若干具有特殊性质的数字签名的研究与设计
|
摘要
数字签名是提供认证性、完整性和不可否认性的重要技术,是信息安全的核心技术之一,是安全电子商务和电子政务的关键技术。随着对数字签名研究的不断深入,同时也由于电子商务、电子政务的快速发展,简单的一般数字签名已不能满足需要,因此研究具有特殊性质或特殊功能的数字签名成为数字签名的一个主要研究方向。
本文主要研究了无证书数字签名、无证书盲签名和部分盲签名、基于身份签名、基于身份聚合签名、具有中介的基于身份签名。主要研究成果如下:
1基于双线性对设计了一个在随机预言机模型下有效的无证书签名方案,其安全性基于计算Diffie-Hellman(CDH)困难问题、离散对数困难问题假设,该方案的签名过程只需要群上的两个乘运算和一个哈希运算,验证过程只需要三个双线性对运算、两个哈希运算,分析结果表明运算效率明显提高。
2首次提出了无证书盲签名方案,使得签名方案既无对证书的需求又无密钥托管的弊端,同时又具有盲签名的特性,给出了算法模型并对其安全性给予了证明。
3将部分盲签名和无证书密码结合,首次提出了无证书部分盲签名,给出了算法模型,利用双线性对设计了一个具体的方案并对其安全性给予了证明。
4分析了一类改进的无证书签名方案的安全性,指出了它们存在公钥替换攻击,并提出了改进措施。
5针对基于身份密码体制中用户身份的吊销问题,提出了一种新的具有中介的基于身份签名方案。该方案不同于传统的方案,而是重新考查了用户注册过程中的安全性。在新方案中,用户注册时,密钥生成中心(KGC)只为用户生成公共信息,对已吊销的用户或只是注册而不进行任何操作的用户,KGC不提前生成部分密钥和中介的私钥,不提前为它们发送私钥。新方案的性能分析结果表明:减少了计算量,节省了存储和带宽,降低了提前传送密钥带来的风险,提高了系统的安全性,并证明了该方案在随机预言机模型下是安全的。
6分析了程相国等人提出的一种m-挠群上基于身份的聚合签名方案,证明了原方案是不安全的,存在伪造性攻击。构造了一种具体的攻击方法,攻击者通过适当选择聚合签名过程中的相关参数,可以伪造一组签名,使得它们的聚合签名能够通过聚合签名验证,从而达到伪造攻击的目的。
Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-government. As the deepening of digital signature research and the rapid development of E-commerce and E- government, the standard signature, which is a simple simulacrum of handwritten signature, can not meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature.
In the thesis, we discuss some digital signatures with additional properties, including certificateless signature, certificateless blind signature, certificateless partially blind signature, ID-based signature, ID-based mediated signature, ID-based aggregate signature. The main contributions are as follows:
1. An efficient certificateless signature scheme from bilinear pairing is proposed. The security of the scheme is based on the intractability of the Computational Diffie-Hellman(CDH)、discrete logarithm problem (DLP). The proposed scheme is existential unforgeable in the random oracle model. The sign algorithm requires two scalar multiplications and one hash operation. The verify algorithm requires three pairing operations and two hash operations. The approach is effective to improve efficiency greatly.
2. We study blind signature in certificateless cryptography, one with neither certificate nor key-escrow. The notion and construction of the certificateless blind signature scheme are first proposed. Security proof of the scheme is given. Analyses show that our scheme can enhance security.
3. The certificateless partially blind signature scheme is proposed, with detail framework and security proofs. The scheme is shown to enhance security and efficiency.
4. Analyses of two certificateless signature schemes improved by Cao et al. and Wang et al. are geven. The results show that their modification scheme is insecure against key replacement attack. The attack methods were presented. We then proposed a modification of their scheme and show its security.
5. An efficient identity-based mediated signature scheme is proposed from bilinear pairing. The key generation centre does not issue new private keys for revoked identities and semi-trusted mediator (SEM) in advance. The private key will not be sent back to the user and SEM. Analysis shows that the proposed scheme reduces computation cost and bandwidth, and enhances security. The scheme is existential unforgeable in the random oracle model based on the intractability of the discrete logarithm problem.
6. Aggregate signatures are useful in real world for reducing the size of signatures and the operation of signature verification. Cheng et al. presented an ID-based aggregate signature scheme from m-torsion groups and proved its security in the random oracle. However, we show that the original scheme is vulnerable to the inside attacks. One concrete attack method against the original scheme is given. An adversary can forge an aggregate signature by choosing appropriate parameters and make it pass verification.
本文主要研究了无证书数字签名、无证书盲签名和部分盲签名、基于身份签名、基于身份聚合签名、具有中介的基于身份签名。主要研究成果如下:
1基于双线性对设计了一个在随机预言机模型下有效的无证书签名方案,其安全性基于计算Diffie-Hellman(CDH)困难问题、离散对数困难问题假设,该方案的签名过程只需要群上的两个乘运算和一个哈希运算,验证过程只需要三个双线性对运算、两个哈希运算,分析结果表明运算效率明显提高。
2首次提出了无证书盲签名方案,使得签名方案既无对证书的需求又无密钥托管的弊端,同时又具有盲签名的特性,给出了算法模型并对其安全性给予了证明。
3将部分盲签名和无证书密码结合,首次提出了无证书部分盲签名,给出了算法模型,利用双线性对设计了一个具体的方案并对其安全性给予了证明。
4分析了一类改进的无证书签名方案的安全性,指出了它们存在公钥替换攻击,并提出了改进措施。
5针对基于身份密码体制中用户身份的吊销问题,提出了一种新的具有中介的基于身份签名方案。该方案不同于传统的方案,而是重新考查了用户注册过程中的安全性。在新方案中,用户注册时,密钥生成中心(KGC)只为用户生成公共信息,对已吊销的用户或只是注册而不进行任何操作的用户,KGC不提前生成部分密钥和中介的私钥,不提前为它们发送私钥。新方案的性能分析结果表明:减少了计算量,节省了存储和带宽,降低了提前传送密钥带来的风险,提高了系统的安全性,并证明了该方案在随机预言机模型下是安全的。
6分析了程相国等人提出的一种m-挠群上基于身份的聚合签名方案,证明了原方案是不安全的,存在伪造性攻击。构造了一种具体的攻击方法,攻击者通过适当选择聚合签名过程中的相关参数,可以伪造一组签名,使得它们的聚合签名能够通过聚合签名验证,从而达到伪造攻击的目的。
Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-government. As the deepening of digital signature research and the rapid development of E-commerce and E- government, the standard signature, which is a simple simulacrum of handwritten signature, can not meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature.
In the thesis, we discuss some digital signatures with additional properties, including certificateless signature, certificateless blind signature, certificateless partially blind signature, ID-based signature, ID-based mediated signature, ID-based aggregate signature. The main contributions are as follows:
1. An efficient certificateless signature scheme from bilinear pairing is proposed. The security of the scheme is based on the intractability of the Computational Diffie-Hellman(CDH)、discrete logarithm problem (DLP). The proposed scheme is existential unforgeable in the random oracle model. The sign algorithm requires two scalar multiplications and one hash operation. The verify algorithm requires three pairing operations and two hash operations. The approach is effective to improve efficiency greatly.
2. We study blind signature in certificateless cryptography, one with neither certificate nor key-escrow. The notion and construction of the certificateless blind signature scheme are first proposed. Security proof of the scheme is given. Analyses show that our scheme can enhance security.
3. The certificateless partially blind signature scheme is proposed, with detail framework and security proofs. The scheme is shown to enhance security and efficiency.
4. Analyses of two certificateless signature schemes improved by Cao et al. and Wang et al. are geven. The results show that their modification scheme is insecure against key replacement attack. The attack methods were presented. We then proposed a modification of their scheme and show its security.
5. An efficient identity-based mediated signature scheme is proposed from bilinear pairing. The key generation centre does not issue new private keys for revoked identities and semi-trusted mediator (SEM) in advance. The private key will not be sent back to the user and SEM. Analysis shows that the proposed scheme reduces computation cost and bandwidth, and enhances security. The scheme is existential unforgeable in the random oracle model based on the intractability of the discrete logarithm problem.
6. Aggregate signatures are useful in real world for reducing the size of signatures and the operation of signature verification. Cheng et al. presented an ID-based aggregate signature scheme from m-torsion groups and proved its security in the random oracle. However, we show that the original scheme is vulnerable to the inside attacks. One concrete attack method against the original scheme is given. An adversary can forge an aggregate signature by choosing appropriate parameters and make it pass verification.
引文
[1]王育民,刘建伟.通信网的安全―理论与技术[M].西安:西安电子科技大学出版社,1999.
[2] W. Diffie and M. Hellman. New directions in cryptography[C]. IEEE Transactions on Information Theory, 1976,11,22 (6):644-654
[3] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems.Communications of ACM, 1978, 21(2):120-126.
[4] T. EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory,1985, IT 31(4):469-472.
[5] C. P. Schnorr. Efficient identification and signatures for smart cards. Advances in Cryptology - CRYPTO '89, LNCS 435, Springer-Verlag,Berlin,1990, pp .239-252.
[6] M. Rabin. Digital signatures and public-key functions as intractable as factorization. MITLab of Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
[7] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S.Department of Commerce, May1994.
[8] T.Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology - CRYPTO'92, LNCS 740, Springer-Verlag, Berlin, 1992, pp 31-53.
[9] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to Identification and signature problems. Advances in Cryptology-CRYPTO'86, LNCS 263, Springer-Verlag, Berlin, 1986, pp.186-194.
[10] D. Chaum. Blind signatures for untraceable payments[C]// Crypto’82, New York, Plenum Press, 1983:199-203.
[11] M. Abe and E. Fujisaki. How to date blind signatures[C]. ASIACRYPT’96. Springer-Verlag, 1996, LNCS 1163:244–251.
[12] A. Shamir. Identity-based Cryptosystems and Signature Schemes[A]. Advances in Cryp- tology-Crypto84[C]: LNCS 196. Berlin: Springer-Verlag, 1984, 47-53.
[13] D. Boneh, C. Gentry, B. Lynn,and H. Shacham. Aggregate and Verificably Encrypted Signatures from Bilinear Maps[C]. In Proceedings of EUROCRYPT2003, LNCS 2656. Springer-Verlag, 2003, 416-432.
[14] S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm., 18(4):582-592, April 2000.
[15] M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures for delegating signing operation. Proceedings of the 3rd ACM Conference on Computer and Communications Security (CCS). ACM, pp.48-57, 1996.
[16] Y. Desmedt and Y. Frankel. Threshold cryptosystems[C]. In Advances in Cryptology- Crypto’89, pages 307-315. LNCS 435.Springer-Verlag,1989.
[17] D. Chaum and E. van Heyst. Group signatures. In D.W. Davies, editor, Proceedings of Eurocrypt 1991, LNCS 547, pp.257-65, Springer-Verlag, Apr.1991.
[18] D.Chaum. Designated Confirmer Signatures. Proc. of Eurocrypt’94, LNCS 950,Springer-Verlsg. Berlin,1994, pp.86-91.
[19] Y. Dodis, J. Katz, Xu S, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003. LNCS 2567, pp.130-144,Springer-Verlag,2003.
[20] K. Itakura and K. Nakamura. A public key cryptosystem suitable for digital Multi-signature. NEC Research and Development, 1983, (71):1-8.
[21] D. Chaum and H. van Antwerpen. Undeniable signatures. Advances in Cryptology-CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.212-216.
[22] S. Even, O. Goldreich, and S. Micali. On-line/Off-line digital signatures. Advances in Cryptology—CRYPTO’89, LNCS 435, Springer—Verlag,Berlin,1990, pp.263-277.
[23] A. Fiat . Batch RSA. Advances in Cryptology—CRYPTO’89, LNCS 435, Springer-Verlag,Berlin,1990,pp.175-185.
[24] M. DeSoete, J. J. Quisquater, and K. Vedder. A signature with shared verification Scheme. Advances in Cryptology-CRYPTO’89,LNCS 435, Springer- Verlag, Berlin, 1990, pp.253-262.
[25] Z. Huang, K. Chen, and Y. Wang. Efficient identity-based signatures and blind signatures. International Conference on Cryptology and Network Security-CANS’05, LNCS 3810, Berlin: Springer-Verlag, 2005: 120-133.
[26] P. S. L. M. Barreto, B. Libert, N. McCullagh, and J. J. Quisquater. Efficient and provably-secure identity-based signatures and signcryption from Bilinear Maps. Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 515-532.
[27] K. G. Paterson and J. C. N. Schuldt. Efficient identity-based signatures scheme inthe standard model. Information Security and Privacy-ACISP’06, LNCS 4058, Berlin: Springer-Verlag, 2006: 207-222.
[28] R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security-SCIS’00, Okinawa, Japan, 2000: 26-28.
[29] U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptography, 1988, 1(2): 77-94.
[30] L. Guillou and J. Quisquater. A“paradoxical”identity-based signature scheme resulting from zero knowledge. Advances in Cryptology-Crypto’88, LNCS 403, Berlin: Springer-Verlag, 1990: 216-231.
[31] T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology-Crypto’92, LNCS 740, Berlin: Springer-Verlag, 1992: 31-53.
[32] A. Joux.A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium,ANTS-IV,LNCS 1838,Springer-Verlag,Berlin,2000,PP.385—394.
[33] P. S. L. M. Barreto. The Pairing-Based Crypto Lounge. http://paginas.terra.com.br/informatica/paulobarreto/pblounge.html, 2007.
[34] K. G. Paterson. ID-based signatures from pairings on elliptic curves. Electronics Letters, 2002, 38 (18): 1025-1026.
[35] F. Hess. Efficient identity based signature schemes based on pairings. Selected Areas in Cryptography-SAC’02, LNCS 2595, Berlin: Springer-Verlag, 2003: 310-324.
[36] J. Cha and J. Choen. An identity-based signature from gap Diffie-Hellman groups. Practice and Theory in Public Key Cryptography-PKC’03, LNCS 2567, Berlin: Springer-Verlag, 2003: 18-30.
[37] H. J. Yoon, J. H. Cheon, and Y. Kim. Batch verifications with ID-based signatures. International Conference on Information Security and Cryptology-ICISC’04, LNCS 3506, Berlin: Springer-Verlag, 2005: 233-248.
[38] Z. Huang, K. Chen, and Y. Wang. Efficient identity-based signatures and blind signatures. International Conference on Cryptology and Network Security -CANS’05, LNCS 3810, Berlin: Springer-Verlag, 2005: 120-133.
[39] P. S. L. M. Barreto, B. Libert, N. McCullagh, and J. J. Quisquater. Efficient andprovably-secure identity-based signatures and signcryption from Bilinear Maps. Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 515-532.
[40] K. G. Paterson and J. C. N. Schuldt. Efficient identity-based signatures scheme in the standard model. Information Security and Privacy-ACISP’06, LNCS 4058, Berlin: Springer-Verlag, 2006: 207-222.
[41] S. Cui, P. Duan, C. Chan, and X. Cheng. An efficient identity-based signature scheme and its applications. International Journal of Network Security, 2007, 5(1): 89-98.
[42]程相国,刘景美,王新梅. m-挠群上一种基于身份的聚合签名方案[J].西安电子科技大学学报,2005,32(3):427-431.
[43] J. Xu, Z. F. Zhang, and D. D. Feng. Identity-Based Aggregate Signatures from Bilinear Pairing. In Proceedings of CANS 2005[C], LNCS 3810. Springer-Verlag, 2005. 110-119.
[44] X. G. Cheng, J. M. Liu, and X. M. Wang. Identity-Based Aggregate and Verificably Encrypted Signatures from Bilinear Pairing. In Proceedings of ICCSA 2005[C], LNCS 3483. Springer-Verlag, 2005, 1046-1054.
[45] C. Gentry and Z. Ramzan. Identity-Based Aggregate Signatures. In Proceedings of PKC 2006[C], LNCS 3958. Springer-Verlag, 2006, 252-273.
[46] D. Boneh, X. Ding, and G. Tsudik. Identity based encryption using mediated RSA. In proceedings of the 3 th Workshop on Information Security Application, 2002.
[47] S. S. Al-Riyami and K.G. Paterson. Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer-Verlag (2003).
[48] S. Goldwasser and S. Micali. Probabilitic encryption and how to play mental poker keeping secret all partial information. Proceedings of the 14th ACM Symposium on Theory of Computing, 1982: 365-377.
[49] S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 1988, 17(2): 281-308.
[50] D. Pointcheval and J. Stern. Security proofs for signature schemes[C]. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer- Verlag (1996).
[51]王萼芳.《有限群论基础》[M].北京:清华大学出版社, 2002年.
[52] K. S. McCurley. The discrete logarithm problem[A]. Cryptology and computational number theory. Vol 42 of preceedings of symposia in Applied Mathematics[C], American Mathematical Society, 1990.
[53] D. E. Knuth. The art of computer programming seminumerical algorithms [J]. Vol. 2, Reading, MA: Addison-wesley, Second edition, 1981.
[54] S. C. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance[J].IEEE Transactions on Information Theory, 1978, Vol. 24:106- 110.
[55] D. Coppersmith, A. Odlyzko, and R. Schroeppel. Discrete logarithms in GF (p) [J]. Algorithmica, 1986, Vol.1:1-15.
[56] L. Adleman. The function field sieve[J]. Algorithmic Number Theory, 1994, LNCS 877: 108-121.
[57] A. J. Menezes. Elliptic Curve public key cryptosystem [M]. KLuwer Academic Publishers, 1993.
[58] D. Boneh and M. Franklin. Identity-based encryption from the weil pairing [A]. Advances in cryptology-Crypto 2001[C], LNCS 2139, Berlin: Springer-Verlag, 2001: 213–229.
[59] J. H. Silverman. The Arithmetic of Elliptic Curves, Springer-Verlag, New York, 1986.
[60] N. Oblitz. Elliptic curve cryptosystems [J]. Mathematics of computation.1987, Vol 48:203-209.
[61] M. Girault. Self-certified public keys [A]. Advances in cryptology-Eurocrypt'91 [C], Berlin: Springer-Verlag, 1991:491-497.
[62] C. Gentry. Certificate-based encryption and the certificate revocation problem. In E. Bi-ham, editor, Advances in Cryptology . EUROCRYPT 2003, volume 2656 of LNCS, pages 272-293. Springer-Verlag, 2003.
[63] Wenbo Mao(英)(王继林伍前红等译).现代密码学理论与实践[M].北京:电子工业出版社,2004.
[64]黄振杰.具有特殊性质的数字签名体制研究[D].西安:西安电子科技大学博士毕业论文,2005.
[65]明洋.广义指定验证者签名体制的研究和设计[D].西安:西安电子科技大学博士学位论文,2008年.
[66]李艳平.若干安全协议的研究与设计[D].西安:西安电子科技大学博士学位论文,2009年.
[67]冯登国.可证明安全性理论和方法研究[J].软件学报, 2005 , 16(10):1743-1756.
[68] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
[69] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols[A]. ACM Conference on Computer and Communications Security-ACMCCS’93[C], ACM Press, 1993: 62-67.
[70] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of the ACM, 2004, 51(4): 557-594.
[71] D. Pointcheval. Asymmetric cryptography and practical security. Journal of Telecommunications and Information Technology, 2002, 4: 41-56.
[72] Z. Zhang, D. S. Wong, J. Xu, and D. Feng. Certificateless public-key signature: security model and efficient construction. Applied Cryptography and Network Security-ACNS’06, LNCS 3989, Berlin: Springer-Verlag, 2006: 293–308.
[73] X. Huang, Y. Mu, W. Susilo, D. S. Wong, and W. Wu. Certificateless signature revisited. Information Security and Privacy-ACISP’07, LNCS 4586, Berlin: Springer-Verlag, 2007: 308-322.
[74] D. Boneh, E. Shen, and B. Waters. Strongly unforgeable signatures based on computational Diffie-Hellman. Practice and Theory in Public Key Cryptography-PKC’06, LNCS 3958, Berlin: Springer-Verlag, 2006: 229-240.
[75] X. Huang, W. Susilo, Y. Mu, and F. Zhang. On the security of a certificateless signature scheme from Asiacrypt. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005.LNCS, vol. 3810, pp. 13–25. Springer- Verlag (2005).
[76] D. Yum and P. Lee. Generic construction of certificateless signature. Information Security and Privacy-ACISP’04, LNCS 3108, Berlin: Springer-Verlag, 2004: 200-211.
[77] B. C. Hu, D. S. Wong, Z. Zhang, and X. Deng. Key Replacement Attack Against a Generic Construction of Certificateless Signature. ACISP 2006, LNCS 4058, pp.235-246, Springer-Verlag, 2006.
[78] M. C. Gorantla and A. Saxena. An efficient certificateless signature scheme. Computational Intelligence and Security-CIS’05, LNAI 3802, Berlin:Springer-Verlag, 2005: 110-116.
[79] X. Cao, K. G. Paterson, and W. Kou. An attack on a certificateless signature scheme. Cryptology ePrint Archive, Report 2006/367, 2006. Available from: http://eprint.iacr.org/2006/367.
[80] X. Li, K. Chen, and L. Sun. Certificateless signature and proxy signature schemes from bilinear pairings. Lithuanian Mathematical Journal, 2005, 45(1): 76-83.
[81] W. S. Yap, S. H. Heng, and B. M. Goi. An efficient certificateless signature scheme[C]. Emerging Directions in Embedded and Ubiquitous Computing-EUC’06, LNCS 4097, Berlin: Springer-Verlag, 2006: 322-331.
[82] J. H. Park. An attack on the certificateless signature scheme from EUC Workshops 2006. Cryptology ePrint Archive, Report 2006/442. Available from: http://eprint.iacr.org/2006/442.
[83] J. K. Liu, M. H. Au, and W. Susilo. Self-generated-certificate public key cryptography and certificateless signature / encryption scheme in the standard model. ACM Symposium on Information, Computer and Communications Security-ASIACCS’07, ACM Press, 2007: 273-283.
[84] K. Y. Choi, J. H. Park, J. Y. Hwang, and D. H. Lee. Efficient certificateless signature schemes. Applied Cryptography and Network Security-ACNS’07, LNCS 4521, Berlin: Springer-Verlag, 2007: 443-458.
[85] Lei Zhang, Futai Zhang, and Fangguo Zhang. New Efficient Certificateless Signature Scheme M. Denko et al. (Eds.): EUC Workshops 2007, LNCS 4809, pp. 692–703, 2007.IFIP International Federation for Information Processing 2007.
[86] A. W. Dent. A survey of certificateless encryption schemes and security models[EB/OL]. (2006), http://eprint.iacr.org/2006/211.
[87] S. Chow and W. Yap. Certificateless ring signatures. Cryptology ePrint Archive, Report 2007/236. Available from: http://eprint.iacr.org/2007/236.
[88] M. H. Au, J. Chen, J. K. Liu, Y. Mu, D. S. Wong, and G. Yang. Malicious KGC attacks in certificateless cryptography. In: Proc. of ASIACCS 2007, pp. 302–311 (2007)
[89] L. Zhang, F. Zhang, and W. Wu. A provably secure ring signature scheme in certificateless cryptography. Provable Secuirty-ProvSec’07, LNCS 4784, Berlin: Springer-Verlag, 2007: 103-121.
[90] C. Ma, F. Ao, and D. He. Certificateless group inside signature. InternationalSymposium on Autonomous Decentralized Systems-ISADS'05, IEEE Computer Society, 2005: 194-200.
[91] W. S. Yap, S. M. Chow, S. H. Heng, and B. M. Goi. Security mediated certificateless signatures. Applied Cryptography and Network Security-ACNS’07, LNCS 4521, Berlin: Springer-Verlag, 2007: 459-477.
[92] X. Huang, W. Susilo, Y. Mu, and F. Zhang. Certificateless designated verifier signature schemes. 20th International Conference on Advanced Information Networking and Applications-AINA’06, IEEE Computer Society, 2006: 15-19.
[93] M. Barbosa and P. Farshim. Certicateless Signcryption. (2008), http://eprint.iacr.org /2008/143.
[94] K. Bentahar, P. Farshim, J. M. Lee, and N. P. Smart. Generic constructions of identity-based and certificateless KEMs. IACR Cryptology ePrint Archive, Report 2005/058, 2005.
[95] Z. H. Cheng and R. Comley. Efficient certificateless public key encryption. IACR Cryptology ePrint Archive, Report 2005/012, 2005
[96] D. H. Yum and P. J. Lee. Generic construction of certificateless encryption[C]. In ICCSA’04, volume 3043 of LNCS, pages 802–811. Springer, 2004.
[97] J. S. Coron. On the exact security of Full Domain Hash[C]. Advances in Cryptology- Crypto’00[], Lecture Notes in Computer Science, vol.1880, pp. 229-235, Springer-Verlag, 2000.
[98] A. Juels, M. Luby,and R. Ostrovsky. Security of blind digital signatures[C]. Crypto’97, LNCS 1294. Berlin: Springer- Verlag, 1997:150-164.
[99] D. Pointcheval and J. Stern. Provably secure blind signature schemes[C]//Asiacrypt’96, LNCS 1163. Berlin:Springer-Verlag, 1996:252-265.
[100] F. Zhang and K. Kim. Efficient ID-based blind signature and proxy signature from bilinear pairings[C]//ACISP 2003, LNCS 2727. Berlin: Springer-Verlag, 2003: 312-323.
[101] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology[J].2000, 13(3): 361–396.
[102] D. Pointcheval. Strengthened security for blind signatures[C]// Eurocrypt 1998, LNCS 1403. Berlin: Springer-Verlag, 1998: 391–405.
[103] F. Zhang and K. Kim. ID-based blind signature and ring signature from pairings[C]//Asiacrpt 2002, LNCS 2501. Berlin: Springer-Verlag, 2002: 533-547.
[104] A. Boldyreva. Threshold Signature, Multi- signature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme[C]// PKC’03, LNCS 2567. Berlin: Springer-Verlag, 2003:31-46.
[105] T. Okamoto. Efficient blind and partially blind signatures without random oracles[C]//TCC 2006, LNCS 3876. Berlin: Springer-Verlag, 2006:80–99.
[106] C. I. Fan and C. L. Lei. Eficient blind signature scheme based on quadratic residues. Electronics Letters, 1996 , 32(9):811-813.
[107] J. Camenisch, J. Piveteau,and M. Stadler. Blind signatures based on the discrete logarithm problem. A dvancesin Cryptology - EUROCRYPT'94, LNCS 950, Springer -Verlag, Berlin, 1994, pp.428-432.
[108] D. Pointcheva1 and J. Stern. New blinds Signatures equlivalent to factorization. Proceedings of the 4th ACM Conference on Computer and Communication Security, ACM Press,1997, pp.92-99.
[109]张方国,王常杰,王育民.基于椭圆曲线的数字签名与盲签名.通信学报,2001, 22(8): 22-28.
[110] M. Stadler and M. Piveteau, and J. Camenisch. Fair blind signatures. Eurocrypt-95, LNCS 921, Springer Verlag, pp. 209-219, 1995.
[111] S. Lal and A. Awasthi. Proxy blind signature scheme. http://www.iacr.org /2003 / 072.
[112] A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: a scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[113] W. Juang and C. Lei. Blind threshold signatures based on discrete logarithm. Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172 -181.
[114] M. Abe and T. Okamoto. Provably secure partially blind signatures[C]. CRYPTO’00.USA: Springer-Verlag, 2000, LNCS 1880:271–286.
[115] S. S. M. Chow, L. C. K. Hui, S. M. Yiu, and K. P. Chow. Two improved partially blind signature schemes from bilinear pairings[C]. ACISP’05. Brisbane: Springer-Verlag, 2005, LNCS 3574: 316–328.
[116] H. Huang and C. Chang. A new design of efficient partially blind signature scheme. The Journal of Systems and Software [J], 2003, 73(3): 397-403.
[117] G. Maitland and C. Boyd. A Provably Secure Restrictive Partially Blind Signature Scheme[C]. PKC’02. Paris: Springer-Verlag, 2002, LNCS 2274:99– 114.
[118] F. Zhang, R. Safavi-Naini, and W. Susilo. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings[C]. INDOCRYPT’03. India: Springer-Verlag, 2003, LNCS 2904:191–204.
[119] T. Cao, D. Lin, and R. Xue. A randomized RSA- based partially blind signature scheme for electronic cash. Computers and Security[J]. 2005,24(1): 44-49.
[120] F. Zhang, X. Chen. Cryptanalysis of Huang-Chang partially blind signature scheme. The Journal of Systems and Software[J]. 2005, 76(3): 323-325
[121] X. Chen, F. Zhang, Y. Mu, and W. Susilo. Efficient provably secure restrictive partially blind signatures from bilinear pairings[C]. Financial Cryptography and Date Security 06, Anguilla: Springer-Verlag, 2006, LNCS 4107:251-265.
[122] X. Chen, F. Zhang, and S. Liu. ID-based restrictive partially blind signatures and applications. Journal of System and Software[J], 2007, 80(2): 164-171.
[123] Q. Wu, W. Susilo, Y. Mu, and F. Zhang. Efficient partially blind signatures with provable security[C].ICCSA’07.Berlin: Springer-Verlag, 2007, LNCS 4707: 1096–1105.
[124] C. Laih, J. Lee and L. Ham, et al. A new scheme for ID-based cryptosystem and signature. INFOCOM'89.Proceedings of the Eighth Annual Joint Conference of The IEEE Computer and Communications Societies. Technology: Emerging or Converging? IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[125] C. Chang and C. Lin. An ID-based signature scheme based upon Robin's public key cryptosystem. Proceedins 25th Annual IEEE International Carnahan Conference on Security Technology, October1-3,1991, pp.139-141.
[126] T. Nishioka, Q. Hanaoka, and H. Imai. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop, ISW'99, L NCS 1729, Springer- Verlag, Berlin,1999, pp.259-270.
[127] A. J. Menezes, T. Okamoto, and S. A. Vanstone. Reducing elliptic curve logarithms to a finite field. IEEE Trans. Info. Theory, 39:1636-1646,1983.
[128] D. Boneh and M. Franklin. Identity-based Encryption from the Weil Pairing[ C ]. J. Kilian. Advances in Cryptology-CRYPTO 2001, LNCS 2139 Sp ringer-Verlag, 2001. 213-229.
[129]秦波.基于对的群体密码学研究[D].西安:西安电子科技大学博士学位论文,2008年.
[130] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Asiacrypt’01, LNCS 2248, pp. 514-532. Springer-Verlag, 2001.
[131] F. Zhang, R. Safavi-Naini, and W. Susilo. An efficient signature scheme from bilinear pairings and its applications. Practice and Theory in Public Key Cryptography-PKC’04, LNCS 2947, Berlin: Springer-Verlag, 2004: 277-290.
[132] D. Boneh and X. Boyen. Short signatures without random oracles. Advances in Cryptology-Eurocrypt’04, LNCS 3027, Berlin: Springer-Verlag, 2004: 56-73.
[133] J. Xu, Z. F. Zhang, and D. D. Feng. Identity-based aggregate signatures from bilinear pairing. In Proceedings of CANS 2005[C], LNCS 3810. Springer-Verlag, 2005. 110-119.
[134] X. G. Cheng, J. M. Liu, and X. M. Wang. Identity-based aggregate and verificably encrypted signatures from bilinear pairing. In Proceedings of ICCSA 2005[C], LNCS 3483. Springer-Verlag, 2005, 1046-1054.
[135] C. Gentry and Z. Ramzan. Identity-based aggregate signatures. In Proceedings of PKC 2006[C], LNCS 3958. Springer-Verlag, 2006, 252-273.
[136] D. Boneh, X. Ding, and G. Tsudik. Identity based encryption using mediated RSA. In proceedings of the 3 th Workshop on Information Security Application, 2002.
[137] Xiangguo Cheng, Lifeng Guo,and Xinmei Wang. An Identity-based Mediated Signature Scheme from Bilinear Pairing. International Journal of Network Security, Vol.2, No.1, PP.29–33, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/)
[138] R. Hously. et al. "Internet X.509 Public Key Infrastructure Certificate and CRL Profile." IETF RFC 2459,1999. http://www.ietf.org/rfc/rfc2459.html.
[139] M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams.“X.509 Internet PKI Online Certificate Status Protocol– OCSP”.IETF RFC 2560, June 1999.
[140] D. Boneh, X. Ding, G. Tsudik, and C. Wong. A method for fast revocation of public key certificates and security capabilities. in Proceedings of the 10th USENIX Security Symposium, Washington D. C.,pp. 297-308, 2001.
[141] X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. In Proceedings of CT-RSA’03, LNCS, Springer-Verlag, 2003.
[142] O. JoongHyo, L. KyungKeun, and M. SangJae. How to Solve Key Escrow and Identity Revocation in Identity-Based Encryption Schemes. S. Jajodia and C. Mazumdar (Eds.): ICISS 2005, LNCS 3803, pp. 290–303, 2005. Springer-Verlag Berlin Heidelberg 2005.
[143] W. S. Yap, S. M. Sherman, S. H. Heng, and B. M. Goi1. Security Mediated Certificateless Signatures. J. Katz and M. Yung (Eds.): ACNS 2007, LNCS 4521, pp. 459–477, 2007. Springer-Verlag Berlin Heidelberg 2007.
[144] S. S. M. Chow, C. Boyd, and J. M. G. Nieto. Security Mediated Certificateless Cryptography. In Proceedings of PKC 2006, LNCS 3958, pp. 508-524.
[145] H. S. Ju, D. Y. Kim, D. H. Lee, J. Lim, and K. Chun. Efficient Revocation of Security Capability in Certificateless Public Key Cryptography. In Knowledge-Based Intelligent Information and Engineering Systems 2005, LNAI 3682, pp. 453-459.
[146] M. Scott, N. Costigan, and W. Abdulwahab. Implementing Cryptographic Pairings on Smartcards L. Goubin and M. Matsui (Eds.): CHES 2006, LNCS 4249, pp. 134–147, 2006.
[147] W. S. Yap, S. H. Heng, and B. M. Goi. On the Security of an Identity-Based Aggregate Signature Scheme. In Proceedings of the 22nd International Conference on Advanced Information Networking and Applications– Workshops(AINAW), Ginowan, Okinawa. IEEE Computer Society, 2008, 1523-1528.
[148] K. G. Paterson, G. Price. A comparison between traditional public key infrastructures and identity-based cryptography[J]. Information Security Techn Ical Report, 2003, 8 (3) : 57-72.
[149] J. Camenisch. Group signature schemes and payment systems based on the discrete logarithm problem[D]. ETH-Series in Information Security Cryptography, Vol.2, Hartung-Gorre Verlag, Konstanz, 1998.
[150] J. M. Pollard. A Monte Carlo method for factorization[J]. BIT, 1975, 15: 331-334.
[151]王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进[J].通信学报,2008,29(5):88-92.
[152] C. Rafael and D. Ricardo. Two notes on the security of certificateless Signature [A]. Provsec 2007[C]. Springer-Verlag, 2007. 85-102.
[2] W. Diffie and M. Hellman. New directions in cryptography[C]. IEEE Transactions on Information Theory, 1976,11,22 (6):644-654
[3] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems.Communications of ACM, 1978, 21(2):120-126.
[4] T. EIGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory,1985, IT 31(4):469-472.
[5] C. P. Schnorr. Efficient identification and signatures for smart cards. Advances in Cryptology - CRYPTO '89, LNCS 435, Springer-Verlag,Berlin,1990, pp .239-252.
[6] M. Rabin. Digital signatures and public-key functions as intractable as factorization. MITLab of Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
[7] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S.Department of Commerce, May1994.
[8] T.Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology - CRYPTO'92, LNCS 740, Springer-Verlag, Berlin, 1992, pp 31-53.
[9] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to Identification and signature problems. Advances in Cryptology-CRYPTO'86, LNCS 263, Springer-Verlag, Berlin, 1986, pp.186-194.
[10] D. Chaum. Blind signatures for untraceable payments[C]// Crypto’82, New York, Plenum Press, 1983:199-203.
[11] M. Abe and E. Fujisaki. How to date blind signatures[C]. ASIACRYPT’96. Springer-Verlag, 1996, LNCS 1163:244–251.
[12] A. Shamir. Identity-based Cryptosystems and Signature Schemes[A]. Advances in Cryp- tology-Crypto84[C]: LNCS 196. Berlin: Springer-Verlag, 1984, 47-53.
[13] D. Boneh, C. Gentry, B. Lynn,and H. Shacham. Aggregate and Verificably Encrypted Signatures from Bilinear Maps[C]. In Proceedings of EUROCRYPT2003, LNCS 2656. Springer-Verlag, 2003, 416-432.
[14] S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm., 18(4):582-592, April 2000.
[15] M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures for delegating signing operation. Proceedings of the 3rd ACM Conference on Computer and Communications Security (CCS). ACM, pp.48-57, 1996.
[16] Y. Desmedt and Y. Frankel. Threshold cryptosystems[C]. In Advances in Cryptology- Crypto’89, pages 307-315. LNCS 435.Springer-Verlag,1989.
[17] D. Chaum and E. van Heyst. Group signatures. In D.W. Davies, editor, Proceedings of Eurocrypt 1991, LNCS 547, pp.257-65, Springer-Verlag, Apr.1991.
[18] D.Chaum. Designated Confirmer Signatures. Proc. of Eurocrypt’94, LNCS 950,Springer-Verlsg. Berlin,1994, pp.86-91.
[19] Y. Dodis, J. Katz, Xu S, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003. LNCS 2567, pp.130-144,Springer-Verlag,2003.
[20] K. Itakura and K. Nakamura. A public key cryptosystem suitable for digital Multi-signature. NEC Research and Development, 1983, (71):1-8.
[21] D. Chaum and H. van Antwerpen. Undeniable signatures. Advances in Cryptology-CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.212-216.
[22] S. Even, O. Goldreich, and S. Micali. On-line/Off-line digital signatures. Advances in Cryptology—CRYPTO’89, LNCS 435, Springer—Verlag,Berlin,1990, pp.263-277.
[23] A. Fiat . Batch RSA. Advances in Cryptology—CRYPTO’89, LNCS 435, Springer-Verlag,Berlin,1990,pp.175-185.
[24] M. DeSoete, J. J. Quisquater, and K. Vedder. A signature with shared verification Scheme. Advances in Cryptology-CRYPTO’89,LNCS 435, Springer- Verlag, Berlin, 1990, pp.253-262.
[25] Z. Huang, K. Chen, and Y. Wang. Efficient identity-based signatures and blind signatures. International Conference on Cryptology and Network Security-CANS’05, LNCS 3810, Berlin: Springer-Verlag, 2005: 120-133.
[26] P. S. L. M. Barreto, B. Libert, N. McCullagh, and J. J. Quisquater. Efficient and provably-secure identity-based signatures and signcryption from Bilinear Maps. Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 515-532.
[27] K. G. Paterson and J. C. N. Schuldt. Efficient identity-based signatures scheme inthe standard model. Information Security and Privacy-ACISP’06, LNCS 4058, Berlin: Springer-Verlag, 2006: 207-222.
[28] R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security-SCIS’00, Okinawa, Japan, 2000: 26-28.
[29] U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptography, 1988, 1(2): 77-94.
[30] L. Guillou and J. Quisquater. A“paradoxical”identity-based signature scheme resulting from zero knowledge. Advances in Cryptology-Crypto’88, LNCS 403, Berlin: Springer-Verlag, 1990: 216-231.
[31] T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology-Crypto’92, LNCS 740, Berlin: Springer-Verlag, 1992: 31-53.
[32] A. Joux.A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium,ANTS-IV,LNCS 1838,Springer-Verlag,Berlin,2000,PP.385—394.
[33] P. S. L. M. Barreto. The Pairing-Based Crypto Lounge. http://paginas.terra.com.br/informatica/paulobarreto/pblounge.html, 2007.
[34] K. G. Paterson. ID-based signatures from pairings on elliptic curves. Electronics Letters, 2002, 38 (18): 1025-1026.
[35] F. Hess. Efficient identity based signature schemes based on pairings. Selected Areas in Cryptography-SAC’02, LNCS 2595, Berlin: Springer-Verlag, 2003: 310-324.
[36] J. Cha and J. Choen. An identity-based signature from gap Diffie-Hellman groups. Practice and Theory in Public Key Cryptography-PKC’03, LNCS 2567, Berlin: Springer-Verlag, 2003: 18-30.
[37] H. J. Yoon, J. H. Cheon, and Y. Kim. Batch verifications with ID-based signatures. International Conference on Information Security and Cryptology-ICISC’04, LNCS 3506, Berlin: Springer-Verlag, 2005: 233-248.
[38] Z. Huang, K. Chen, and Y. Wang. Efficient identity-based signatures and blind signatures. International Conference on Cryptology and Network Security -CANS’05, LNCS 3810, Berlin: Springer-Verlag, 2005: 120-133.
[39] P. S. L. M. Barreto, B. Libert, N. McCullagh, and J. J. Quisquater. Efficient andprovably-secure identity-based signatures and signcryption from Bilinear Maps. Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 515-532.
[40] K. G. Paterson and J. C. N. Schuldt. Efficient identity-based signatures scheme in the standard model. Information Security and Privacy-ACISP’06, LNCS 4058, Berlin: Springer-Verlag, 2006: 207-222.
[41] S. Cui, P. Duan, C. Chan, and X. Cheng. An efficient identity-based signature scheme and its applications. International Journal of Network Security, 2007, 5(1): 89-98.
[42]程相国,刘景美,王新梅. m-挠群上一种基于身份的聚合签名方案[J].西安电子科技大学学报,2005,32(3):427-431.
[43] J. Xu, Z. F. Zhang, and D. D. Feng. Identity-Based Aggregate Signatures from Bilinear Pairing. In Proceedings of CANS 2005[C], LNCS 3810. Springer-Verlag, 2005. 110-119.
[44] X. G. Cheng, J. M. Liu, and X. M. Wang. Identity-Based Aggregate and Verificably Encrypted Signatures from Bilinear Pairing. In Proceedings of ICCSA 2005[C], LNCS 3483. Springer-Verlag, 2005, 1046-1054.
[45] C. Gentry and Z. Ramzan. Identity-Based Aggregate Signatures. In Proceedings of PKC 2006[C], LNCS 3958. Springer-Verlag, 2006, 252-273.
[46] D. Boneh, X. Ding, and G. Tsudik. Identity based encryption using mediated RSA. In proceedings of the 3 th Workshop on Information Security Application, 2002.
[47] S. S. Al-Riyami and K.G. Paterson. Certificateless public key cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer-Verlag (2003).
[48] S. Goldwasser and S. Micali. Probabilitic encryption and how to play mental poker keeping secret all partial information. Proceedings of the 14th ACM Symposium on Theory of Computing, 1982: 365-377.
[49] S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 1988, 17(2): 281-308.
[50] D. Pointcheval and J. Stern. Security proofs for signature schemes[C]. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer- Verlag (1996).
[51]王萼芳.《有限群论基础》[M].北京:清华大学出版社, 2002年.
[52] K. S. McCurley. The discrete logarithm problem[A]. Cryptology and computational number theory. Vol 42 of preceedings of symposia in Applied Mathematics[C], American Mathematical Society, 1990.
[53] D. E. Knuth. The art of computer programming seminumerical algorithms [J]. Vol. 2, Reading, MA: Addison-wesley, Second edition, 1981.
[54] S. C. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance[J].IEEE Transactions on Information Theory, 1978, Vol. 24:106- 110.
[55] D. Coppersmith, A. Odlyzko, and R. Schroeppel. Discrete logarithms in GF (p) [J]. Algorithmica, 1986, Vol.1:1-15.
[56] L. Adleman. The function field sieve[J]. Algorithmic Number Theory, 1994, LNCS 877: 108-121.
[57] A. J. Menezes. Elliptic Curve public key cryptosystem [M]. KLuwer Academic Publishers, 1993.
[58] D. Boneh and M. Franklin. Identity-based encryption from the weil pairing [A]. Advances in cryptology-Crypto 2001[C], LNCS 2139, Berlin: Springer-Verlag, 2001: 213–229.
[59] J. H. Silverman. The Arithmetic of Elliptic Curves, Springer-Verlag, New York, 1986.
[60] N. Oblitz. Elliptic curve cryptosystems [J]. Mathematics of computation.1987, Vol 48:203-209.
[61] M. Girault. Self-certified public keys [A]. Advances in cryptology-Eurocrypt'91 [C], Berlin: Springer-Verlag, 1991:491-497.
[62] C. Gentry. Certificate-based encryption and the certificate revocation problem. In E. Bi-ham, editor, Advances in Cryptology . EUROCRYPT 2003, volume 2656 of LNCS, pages 272-293. Springer-Verlag, 2003.
[63] Wenbo Mao(英)(王继林伍前红等译).现代密码学理论与实践[M].北京:电子工业出版社,2004.
[64]黄振杰.具有特殊性质的数字签名体制研究[D].西安:西安电子科技大学博士毕业论文,2005.
[65]明洋.广义指定验证者签名体制的研究和设计[D].西安:西安电子科技大学博士学位论文,2008年.
[66]李艳平.若干安全协议的研究与设计[D].西安:西安电子科技大学博士学位论文,2009年.
[67]冯登国.可证明安全性理论和方法研究[J].软件学报, 2005 , 16(10):1743-1756.
[68] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
[69] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols[A]. ACM Conference on Computer and Communications Security-ACMCCS’93[C], ACM Press, 1993: 62-67.
[70] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of the ACM, 2004, 51(4): 557-594.
[71] D. Pointcheval. Asymmetric cryptography and practical security. Journal of Telecommunications and Information Technology, 2002, 4: 41-56.
[72] Z. Zhang, D. S. Wong, J. Xu, and D. Feng. Certificateless public-key signature: security model and efficient construction. Applied Cryptography and Network Security-ACNS’06, LNCS 3989, Berlin: Springer-Verlag, 2006: 293–308.
[73] X. Huang, Y. Mu, W. Susilo, D. S. Wong, and W. Wu. Certificateless signature revisited. Information Security and Privacy-ACISP’07, LNCS 4586, Berlin: Springer-Verlag, 2007: 308-322.
[74] D. Boneh, E. Shen, and B. Waters. Strongly unforgeable signatures based on computational Diffie-Hellman. Practice and Theory in Public Key Cryptography-PKC’06, LNCS 3958, Berlin: Springer-Verlag, 2006: 229-240.
[75] X. Huang, W. Susilo, Y. Mu, and F. Zhang. On the security of a certificateless signature scheme from Asiacrypt. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005.LNCS, vol. 3810, pp. 13–25. Springer- Verlag (2005).
[76] D. Yum and P. Lee. Generic construction of certificateless signature. Information Security and Privacy-ACISP’04, LNCS 3108, Berlin: Springer-Verlag, 2004: 200-211.
[77] B. C. Hu, D. S. Wong, Z. Zhang, and X. Deng. Key Replacement Attack Against a Generic Construction of Certificateless Signature. ACISP 2006, LNCS 4058, pp.235-246, Springer-Verlag, 2006.
[78] M. C. Gorantla and A. Saxena. An efficient certificateless signature scheme. Computational Intelligence and Security-CIS’05, LNAI 3802, Berlin:Springer-Verlag, 2005: 110-116.
[79] X. Cao, K. G. Paterson, and W. Kou. An attack on a certificateless signature scheme. Cryptology ePrint Archive, Report 2006/367, 2006. Available from: http://eprint.iacr.org/2006/367.
[80] X. Li, K. Chen, and L. Sun. Certificateless signature and proxy signature schemes from bilinear pairings. Lithuanian Mathematical Journal, 2005, 45(1): 76-83.
[81] W. S. Yap, S. H. Heng, and B. M. Goi. An efficient certificateless signature scheme[C]. Emerging Directions in Embedded and Ubiquitous Computing-EUC’06, LNCS 4097, Berlin: Springer-Verlag, 2006: 322-331.
[82] J. H. Park. An attack on the certificateless signature scheme from EUC Workshops 2006. Cryptology ePrint Archive, Report 2006/442. Available from: http://eprint.iacr.org/2006/442.
[83] J. K. Liu, M. H. Au, and W. Susilo. Self-generated-certificate public key cryptography and certificateless signature / encryption scheme in the standard model. ACM Symposium on Information, Computer and Communications Security-ASIACCS’07, ACM Press, 2007: 273-283.
[84] K. Y. Choi, J. H. Park, J. Y. Hwang, and D. H. Lee. Efficient certificateless signature schemes. Applied Cryptography and Network Security-ACNS’07, LNCS 4521, Berlin: Springer-Verlag, 2007: 443-458.
[85] Lei Zhang, Futai Zhang, and Fangguo Zhang. New Efficient Certificateless Signature Scheme M. Denko et al. (Eds.): EUC Workshops 2007, LNCS 4809, pp. 692–703, 2007.IFIP International Federation for Information Processing 2007.
[86] A. W. Dent. A survey of certificateless encryption schemes and security models[EB/OL]. (2006), http://eprint.iacr.org/2006/211.
[87] S. Chow and W. Yap. Certificateless ring signatures. Cryptology ePrint Archive, Report 2007/236. Available from: http://eprint.iacr.org/2007/236.
[88] M. H. Au, J. Chen, J. K. Liu, Y. Mu, D. S. Wong, and G. Yang. Malicious KGC attacks in certificateless cryptography. In: Proc. of ASIACCS 2007, pp. 302–311 (2007)
[89] L. Zhang, F. Zhang, and W. Wu. A provably secure ring signature scheme in certificateless cryptography. Provable Secuirty-ProvSec’07, LNCS 4784, Berlin: Springer-Verlag, 2007: 103-121.
[90] C. Ma, F. Ao, and D. He. Certificateless group inside signature. InternationalSymposium on Autonomous Decentralized Systems-ISADS'05, IEEE Computer Society, 2005: 194-200.
[91] W. S. Yap, S. M. Chow, S. H. Heng, and B. M. Goi. Security mediated certificateless signatures. Applied Cryptography and Network Security-ACNS’07, LNCS 4521, Berlin: Springer-Verlag, 2007: 459-477.
[92] X. Huang, W. Susilo, Y. Mu, and F. Zhang. Certificateless designated verifier signature schemes. 20th International Conference on Advanced Information Networking and Applications-AINA’06, IEEE Computer Society, 2006: 15-19.
[93] M. Barbosa and P. Farshim. Certicateless Signcryption. (2008), http://eprint.iacr.org /2008/143.
[94] K. Bentahar, P. Farshim, J. M. Lee, and N. P. Smart. Generic constructions of identity-based and certificateless KEMs. IACR Cryptology ePrint Archive, Report 2005/058, 2005.
[95] Z. H. Cheng and R. Comley. Efficient certificateless public key encryption. IACR Cryptology ePrint Archive, Report 2005/012, 2005
[96] D. H. Yum and P. J. Lee. Generic construction of certificateless encryption[C]. In ICCSA’04, volume 3043 of LNCS, pages 802–811. Springer, 2004.
[97] J. S. Coron. On the exact security of Full Domain Hash[C]. Advances in Cryptology- Crypto’00[], Lecture Notes in Computer Science, vol.1880, pp. 229-235, Springer-Verlag, 2000.
[98] A. Juels, M. Luby,and R. Ostrovsky. Security of blind digital signatures[C]. Crypto’97, LNCS 1294. Berlin: Springer- Verlag, 1997:150-164.
[99] D. Pointcheval and J. Stern. Provably secure blind signature schemes[C]//Asiacrypt’96, LNCS 1163. Berlin:Springer-Verlag, 1996:252-265.
[100] F. Zhang and K. Kim. Efficient ID-based blind signature and proxy signature from bilinear pairings[C]//ACISP 2003, LNCS 2727. Berlin: Springer-Verlag, 2003: 312-323.
[101] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology[J].2000, 13(3): 361–396.
[102] D. Pointcheval. Strengthened security for blind signatures[C]// Eurocrypt 1998, LNCS 1403. Berlin: Springer-Verlag, 1998: 391–405.
[103] F. Zhang and K. Kim. ID-based blind signature and ring signature from pairings[C]//Asiacrpt 2002, LNCS 2501. Berlin: Springer-Verlag, 2002: 533-547.
[104] A. Boldyreva. Threshold Signature, Multi- signature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme[C]// PKC’03, LNCS 2567. Berlin: Springer-Verlag, 2003:31-46.
[105] T. Okamoto. Efficient blind and partially blind signatures without random oracles[C]//TCC 2006, LNCS 3876. Berlin: Springer-Verlag, 2006:80–99.
[106] C. I. Fan and C. L. Lei. Eficient blind signature scheme based on quadratic residues. Electronics Letters, 1996 , 32(9):811-813.
[107] J. Camenisch, J. Piveteau,and M. Stadler. Blind signatures based on the discrete logarithm problem. A dvancesin Cryptology - EUROCRYPT'94, LNCS 950, Springer -Verlag, Berlin, 1994, pp.428-432.
[108] D. Pointcheva1 and J. Stern. New blinds Signatures equlivalent to factorization. Proceedings of the 4th ACM Conference on Computer and Communication Security, ACM Press,1997, pp.92-99.
[109]张方国,王常杰,王育民.基于椭圆曲线的数字签名与盲签名.通信学报,2001, 22(8): 22-28.
[110] M. Stadler and M. Piveteau, and J. Camenisch. Fair blind signatures. Eurocrypt-95, LNCS 921, Springer Verlag, pp. 209-219, 1995.
[111] S. Lal and A. Awasthi. Proxy blind signature scheme. http://www.iacr.org /2003 / 072.
[112] A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: a scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[113] W. Juang and C. Lei. Blind threshold signatures based on discrete logarithm. Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172 -181.
[114] M. Abe and T. Okamoto. Provably secure partially blind signatures[C]. CRYPTO’00.USA: Springer-Verlag, 2000, LNCS 1880:271–286.
[115] S. S. M. Chow, L. C. K. Hui, S. M. Yiu, and K. P. Chow. Two improved partially blind signature schemes from bilinear pairings[C]. ACISP’05. Brisbane: Springer-Verlag, 2005, LNCS 3574: 316–328.
[116] H. Huang and C. Chang. A new design of efficient partially blind signature scheme. The Journal of Systems and Software [J], 2003, 73(3): 397-403.
[117] G. Maitland and C. Boyd. A Provably Secure Restrictive Partially Blind Signature Scheme[C]. PKC’02. Paris: Springer-Verlag, 2002, LNCS 2274:99– 114.
[118] F. Zhang, R. Safavi-Naini, and W. Susilo. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings[C]. INDOCRYPT’03. India: Springer-Verlag, 2003, LNCS 2904:191–204.
[119] T. Cao, D. Lin, and R. Xue. A randomized RSA- based partially blind signature scheme for electronic cash. Computers and Security[J]. 2005,24(1): 44-49.
[120] F. Zhang, X. Chen. Cryptanalysis of Huang-Chang partially blind signature scheme. The Journal of Systems and Software[J]. 2005, 76(3): 323-325
[121] X. Chen, F. Zhang, Y. Mu, and W. Susilo. Efficient provably secure restrictive partially blind signatures from bilinear pairings[C]. Financial Cryptography and Date Security 06, Anguilla: Springer-Verlag, 2006, LNCS 4107:251-265.
[122] X. Chen, F. Zhang, and S. Liu. ID-based restrictive partially blind signatures and applications. Journal of System and Software[J], 2007, 80(2): 164-171.
[123] Q. Wu, W. Susilo, Y. Mu, and F. Zhang. Efficient partially blind signatures with provable security[C].ICCSA’07.Berlin: Springer-Verlag, 2007, LNCS 4707: 1096–1105.
[124] C. Laih, J. Lee and L. Ham, et al. A new scheme for ID-based cryptosystem and signature. INFOCOM'89.Proceedings of the Eighth Annual Joint Conference of The IEEE Computer and Communications Societies. Technology: Emerging or Converging? IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[125] C. Chang and C. Lin. An ID-based signature scheme based upon Robin's public key cryptosystem. Proceedins 25th Annual IEEE International Carnahan Conference on Security Technology, October1-3,1991, pp.139-141.
[126] T. Nishioka, Q. Hanaoka, and H. Imai. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop, ISW'99, L NCS 1729, Springer- Verlag, Berlin,1999, pp.259-270.
[127] A. J. Menezes, T. Okamoto, and S. A. Vanstone. Reducing elliptic curve logarithms to a finite field. IEEE Trans. Info. Theory, 39:1636-1646,1983.
[128] D. Boneh and M. Franklin. Identity-based Encryption from the Weil Pairing[ C ]. J. Kilian. Advances in Cryptology-CRYPTO 2001, LNCS 2139 Sp ringer-Verlag, 2001. 213-229.
[129]秦波.基于对的群体密码学研究[D].西安:西安电子科技大学博士学位论文,2008年.
[130] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Asiacrypt’01, LNCS 2248, pp. 514-532. Springer-Verlag, 2001.
[131] F. Zhang, R. Safavi-Naini, and W. Susilo. An efficient signature scheme from bilinear pairings and its applications. Practice and Theory in Public Key Cryptography-PKC’04, LNCS 2947, Berlin: Springer-Verlag, 2004: 277-290.
[132] D. Boneh and X. Boyen. Short signatures without random oracles. Advances in Cryptology-Eurocrypt’04, LNCS 3027, Berlin: Springer-Verlag, 2004: 56-73.
[133] J. Xu, Z. F. Zhang, and D. D. Feng. Identity-based aggregate signatures from bilinear pairing. In Proceedings of CANS 2005[C], LNCS 3810. Springer-Verlag, 2005. 110-119.
[134] X. G. Cheng, J. M. Liu, and X. M. Wang. Identity-based aggregate and verificably encrypted signatures from bilinear pairing. In Proceedings of ICCSA 2005[C], LNCS 3483. Springer-Verlag, 2005, 1046-1054.
[135] C. Gentry and Z. Ramzan. Identity-based aggregate signatures. In Proceedings of PKC 2006[C], LNCS 3958. Springer-Verlag, 2006, 252-273.
[136] D. Boneh, X. Ding, and G. Tsudik. Identity based encryption using mediated RSA. In proceedings of the 3 th Workshop on Information Security Application, 2002.
[137] Xiangguo Cheng, Lifeng Guo,and Xinmei Wang. An Identity-based Mediated Signature Scheme from Bilinear Pairing. International Journal of Network Security, Vol.2, No.1, PP.29–33, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/)
[138] R. Hously. et al. "Internet X.509 Public Key Infrastructure Certificate and CRL Profile." IETF RFC 2459,1999. http://www.ietf.org/rfc/rfc2459.html.
[139] M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams.“X.509 Internet PKI Online Certificate Status Protocol– OCSP”.IETF RFC 2560, June 1999.
[140] D. Boneh, X. Ding, G. Tsudik, and C. Wong. A method for fast revocation of public key certificates and security capabilities. in Proceedings of the 10th USENIX Security Symposium, Washington D. C.,pp. 297-308, 2001.
[141] X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. In Proceedings of CT-RSA’03, LNCS, Springer-Verlag, 2003.
[142] O. JoongHyo, L. KyungKeun, and M. SangJae. How to Solve Key Escrow and Identity Revocation in Identity-Based Encryption Schemes. S. Jajodia and C. Mazumdar (Eds.): ICISS 2005, LNCS 3803, pp. 290–303, 2005. Springer-Verlag Berlin Heidelberg 2005.
[143] W. S. Yap, S. M. Sherman, S. H. Heng, and B. M. Goi1. Security Mediated Certificateless Signatures. J. Katz and M. Yung (Eds.): ACNS 2007, LNCS 4521, pp. 459–477, 2007. Springer-Verlag Berlin Heidelberg 2007.
[144] S. S. M. Chow, C. Boyd, and J. M. G. Nieto. Security Mediated Certificateless Cryptography. In Proceedings of PKC 2006, LNCS 3958, pp. 508-524.
[145] H. S. Ju, D. Y. Kim, D. H. Lee, J. Lim, and K. Chun. Efficient Revocation of Security Capability in Certificateless Public Key Cryptography. In Knowledge-Based Intelligent Information and Engineering Systems 2005, LNAI 3682, pp. 453-459.
[146] M. Scott, N. Costigan, and W. Abdulwahab. Implementing Cryptographic Pairings on Smartcards L. Goubin and M. Matsui (Eds.): CHES 2006, LNCS 4249, pp. 134–147, 2006.
[147] W. S. Yap, S. H. Heng, and B. M. Goi. On the Security of an Identity-Based Aggregate Signature Scheme. In Proceedings of the 22nd International Conference on Advanced Information Networking and Applications– Workshops(AINAW), Ginowan, Okinawa. IEEE Computer Society, 2008, 1523-1528.
[148] K. G. Paterson, G. Price. A comparison between traditional public key infrastructures and identity-based cryptography[J]. Information Security Techn Ical Report, 2003, 8 (3) : 57-72.
[149] J. Camenisch. Group signature schemes and payment systems based on the discrete logarithm problem[D]. ETH-Series in Information Security Cryptography, Vol.2, Hartung-Gorre Verlag, Konstanz, 1998.
[150] J. M. Pollard. A Monte Carlo method for factorization[J]. BIT, 1975, 15: 331-334.
[151]王化群,徐名海,郭显久.几种无证书数字签名方案的安全性分析及改进[J].通信学报,2008,29(5):88-92.
[152] C. Rafael and D. Ricardo. Two notes on the security of certificateless Signature [A]. Provsec 2007[C]. Springer-Verlag, 2007. 85-102.