Crypto'01, LNCS 2139, Springer, 2001.
[137] A Shamir. Identity Based Cryptosystems and Signature Schemes, Advances in Cryptology - Crypto' 84, LNCS 0196, Springer, 1984.
[138] N Koblitz. Elliptic Curve Cryptosystems. Mathematics of Computation, 48 (177) 1987. 203-209.
[139] V S Miller. Use of Elliptic Curve in Cryptography. Advances in Cryptology-Crypto'85, LNCS 218, Springer-Verlag, 1986. 417-426.
[140] N Koblitz. Hyperelliptic Cryptography. Journal of Cryptography, 1(3), 1989. 139-150.
[141] A Joux and K Ngnyen. Seperating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Cryptology ePrint Archive, Report 2001/003, http://epdnt.iacr.org.
[142] J H Cheon and D H Lee. Diffie-Hellman Problems and Bilinear Maps. Cryptology ePrint Archive, Report 2002/117, http://eprint.iacr.org.
[143] D Boneh, C Gentry, B lyn, etc. Aggregate and Vedfiably Encrypted Signatures from Bilinear Maps. Advances in Cryptology-Eurocrypt'03, LNCS 2656, Springer-Verlag, 2003. 416-432.
[144] Mun Kyu Lee, Dong Kyue Kim, Kunsoo Park. An Authenticated Encryption Scheme with Public Verifiability. 5th Japan-Korea Joint Workshop on Algorithms and Computation. Tokyo, Japan, 2000. 49-56.
[145] D Yum and P Lee. New Signcryption Schemes Based on KCDSA. In the 4th International Conference on Information Security and Cryptology. LNCS 2288, Berlin, Springer-Verlag, 2001.341- 354.
[146] Jun Shin, Kwangsu Lee, and Kyungah Shim. New DSA-vedfiable Signcryption Schemes. Jun-BICISC 2002[C]. LNCS 2587, Berlin, Heidelberg, Springer-Verlag, 2003.35-47.
[147] SHAO Z. Signature Scheme Based on Discrete Logarithm without Using One-way Hash-function. Electron Lett. 34, (11) 1998. 1079-1080.
[148] HARN L and LIN H.Y. An Authenticated Key Agreement Protocol without Using One-way Function. Proc. 8th Nat. Conf. Information Security, Kaohsiung, Taiwan, 1998. 155-160.
[149] HARN L. Digital Signatures for Diffie-Hellman Public Keys without Using One-way Function. Electron. Lett. 33, (2), 1997.125-126.
[150] L Harn, HY Lin. Authenticated Key Agreement without using one-way Hash Functions.
[151] W Lee and C Chang. Authenticated Encryption Scheme without Using a One-way Function. Electronics Letters, 31(19), 1995. 1656-1657.
[152] K Chen. Signature with Message Recovery. Electronics Letters, 34 (20), 1998.1934.
[153] K Nyberg and R A Rueppel. A New Signature Scheme Based on the DSA Giving Message Recovery. 1st ACM Conference on Computer and Communications security [C]. New York: ACM Press, 1993, 58 - 61.
[154] YOU Lin, YANG Yixian, ZHANG Chunqi. Comments on A Signcryption. The Journal of China Universities of Posts and Telecommunications Vol. 9, No. 3 ,2002. 28-31.
[155] Mitchell C J, Yuen C Y. Comment: Signature Scheme with Messge Recovery. Electron Lett .35 (3), 1999. 217.
[156] Yeun C Y. Digital Signature with Messge Recovery and Authenticated Encryption (Signcryption), a Comparison. IMA2Crypto & Coding' 99, LNCS 1746, 1999.307 - 312.
[157] 伊丽江,蔡勉,肖国镇;对一种消息恢复数字签名的注记;西安电子科技大学学报,Vol.27,No.2,2000,256-258。
[158] C Perkins, E.Royer. Ad-hoc On-Demand Distance Vector Routing. In Proceedings of the IEEE Workshop on Mobile Computing Systems and Applications (WMCSA), Washington, DC, USA, 1999. 90-100.
[159] M Zapata, N Asokan. Securing Ad hoc Routing Protocols. In Proceedings of the 2002 ACM Workshop on Wireless Security (WiSe 2002), Atlanta, Geogia, USA,2002. 1-10.
[160] Y C Hu, A Perrig, D B Johnson, etc. A Secure On-Demand Routing Protocol for Wireless Ad hoc Networks. Technical Report TR01- 383, Department of Computer Science, Rice University, 2001.
[161] Y P Papadimitratos, Z J Haas. Secure Routing for Mobile Ad hoc Networks. In Proceedings of SCS Communication Networks and Distributed Systems Modeling and Simulation (CNDS), San Antonio, TX, 2002.
[162] S Yi, P Naldurg, and R Kravets. Security-aware Ad hoc Routing for Wireless Networks. In Proc. ACM Mobile hoc, New York, ACM Press, 2001.
[163] Menezes A J, Qu M, Vanstone S A. Some Key Agreement Protocols Providing Implicit Authentication. 2nd Workshop Selected Areas in Cryptography (SAC'95). Nashville, TN, 1995, 22-32.
[164] D Seo and P Sweeney. Simple Authenticated Key Agreement Algorithm. IEE Electronics Letters 35 (13), 1999. 1073-1074.
[165] B Kalisld. An Unknown Key-share Attack on the MQV Key Agreement Protocol. ACM Transaction on Information and Systenis Security, vol. 4, 2001. 275-288.
[166] H Sun, B Hsieh. Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings. Cryptogarphy ePrint Archive, Report 2003/113, available at http://eprint.iacr.org/2003/113, 2003.
[167] L Law, A Menezes, M Qu, etc. An Efficient Protocol for Authenticated Key Agreement. Technical Report CORR98, 1998.
[168] I C Lin, C C Chang and M S Hwang. Security Enhancement for the Simple Authentication Key Agreement Algorithm. In The Twenty-Fourth Annual International Computer Software and Applications Conference (COMPSAC)'2000, 2000. 113-115.
[169] C L Hsu, T S Wu and T C Wu. Improvement of Modified Authenticated Key Agreement Protocol. Applied Mathematics and Computation 142, 2003. 305 - 308.
[170] Y J Choie, E Jeong and E Lee. Efficient Identity-based Authenticated Key Agreement Protocol from Pairings. Applied Mathematics and Computation, vol. 162(1), 2005.179-188.
[171] N Smart. An ID-based Authenticated Key Agreement Protocol Based on the Weil Pairing. Elec. Lett., vol. 38(13), 2002. 630-632.
[172] K Shim. Efficient ID-based Authenticated Key Agreement Protocol from the Weil Pairing. Elect. Lett., vol. 39, 2003. 653-654.
[173] Hugo M, Krawczyk. HMQV: A High-performance Secure Diffie-Hellman Protocol. Advances in Cryptology. CRYPTO 2005, LNCS3621. Berlin: Springer-Verlag, 2005.546-566.
[174] Choi KY, Hwang JY, Lee DH, etc. ID-based Authenticated Key Agreement for Low-Power Mobile Devices. ACISP 2005, LNCS 3574. Springer-Verlag Berlin Heidelberg, 2005. 494-505.
[175] R Sakai and M Kasahara. ID Based Cryptosystems with Pairing on Elliptic Curve. In SCIS'2003, Hamamatsu, Japan, 2003. http://eprint.iacr.org/2003/054.
[176] S Galbraith, K Harrison, and D Soldera. Implementing the Tate Pairing. In Algorithm Number Theory Symposium-ANTS V, volume 2369 of Lecture Notesin Computer Science, Springer-Verlag, 2002. 324-337.
[177] A W Dent. ACE-KEM and the General KEM-DEM Structure. Internal report, NESSIE, 2002. NES/DOC/RHU/WP5/023.
[178] R Shipsey. Summary of Victor Shoup's ISO Document on Public key Encryption. Internal report, NESSIE, 2001.
[179] Waka Nagao, Yoshifumi Manabe and Tatsuaki Okamoto. A Universally Composable Secure Channel Based on the KEM-DEM Framework. TCC 2005, LNCS 3378. 2005. 426-444.
[180] S Abe, R Gennaro, and K Kurosawa. Tag-KEM/DEM: A New Framework for Hybrid Encryption. Cryptology ePrint Archive: Report 2005/027, 2005.
[181] M Abe, R Gennaro, K Kurosawa, etc. Tag-KEM/DEM: A New Framework for Hybrid Encryption and a New Analysis of Kurosawa-Desmedt KEM. In Ronald Cramer, editor, EUROCRYPT, volume 3494 of Lecture Notes in Computer Science, Springer, 2005. 128 - 146.
[182] M Abe, Yang Cui, H Imai, and K Kurosawa. Tag-KEM from Set Partial Domain One-Way Permutations. ICALP'06, 2006.
[183] Zhang Chuanrong, Xiao Hong, Xiao Guozhen. Improvement of a Simple Authentication Key Agreement Protocols. CHINACRYPT' 2006, 253-258。
[184] 张福泰,姬东耀,王育民;签密的门限生成协议;密码学新进展 -Chinacrypt’2002,科学出版社;93-202。
[185] 杨义先,孙伟,钮心忻;现代密码新理论;北京:科学出版社,2002。
[186] 王育民,刘建伟.通信网的安全-理论与技术;西安,西安电子科技大学出版 社,1999。
[187] 冯登国;计算机通信网络安全;北京:清华大学出版社,2001。
[2] Scheneier B. Applied Cryptography, Protocols, Algorithms and Source Code in C. New York: John Wiley and Sons, 1996.
[3] Shannon C E. Communication Theory of Secret Systems. Bell system technical journal, 28 (4), 1949. 656-715.
[4] W Diffie, M Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, Vol.IT-22, No.6, 1976. 644-654.
[5] Nyberg K, Rueppel R. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. Advances in Cryptology-EUROCRYPT'94, Springer-Verlag. 1995. 182-193.
[6] Horster P, Michels M, and Petersen H. Authenticated Encryption Schemes with Low Communication Costs. Electronics Letters, 30(15).1994.1212-1213.
[7] Lee W, and Chang C. Authenticated Encryption Scheme without Using One Way Function. Electronics Letters, 31(19). 1995. 1656-1657.
[8] Y Zheng. Digital Signcryption or How to Achieve Cost (Signature & Encryption)<
[10] Jee Hea An, Yevgeniy Dodis, Tal Rabin. On the Security of Joint Signature and Encryption. In: EUROCRYPT 2002, LNCS 2332, Springer-Verlag, 2002. 83-107.
[11] J Baek, R. Steinfeld, and Y Zheng. Formal Proofs for the Security of Signcryption. In Advances in Cryptology PKC'02, LNCS. Springer-Verlag, 2002.
[12] J H An. Authenticated Encryption in the Public-key Setting: Security Notions and Analyses. Cryptology Eprint Archive. http://eprint.iacr.org/2001/079, 2001.
[13] J Malone-Lee. Signcryption with Non-Repudiation. Technical Report CSTR'02, Department of Computer Science. University of Bristol, 2002.
[14] Y Dodis, M J Freedman, S. Jarecki, and S. Walsh. Versatile Padding Schemes for Joint Signature and Encryption. In Eleventh ACM Conference on Computer and Communication Security. ACM, 2004.
[15] A.Dent. Hybrid Cryptography. Cryptology Eprint Archive. http://eprint.iacr.org/2004/210, 2004.
[16] Ron Steinfeld. Analysis and Design of Public Key Cryptographic Schenmes. PhD thesis. 2003.
[17] J Malone-Lee. On the Security of Signature Schemes and Signcryption Schemes. PhD thesis. 2004.
[18] Joonsang Back. Construction and Formal Security Analysis of Cryptographic Schemes in the Public Key Setting. PhD thesis. 2004.
[19] Hee Yun Jung, Dong Hoon Lee, Jong In Lim. Signcryption Schemes with Forward Secrecy. In Proceedings of WlSA '01, Vol 2, 2001.403-415.
[20] N McCullagh, P. S. L. M. Barreto. Efficient and Forward-secure Identity-based Signcryption. Cryptology ePrint Archive, Report 2004/117, 2004. http://eprint.iacr.org/2004/117/.
[21] S S M. Chow, S M Yiu, L C K Hui. Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. In 6th International Conference on Information Security and Cryptology - ICISC'2003, Springer, LNCS 2971, 2003. 352-369.
[22] Hwang R J, Lai C H and Su F F.An Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve. Applied Mathematics and Computation, 2005, Vol.167, Issue 2, 2005.870-881.
[23] Dong Jin Kwak, Jae Cheol Ha, Hoon Jae Lee and etc. A WTLS Handshake Protocol with User Anonymity and Forward Secrecy. CIC 2002, LNCS 2524, Springer-Verlag Berlin Heidelberg. 2003. 219-230.
[24] 李方伟,王建,陈广辉;前向安全的基于椭圆曲线密码体制的签密方案:北京邮电大学学报,2006 Vol.29(1);22-25。
[25] H Petersen, M Michels. Cryptanalysis and Improvement of Signcryption Schemes. IEE Computers and digital techniques,1998.
[26] W H He, Tc Wu. Cryptanalysis and Improvement of Petersen-Michels'Signcryption Scheme. IEE, IEE Proc-computer and digital techniques.146. 1999.123-126.
[27] F Bao and R H Deng. A Signcryption Scheme with Signature Directly Verifiable by Public Key. In: Public Key Cryptography (PKC'98), LNCS 1431. Springer-Verlag, 1998. 55-59.
[28] Chandana Gamage, Jussipekka Leiwo, Yuliang Zheng. Encrypted Message Authentication by Firewalls. In: PKC 1999, LNCS 1560, Springer-Verlag, 1999. 69-81.
[29] Wu TS, Hsu C L. Convertible Authenticated Encryption Scheme. The Journal of Systems and Software, 62 (3) 2002. 205 - 209.
[30] Araki S, Uehara S and Imamura K, Convertible Limited Verifier Signature Based on Horster's Authenticated Encryption. 1998 Symposium on Cryptography and Information Security. Hamanako, Japan, 32-36.
[31] Huang Hui-Feng, Chang Chin-Chen. An Efficient Convertible Authenticated Encryption Scheme and Its Variant. ICICS 2003, LNCS 2836, Berlin, Heidelberg pringer-Verlag 2003. 382—392.
[32] C Ma and K Chen. Publicly Verifiable Authenticated Encryption. Electronics Letters, 39(3), 2003. 281-282.
[33] M K Lee, D K Kim, and K Park. An Authenticated Encryption Scheme with Public Verifiability. In Korea-Japan Joint Workshop on Algorithms and Computation, 2000. 49-56.
[34] W Hsiang An, L Chein Min, H Tzonelih. Comment on Publicly Verifiable Authenticated Encryption. Electronics letters, Vol. 39 No. 19. 2003.
[35] G. Wang, F Bao, C. Ma, and K Chen. Efficient Authenticated Encryption Schemes with Public Verifiability. IEEE VTC2004, Vehicular Technology Conference, Vol. 5, 2004. 3258-3261.
[36] Y Q Peng, S Y Xie, Y F Chen, etc. A Publicly Verifiable Authenticated Encryption Scheme with Message Linkage. Networking and Mobile Computing: 3rd International Conference ICCNMC 2005, LNCS 3619, 2005. 1271-1276.
[37] J Malone-Lee. Signcryption with Non Repudiation. Technical Report CSTR-02-004, Department of Computer Science. University of Bristol, 2002.
[38] J Malone-Lee, Wenbo Mao. Two Birds One Stone: Signcryption Using RSA. In: CT-RSA 2003, LNCS 2612. Springer-Verlag, 2003. 211-225.
[39] J Malone-Lee. Signcryption with Non-interactive Non-repudiation. Technical Report CSTR-02-004, Department of Computer Science, University of Bristol, 2004. Available at ttp://www.cs.bris.ac.uk/Publications/index.jsp.
[40] Y Gertner, A Herzberg. Committing Encryption and Publicly-Verifiable SignCryption, Cryptology ePrint Archive Report 2003/254.
[41] Tst Hon Yuen, Victor K Wei. Fast and Proven Secure Blind Identity-Based Signcryption from Pairings. In: Topics in Cryptology - CT-RSA 2005, LNCS 3376, Springer-Verlag, 2005. 305-322.
[42] Tor E Bjrstad. Provable Security of Signcryption. Master's thesis, Norwegian University of Technology and Science, 2005. http://www.nwo.no/-tor/pdf/msc thesis.
[43] Yuliang Zheng. Identification, Signature and Signcryption Using High Order Residues Modulo an RSA Composite. Proceedings of 2001 International Workshop on Practice and Theory in Public Key Cryptography (PKC2001). Chejo, Korea, LNCS, Vol.1992, Springer-Verlag, 2001.48-63.
[44] Yevgeniy Dodis, Michael J Freedman, Stanislaw Jarecki, etc. Optimal Signcryption from Any Trapdoor Permutation, 2004. Cryptology ePrint Archive, Report 2004/020. http://eprint.iacr.org/2004/020/.
[45] Bibrarchical Sherman S M, Chow T H Yuen, L C K Hui. Signcryption in Hierarchical Identity Based Cryptosystem. In: Security and Privacy in the Age of Ubiquitous Computing (IFIP/SEC 2005), Springer, 2005. 443-457.
[46] D Nalla, K C Reddy. Signcryption Scheme for Identity-based Cryptosystems. Cryptology ePrint Archive, Report 2003/066, 2002. http://eprint.iacr.org/2003/066.
[47] Y Dodis, J An. Concealment and Its Applications to Authenticated Encryption. In Advances in Cryptology - Eurocrypt'03, LNCS. Springer-Verlag.
[48] Benoit Libert, Jean-Jacques Quisquater. Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups. Public Key Cryptography (PKC '04), LNCS 2947, Springer-Verlag, 2004. 187-200.
[49] Chik How Tan. On the Security of Signcryption Scheme with Key Privacy, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Volume E88-A, Issue 4, 2005. 1093 - 1095.
[50] I R Jeong, H Y Jeong, H S Rhee, etc. Provably Secure Encrypt-then-Sign Composition in Hybrid Signcryption. In Proceedings of ICISC' 02, LNCS 2587, Springer, 2002. 16-34.
[51] X Huang, W Susilo, Y Mu, etc. Identity-based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in the Ubiquitous World. In 19th International Conference on Advanced Information Networking and Applications (AINA'05), Taipei, Taiwan, 2005. 649-654.
[52] R Steinfeld, Y Zheng. A Signcryption Scheme Based on Integer Factorization. in The Third Information Security Workshop (ISW 2000), LNCS 1975, Springer-Verlag, 2000. 308-322.
[53] Xiangxue Li, Kefei Chen. Identity Based Proxy-Signcryption Scheme from Pairings[C]. In:Proceedings of the 2004 IEEE International Conference on Services Computing(SCC'04).
[54] Stephanie Alt. Authenticated Hybrid Encryption for Multiple Recipients, Cryptology ePrint Archive Report 2006/029.
[55] Abe M, R. Gennaro, K. Kurosawa and and etc. Tag-KEM/DEM: A New Framework for Hybrid Encryption and a New Analysis of Kurosawa-Desmedt KEM, EUROCRYPT 2005, LNCS 3494 (2005), 128-146.
[56] Tor E Bjorstad, Alexander W Dent. Building Better Signcryption Schemes with Tag-KEMs, Public Key Cryptography (PKC 2006), LNCS 3958, Springer-Verlag, 2006. 491-507.
[57] S Mitomi, A Miyaji. A General Model of Multisignature Schemes with Message Flexibility, Order Flexibility, and Order Verifiability. IEICE Transaction on Fundamentals, Vol. E84-A, No. 10, 2001.88-2499.
[58] X Pang, B Catania, and K L Tan. Securing Your Data in Agent-based P2P Systems. In Proceedings of Eight International Conference on Database Systems for Advanced Applications (DASFAA '03). Kyoto, Japan: IEEE Computer Society2003.55-65.
[59] S H Seo and S H Lee. A Secure and Flexible Multi-signcryption Scheme. ICCSA 2004, LNCS 3046 [C]. Berlin: Springer-Verlag, 2004. 689-697.
[60] Alexander W Dent. Hybrid Signcryption Schemes with Insider Security. In Proceedings of ACISP 2005, volume 3574 of Lecture Notes in Computer Science, Springer Verlag, 2005. 253-266.
[61] Alexander W Dent. Hybrid Signcryption Schemes with Outsider Security. In Proceedings of ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages Springer Verlag, 2005.203-217.
[62] Maki Yoshida, Toru Fujiwara. On the Security of Tag-KEM for Signcryption.This paper is electronically published in Electronic Notes in Theoretical Computer Science URL: www.elsevier.nl/locate/entcs.
[63] J Malone-Lee. Identity-based Signcryption. Cryptology Eprint Archive. http://eprint.iacr.org/2002/098, 2002.
[64] X Boyen. Multipurpose Identity-based Signcryption: a Swiss Army Knife for Identitybased Cryptography. In Advances in Cryptology - CRYPTO' 03, LNCS. Springer- Verlag, 2003.
[65] B Libert and J Quisquater. New Identity Based Signcryption Schemes from Pairings. In IEEE Information Theory Workshop, Paris, France, 2003. http://eprint.iacr.org/2003/023.
[66] 段姗姗,曹珍富,陆荣幸;基于身份的强壮门限签密方案;上海交通大学学报,Vol.39(12),2005:1946-1949。
[67] Liqun Chen, John Malone-Lee. Improved Identity-Based Signcryption. In: Public Key Cryptography - PKC 2005, LNCS 3386, Springer-Verlag, 2005. 362-379.
[68] Shanshan Duan and Zhenfu Cao. Efficient and Provably Secure Multi-receiver Identity-Based Signcryption_ACISP 2006, LNCS 4058, Springer-Verlag Berlin Heidelberg 2006. 195 - 206.
[69] D Nalla and K C Reddy. Signcryption Scheme for Identity-based Cryptosystems. Cryptology ePrint Archive, Report 2003/066, 2003. http://eprint.iacr.org/2003/066.
[70] 赵泽茂,刘凤玉;基于公钥自证明的认证加密方案;计算机工程与应用,Vol.20,2005:153—155。
[71] C L Hsu and T C Wu. Authenticated Encryption Scheme with (t, n) Shared Verification. IEE Proceedings - Computers and Digital Techniques, Vol. 145(2),1998. 117-120.
[72] C T Wang, C C Chang, and C. H. Lin. Generalization of Threshold Signature and Authenticated Encryption for Group Communications. IEICE Trans. Fundamentals, Vol. E83-A(No. 6), 2000. 1228-1237.
[73] C L Hsu, T S Wu, T C Wu. Improvements of Generalization of Threshold Signature and Authenticated Encryption for Group Communications. Information Processing Lettes, Vol. 81(1), 2002. 41-45.
[74] Tzer Shyong, Chen Kuo Hsuan Huang and Yu-Fang Chung. A Practical Authenticated Encryption Scheme Based on the Elliptic Curve Cryptosystem. Computer Standards & Interfaces 26.2004. 461-469.
[75] S F Tzeng, M S Hwang. Digital Signature with Message Recovery and Its Variants Based on Elliptic Curve Discrete Logarithm Problem. Computer Standards & Interface, Vol.26(2), pp. 61-71, 2004. 61-71.
[76] M S Hwang and C Y Liu. Authenticated Encryption Schemes: Current Status and Key Issues. International Journal of Network Security, Vol. 1 (2), 2005.54-66.
[77] Y M Tseng and J K Jan. An Efficient Authenticated Encryption Scheme with Message Linkages and Low Communication Costs. Journal of Information Science and Engineering, Vol.18, 2002. 41-46.
[78] E J Yoon and K Y Yoo. Robust Authenticated Encryption Scheme with Message Linkages. Information and Engineering System KES 2005, LNAI 3684, 2005.281-288.
[79] Y Zheng, H. Imai. How to Construct Efficient Signcryption Schemes on Elliptic Curves. Information Processing Letters, 68 (5). 1998. 227-233.
[80] Y Zheng, H Imai. Compact and Unforgeable Key Establishment over an ATM Network. Proceedings of IEEE INFOCOM'98, 29/3-3/4, San Francisco.Goichiro Hanaoka. 1998. 411-418.
[81] Y Zheng. Using Signcryption to Build Compact and Efficient Protocols for Unforgeable Session Key Establishment. San Francisco, CA. USA.1999. 411-418.
[82] Hanaoka G, Y Zheng, and H Imai. LITESET: a Light-Weight Secure Electronic Transaction Protocol. In: ACISP 1998, LNCS 1438, Springer-Verlag, 1998. 215-226.
[83] Goichiro Hanaoka, Yuliang Zheng and Hideki Imai. Improving the Secure Electronic Transaction Protocol by Using Signcryption. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science. Vol.E84-A, No.8, 2001.2002-2051.
[84] M Seo and K Kim. Electronic Funds Transfer Protocol using Domain-verifiable Signcryption Scheme. In: Information Security and Cryptology - ICISC'99, LNCS 1787, Springer-Verlag, 2000. 269-277.
[85] D Kwak, J Ha, H Lee, etc. A WTLS Handshake Protocol with User Anonymity and Forward Secrecy. In: CDMA International Conference - CIC'2002, LNCS 2524, Springer-Verlag, 2002. 219-230.
[86] Xiao lin Pang, Kian Lee Tan, Yan Wang. A Secure Agent-Mediated Payment Protocol. In: ICICS 2002, LNCS 2513, Springer-Verlag, 2002. 422-433.
[87] Gamage C, Leiwo J, Zheng Y. An Efficient Scheme for Secure Message Transmission Using Proxy-signcryption. In: Edwards J, ed. Proceedings of the 22th Australasian Computer Science. Auckland: Springer-Verlag, 1999. 420~431.
[88] Chandana Gamage, Jussipekka Leiw and Yuliang Zheng. An Efficient Scheme for Secure Message Transmission using Proxy-Signcryption. Proceedings of the 22nd Australasian Computer Science Conference (ACSC'99), Australian Computer Science Communications, Vol.21, No.1, Springer.1999. 420-431.
[89] Amit K Awasthi. An Efficient Scheme for Sensitive Message Transmission using Blind Signcryption, arXiv:cs.CR/0504095, April 23, 2005.
[90] H F Huang and C C Chang. An Efficient Convertible Authenticated Encryption Scheme and Its Variant. Information and Communications Security (ICICS'03), LNCS 2836, Springer-Verlag, 2003. 382-392.
[91] B N Park and W Lee. ISMANET: A Secure Routing Protocol Using Identity-Based Signcryption Scheme for Mobile Ad-Hoc Networks. IEICE Transations on Comunications, Vol.E88-B, No.66, 2005. 2548-2565.
[92] Deng H, Agrawal D. TIDS:Threshold and Identitybased Security Scheme for Wireless Ad hoc Networks. Ad Hoc Networks, 2004, 2(3).291-307.
[93] Namje Park, Kiyoung Moon, Kyoil Chung, etc. A Security Acceleration Using XML Signcryption Scheme in Mobile Grid Web Services. Proc. of the 5th International Conference on Web Engineering (ICWE 2005), Sydney, Australia, 2005, LNCS Vol. 3579. 91-196.
[94] B Park, J Myung, and W. Lee. ISSRP: A Secure Routing Protocol using Identity-based Signcryption Scheme in Ad-Hoc Networks. Lecture Notes in Computer Science (LNCS), Vol. 3320, Springer-Verlag, 2004. 711-714.
[95] Yah Wang, Tieyan Li. LITESET/A++: A New Agent-Assisted Secure Payment Protocol. CEC, 2004.244-251.
[96] B Park, J Myung, and W. Lee. LSRP: A Lightweight Secure Routing Protocol with Low Cost for Ad-Hoc Networks. Lecture Notes in Computer Science (LNCS), Vol. 3391, Springer-Verlag, February 2005.160-169.
[97] Yi Wang, Jussipekka Leiwo, Thambipillai Srikanthan, etc. FPGA Based DPA-resistant Unified Architecture for Signcryption. Proceedings of the Third International Conference on Information Technology.
[98] DongJin Kwak, JaeCheol Ha, Hoonjae Lee, etc. LM Signcryption and Its Application in WTLS Handshake Protocol for User Anonymity. The 6th Joint Workshop on Modern Electronic Technologies and Applications, Vol. 6, No 1, 2001. 142-153.
[99] Anshuman Rawat and Shabsi Walfish. A Parallel Signcryption Standanard Using RSA with PESE Project Report, May 2003.
[100] D Boneh, M Franklin. Identity Based Encryption From the Weil Pairing. Advances in Cryptology-Crypto'01. Lecture Notes in Computer Science, Vol. 2139. Springer-Verlag, Berlin Heidelberg (2001), 213.
[101] B H Chen. Improvement of Authenticated Encryption Schemes with Message Linkages for Message Flows. Computers and Electrical Engineering, vol. 30, no. 7, 2004. 465-469.
[102] Hwang S, Chang C, Yang W. Authenticated Encryption Schemes with Message Linkages. Information Processing Letters,1996. 189-194.
[103] Lee W B, Chang C C. Authenticated Encryption Schemes with Linkage Between Message Blocks. Information Processing Letters,1997, 63. 247-250.
[104] Y M Tseng and J K Jan. An Efficient Authenticated Encryption Scheme with Message Linkages and Low Communication Cost. Journal of Information Science and Engineering, Vol. 18, No.1, January 2002. 41-46.
[105] Y M Tseng, J K Jan, H Y Chien. Authenticated Encryption Schemes with Message Linkages for Message Flows. Computers and Electrical Engineering, 29 (1) 2003. 101-109.
[106] H H Feng, C C Chang. Enhancement of the Authenticated Encryption Schemes with Message Linkages. The Second International Workshop for Asia Public Key Infrastructure (IWAP2002), 2002.
[107] S Goldwasser and S Micali. Probabilistic Pncryption. Journal of Computer and System Sciences, April 1984, Vol.28. 270-299.
[108] ElGamal T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Information Theory, Vol.IT-31, No.4, 1985. 469-472.
[109] Fiat A and Shamir A. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Advances in Cryptology—CRYPTO'86, Springer-Verlag, LNCS 263. 1986. 186-194.
[110] Miyazaki Shingo and Sakurai Kouichi. A Parallel Withstanding Attack with Forging Key Certificates on an Electronic Cash System Based on Message-recovery Blind Digital Signatures. Proc. of International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). HongKong, 1999.163-167.
[111] National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature Standard", U.S. Department of Commerce, 1994.
[112] Pointcheval D. Strengthened Security for Blind Signatures. Advances in Cryptology—Eurocrypt'98, LCNS 1403, Springer-Verlag, 1998. 91-405.
[113] Rivest R L, Shamir A, and Adleman L M. On Digital Signatures and Public Key Cryptosystems. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, 1979.
[114] Okamoto T. A Digital Multi-signature Scheme Using Bijective Public-key Cryptosystems. ACM Trans. on Computer Sciences, Vol.6, No.8. 1988. 432-441.
[115] Wang Xiaoyun, Feng Dengguo, Yu Xiuyuan, etc. An Attack on Function HAVAL-128, Science in China Series E 2005.
[116] Wang Xiaoyun, Yu Hongbo. How to Break MD5 and Other Hash Functions. Eurocrypt'05.
[117] Wang Xiaoyun, Yin Yiqun Lisa, Yu Hongbo. Finding Collisions in the Full SHA-1. Crypt'2005.
[118] T. Nakanishi. M. Tao, Y. Sugiyama. A Group Signature Scheme Committing the Group. ICIS2002, Springer-Verlag, LNCS2513, 2002. 73-84.
[119] Schnorr C. P. Efficent Signature Generation for Smart Cards. Journal of Cryptology, Vol.4(3), 1991. 161-174.
[120] Sun H. Lee N. Hwang T. Threshold Proxy Signatures. IEE Proc. Computer and Digital Techniques, Vol.146(5),1999. 259-263.
[121] S.Lal and A K Awasthi. Proxy blind signature scheme. Cryptology ePrint Archive, Report 2003/072. Available at http://eprint.iacr.org/, 2003.
[122] M Bellare and P Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. ACM Conference on Computer and Communications Security, Proceedings of ACM CCCS '93, ACM, 1993. 62-73.
[123] Alexandra Boldyreva and Marc Fischlin. Analysis of Random Oracle Instantiation Scenarios for OAEP and other Practical Schemes. Advances in Cryptology-Crypto 2005 Proceedings, Lecture Notes in Computer Science, Vol. 3621, 2005.
[124] C Laih, J Lee, L Ham, etc. A New Scheme for ID-based Cryptosystem and Signature. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies, 1989. 998-1002.
[125] C Chang and C Lin. An ID-based Signature Scheme Based upon Rabin's Public Key Cryptosystem. Proceedings of the 25th Annual IEEE International Carnahan Conference on Security Technology, 1991. 139-141.
[126] G Agnem, R Mullin and S Vanstone. Improved Digital Signature Scheme Based on Discrete Exponentiation. Electronics Letters, 26 (14) 1990.1024-1025.
[127] R Sakai, K Ohgishi and M Kasahara. Cryptosystems Based on Pairing. 2000 Symposium on Cryptography and Information Security (SCIS 2000), Okinawa, 2000. 26-28.
[128] K G. Paterson. ID-based Signatures from Pairings on Elliptic Curves. Electronics Letters, 38(18), 2002. 1025-1026.
[129] F Hess. Efficient Identity Based Signature Schemes Sased on Pairings. Selected Areas in Cryptography-SAC 2002, LNCS 2595, Springer-Verlag, 2003. 310-324.
[130] J C Cha and J H Cheon. An Identity-based Signature from Gap Diffie-Hellman Groups. Practice and Theory in Public Key Cryptography- PKC 2003, LNCS 2567, Springer-Verlag, 2003.18-30.
[131] X Yi. An Identity-based Signature Scheme from the Weil Pairing. IEEE Communications Letters, 7(2), 2003.76-78.
[132] K Ohta and E Okamoto. Practical Extension of Fiat-Shamir Scheme. Electronics Letters, 24(15), 1988. 955-956.
[133] A J Menezes. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993.
[134] J H Silverman. The Arithmetic of Elliptic Curves. Springer-Verlag, New York, 1986.
[135] A Joux. A One Round Protocol for Tripartile Diffie-Hellman. Proc of ANTS 4, LNCS 1838, 2000. 385-394.
[136] D Boneh, M Franklin. Identity Based Encryption From the Weil Pairing. Advances in Cryptology-Crypto'01, LNCS 2139, Springer, 2001.
[137] A Shamir. Identity Based Cryptosystems and Signature Schemes, Advances in Cryptology - Crypto' 84, LNCS 0196, Springer, 1984.
[138] N Koblitz. Elliptic Curve Cryptosystems. Mathematics of Computation, 48 (177) 1987. 203-209.
[139] V S Miller. Use of Elliptic Curve in Cryptography. Advances in Cryptology-Crypto'85, LNCS 218, Springer-Verlag, 1986. 417-426.
[140] N Koblitz. Hyperelliptic Cryptography. Journal of Cryptography, 1(3), 1989. 139-150.
[141] A Joux and K Ngnyen. Seperating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Cryptology ePrint Archive, Report 2001/003, http://epdnt.iacr.org.
[142] J H Cheon and D H Lee. Diffie-Hellman Problems and Bilinear Maps. Cryptology ePrint Archive, Report 2002/117, http://eprint.iacr.org.
[143] D Boneh, C Gentry, B lyn, etc. Aggregate and Vedfiably Encrypted Signatures from Bilinear Maps. Advances in Cryptology-Eurocrypt'03, LNCS 2656, Springer-Verlag, 2003. 416-432.
[144] Mun Kyu Lee, Dong Kyue Kim, Kunsoo Park. An Authenticated Encryption Scheme with Public Verifiability. 5th Japan-Korea Joint Workshop on Algorithms and Computation. Tokyo, Japan, 2000. 49-56.
[145] D Yum and P Lee. New Signcryption Schemes Based on KCDSA. In the 4th International Conference on Information Security and Cryptology. LNCS 2288, Berlin, Springer-Verlag, 2001.341- 354.
[146] Jun Shin, Kwangsu Lee, and Kyungah Shim. New DSA-vedfiable Signcryption Schemes. Jun-BICISC 2002[C]. LNCS 2587, Berlin, Heidelberg, Springer-Verlag, 2003.35-47.
[147] SHAO Z. Signature Scheme Based on Discrete Logarithm without Using One-way Hash-function. Electron Lett. 34, (11) 1998. 1079-1080.
[148] HARN L and LIN H.Y. An Authenticated Key Agreement Protocol without Using One-way Function. Proc. 8th Nat. Conf. Information Security, Kaohsiung, Taiwan, 1998. 155-160.
[149] HARN L. Digital Signatures for Diffie-Hellman Public Keys without Using One-way Function. Electron. Lett. 33, (2), 1997.125-126.
[150] L Harn, HY Lin. Authenticated Key Agreement without using one-way Hash Functions.
[151] W Lee and C Chang. Authenticated Encryption Scheme without Using a One-way Function. Electronics Letters, 31(19), 1995. 1656-1657.
[152] K Chen. Signature with Message Recovery. Electronics Letters, 34 (20), 1998.1934.
[153] K Nyberg and R A Rueppel. A New Signature Scheme Based on the DSA Giving Message Recovery. 1st ACM Conference on Computer and Communications security [C]. New York: ACM Press, 1993, 58 - 61.
[154] YOU Lin, YANG Yixian, ZHANG Chunqi. Comments on A Signcryption. The Journal of China Universities of Posts and Telecommunications Vol. 9, No. 3 ,2002. 28-31.
[155] Mitchell C J, Yuen C Y. Comment: Signature Scheme with Messge Recovery. Electron Lett .35 (3), 1999. 217.
[156] Yeun C Y. Digital Signature with Messge Recovery and Authenticated Encryption (Signcryption), a Comparison. IMA2Crypto & Coding' 99, LNCS 1746, 1999.307 - 312.
[157] 伊丽江,蔡勉,肖国镇;对一种消息恢复数字签名的注记;西安电子科技大学学报,Vol.27,No.2,2000,256-258。
[158] C Perkins, E.Royer. Ad-hoc On-Demand Distance Vector Routing. In Proceedings of the IEEE Workshop on Mobile Computing Systems and Applications (WMCSA), Washington, DC, USA, 1999. 90-100.
[159] M Zapata, N Asokan. Securing Ad hoc Routing Protocols. In Proceedings of the 2002 ACM Workshop on Wireless Security (WiSe 2002), Atlanta, Geogia, USA,2002. 1-10.
[160] Y C Hu, A Perrig, D B Johnson, etc. A Secure On-Demand Routing Protocol for Wireless Ad hoc Networks. Technical Report TR01- 383, Department of Computer Science, Rice University, 2001.
[161] Y P Papadimitratos, Z J Haas. Secure Routing for Mobile Ad hoc Networks. In Proceedings of SCS Communication Networks and Distributed Systems Modeling and Simulation (CNDS), San Antonio, TX, 2002.
[162] S Yi, P Naldurg, and R Kravets. Security-aware Ad hoc Routing for Wireless Networks. In Proc. ACM Mobile hoc, New York, ACM Press, 2001.
[163] Menezes A J, Qu M, Vanstone S A. Some Key Agreement Protocols Providing Implicit Authentication. 2nd Workshop Selected Areas in Cryptography (SAC'95). Nashville, TN, 1995, 22-32.
[164] D Seo and P Sweeney. Simple Authenticated Key Agreement Algorithm. IEE Electronics Letters 35 (13), 1999. 1073-1074.
[165] B Kalisld. An Unknown Key-share Attack on the MQV Key Agreement Protocol. ACM Transaction on Information and Systenis Security, vol. 4, 2001. 275-288.
[166] H Sun, B Hsieh. Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings. Cryptogarphy ePrint Archive, Report 2003/113, available at http://eprint.iacr.org/2003/113, 2003.
[167] L Law, A Menezes, M Qu, etc. An Efficient Protocol for Authenticated Key Agreement. Technical Report CORR98, 1998.
[168] I C Lin, C C Chang and M S Hwang. Security Enhancement for the Simple Authentication Key Agreement Algorithm. In The Twenty-Fourth Annual International Computer Software and Applications Conference (COMPSAC)'2000, 2000. 113-115.
[169] C L Hsu, T S Wu and T C Wu. Improvement of Modified Authenticated Key Agreement Protocol. Applied Mathematics and Computation 142, 2003. 305 - 308.
[170] Y J Choie, E Jeong and E Lee. Efficient Identity-based Authenticated Key Agreement Protocol from Pairings. Applied Mathematics and Computation, vol. 162(1), 2005.179-188.
[171] N Smart. An ID-based Authenticated Key Agreement Protocol Based on the Weil Pairing. Elec. Lett., vol. 38(13), 2002. 630-632.
[172] K Shim. Efficient ID-based Authenticated Key Agreement Protocol from the Weil Pairing. Elect. Lett., vol. 39, 2003. 653-654.
[173] Hugo M, Krawczyk. HMQV: A High-performance Secure Diffie-Hellman Protocol. Advances in Cryptology. CRYPTO 2005, LNCS3621. Berlin: Springer-Verlag, 2005.546-566.
[174] Choi KY, Hwang JY, Lee DH, etc. ID-based Authenticated Key Agreement for Low-Power Mobile Devices. ACISP 2005, LNCS 3574. Springer-Verlag Berlin Heidelberg, 2005. 494-505.
[175] R Sakai and M Kasahara. ID Based Cryptosystems with Pairing on Elliptic Curve. In SCIS'2003, Hamamatsu, Japan, 2003. http://eprint.iacr.org/2003/054.
[176] S Galbraith, K Harrison, and D Soldera. Implementing the Tate Pairing. In Algorithm Number Theory Symposium-ANTS V, volume 2369 of Lecture Notesin Computer Science, Springer-Verlag, 2002. 324-337.
[177] A W Dent. ACE-KEM and the General KEM-DEM Structure. Internal report, NESSIE, 2002. NES/DOC/RHU/WP5/023.
[178] R Shipsey. Summary of Victor Shoup's ISO Document on Public key Encryption. Internal report, NESSIE, 2001.
[179] Waka Nagao, Yoshifumi Manabe and Tatsuaki Okamoto. A Universally Composable Secure Channel Based on the KEM-DEM Framework. TCC 2005, LNCS 3378. 2005. 426-444.
[180] S Abe, R Gennaro, and K Kurosawa. Tag-KEM/DEM: A New Framework for Hybrid Encryption. Cryptology ePrint Archive: Report 2005/027, 2005.
[181] M Abe, R Gennaro, K Kurosawa, etc. Tag-KEM/DEM: A New Framework for Hybrid Encryption and a New Analysis of Kurosawa-Desmedt KEM. In Ronald Cramer, editor, EUROCRYPT, volume 3494 of Lecture Notes in Computer Science, Springer, 2005. 128 - 146.
[182] M Abe, Yang Cui, H Imai, and K Kurosawa. Tag-KEM from Set Partial Domain One-Way Permutations. ICALP'06, 2006.
[183] Zhang Chuanrong, Xiao Hong, Xiao Guozhen. Improvement of a Simple Authentication Key Agreement Protocols. CHINACRYPT' 2006, 253-258。
[184] 张福泰,姬东耀,王育民;签密的门限生成协议;密码学新进展 -Chinacrypt’2002,科学出版社;93-202。
[185] 杨义先,孙伟,钮心忻;现代密码新理论;北京:科学出版社,2002。
[186] 王育民,刘建伟.通信网的安全-理论与技术;西安,西安电子科技大学出版 社,1999。
[187] 冯登国;计算机通信网络安全;北京:清华大学出版社,2001。