基于双线性对的认证体制研究
|
摘要
随着计算机和计算机网络的快速发展,信息安全已经成为信息社会急需解决的问题。认证体制是保障信息安全的重要手段之一,可以提供认证性、不可否认性和数据完整性等安全服务,是实现安全电子商务和安全电子政务的关键技术。尽管很多学者对认证体制开展了大量的研究工作,取得了丰硕的研究成果,但是仍存在一些问题有待解决,值得进一步深入研究。
可证安全性是数字签名方案的基本要求。大多数现有的比较有效的数字签名方案都是在随机预言模型中可证安全。可是,理想化的随机预言模型存在一定的局限性,即理想的随机函数不能在实际环境中实现。因此,如何设计在标准模型下可证安全且有效的数字签名方案是一个重要问题。利用双线性对技术构造了一个在标准模型下可证安全且有效的数字签名方案。基于强Diffie-Hellman假设,在标准模型中证明了该数字签名方案在适应性选择消息攻击下是强存在性不可伪造。在这个签名方案中,生成签名不需要配对运算,验证签名只需要两次配对运算。
作为普通数字签名的一种变形,代理签名允许原始签名者把签名权利委托给代理签名者,具有广泛的应用。但是现有的代理签名方案大多存在不足,有的代理签名方案只有启发式分析,没有形式化安全模型和严格的证明,有的只是在较弱的安全模型中可证安全,这些弱安全模型没有考虑实际中存在的适应性选择密钥和选择授权书攻击。为了克服这些弱点,提出了两个新的加强型代理签名安全模型,一个是加强型注册密钥模型,另一个是选择密钥模型,在此基础上利用双线性对构造了两个代理签名方案,一个在加强型注册密钥模型下可证安全,另一个在选择密钥模型下可证安全。这两个代理签名方案中的普通签名和代理签名都是短签名,即只用一个群元素表示。在强安全模型下给出了这两个代理签名方案的形式化安全证明,将它们的安全性直接归约为基本签名方案的安全性。
聚集签名方案是一种支持把多个签名压缩成单个短签名的数字签名方案,聚集有助于减少带宽和存储。为了减少实施普通签名和代理签名的存储量和验证这些签名的计算量,提出了一种新的聚集签名,称为无限制混合聚集签名,并给出了形式化定义和安全模型。利用双线性对技术构造了一个无限制混合聚集签名方案UHAS。与以前的聚集签名方案不同的是,UHAS支持把普通签名和代理签名通过聚集算法聚集成一个短签名。更重要的是,不要求这些签名的签名者是不同的,也不要求待签名的消息是不同的。单个聚集签名就能使验证者确信,所有的签名者的确已经对相应的消息签名。基于计算性co-Diffie-Hellman假设在随机预言模型中证明了方案UHAS的安全性。
无证书数字签名是一种新型的数字签名,它既能克服传统数字签名中的证书管理问题,又能避免基于身份的签名体制中的密钥托管问题。可是,很多无证书签名方案存在安全漏洞。分析了一些基于双线性对的无证书数字签名方案,包括普通无证书签名方案、无证书代理签名方案、带安全中介的无证书签名方案、标准模型下可证安全的无证书签名方案,证明了这些无证书签名方案对于密钥替换攻击和恶意KGC攻击是不安全的,指出了产生安全漏洞的原因,并给出了防止措施和改进方案。
现有身份认证协议的安全性大多是在随机预言模型这一理想模型中证明的。利用在标准模型中可证安全的数字签名方案构造了两个高效和可证安全的基于ID的身份认证协议,分析了这两个基于ID的身份认证协议的安全性,基于强Diffie-Hellman假设在标准模型中证明了一个在被动攻击下可防止冒充安全,另一个在主动和并行攻击下可防止冒充安全。
With the fast development of computer and networks, information security has become one of the most important problems in the information society. Authentication schemes are one of the most useful and fundamental primitives in public key cryptography which applies cryptographic methods to achieve the security services such as authenticity, integrity and nonrepudiation. Digital signatures and identification protocols are the crucial techniques to realize the secure e-commerce and secure e-government. Many researchers do much work on authentication schemes, and obtain great achievement. However, some issues on authentication schemes are not resolved effectively. It is necessary to do further research on these issues.
Provable security is the basic requirement of digital signature schemes. Most of existing digital signature schemes are provably secure in the random oracle model. However, the idealized random oracle model has certain limitations, that is, ideal random functions cannot be implemented in the standard model. Therefore, it is an important issue to design an efficient and provably secure in the standard model. A new and efficient signature scheme was presented, which was provably secure in the standard model from bilinear maps. The security of the proposed scheme is based on the strong Diffie-Hellman (SDH) assumption. The formal proof of security of the proposed signature scheme was showed under the SDH assumption in the standard model. The proposed scheme is practical. The generation of signatures needs not the calculation of bilinear maps and the verification just needs twice calculations of bilinear maps.
As a variant of ordinary signature schemes, proxy signature schemes allow original signers to delegate their signing rights to proxy signers and are useful in many applications. However, there are some drawbacks in most of existing proxy signature schemes. Some schemes have only heuristic analysis, that is, they have no formal security models and rigorous security proofs; some schemes are provable secure only in the weak security models, which did not consider the real attacks such as chosen key attacks and chosen delegation warrant attacks. In order to overcome these flaws, two new enhanced formal model of security for proxy signature schemes are presented: one is the enhanced registered key model and the other is the chosen key model. Two proxy signature schemes are proposed from bilinear maps: one is provably secure in the enhanced registered key model and the other is provably secure in the chosen key model. In the two proposed proxy signature schemes, ordinary signatures and proxy signatures are all short signatures, i.e., each signature is represented only one element of the employed group. Security proofs of the two proposed proxy signature schemes were provided by reducing directly the security of the proxy scheme to the basic signature schemes.
An aggregate signature scheme is a digital signature scheme which allows a collection of signatures to be able to be compressed into one short signature. Aggregation is useful to reduce bandwidth and storage. To reduce the amount of memory required to store standard signatures and proxy signatures, and the computational time required to verify their validity, a new notion called unrestricted hybrid aggregate signatures is introduced and formalized. Unlike previous aggregate signatures, unrestricted hybrid aggregate signatures can aggregate simultaneously standard signatures and proxy signatures into a single short signature, and more importantly it is not required that all the signers and/or all the messages are distinct. The single signature will convince the verifier that all the signers did indeed sign the corresponding messages. A concrete unrestricted hybrid aggregate signature scheme UHAS based on bilinear maps was proposed. The proposed scheme UHAS was showed that it was provable secure in the random oracle under the computational co-Diffie-Hellman assumption.
Certificateless signatures are a new and attractive paradigm, which can eliminate the use of certificates as in the traditional PKI, while at the same time, solve the key escrow problem that is inherent in identity based cryptography. Unfortunately, many proposed certificateless signature schemes have security flaws. Several certificateless cryptosystems were analyzed which involved a certificateless signature scheme, a certificateless proxy signature schemes, a mediated certificateless signature scheme and a certificateless signature scheme provably secure in the standard model. It was showed that these certificateless signature schemes were all insecure against key replacement attacks and/or malicious KGC attacks. The reasons for these flaws were discussed and the defense measures and improved schemes were given.
Most existing identification protocols are provably secure in the random oracle model. In this thesis, two efficient and provably secure ID-based identification schemes were presented, which are provably secure in the standard model based on the strong Diffie-Hellman assumption. It was showed in the standard model that one scheme was secure against impersonation under passive attack and the other scheme was secure against impersonation under active and concurrent attacks.
可证安全性是数字签名方案的基本要求。大多数现有的比较有效的数字签名方案都是在随机预言模型中可证安全。可是,理想化的随机预言模型存在一定的局限性,即理想的随机函数不能在实际环境中实现。因此,如何设计在标准模型下可证安全且有效的数字签名方案是一个重要问题。利用双线性对技术构造了一个在标准模型下可证安全且有效的数字签名方案。基于强Diffie-Hellman假设,在标准模型中证明了该数字签名方案在适应性选择消息攻击下是强存在性不可伪造。在这个签名方案中,生成签名不需要配对运算,验证签名只需要两次配对运算。
作为普通数字签名的一种变形,代理签名允许原始签名者把签名权利委托给代理签名者,具有广泛的应用。但是现有的代理签名方案大多存在不足,有的代理签名方案只有启发式分析,没有形式化安全模型和严格的证明,有的只是在较弱的安全模型中可证安全,这些弱安全模型没有考虑实际中存在的适应性选择密钥和选择授权书攻击。为了克服这些弱点,提出了两个新的加强型代理签名安全模型,一个是加强型注册密钥模型,另一个是选择密钥模型,在此基础上利用双线性对构造了两个代理签名方案,一个在加强型注册密钥模型下可证安全,另一个在选择密钥模型下可证安全。这两个代理签名方案中的普通签名和代理签名都是短签名,即只用一个群元素表示。在强安全模型下给出了这两个代理签名方案的形式化安全证明,将它们的安全性直接归约为基本签名方案的安全性。
聚集签名方案是一种支持把多个签名压缩成单个短签名的数字签名方案,聚集有助于减少带宽和存储。为了减少实施普通签名和代理签名的存储量和验证这些签名的计算量,提出了一种新的聚集签名,称为无限制混合聚集签名,并给出了形式化定义和安全模型。利用双线性对技术构造了一个无限制混合聚集签名方案UHAS。与以前的聚集签名方案不同的是,UHAS支持把普通签名和代理签名通过聚集算法聚集成一个短签名。更重要的是,不要求这些签名的签名者是不同的,也不要求待签名的消息是不同的。单个聚集签名就能使验证者确信,所有的签名者的确已经对相应的消息签名。基于计算性co-Diffie-Hellman假设在随机预言模型中证明了方案UHAS的安全性。
无证书数字签名是一种新型的数字签名,它既能克服传统数字签名中的证书管理问题,又能避免基于身份的签名体制中的密钥托管问题。可是,很多无证书签名方案存在安全漏洞。分析了一些基于双线性对的无证书数字签名方案,包括普通无证书签名方案、无证书代理签名方案、带安全中介的无证书签名方案、标准模型下可证安全的无证书签名方案,证明了这些无证书签名方案对于密钥替换攻击和恶意KGC攻击是不安全的,指出了产生安全漏洞的原因,并给出了防止措施和改进方案。
现有身份认证协议的安全性大多是在随机预言模型这一理想模型中证明的。利用在标准模型中可证安全的数字签名方案构造了两个高效和可证安全的基于ID的身份认证协议,分析了这两个基于ID的身份认证协议的安全性,基于强Diffie-Hellman假设在标准模型中证明了一个在被动攻击下可防止冒充安全,另一个在主动和并行攻击下可防止冒充安全。
With the fast development of computer and networks, information security has become one of the most important problems in the information society. Authentication schemes are one of the most useful and fundamental primitives in public key cryptography which applies cryptographic methods to achieve the security services such as authenticity, integrity and nonrepudiation. Digital signatures and identification protocols are the crucial techniques to realize the secure e-commerce and secure e-government. Many researchers do much work on authentication schemes, and obtain great achievement. However, some issues on authentication schemes are not resolved effectively. It is necessary to do further research on these issues.
Provable security is the basic requirement of digital signature schemes. Most of existing digital signature schemes are provably secure in the random oracle model. However, the idealized random oracle model has certain limitations, that is, ideal random functions cannot be implemented in the standard model. Therefore, it is an important issue to design an efficient and provably secure in the standard model. A new and efficient signature scheme was presented, which was provably secure in the standard model from bilinear maps. The security of the proposed scheme is based on the strong Diffie-Hellman (SDH) assumption. The formal proof of security of the proposed signature scheme was showed under the SDH assumption in the standard model. The proposed scheme is practical. The generation of signatures needs not the calculation of bilinear maps and the verification just needs twice calculations of bilinear maps.
As a variant of ordinary signature schemes, proxy signature schemes allow original signers to delegate their signing rights to proxy signers and are useful in many applications. However, there are some drawbacks in most of existing proxy signature schemes. Some schemes have only heuristic analysis, that is, they have no formal security models and rigorous security proofs; some schemes are provable secure only in the weak security models, which did not consider the real attacks such as chosen key attacks and chosen delegation warrant attacks. In order to overcome these flaws, two new enhanced formal model of security for proxy signature schemes are presented: one is the enhanced registered key model and the other is the chosen key model. Two proxy signature schemes are proposed from bilinear maps: one is provably secure in the enhanced registered key model and the other is provably secure in the chosen key model. In the two proposed proxy signature schemes, ordinary signatures and proxy signatures are all short signatures, i.e., each signature is represented only one element of the employed group. Security proofs of the two proposed proxy signature schemes were provided by reducing directly the security of the proxy scheme to the basic signature schemes.
An aggregate signature scheme is a digital signature scheme which allows a collection of signatures to be able to be compressed into one short signature. Aggregation is useful to reduce bandwidth and storage. To reduce the amount of memory required to store standard signatures and proxy signatures, and the computational time required to verify their validity, a new notion called unrestricted hybrid aggregate signatures is introduced and formalized. Unlike previous aggregate signatures, unrestricted hybrid aggregate signatures can aggregate simultaneously standard signatures and proxy signatures into a single short signature, and more importantly it is not required that all the signers and/or all the messages are distinct. The single signature will convince the verifier that all the signers did indeed sign the corresponding messages. A concrete unrestricted hybrid aggregate signature scheme UHAS based on bilinear maps was proposed. The proposed scheme UHAS was showed that it was provable secure in the random oracle under the computational co-Diffie-Hellman assumption.
Certificateless signatures are a new and attractive paradigm, which can eliminate the use of certificates as in the traditional PKI, while at the same time, solve the key escrow problem that is inherent in identity based cryptography. Unfortunately, many proposed certificateless signature schemes have security flaws. Several certificateless cryptosystems were analyzed which involved a certificateless signature scheme, a certificateless proxy signature schemes, a mediated certificateless signature scheme and a certificateless signature scheme provably secure in the standard model. It was showed that these certificateless signature schemes were all insecure against key replacement attacks and/or malicious KGC attacks. The reasons for these flaws were discussed and the defense measures and improved schemes were given.
Most existing identification protocols are provably secure in the random oracle model. In this thesis, two efficient and provably secure ID-based identification schemes were presented, which are provably secure in the standard model based on the strong Diffie-Hellman assumption. It was showed in the standard model that one scheme was secure against impersonation under passive attack and the other scheme was secure against impersonation under active and concurrent attacks.
引文
[1] Shannon C E. Communication theory of secrecy systems. Bell Systems Technical Journal, 1949,28(4): 656-715
[2] NBS. Data Encryption Standard (DES). U.S. Department of Commerce, FIPS Publication 46, Washington, D.C., January 1977. National Bureau of Standards
[3] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 22(6): 644-654
[4] Rivest R L, Shamir A, Adleman L M. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120-126
[5] El Gamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, IT-31(4): 469-472
[6] Schnorr C P. Efficient identification and signatures for smart cards.in: Crypto '89,LNCS 435. Berlin: Springer-Verlag, 1990. 235-251
[7] Schnorr C P. Efficient signature generation by smart cards. Journal of Cryptology,1991,4(3): 161-174
[8] Rabin M 0. Digitized signatures and public-key functions as intractable as factorization. Technical Report LCS/TR-212, MIT Laboratory for Computer Science,1979
[9] NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186,November 1994
[10] Okamoto T. Provably secure and practical identification schemes and corresponding signature schemes.in: Crypto '92, LNCS 740. Berlin: Springer-Verlag, 1992. 31-53
[11] Fiat A, Shamir A. How to prove yourself: practical solutions of identification and signature problems.in: Odlyzko A M, ed. Advances in Cryptology-Crypto '86, LNCS 263. Berlin: Springer-Verlag, 1987. 186-194
[12] Bellare M, Micali S. How to sign given any trapdoor function.in: Goldwasser G,ed. Advances in Cryptology-CRYPTO'88, LNCS 403. Berlin: Springer-Verlag, 1990.200-215
[13] Joux A. A one round protocol for tripartite Diffie-Hellman. in: Proceedings of ANTS 4, LNCS 1838. Berlin: Springer-Verlag, 2000. 385-394
[14] Boneh D, Lynn B, Shacham H, Short signatures from the Weil pairing.in:Proceedings of Asiacrypt 2001, LNCS 2248. Berlin: Springer-Verlag, 2001. 514-532
[15] Hess F. Efficient identity based signature schemes based on pairings.in: Nyberg K,Heys H, eds. SAC2002,LNCS 2595. Berlin: Springer-Verlag, 2003.310-324
[16] Cha J C. Cheon J. An identity-based signature from gap Diffie-Hellman groups.in:Desmedt Y G, ed. PKC 2003, LNCS 2567. Berlin: Springer-Verlag, 2003.18-30
[17] Goldwasser S, Micali S, Rivest R. A digital signature scheme secure against adaptive chosen message attacks. SIAM Journal on Computing, 1988,17(2): 281-308
[18] Dwork C, Naor'M. An efficient existentially unforgeable signature scheme and its applications.in: Advances in Cryptology - CRYPTO'94, LNCS 839. Berlin:Springer-Verlag, 1994. 234-246
[19] Cramer R, Damgard I. New generation of secure and practical RSA based signatures.in: Advances in Cryptology - CRYPTO'96, LNCS 1109. Springer-Verlag, 1996.173-185
[20] Bellare B, Rogaway P. Random oracles are practical: A paradigm for designing efficient protocols.in: 1st ACM Conference on Computer and Communications Security. New York: ACM Press, 1993. 62-73
[21] Bellare B, Rogaway P. The exact security of digital signatures: How to sign with RSA and Rabin.in: Maurer U,ed. Advances in Cryptology-EUROCRYPT'96. LNCS 1070,Berlin: Springer-Verlag, 1996.399-416
[22] Pointcheval D, Stern J. Security proofs for signature schemes. in: Maurer U, ed.Advances in Cryptology - EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag,1996. 387-398
[23] Pointcheval D, Stern J. Provably proofs for blind signature schemes. in: Advances in Cryptology-ASIACRYPT'96, LNCS 1163. Berlin: Springer-Verlag, 1996. 252-265
[24] Canetti R, Goldreich O, Halevi S. The random oracle methodology, Revisited.Journal of the ACM, 2004,51 (4): 557-594
[25] Gennaro R, Halevi S, Rabin T. Secure hash-and-sign signatures without the random oracle.in: Stern J, ed. Proceedings of EUROCRYPT'99, LNCS 1592. Berlin:Springer-Verlag, 1999. 123-139
[26] Cramer C, Shoup V. Signature scheme based on the strong RSA assumption. ACM Transactions on Information and System Security, 2000, 3(3): 161-185
[27] Naccache D, Pointcheval D, Stern J. Twin signatures: An alternative to the hash-and-sign paradigm.in: 8th ACM Conference on Computer and Communications Security. New York: ACM Press, 2001. 20-27
[28] Zhu H. New digital signature scheme attaining immunity against adaptive chosen message attack. Chinese Journal of Electronics, 2001, 10(4):484-486
[29] Camenisch J, Lysyanskaya A. A signature scheme with efficient protocols.in: Cimato S, eds. Security in Communication Networks (SCN 2002), LNCS 2576. Berlin:Springer-Verlag, 2003. 268-289
[30] Fischlin M. The Cramer-Shoup strong-RSA signature scheme revisited.in:Desmedt Y G,ed. Public Key Cryptography-PKC 2003, LNCS 2567. Berlin: Springer-Verlag,2003.116-129
[31] Boneh D, Boyen X. Short signatures without random oracles.in: Cachin C,Camenisch J, eds. Proceedings of Eurocrypt 2004, LNCS 3027. Berlin:Springer-Verlag, 2004. 56-73
[32] Paterson K, Schuldt J. Efficient identity-based signatures secure in the standard model.in: Batten L, Safavi-Naini R,Eds. ACISP 2006, LNCS 4058. Berlin:Springer-Verlag, 2006. 207-222
[33] Chaum D. Blind signatures for untraceable payments.in: Advances in Cryptology-Crypt'82.Plenum, New York, 1983.199-203
[34] Chaum D, Antwerpen H. Undeniable signatures.in: Advances in Cryptology-CRYPT'89, LNCS 0435. Berlin: Springer-Verlag, 1989. 212-216
[35] Chaum D, van Heyst E. Group signatures, in Davies D W, ed. Advances in Cryptology-Eurocrypt'91, LNCS 547. Berlin: Springer-Verlag, 1991. 257-265
[36] Jakobsson M, Sako K, IMpagliazzo R. Designated verifier proofs and their applications, in: Maurer U, ed. Advances in Cryptology-EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag, 1996. 143-154
[37] Zheng Y. Digital signcryption or How to achieve Cost (Signature & Encryption) < [38] Rivest R L, Shamir A, Tauman Y. How to leak a secret, in: Boyd C, ed. ASIACRYPT 2001, LNCS 2248. Berlin: Springer-Verlag, 2001. 552-565
[39] Micali S, Rivest R. Transitive signature schemes, in: Preneel B, ed. Topics in Cryptology - CT-RSA 2002, LNCS 2271. Berlin: Springer-Verlag, 2002. 236-243
[40] Boneh D, Gentry C, Lynn B, Shacham H. aggregate and verifiably encrypted signatures from bilinear maps. in: Biham E, ed. EUROCRYPT 2003, LNCS 2656. Berlin: Springer-Verlag, 2003. 416-432
[41] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages. IEICE Transactions on Fundamentals, 1996, E79-A(9): 1338-1353
[42] Mambo M, Usuda K, Okamoto E. Proxy signatures for delegating signing operation. in: Proceedings of the Third ACM Conference on Computer and Communications Security. New York: ACM Press, 1996. 48-57
[43] Kim S, Park S, Won D. Proxy signatures, revisited, in: Han Y, Okamoto T, Qing S, eds. Proceedings of International Conference on Information and Communications Security (ICICS)'97, LNCS 1334, 1997. Berlin: Springer-Verlag, 1997. 223-232
[44] Okamoto T, Tada M, Okamoto E. Extended proxy signatures for smart cards. in: Mambo M, Zheng Y, eds. Proceedings of Information Security Workshop'99, LNCS 1729. Berlin: Springer-Verlag, 1999. 247-258
[45] Lee B, Kim H, Kim K. Strong proxy signature and its applications, in: Proceedings of SCIS, 2001 .Oiso,Japan, 2001.603-608
[46] Lee L, Cheon J, Kim S. An analysis of proxy signatures: is a secure channel necessary? in: Joye M, ed. Topics in Cryptology-CT-RSA'03, LNCS 2612. Berlin:Springer-Verlag, 2003.68-79
[47] Sun H M, Hsieh B T. On the security of some proxy signature schemes.http://eprint.iacr.org/2003/068
[48] Zhang K. Threshold proxy signature schemes.in: Okamoto E, et al. eds. 1997 Information Security Workshop , LNCS 1396. Berlin: Springer-Verlag, 1997.282-290
[49] Lal S, Awasthi AK. Proxy blind signature scheme.http://eprint.iacr.org/2003/072.
[50] Yi L , Bai G, Xiao G. Proxy multi-signature scheme : a new type of proxy signature scheme. Electronics Letters, 2000, 36 (6) :527-528
[51] Boldyreva A, Palacio A, Warinschi B. Secure proxy signature schemes for delegation of signing rights . http://eprint.iacr.org/2003/096
[52] Tan Z, Liu Z. Provably secure delegation-by-certification proxy signature schemes.in: Proceedings of the 3rd international conference on Information security 2004.New York: ACM press, 2004.38-43
[53] Okamoto T, Inomata A, Okamoto E. A proposal of short proxy signature using pairing.in: Proceedings of ITCC'05. IEEE Computer Society, 2005. 631-635
[54] Huang X, Mu Y, Susilo W, et al. Efficient authentication in the ubiquitous world.in:Enokido T, et al. eds. EUC Workshops 2005, LNCS 3823. Berlin: Springer-Verlag,2005.480-489
[55] Lysyanskaya A, Micali S, Reyzin L, Shacham H. Sequential aggregate signatures from trapdoor permutations.in: Cachin C, Camenisch J L. eds. EUROCRYPT 2004,LNCS 3027. Berlin: Springer-Verlag, 2004. 74-90
[56] Lu S, Ostrovsky R, Sahai A, et al. Sequential aggregate signatures and multisignatures without random oracles.in: Vaudenay S. ed. EUROCRYPT 2006,LNCS 4004. Berlin: Springer-Verlag, 2006.465-485
[57] Zhu H, Bao F, Li T, Wu Y. Sequential aggregate signatures for wireless routing protocols.in: Proceedings of WCNC 2005. IEEE Communications Society, 2005.2436-2439
[58] Zhu H, Bao F, Deng R. Sequential aggregate signatures working over independent homomorphic trapdoor one-way permutation domains.in: Qing S, et al. eds. ICICS 2005, LNCS 3783. Berlin: Springer-Verlag, 2005. 207-219
[59] Ma D. Practical forward secure sequential aggregate signatures.in: Proceedings of ASIACCS '08. ACM, 2008. 341-352
[60] Gentry C, Ramzan Z. Identity-based aggregate signatures.in: Yung M, et al. eds.PKC 2006. LNCS 3958. Berlin: Springer-Verlag, 2006.257-273
[61] Xu J, Zhang Z, Feng D. Id-based aggregate signatures from bilinear pairings.in:Desmedt Y G,et al. Eds. CANS 2005, LNCS 3810.Berlin:Springer-Verlag, 2005.110-119
[62] Boldyreva A, Gentry C, O'Neil A, Yum D. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing.in: Proceedings of ACM CCS 2007. New York: ACM Press, 2007. 276-285
[63] Mu Y, Susilo W, Zhu H. Compact sequential aggregate signatures.in: Proceedings of SAC 2007. New York: ACM Press, 2007. 249-253
[64] Wu C, Xing Y, Chen X, et al. Generic on-line/off-line aggregate signatures.in:Proceedings of ICESS 2008. IEEE Computer Society, 2008. 107-112
[65] Gong Z, Long Y, Hong X, et al. Two certificateless aggregate signatures from bilinear maps.in: Proceedings of SNPD2007. IEEE Computer Society, 2007. 188-193
[66] Zhang L, Zhang F. Security model for certificateless aggregate signature schemes.in:Proceedings of CIS 2008. IEEE Computer Society, 2008. 364-368
[67] Bellare M, Namprempre C, Neven G. Unrestricted aggregate signatures.in: Cachin C.ed. ICALP 2007, LNCS 4596. Berlin: Springer-Verlag, 2007.411-422
[68] Li J, Kim K, Zhang F, Chen X. Aggregate proxy signature and verifiably encrypted proxy signature.in: Susilo W, eds. ProvSec 2007, LNCS 4784. Berlin: Springer-Verlag, 2007. 208-217
[69] Shamir A. Identity-based cryptosystem and signature schemes.in: Blakley G T,Chaum D, eds. Advances in Cryptology-CRYPTO 84, LNCS 196. Berlin:Springer-Verlag, 1985.48-53
[70] Al-Pviyami S S, Paterson K G. Certificateless public key cryptography.in: Laih, C S,ed. ASIACRYPT 2003, LNCS 2894. Berlin: Springer-Verlag, 2003. 452-473
[71] Huang X, Susilo W, Mu Y, Zhang F. On the security of certificateless signature schemes from Asiacrypt 2003. in: Desmedt YG,et al. eds. CANS 2005, LNCS 3810.Berlin: Springer-Verlag, 2005. 13-25
[72] Yum D H, Lee P J. Generic construction of certificateless encryption.in: Lagana A, et al. eds. ICCSA 2004, LNCS 3043. Berlin: Springer-Verlag, 2004. 802-811
[73] Yum D H, Lee P J. Generic construction of certificateless signature.in: Wang H, et al.eds. ACISP 2004, LNCS 3108. Berlin: Springer-Verlag, 2004. 200-211
[74] Libert B, Quisquater J J. On constructing certificateless cryptosystems from identity based encryption.in: Yung M, eds. PKC 2006, LNCS 3958. Berlin: Springer-Verlag,2006.474-490
[75] Bentahar K, Farshim P, Malone-Lee J, Smart N P. Generic construction of identity-based and certificateless KEMs. Journal of Cryptology, 2008, 21: 178-199
[76] Gorantla M C, Saxena A. An efficient certificateless signature scheme.in: Hao Y, eds.CIS 2005, LNAI 3802. Berlin: Springer-Verlag, 2005.110-116
[77] Yap W S, Heng S H, Goi B M. An efficient certificateless signature scheme.in: Zhou X, eds. EUC 2006, LNCS 4097. Berlin: Springer-Verlag, 2006. 322-331
[78] Hu BC, Wong D S, Zhang Z, Deng X. Certificateless signature: A new security model and an improved generic construction. Designs, Codes and Cryptography,2007,42(2): 109-126
[79] Huang X, Susilo W, Mu Y, Zhang F. Certificateless designated verifier signature schemes.in: Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06). IEEE Computer Society, 2006. 15-19
[80] Ju H S, Kim D Y, Lee D H. Efficient revocation of security capability in certificateless public key cryptography.in: Khosla R, et al. Eds. KES 2005, LNAI 3682. Berlin: Springer-Verlag, 2005. 453-459
[81] Chow S S M, Colin Boyd C, Nieto J M G. Security-mediated certificateless cryptography.in: Yung M, et al. eds. PKC 2006, LNCS 3958, Berlin: Springer-Verlag,2006. 508-524
[82] Yap W S, Chow S S M, Heng S H, Goi B M. Security mediated certificateless signatures.in: Katz J, Yung M, eds. ACNS 2007, LNCS 4521. Berlin:Springer-Verlag, 2007. 459-477
[83] Au M H, Chen J, Liu J K, Mu Y, Wong D S, Yang G Malicious KGC attacks in certificateless cryptography.in: Proc.of ASIACCS 2007. New York: ACM,2007.302-311
[84] Liu J K, Au M H, Susilo W. Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model.in: ACM ASIACCS'07. New York: ACM Press, 2007. 273-283 Full paper at http://eprint.iacr.org/2006/373
[85] Huang Q, Wong D S. Generic certificateless encryption in the standard model. in:Miyaji A, eds. IWSEC 2007,LNCS 4752. Berlin: Springer-Verlag, 2007. 278-292
[86] Hwang Y H, Liu J K, Chow S S M. Certificateless public key encryption secure against malicious KGC attacks in the standard model. Journal of Universal Computer Science, 2008, 14(3): 463-480
[87] Dent A W, Libert B,Paterson K G. Certificateless encryption schemes strongly secure in the standard model.in: Cramer R, ed. PKC 2008, LNCS 4939. Berlin:Springer-Verlag, 2008. 344-359
[88] Barbosa M, Farshim P. Certificateless signcryption. in: ASIACCS '08. New York:ACM, 2008. 369-372
[89] Guillou L, Quisquater J. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory, in: Advances in Cryptology-EUROCRYPT'88, LNCS 330. Berlin: Springer-Verlag, 1988. 123-128
[90] Feige U, Fiat A, Shamir A. Zero-knowledge proofs of identity. Journal of Cryptology, 1988, 1(2): 77-94
[91] Ohta K, Okamoto T. A modification of the Fiat-Shamir scheme. in: Goldwasser S, ed. Advances in Cryptology- CRYPTO '88, LNCS 403. Berlin: Springer-Verlag, 1990. 232-243
[92] Ong H, Schnorr C. Fast signature generation with a fiat Shamir-like scheme, in: Damgard B, Ed. Advances in Cryptology - EUROCRYPT '90, LNCS 473. Berlin: Springer-Verlag, 1991. 432-440
[93] Bellare M, Namprempre C, Neven G. Security proofs for identity-based identification and signature schemes, in: C Cachin, J Camenisch eds. Advances in Cryptology-EUROCRYPT'04, LNCS 3027. Berlin: Springer-Verlag, 2004. 268-286
[94] Kurosawa K, Heng S H. From digital signature to ID-based identification/signature. in: Bao F, Deng R, J Zhou eds. Public Key Cryptography - PKC '04, LNCS 2947. Berlin: Springer-Verlag, 2004. 248-261
[95] 胡国政,洪帆,郭亚军.标准模型中可证安全的基于ID的身份认证方案.小型微型计算机系统,2007,28(11):2015-2019
[96] Bellare M, Palacio A. GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks, in: Yung M ed. Advances in Cryptology -CRYPTO '02, LNCS 2442. Berlin: Springer-Verlag, 2002. 162-177
[97] Lyubashevsky V. Lattice-based identification schemes secure under active attacks, in: Cramer R, Ed. PKC 2008, LNCS 4939. Berlin: Springer-Verlag, 2008. 162-179
[98] Bellare M, Boldyreva A, Palacio A. An uninstantiable random-oracle-model scheme for a hybrid-encryption problem, in: Cachin C, Camenisch J, eds. Proceedings of EUROCRYPT 2004, LNCS 3027. Berlin: Springer-Verlag, 2004. 171-188
[99] 刘景美,王新梅.Schnorr签名方案的一种攻击.计算机科学,2006,33(7):141-142
[100] 邓从政.Schnorr签名方案的两种伪签名算法及其安全性分析.中原工学院学报,2007,18(5):45-47
[101] 胡国政,洪帆.分析对Schnorr签名方案的几种攻击.计算机科学,2009,10
[102] Chevallier M B, Joye M. A practical and tightly secure signature scheme without hash function, in: Abe M, ed. Proceedings of CT-RSA 2007, LNCS 4277. Berlin: Springer-Verlag, 2007. 339-356
[103] Zhang F, Safavi R, Susilo W. An efficient signature scheme from bilinear pairings and its applications, in: Bao F, et al, eds. Proceedings of PKC 2004, LNCS 2947. Berlin: Springer-Verlag, 2004. 277-290
[104] Mitsunari S R. Sakai R, Kasahara M. A new traitor tracing. IEICE Trans., 2002, E85-A(2): 481-484
[105] Feige U, Shamir A. Witness indistinguishable and witness hiding protocols, in: ACM Symposium on Theory of Computing - STOC '90. New York: ACM, 1990. 416-426
[106] Malkin S, Obana S, Yung M. The hierarchy of key evolving signatures and a characterization of proxy signatures, in: Cachin C, Camenisch J L. eds. EUROCRYPT 2004, LNCS 3027. Berlin: Springer-Verlag, 2004. 306-322
[107] Wang G, Bao F, Zhou J, Deng R H. Security analysis of some proxy signatures, in: Lim J I, Lee D H, eds. ICISC 2003, LNCS 2971. Berlin: Springer-Verlag, 2003. 305-319
[108] Wang H X, Pieprzyk J. Efficient one-time proxy signatures, in: Laih C S. ed. ASIACRYPT 2003, LNCS 2894. Berlin: Springer-Verlag, 2003. 507-522
[109] Cao X, Paterson K G, Kou W. An attack on a certificateless signature scheme. Cryptology ePrint Archive, Report 2006/367
[110] Hu BC, Wong D S, Zhang Z, Deng X. Key replacement attack against a genetic construction of certificateless signature, in: Batten L M, Safavi-Naini R, eds. ACISP 2006, LNCS 4058. Berlin: Springer-Verlag, 2006. 235-246
[111] Xu Z, Liu X, Zhang G, He W, Dai G, Shu W. A certificateless signature scheme for mobile wireless cyber-physical systems, in: ICDCS. Workshops 2008, IEEE Computer Society, 2008. 489-494
[112] Yang C, Ma W, Wang X. Secure mediated certificateless signature scheme. The Journal of China universities of Posts and Telecommunicatons, 2007, 14(2): 75-78
[113] Zhang Z, Wong D S, Xu J, Feng D. Certificateless public-key signature: security model and efficient construction, in: Zhou J, Yung M, Bao F. eds. ACNS 2006, LNCS 3989. Berlin: Springer-Verlag, 2006. 293-308
[114] 向新银.可认证的无证书密钥协商协议.计算机应用,2008,28(12):3165-3167
[115] Castro R, Dahab R. Two notes on the security of certificateless signatures, in: Susilo W, Liu J K, Mu Y. eds. ProvSev 2007, LNCS 4784. Berlin: Springer-Verlag, 2007. 85-102
[116] Park J H, Kang B G. Security analysis of the certificateless signature scheme proposed at SecUbiq 2006. in: Denko M, ed. EUC Workshops 2007, LNCS 4809. Berlin: Springer-Verlag, 2007. 686-691
[117] 樊睿,王彩芬,蓝才会,左为平.新的无证书的代理签名方案.计算机应用,2008,28(4):915-917
[118] 王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进.通信学报,2008,29(5):88-92
[119] Waters B. Efficient identity-based encryption without random oracles, in: Cramer R, ed. EUROCRYPT 2005, LNCS 3494. Berlin: Springer-verlag, 2005. 114-127
[120] 王旭,钱雪忠.一个标准模型下可证明安全的无证书签名方案.计算机工程与应用,2008,44(11):129-132
[2] NBS. Data Encryption Standard (DES). U.S. Department of Commerce, FIPS Publication 46, Washington, D.C., January 1977. National Bureau of Standards
[3] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 22(6): 644-654
[4] Rivest R L, Shamir A, Adleman L M. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120-126
[5] El Gamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, IT-31(4): 469-472
[6] Schnorr C P. Efficient identification and signatures for smart cards.in: Crypto '89,LNCS 435. Berlin: Springer-Verlag, 1990. 235-251
[7] Schnorr C P. Efficient signature generation by smart cards. Journal of Cryptology,1991,4(3): 161-174
[8] Rabin M 0. Digitized signatures and public-key functions as intractable as factorization. Technical Report LCS/TR-212, MIT Laboratory for Computer Science,1979
[9] NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186,November 1994
[10] Okamoto T. Provably secure and practical identification schemes and corresponding signature schemes.in: Crypto '92, LNCS 740. Berlin: Springer-Verlag, 1992. 31-53
[11] Fiat A, Shamir A. How to prove yourself: practical solutions of identification and signature problems.in: Odlyzko A M, ed. Advances in Cryptology-Crypto '86, LNCS 263. Berlin: Springer-Verlag, 1987. 186-194
[12] Bellare M, Micali S. How to sign given any trapdoor function.in: Goldwasser G,ed. Advances in Cryptology-CRYPTO'88, LNCS 403. Berlin: Springer-Verlag, 1990.200-215
[13] Joux A. A one round protocol for tripartite Diffie-Hellman. in: Proceedings of ANTS 4, LNCS 1838. Berlin: Springer-Verlag, 2000. 385-394
[14] Boneh D, Lynn B, Shacham H, Short signatures from the Weil pairing.in:Proceedings of Asiacrypt 2001, LNCS 2248. Berlin: Springer-Verlag, 2001. 514-532
[15] Hess F. Efficient identity based signature schemes based on pairings.in: Nyberg K,Heys H, eds. SAC2002,LNCS 2595. Berlin: Springer-Verlag, 2003.310-324
[16] Cha J C. Cheon J. An identity-based signature from gap Diffie-Hellman groups.in:Desmedt Y G, ed. PKC 2003, LNCS 2567. Berlin: Springer-Verlag, 2003.18-30
[17] Goldwasser S, Micali S, Rivest R. A digital signature scheme secure against adaptive chosen message attacks. SIAM Journal on Computing, 1988,17(2): 281-308
[18] Dwork C, Naor'M. An efficient existentially unforgeable signature scheme and its applications.in: Advances in Cryptology - CRYPTO'94, LNCS 839. Berlin:Springer-Verlag, 1994. 234-246
[19] Cramer R, Damgard I. New generation of secure and practical RSA based signatures.in: Advances in Cryptology - CRYPTO'96, LNCS 1109. Springer-Verlag, 1996.173-185
[20] Bellare B, Rogaway P. Random oracles are practical: A paradigm for designing efficient protocols.in: 1st ACM Conference on Computer and Communications Security. New York: ACM Press, 1993. 62-73
[21] Bellare B, Rogaway P. The exact security of digital signatures: How to sign with RSA and Rabin.in: Maurer U,ed. Advances in Cryptology-EUROCRYPT'96. LNCS 1070,Berlin: Springer-Verlag, 1996.399-416
[22] Pointcheval D, Stern J. Security proofs for signature schemes. in: Maurer U, ed.Advances in Cryptology - EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag,1996. 387-398
[23] Pointcheval D, Stern J. Provably proofs for blind signature schemes. in: Advances in Cryptology-ASIACRYPT'96, LNCS 1163. Berlin: Springer-Verlag, 1996. 252-265
[24] Canetti R, Goldreich O, Halevi S. The random oracle methodology, Revisited.Journal of the ACM, 2004,51 (4): 557-594
[25] Gennaro R, Halevi S, Rabin T. Secure hash-and-sign signatures without the random oracle.in: Stern J, ed. Proceedings of EUROCRYPT'99, LNCS 1592. Berlin:Springer-Verlag, 1999. 123-139
[26] Cramer C, Shoup V. Signature scheme based on the strong RSA assumption. ACM Transactions on Information and System Security, 2000, 3(3): 161-185
[27] Naccache D, Pointcheval D, Stern J. Twin signatures: An alternative to the hash-and-sign paradigm.in: 8th ACM Conference on Computer and Communications Security. New York: ACM Press, 2001. 20-27
[28] Zhu H. New digital signature scheme attaining immunity against adaptive chosen message attack. Chinese Journal of Electronics, 2001, 10(4):484-486
[29] Camenisch J, Lysyanskaya A. A signature scheme with efficient protocols.in: Cimato S, eds. Security in Communication Networks (SCN 2002), LNCS 2576. Berlin:Springer-Verlag, 2003. 268-289
[30] Fischlin M. The Cramer-Shoup strong-RSA signature scheme revisited.in:Desmedt Y G,ed. Public Key Cryptography-PKC 2003, LNCS 2567. Berlin: Springer-Verlag,2003.116-129
[31] Boneh D, Boyen X. Short signatures without random oracles.in: Cachin C,Camenisch J, eds. Proceedings of Eurocrypt 2004, LNCS 3027. Berlin:Springer-Verlag, 2004. 56-73
[32] Paterson K, Schuldt J. Efficient identity-based signatures secure in the standard model.in: Batten L, Safavi-Naini R,Eds. ACISP 2006, LNCS 4058. Berlin:Springer-Verlag, 2006. 207-222
[33] Chaum D. Blind signatures for untraceable payments.in: Advances in Cryptology-Crypt'82.Plenum, New York, 1983.199-203
[34] Chaum D, Antwerpen H. Undeniable signatures.in: Advances in Cryptology-CRYPT'89, LNCS 0435. Berlin: Springer-Verlag, 1989. 212-216
[35] Chaum D, van Heyst E. Group signatures, in Davies D W, ed. Advances in Cryptology-Eurocrypt'91, LNCS 547. Berlin: Springer-Verlag, 1991. 257-265
[36] Jakobsson M, Sako K, IMpagliazzo R. Designated verifier proofs and their applications, in: Maurer U, ed. Advances in Cryptology-EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag, 1996. 143-154
[37] Zheng Y. Digital signcryption or How to achieve Cost (Signature & Encryption) <
[39] Micali S, Rivest R. Transitive signature schemes, in: Preneel B, ed. Topics in Cryptology - CT-RSA 2002, LNCS 2271. Berlin: Springer-Verlag, 2002. 236-243
[40] Boneh D, Gentry C, Lynn B, Shacham H. aggregate and verifiably encrypted signatures from bilinear maps. in: Biham E, ed. EUROCRYPT 2003, LNCS 2656. Berlin: Springer-Verlag, 2003. 416-432
[41] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages. IEICE Transactions on Fundamentals, 1996, E79-A(9): 1338-1353
[42] Mambo M, Usuda K, Okamoto E. Proxy signatures for delegating signing operation. in: Proceedings of the Third ACM Conference on Computer and Communications Security. New York: ACM Press, 1996. 48-57
[43] Kim S, Park S, Won D. Proxy signatures, revisited, in: Han Y, Okamoto T, Qing S, eds. Proceedings of International Conference on Information and Communications Security (ICICS)'97, LNCS 1334, 1997. Berlin: Springer-Verlag, 1997. 223-232
[44] Okamoto T, Tada M, Okamoto E. Extended proxy signatures for smart cards. in: Mambo M, Zheng Y, eds. Proceedings of Information Security Workshop'99, LNCS 1729. Berlin: Springer-Verlag, 1999. 247-258
[45] Lee B, Kim H, Kim K. Strong proxy signature and its applications, in: Proceedings of SCIS, 2001 .Oiso,Japan, 2001.603-608
[46] Lee L, Cheon J, Kim S. An analysis of proxy signatures: is a secure channel necessary? in: Joye M, ed. Topics in Cryptology-CT-RSA'03, LNCS 2612. Berlin:Springer-Verlag, 2003.68-79
[47] Sun H M, Hsieh B T. On the security of some proxy signature schemes.http://eprint.iacr.org/2003/068
[48] Zhang K. Threshold proxy signature schemes.in: Okamoto E, et al. eds. 1997 Information Security Workshop , LNCS 1396. Berlin: Springer-Verlag, 1997.282-290
[49] Lal S, Awasthi AK. Proxy blind signature scheme.http://eprint.iacr.org/2003/072.
[50] Yi L , Bai G, Xiao G. Proxy multi-signature scheme : a new type of proxy signature scheme. Electronics Letters, 2000, 36 (6) :527-528
[51] Boldyreva A, Palacio A, Warinschi B. Secure proxy signature schemes for delegation of signing rights . http://eprint.iacr.org/2003/096
[52] Tan Z, Liu Z. Provably secure delegation-by-certification proxy signature schemes.in: Proceedings of the 3rd international conference on Information security 2004.New York: ACM press, 2004.38-43
[53] Okamoto T, Inomata A, Okamoto E. A proposal of short proxy signature using pairing.in: Proceedings of ITCC'05. IEEE Computer Society, 2005. 631-635
[54] Huang X, Mu Y, Susilo W, et al. Efficient authentication in the ubiquitous world.in:Enokido T, et al. eds. EUC Workshops 2005, LNCS 3823. Berlin: Springer-Verlag,2005.480-489
[55] Lysyanskaya A, Micali S, Reyzin L, Shacham H. Sequential aggregate signatures from trapdoor permutations.in: Cachin C, Camenisch J L. eds. EUROCRYPT 2004,LNCS 3027. Berlin: Springer-Verlag, 2004. 74-90
[56] Lu S, Ostrovsky R, Sahai A, et al. Sequential aggregate signatures and multisignatures without random oracles.in: Vaudenay S. ed. EUROCRYPT 2006,LNCS 4004. Berlin: Springer-Verlag, 2006.465-485
[57] Zhu H, Bao F, Li T, Wu Y. Sequential aggregate signatures for wireless routing protocols.in: Proceedings of WCNC 2005. IEEE Communications Society, 2005.2436-2439
[58] Zhu H, Bao F, Deng R. Sequential aggregate signatures working over independent homomorphic trapdoor one-way permutation domains.in: Qing S, et al. eds. ICICS 2005, LNCS 3783. Berlin: Springer-Verlag, 2005. 207-219
[59] Ma D. Practical forward secure sequential aggregate signatures.in: Proceedings of ASIACCS '08. ACM, 2008. 341-352
[60] Gentry C, Ramzan Z. Identity-based aggregate signatures.in: Yung M, et al. eds.PKC 2006. LNCS 3958. Berlin: Springer-Verlag, 2006.257-273
[61] Xu J, Zhang Z, Feng D. Id-based aggregate signatures from bilinear pairings.in:Desmedt Y G,et al. Eds. CANS 2005, LNCS 3810.Berlin:Springer-Verlag, 2005.110-119
[62] Boldyreva A, Gentry C, O'Neil A, Yum D. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing.in: Proceedings of ACM CCS 2007. New York: ACM Press, 2007. 276-285
[63] Mu Y, Susilo W, Zhu H. Compact sequential aggregate signatures.in: Proceedings of SAC 2007. New York: ACM Press, 2007. 249-253
[64] Wu C, Xing Y, Chen X, et al. Generic on-line/off-line aggregate signatures.in:Proceedings of ICESS 2008. IEEE Computer Society, 2008. 107-112
[65] Gong Z, Long Y, Hong X, et al. Two certificateless aggregate signatures from bilinear maps.in: Proceedings of SNPD2007. IEEE Computer Society, 2007. 188-193
[66] Zhang L, Zhang F. Security model for certificateless aggregate signature schemes.in:Proceedings of CIS 2008. IEEE Computer Society, 2008. 364-368
[67] Bellare M, Namprempre C, Neven G. Unrestricted aggregate signatures.in: Cachin C.ed. ICALP 2007, LNCS 4596. Berlin: Springer-Verlag, 2007.411-422
[68] Li J, Kim K, Zhang F, Chen X. Aggregate proxy signature and verifiably encrypted proxy signature.in: Susilo W, eds. ProvSec 2007, LNCS 4784. Berlin: Springer-Verlag, 2007. 208-217
[69] Shamir A. Identity-based cryptosystem and signature schemes.in: Blakley G T,Chaum D, eds. Advances in Cryptology-CRYPTO 84, LNCS 196. Berlin:Springer-Verlag, 1985.48-53
[70] Al-Pviyami S S, Paterson K G. Certificateless public key cryptography.in: Laih, C S,ed. ASIACRYPT 2003, LNCS 2894. Berlin: Springer-Verlag, 2003. 452-473
[71] Huang X, Susilo W, Mu Y, Zhang F. On the security of certificateless signature schemes from Asiacrypt 2003. in: Desmedt YG,et al. eds. CANS 2005, LNCS 3810.Berlin: Springer-Verlag, 2005. 13-25
[72] Yum D H, Lee P J. Generic construction of certificateless encryption.in: Lagana A, et al. eds. ICCSA 2004, LNCS 3043. Berlin: Springer-Verlag, 2004. 802-811
[73] Yum D H, Lee P J. Generic construction of certificateless signature.in: Wang H, et al.eds. ACISP 2004, LNCS 3108. Berlin: Springer-Verlag, 2004. 200-211
[74] Libert B, Quisquater J J. On constructing certificateless cryptosystems from identity based encryption.in: Yung M, eds. PKC 2006, LNCS 3958. Berlin: Springer-Verlag,2006.474-490
[75] Bentahar K, Farshim P, Malone-Lee J, Smart N P. Generic construction of identity-based and certificateless KEMs. Journal of Cryptology, 2008, 21: 178-199
[76] Gorantla M C, Saxena A. An efficient certificateless signature scheme.in: Hao Y, eds.CIS 2005, LNAI 3802. Berlin: Springer-Verlag, 2005.110-116
[77] Yap W S, Heng S H, Goi B M. An efficient certificateless signature scheme.in: Zhou X, eds. EUC 2006, LNCS 4097. Berlin: Springer-Verlag, 2006. 322-331
[78] Hu BC, Wong D S, Zhang Z, Deng X. Certificateless signature: A new security model and an improved generic construction. Designs, Codes and Cryptography,2007,42(2): 109-126
[79] Huang X, Susilo W, Mu Y, Zhang F. Certificateless designated verifier signature schemes.in: Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06). IEEE Computer Society, 2006. 15-19
[80] Ju H S, Kim D Y, Lee D H. Efficient revocation of security capability in certificateless public key cryptography.in: Khosla R, et al. Eds. KES 2005, LNAI 3682. Berlin: Springer-Verlag, 2005. 453-459
[81] Chow S S M, Colin Boyd C, Nieto J M G. Security-mediated certificateless cryptography.in: Yung M, et al. eds. PKC 2006, LNCS 3958, Berlin: Springer-Verlag,2006. 508-524
[82] Yap W S, Chow S S M, Heng S H, Goi B M. Security mediated certificateless signatures.in: Katz J, Yung M, eds. ACNS 2007, LNCS 4521. Berlin:Springer-Verlag, 2007. 459-477
[83] Au M H, Chen J, Liu J K, Mu Y, Wong D S, Yang G Malicious KGC attacks in certificateless cryptography.in: Proc.of ASIACCS 2007. New York: ACM,2007.302-311
[84] Liu J K, Au M H, Susilo W. Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model.in: ACM ASIACCS'07. New York: ACM Press, 2007. 273-283 Full paper at http://eprint.iacr.org/2006/373
[85] Huang Q, Wong D S. Generic certificateless encryption in the standard model. in:Miyaji A, eds. IWSEC 2007,LNCS 4752. Berlin: Springer-Verlag, 2007. 278-292
[86] Hwang Y H, Liu J K, Chow S S M. Certificateless public key encryption secure against malicious KGC attacks in the standard model. Journal of Universal Computer Science, 2008, 14(3): 463-480
[87] Dent A W, Libert B,Paterson K G. Certificateless encryption schemes strongly secure in the standard model.in: Cramer R, ed. PKC 2008, LNCS 4939. Berlin:Springer-Verlag, 2008. 344-359
[88] Barbosa M, Farshim P. Certificateless signcryption. in: ASIACCS '08. New York:ACM, 2008. 369-372
[89] Guillou L, Quisquater J. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory, in: Advances in Cryptology-EUROCRYPT'88, LNCS 330. Berlin: Springer-Verlag, 1988. 123-128
[90] Feige U, Fiat A, Shamir A. Zero-knowledge proofs of identity. Journal of Cryptology, 1988, 1(2): 77-94
[91] Ohta K, Okamoto T. A modification of the Fiat-Shamir scheme. in: Goldwasser S, ed. Advances in Cryptology- CRYPTO '88, LNCS 403. Berlin: Springer-Verlag, 1990. 232-243
[92] Ong H, Schnorr C. Fast signature generation with a fiat Shamir-like scheme, in: Damgard B, Ed. Advances in Cryptology - EUROCRYPT '90, LNCS 473. Berlin: Springer-Verlag, 1991. 432-440
[93] Bellare M, Namprempre C, Neven G. Security proofs for identity-based identification and signature schemes, in: C Cachin, J Camenisch eds. Advances in Cryptology-EUROCRYPT'04, LNCS 3027. Berlin: Springer-Verlag, 2004. 268-286
[94] Kurosawa K, Heng S H. From digital signature to ID-based identification/signature. in: Bao F, Deng R, J Zhou eds. Public Key Cryptography - PKC '04, LNCS 2947. Berlin: Springer-Verlag, 2004. 248-261
[95] 胡国政,洪帆,郭亚军.标准模型中可证安全的基于ID的身份认证方案.小型微型计算机系统,2007,28(11):2015-2019
[96] Bellare M, Palacio A. GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks, in: Yung M ed. Advances in Cryptology -CRYPTO '02, LNCS 2442. Berlin: Springer-Verlag, 2002. 162-177
[97] Lyubashevsky V. Lattice-based identification schemes secure under active attacks, in: Cramer R, Ed. PKC 2008, LNCS 4939. Berlin: Springer-Verlag, 2008. 162-179
[98] Bellare M, Boldyreva A, Palacio A. An uninstantiable random-oracle-model scheme for a hybrid-encryption problem, in: Cachin C, Camenisch J, eds. Proceedings of EUROCRYPT 2004, LNCS 3027. Berlin: Springer-Verlag, 2004. 171-188
[99] 刘景美,王新梅.Schnorr签名方案的一种攻击.计算机科学,2006,33(7):141-142
[100] 邓从政.Schnorr签名方案的两种伪签名算法及其安全性分析.中原工学院学报,2007,18(5):45-47
[101] 胡国政,洪帆.分析对Schnorr签名方案的几种攻击.计算机科学,2009,10
[102] Chevallier M B, Joye M. A practical and tightly secure signature scheme without hash function, in: Abe M, ed. Proceedings of CT-RSA 2007, LNCS 4277. Berlin: Springer-Verlag, 2007. 339-356
[103] Zhang F, Safavi R, Susilo W. An efficient signature scheme from bilinear pairings and its applications, in: Bao F, et al, eds. Proceedings of PKC 2004, LNCS 2947. Berlin: Springer-Verlag, 2004. 277-290
[104] Mitsunari S R. Sakai R, Kasahara M. A new traitor tracing. IEICE Trans., 2002, E85-A(2): 481-484
[105] Feige U, Shamir A. Witness indistinguishable and witness hiding protocols, in: ACM Symposium on Theory of Computing - STOC '90. New York: ACM, 1990. 416-426
[106] Malkin S, Obana S, Yung M. The hierarchy of key evolving signatures and a characterization of proxy signatures, in: Cachin C, Camenisch J L. eds. EUROCRYPT 2004, LNCS 3027. Berlin: Springer-Verlag, 2004. 306-322
[107] Wang G, Bao F, Zhou J, Deng R H. Security analysis of some proxy signatures, in: Lim J I, Lee D H, eds. ICISC 2003, LNCS 2971. Berlin: Springer-Verlag, 2003. 305-319
[108] Wang H X, Pieprzyk J. Efficient one-time proxy signatures, in: Laih C S. ed. ASIACRYPT 2003, LNCS 2894. Berlin: Springer-Verlag, 2003. 507-522
[109] Cao X, Paterson K G, Kou W. An attack on a certificateless signature scheme. Cryptology ePrint Archive, Report 2006/367
[110] Hu BC, Wong D S, Zhang Z, Deng X. Key replacement attack against a genetic construction of certificateless signature, in: Batten L M, Safavi-Naini R, eds. ACISP 2006, LNCS 4058. Berlin: Springer-Verlag, 2006. 235-246
[111] Xu Z, Liu X, Zhang G, He W, Dai G, Shu W. A certificateless signature scheme for mobile wireless cyber-physical systems, in: ICDCS. Workshops 2008, IEEE Computer Society, 2008. 489-494
[112] Yang C, Ma W, Wang X. Secure mediated certificateless signature scheme. The Journal of China universities of Posts and Telecommunicatons, 2007, 14(2): 75-78
[113] Zhang Z, Wong D S, Xu J, Feng D. Certificateless public-key signature: security model and efficient construction, in: Zhou J, Yung M, Bao F. eds. ACNS 2006, LNCS 3989. Berlin: Springer-Verlag, 2006. 293-308
[114] 向新银.可认证的无证书密钥协商协议.计算机应用,2008,28(12):3165-3167
[115] Castro R, Dahab R. Two notes on the security of certificateless signatures, in: Susilo W, Liu J K, Mu Y. eds. ProvSev 2007, LNCS 4784. Berlin: Springer-Verlag, 2007. 85-102
[116] Park J H, Kang B G. Security analysis of the certificateless signature scheme proposed at SecUbiq 2006. in: Denko M, ed. EUC Workshops 2007, LNCS 4809. Berlin: Springer-Verlag, 2007. 686-691
[117] 樊睿,王彩芬,蓝才会,左为平.新的无证书的代理签名方案.计算机应用,2008,28(4):915-917
[118] 王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进.通信学报,2008,29(5):88-92
[119] Waters B. Efficient identity-based encryption without random oracles, in: Cramer R, ed. EUROCRYPT 2005, LNCS 3494. Berlin: Springer-verlag, 2005. 114-127
[120] 王旭,钱雪忠.一个标准模型下可证明安全的无证书签名方案.计算机工程与应用,2008,44(11):129-132