基于双线性配对的加密方案及密钥协商协议
|
摘要
2000年,Sakai等学者,以及Joux分别开创性地利用双线性配对构造出静态(非交互式)身份基密钥共享方案和一轮三方密钥协商协议,解决了公钥密码学界的两个著名难题。从那以后,双线性配对作为一种基本工具在设计崭新密码方案方面的有效作用不断被挖掘出来,出现了大量新颖而又实用的密码方案。例如,身份基加密方案、无证书加密方案、短签名方案、双方及多方身份基密钥协商协议等等。
利用双线性配对构造各种新型密码方案的研究,是当前公钥密码学研究领域的一个热点。另外,基于计算复杂性理论的可证安全技术也已成为分析这些新提出方案安全性的一种必要手段。本文工作围绕基于双线性配对的新型密码方案的设计与可证安全展开,主要研究内容分为两大部分:(1)公钥加密方案,包括身份基加密方案和可托管公钥加密方案;(2)双方身份基认证密钥协商协议,分别包括随机预言模型下和标准模型下安全的协议。主要研究成果如下:
一、高效身份基加密方案的设计与分析。深入探讨了身份基加密方案的实际应用场景,即多管理域环境。基于Sakai-Ohgishi-Kasahara身份基密钥抽取方法,我们提出了一个新的身份基加密方案。在我们的新方案中,加密者可以在获得意定解密者所属域的主公钥之前离线预先加密明文,因此它比著名的Boneh-Franklin方案在多域环境下更为实用和高效,且与后者具有相同的安全级别,即它们的安全性都基于标准双线性Diffie-Hellman (BDH)假设。我们还详细讨论了该身份基加密方案的多种应用,包括:全局托管ElGamal加密、多接收者身份基加密以及身份基代理重加密等。其中,我们提出的多接收者身份基加密方案比Baek等学者的方案在多域环境下具有更好的扩展性。并且,我们提出的身份基代理重加密方案成功解决了Green-Ateniese方案不能抵抗合谋攻击的问题。它同时也是第一个能够抵抗合谋攻击的基于密钥分割策略的代理重加密方案。
二、可托管公钥加密方案的设计与分析。提出了两个高效的可托管公钥加密方案(即带有两个解密密钥的公钥加密方案)。其中,我们提出的第二个方案是现有文献中所有同类方案中最为高效的一个,它使得用户的密钥存储空间以及公钥长度降到最低,且去除了加密过程中的配对运算,并能对明文进行离线预先加密。除此之外,它也是第一个可证安全的可托管公钥加密方案,它的安全性基于标准双线性Diffie-Hellman(BDH)假设。
三、随机预言模型下身份基认证密钥协商协议的设计与分析。首次建立了认证Diffie-Hellman协议和身份基认证密钥协商协议之间的对应关系,提出了一种有效的协议平行设计方法。系统研究了身份基认证密钥协商协议的前向安全属性,继而提出了一个在托管模式下(即无PKG前向安全)达到完美前向安全的身份基认证密钥协商协议。在考虑预先计算的情形下,所提新协议比Wang的协议更为高效。并且,我们利用模块化证明方法,严格证明了所提新协议的基本安全属性及完美前向安全性。
四、标准模型下身份基认证密钥协商协议的设计与分析。利用Gentry身份基加密方案,提出了第一个在标准模型下可证安全的身份基认证密钥协商协议。并且,我们还给出了所提基本协议在无托管模式下的扩展。
In 2000, Sakai et al. and Joux independently found that bilinear pairings could be usedin constructive ways to build new cryptographic schemes, by presenting an identity-basedkey sharing scheme and a one-round tripartite key agreement protocol, respectively. Fromthen on, numerous novel and practical schemes has been proposed using bilinear pairings,such as identity-based encryption (IBE) schemes, short signature schemes and two-partyidentity-based key agreement protocols.
Bilinear pairings have been used intensively as an important tool to design new crypto-graphic schemes, and recently this area has become a hot spot in public key cryptography.Besides, provable security based on complexity theory has become a prevailing method toevaluate the security of those newly proposed schemes. This thesis focuses on the designand analysis of new pairing-based cryptographic schemes, which is divided into two distinctparts. The first part studies public key encryption schemes, including identity-based encryp-tion schemes and public encryption schemes with two private keys. The second part exploresthe design and analysis of identity-based authenticated key agreement protocols, includingprotocols secure in the random oracle model and the standard model, respectively. The maincontributions of the thesis are as follows:
1. The design and analysis of efficient identity-based encryption schemes. Firstly, we in-vestigate the real-world application setting for identity-based encryption schemes, i.e.,the multiple administrator domain environment, and then we propose a new provably-secure scheme based on the Sakai-Ohgishi-Kasahara private-key extraction algorithm.In the new scheme, the encryptor can have the pairing computation pre-computedoff-line and hence is more practical than the famous Boneh-Franklin scheme in themulti-domain environment. We also discuss its applications in global escrow ElGamalencryption, multi-receiver identity-based encryption and proxy re-encryption settings.Notably, our identity-based proxy re-encryption scheme solves the collusion attackproblem in the Green-Ateniese scheme, and to the best our knowledge, ours is the firstsuch scheme that employs the so-called key sharing strategy.
2. The design and analysis of escrowable public key encryption schemes (i.e. public-key encryption schemes with two decryption keys). We propose two efficient suchschemes. And, our second scheme is the most efficient one among all the existingconstructions in the literature. It eliminates pairing evaluation in the encryption pro-cedure and at the same time enables off-line pre-encryption. Besides, it is the firstprovably-secure escrowable public key encryption scheme and its security is based onthe standard bilinear Diffie-Hellman (BDH) assumption.
3. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the random oracle model. For the first time, we establish a close rela-tions between authenticated Diffie-Hellman protocols and identity-based authenticatedkey agreement protocols. We put forward a parallel design methodology for identity-based authenticated key agreement protocols. We investigate the forward secrecy ofthe identity-based authenticated key agreement protocols and propose a new efficientprotocol which achieves perfect forward secrecy in the escrowed mode. When pre-computation is possible, our new protocol is more efficient that that of Wang. Lastly,we strictly proved the security of the new protocol by adopting the modular prooftechnique.
4. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the standard model. We propose the first identity-based authenticatedkey agreement protocol that can be proven secure in the standard model. Besides, wealso extend our basic protocol to the escrowless model and the across-domain setting,respectively.
利用双线性配对构造各种新型密码方案的研究,是当前公钥密码学研究领域的一个热点。另外,基于计算复杂性理论的可证安全技术也已成为分析这些新提出方案安全性的一种必要手段。本文工作围绕基于双线性配对的新型密码方案的设计与可证安全展开,主要研究内容分为两大部分:(1)公钥加密方案,包括身份基加密方案和可托管公钥加密方案;(2)双方身份基认证密钥协商协议,分别包括随机预言模型下和标准模型下安全的协议。主要研究成果如下:
一、高效身份基加密方案的设计与分析。深入探讨了身份基加密方案的实际应用场景,即多管理域环境。基于Sakai-Ohgishi-Kasahara身份基密钥抽取方法,我们提出了一个新的身份基加密方案。在我们的新方案中,加密者可以在获得意定解密者所属域的主公钥之前离线预先加密明文,因此它比著名的Boneh-Franklin方案在多域环境下更为实用和高效,且与后者具有相同的安全级别,即它们的安全性都基于标准双线性Diffie-Hellman (BDH)假设。我们还详细讨论了该身份基加密方案的多种应用,包括:全局托管ElGamal加密、多接收者身份基加密以及身份基代理重加密等。其中,我们提出的多接收者身份基加密方案比Baek等学者的方案在多域环境下具有更好的扩展性。并且,我们提出的身份基代理重加密方案成功解决了Green-Ateniese方案不能抵抗合谋攻击的问题。它同时也是第一个能够抵抗合谋攻击的基于密钥分割策略的代理重加密方案。
二、可托管公钥加密方案的设计与分析。提出了两个高效的可托管公钥加密方案(即带有两个解密密钥的公钥加密方案)。其中,我们提出的第二个方案是现有文献中所有同类方案中最为高效的一个,它使得用户的密钥存储空间以及公钥长度降到最低,且去除了加密过程中的配对运算,并能对明文进行离线预先加密。除此之外,它也是第一个可证安全的可托管公钥加密方案,它的安全性基于标准双线性Diffie-Hellman(BDH)假设。
三、随机预言模型下身份基认证密钥协商协议的设计与分析。首次建立了认证Diffie-Hellman协议和身份基认证密钥协商协议之间的对应关系,提出了一种有效的协议平行设计方法。系统研究了身份基认证密钥协商协议的前向安全属性,继而提出了一个在托管模式下(即无PKG前向安全)达到完美前向安全的身份基认证密钥协商协议。在考虑预先计算的情形下,所提新协议比Wang的协议更为高效。并且,我们利用模块化证明方法,严格证明了所提新协议的基本安全属性及完美前向安全性。
四、标准模型下身份基认证密钥协商协议的设计与分析。利用Gentry身份基加密方案,提出了第一个在标准模型下可证安全的身份基认证密钥协商协议。并且,我们还给出了所提基本协议在无托管模式下的扩展。
In 2000, Sakai et al. and Joux independently found that bilinear pairings could be usedin constructive ways to build new cryptographic schemes, by presenting an identity-basedkey sharing scheme and a one-round tripartite key agreement protocol, respectively. Fromthen on, numerous novel and practical schemes has been proposed using bilinear pairings,such as identity-based encryption (IBE) schemes, short signature schemes and two-partyidentity-based key agreement protocols.
Bilinear pairings have been used intensively as an important tool to design new crypto-graphic schemes, and recently this area has become a hot spot in public key cryptography.Besides, provable security based on complexity theory has become a prevailing method toevaluate the security of those newly proposed schemes. This thesis focuses on the designand analysis of new pairing-based cryptographic schemes, which is divided into two distinctparts. The first part studies public key encryption schemes, including identity-based encryp-tion schemes and public encryption schemes with two private keys. The second part exploresthe design and analysis of identity-based authenticated key agreement protocols, includingprotocols secure in the random oracle model and the standard model, respectively. The maincontributions of the thesis are as follows:
1. The design and analysis of efficient identity-based encryption schemes. Firstly, we in-vestigate the real-world application setting for identity-based encryption schemes, i.e.,the multiple administrator domain environment, and then we propose a new provably-secure scheme based on the Sakai-Ohgishi-Kasahara private-key extraction algorithm.In the new scheme, the encryptor can have the pairing computation pre-computedoff-line and hence is more practical than the famous Boneh-Franklin scheme in themulti-domain environment. We also discuss its applications in global escrow ElGamalencryption, multi-receiver identity-based encryption and proxy re-encryption settings.Notably, our identity-based proxy re-encryption scheme solves the collusion attackproblem in the Green-Ateniese scheme, and to the best our knowledge, ours is the firstsuch scheme that employs the so-called key sharing strategy.
2. The design and analysis of escrowable public key encryption schemes (i.e. public-key encryption schemes with two decryption keys). We propose two efficient suchschemes. And, our second scheme is the most efficient one among all the existingconstructions in the literature. It eliminates pairing evaluation in the encryption pro-cedure and at the same time enables off-line pre-encryption. Besides, it is the firstprovably-secure escrowable public key encryption scheme and its security is based onthe standard bilinear Diffie-Hellman (BDH) assumption.
3. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the random oracle model. For the first time, we establish a close rela-tions between authenticated Diffie-Hellman protocols and identity-based authenticatedkey agreement protocols. We put forward a parallel design methodology for identity-based authenticated key agreement protocols. We investigate the forward secrecy ofthe identity-based authenticated key agreement protocols and propose a new efficientprotocol which achieves perfect forward secrecy in the escrowed mode. When pre-computation is possible, our new protocol is more efficient that that of Wang. Lastly,we strictly proved the security of the new protocol by adopting the modular prooftechnique.
4. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the standard model. We propose the first identity-based authenticatedkey agreement protocol that can be proven secure in the standard model. Besides, wealso extend our basic protocol to the escrowless model and the across-domain setting,respectively.
引文
[1] S. S. Al-Riyami. Cryptographic schemes based on elliptic curve pairings. PhD thesis, University ofLondon, 2004.
[2] C. Adams and S. Lloyd. Understanding Public-Key Infrastructure: Concepte, Standards and Deploy-ment Considerations. Macmillan Technical Publishing, 1999.
[3] S.S. Al-Riyami and K.G. Paterson. Certificateless public key cryptography. In Proc. of ASI-ACRYPT’03, LNCS vol. 2894, pp. 452–473, 2003.
[4] P. S. L. M. Barreto. The pairing based crypto lounge. http://planeta.terra. com.br/informatica/ paulo-barreto/pblounge.html.
[5] D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity-Based Encryption Without RandomOracles. In Proc. of EUROCRYPT’04, LNCS vol. 3027, pp. 223–238. Springer, 2004.
[6] D. Boneh and X. Boyen. Secure identity based encryption without random oracles. In Proc. ofCrypto’04, LNCS vol. 3152, pp. 443–459. Springer, 2004.
[7] M. Bellare, A. Boldyreva and A. Palacio. An uninstantiable random oracle model scheme for a hybrid-encryption problem. In Proc. of Eurocrypt’04, LNCS vol. 3027, pp. 171-188, Springer, 2004.
[8] C. Boyd and K.-K. R. Choo. Security of two-party identity-based key agreement. In Proc. of MY-CRYPT’05, LNCS vol. 3715, Springer, pp. 229–243, 2005.
[9] M. Bellare, A. Desai, D. Pointcheval and P. Rogaway. Relation among notions of security for public-key encryption schemes, In Proc. of CRYPTO’98, LNCS vol. 1462, pp. 26–46, Springer, 1998.
[10] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proc. of CRYPTO’01,LNCS vol. 2139, pp. 213–229, Springer, 2001.
[11] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM J. Computing,32(3):586–615, 2003.
[12] S. Blake-Wilson, D. Johnson and A. Menezes. Key agreement protocols and their security analysis.In Proc. of 6th IMA International Conference on Cryptography and Coding, LNCS vol. 1355, pp.30–45. Springer, 1997.
[13] P.S.L.M. Barreto, H.Y. Kim and B. Lynn. Efficient algorithms for pairing-based cryptosystems. InProc. CRYPTO 2002, LNCS vol. 2442, pp. 354–368. Springer, 2002.
[14] P. Barreto, B. Lynn and M. Scott. On the selection of pairing-friendly groups. In Proc. of SAC’03,LNCS vol. 3006, pp. 17–25, Springer, 2004.
[15] S. Blake-Wilson and A. Menezes. Authenticated Diffie-Hellman key agreement protocols. In Proc.of SAC’98, LNCS vol. 1556, pp. 339–361. Springer, 1999.
[16] C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Springer, June 2003.
[17] C. Boyd, W. Mao and K. Paterson. Key agreement using statically keyed authenticators. In Proc. ofACNS 2004, LNCS vol. 3089, pp. 248–262, Springer, 2004.
[18] M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing effiient proto-cols. In Proc. of CCS’93, pp.62–73, ACM press, 1993.
[19] M. Bellare and P. Rogaway. Entity authentication and key distribution. In Proc. of CRYPTO 1993,LNCS vol. 773, pp. 110–125, Springer, 1994.
[20] I. Blake, G. Seroussi and N. Smart. Elliptic Curves in Cryptography. Cambridge University Press,New York, NY, USA, 1999.
[21] J. Baek, R. Safavi-Naini and W. Susilo. Efficient multi-receiver identity-based encryption and itsapplication to broadcast encryption. In Proc. of PKC’05, LNCS vol. 3386, pp. 380–397, Springer,2005.
[22]曹珍富.公钥密码学,哈尔滨,黑龙江教育出版社,1993.
[23] K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland. On session identifiers in provably secureprotocols: The Bellare-Rogaway three-party key distribution protocol revisited. In Proc. of SCN’04,LNCS vol. 3352, pp. 351–366, Springer, 2005.
[24] K.-K. R. Choo, C. Boyd and Y. Hitchcock. On session key construction in provably secure protocols.In Proc. of MYCRYPT’05, LNCS vol. 3715, pp. 116–131. Springer, 2005.
[25] K.-K. R. Choo, C. Boyd and Y. Hitchcock. Errors in computational complexity proofs for protocols.In Proc. of ASIACRYPT’05, LNCS vol. 3788, pp. 624–643, Springer, 2005.
[26] L. Chen and Z. Cheng. Security proof of Sakai-Kasahara’s identity-based encryption scheme. InProc. of 2005 IMA Int. Conf., pp. 442–459, 2005.
[27] L. Chen, Z. Cheng and N. P. Smart. Identity-based key agreement protocols from pairings. Cryptol-ogy ePrint Archive, Report 2006/199.
[28] R. Canetti, O. Goldreich and S. Halevi. The random oracle methodology, revisited. In Proc. ofSTOC’98, pp. 209–218, ACM Press, 1998.
[29] R. Canetti and S. Hohenberger. Chosen-Ciphertext Secure Proxy Re-Encryption. In Proc. of ACM-CCS’007, pp. 185–194, 2007.
[30] Y. J. Choie, E. Jeong and E. Lee. Efficient identity-based authenticated key agreement protocol frompairings. Journal of Applied Mathematics and Computation, 162(1), pp. 179–188, 2005.
[31] R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building securechannels. In Proc. of EUROCRYPT’01, LNCS vol. 2045, pp. 453–474, Springer, 2001.
[32] L. Chen, C. Kudla. Identity based key agreement protocols from pairings. In Proc. of the 16th IEEEComputer Security Foundations Workshop, IEEE Computer Society, pp. 219–213, 2002. (See alsoCryptology ePrint Archive, Report 2002/184.)
[33] Z. Cheng, M. Nistazakis, R. Comley and L. Vasiu. On the indistinguishability-based security modelof key agreement protocols - simple cases. In Proc. of ACNS’04 (technical track). The full paperavailable on Cryptology ePrint Archive, Report 2005/129
[34] C. Cocks. An identity based encryption scheme based on quadratic residues. In Proc. of 8th IMA Int.Conf., LNCS vol. 2260, pp. 360–363, Springer, 2001.
[35] R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptivechosen ciphertext attack. In Proc. of Crypto’98, LNCS vol. 1462, pp. 13-–25, Springer, 1998.
[36] R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secureagainst adaptive chosen ciphertext attack. SIAM Journal of Computing, 33: 167–226, 2003.
[37] S. S. M. Chow, S. M. Yiu, L. C. K. Hui and K. P. Chow. Efficient forward and provably secureID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proc. ofICISC’03, LNCS vol. 2971, pp. 352–369, Springer, 2003.
[38] R. Dutta, R. Barua and Palash Sarkar. Pairing-based cryptographic protocols: a survey. CryptologyePrint Archive, Report 2004/064, 2004.
[39] D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. In Proc. of STOC’91, pp. 542–552,ACM Press, 1991.
[40] W. Diffie, M.E. Hellman. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6), pp.644 -654, 1976.
[41] Y. Dodis and A. Ivan. Proxy cryptography revisited. In Proc. of the Tenth Network and DistributedSystem Security Symposium, Paper No. 14, 2003.
[42] T. Diament, H. K. Lee, A. D. Keromytis and M. Yung. The dual receiver cryptosystem and itsapplications. In Proc. of ACM-CCS’04, pp. 330-343, ACM Press, 2004.
[43] Y. Desmedt and J. J. Quisquater. Public-key systems based on the difficulty of tampering. In Proc.of Crypto’86, LNCS vol. 263, pp. 111–117, Springer, 1986.
[44] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEETrans. Info. Theory, 31(4), pp. 469–472, 1985.
[45] E. Fujisaki and T. Okamoto. How to enhance the security of public-key encryption at minimum cost.IEICE Trans. Fundamentals, E83-9(1):24–32, 2000.
[46] G. Frey, M. Muller and H. Ruck. The tate pairing and the discrete logarithm applied to elliptic curvecryptosystems, 1999.
[47] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signatureproblems. In Proc. of CRYPTO’86, LNCS vol. 263, pp. 186–194, Springer, 1986.
[48] T. Garefalakis. The generalized Weil pairing and the discrete logarithm problem on elliptic curves.Theor. Comput. Sci., 321(1): 59–72, 2004.
[49] M. Green and G. Ateniese. Identity-Based proxy re-encryption. In Proc. of ACNS’07, LNCS vol.4521, pp. 288–306, Springer, 2007.
[50] D. Galindo. Boneh-Franklin identity based encryption revisited. In Proc. of ICALP’05, LNCS vol.3580, pp. 791–802, Springer, 2003.
[51] C. Gentry. Certificate-based encryption and the certificate revocation problem. In Proc. of Euro-rypt’03, LNCS vol. 2656, pp. 272–293, Springer, 2003.
[52] C. Gentry. Practical identity-based encryption without random oracles. In Proc. of EUROCRYPT2006, LNCS vol. 4004, pp. 445–464. Springer, 2006.
[53] M. C. Gorantla, R. Gangishetti and A. Saxena. A survey on ID-based cryptographic primitives.Cryptology ePrint Archive, Report 2005/094, 2005.
[54] S.D. Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing. In Proc. of ANTS-V,LNCS vol. 2369, pp. 324–337. Springer, 2002.
[55] S. Goldwasser and S. Micali. Probabilitic encryption and how to paly mental poker keeping secretall partial information. In Proc. of 14th ACM Symp. on Theory of Computing, pp. 365–377, ACMPress, 1982.
[56] K. C. Goss. Cryptographic method and apparatus for public key exchange with authentication. USPatent 4,956,863, September 1990.
[57] C. Gentry and A. Silverberg. Hierarchical ID-based cryptography, In Proc. of Asiacrypt’02, LNCSvol. 2501, pp.548–566, Springer, 2002.
[58] D. Huhnlein, M. Jacobson and D. Weber. Towards practical non-interactive public key cryptosystemsusing non-maximal imaginary quadratic orders. In Proc. of SAC’00, LNCS vol. 2012, pp. 275–287,Springer, 2000.
[59] J. Horwitz and B. Lynn. Toward hierarchical identity-based encryption, In Proc. of Eurocrypt’02,LNCS vol. 2332, pp. 466–481, Springer, 2002.
[60] S. Haber and B. Pinkas. Securely combining public-key cryptosystems. In Proc. of ACM-CCS’01,pp. 215–224, ACM Press, 2001.
[61] A. Joux. A one round protocol for tripartite Diffie-Hellman. In Proc. of ANTS-IV, LNCS vol. 1838,pp. 385–394, Springer, 2000.
[62] D. Kahn. The Codebreakers: The Story of Secret Writing. The Macmillan Company, New York,1967.
[63] L. M. Kohnfelder. Towards a practical public-key cryptosystem. B.S. Thesis, supervised by L. Adle-man, MIT, Cambridge, MA, May 1978.
[64] K. Kurosawa and Y. Desmedt. A new paradigm of hybrid encryption scheme. In Proc. of Crypto’04,LNCS vol. 3152, pp. 426-–442, Springer, 2004.
[65] C. Kudla and K. G. Paterson. Modular Security Proofs for Key Agreement Protocols. In Proc. ofASIACRYPT’05, LNCS vol. 3788, pp. 549–565, Springer, 2005.
[66] S. Kunz-Jacques and David Pointcheval. About the security of MTI/C0 and MQV. In Proc. ofSCN’06, LNCS vol. 4116, pp. 156–172, Springer, 2006.
[67] H. Krawczyk. HMQV: A high performance secure Diffie-Hellman protocol. In Proc. of Crypto’05,LNCS 3621, pp. 546–566, Springer, 2005.
[68] C. Kudla. Special signature schemes and key agreement protocols. PhD Thesis, Royal HollowayUniversity of London, 2006.
[69] B. Libert. New secure applications of bilinear map in cryptography. PhD Thesis, University ofCatholique De Louvain, 2006.
[70]刘远航. PKI实现与应用中的一些问题.吉林大学博士论文, 2004.
[71] S. Lal and P. Sharma. Security proof for Shengbao Wang’s identity-based encryption scheme. Cryp-tology ePrint Archive, Report 2007/316. http://eprint.iarc.org.
[72] B. Lynn. Authenticated ID-based encryption. Cryptology ePrint Archive, Report 2002/072, 2002.
[73] B. Lynn. On the Implementation of Pairing-Based Cryptography. PhD thesis, Stanford University,2006.
[74] W. Mao. Modern Cryptography: Theory and Practice, published by by Prentice Hall PTR, 2003.
[75] N. McCullagh and P.S.L.M. Barreto. A new two-party identity-based authenticated key agreement.In Proc. of CT-RSA’05, LNCS vol. 3376, pp. 262–274. Springer, 2005.
[76] A. J. Menezes, T. Okamoto and S. Vanstone. Reducing elliptic curve logarithms to logarithms in afinite field. IEEE Trans. on Inf. Theory, 39:1639–1646, 1993.
[77] A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography, pp. 237–238.CRC Press, 1997.
[78] T. Matsumoto, Y. Takashima and H. Imai. On seeking smart public-key distribution systems. Trans.IECE of Japan, E69, pp.99–106, 1986.
[79] U. Maurer and Y. Yacobi. Non-interactive public-key cryptography. In Proc. of Crypto’91, LNCSvol. 547, pp. 498–507, Springer, 1991.
[80] NIST, SKIPJACK and KEA Algorithm Specification, http://csrc.nist.gov/encryption/skipjack/skipjack.pdf, 1998.
[81] T. Okamoto and D. Pointcheval. The Gap-Problems: a New Class of Problems for the Security ofCryptographic Schemes. In Kwangjo Kim, editor. In Proc. of PKC’01, LNCS vol. 1992, pp. 104–118,Springer, 2001.
[82] M. O. Rabin. Digital signatures and public-key functions as intractible as factorization. TechnicalReport LCS/TR-212, MIT Labrary for Computer Science, 1979.
[83] C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen cipher-text attack, In Proc. of CRYPTO’91, LNCS vol. 576, pp. 433–444, 1991.
[84] R.L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public keycryptosystem, Comm. ACM., 21, pp. 120–126, 1978.
[85] E.K. Ryu, E.J. Yoon and K.Y. Yoo. An efficient ID-based authenticated key agreement protocol frompairings. In Proc. of NETWORKING’04, LNCS vol. 3042, pp. 1458–1463, Springer, 2004.
[86] A. Shamir. Identity-based cryptosystems and signature schemes. In Proc. of CRYPTO 1984, LNCSvol. 196, pp. 47–53. Springer, 1984.
[87] C. E. Shannon. Communication Theory of Communication, Bell Syst Tech. J., Vol.28, pp. 656–715,1949.
[88] K. Shim. Efficient ID-based authenticated key agreement protocol based on Weil pairing. Electron.Lett., 39(8), pp. 653–654, 2003.
[89] H. Sun, B. Hsieh. Security analysis of Shim’s authenticated key agreement protocols from pairings.IACR Cryptology ePrint Archive, Report 2003/113, 2003.
[90] J.H. Silverman. The Arithmetic of Elliptic Curves, Springer, New York, 1986.
[91] R. Sakai and M. Kasahara. ID based cryptosystems with pairing on elliptic curve. Cryptology ePrintArchive, Report 2003/054.
[92] N. Smart. An ID-based authenticated key agreement protocol based on the Weil pairing. Electron.Lett., 38(13), pp. 630–632, 2002.
[93] R. Sakai, K. Ohgishi and M. Kasahara. Cryptosystems based on pairing. In Proc. of SCIS’00, Oki-nawa, Japan, 2000.
[94] S. Santesson, W. Polk, P. Barzin and M. Nystrom. Internet X.509 Public Key Infrastructure, Quali-fied Certificates Profile, RFC 3039, IETF, January 2001.
[95] A. Sahai and Brent Waters. Fuzzy identity-based encryption. In Proc. of EUROCRYPT’05, LNCSvol. 3494, pp. 457–473, 2005.
[96] H. Tanaka. A realization scheme for the identity-based cryptosystem. In Proc. of Crypto’87, LNCSvol. 293, pp. 341–349, Springer, 1987.
[97] S. Tsuji and T. Itoh. An ID-based cryptosystem based on the discrete logarithm problem. IEEEJournal on Selected Areas in Communication, 7(4): 467–473, 1989.
[98] E. R. Verheul. Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. InProc. of Eurocrypt’01, LNCS vol. 2045, pp. 195–210, Springer, 2001.
[99] S. Wang. On the relations between authenticated Diffie-Hellman and ID-based authenticated keyagreement from pairings. Preprint, Jan. 2008.
[100] Y. Wang. Efficient identity-based and authenticated key agreement protocol. Cryptology ePrintArchive, Report 2005/108.
[101] B. Waters. Efficient identity-based encryption without random oracles. In Proc. of Eurocrypt’05,LNCS vol. 3494, pp. 114–127. Springer, 2005.
[102] X. Wang, X. Lai, D. Feng, H. Chen and X. Yu. Cryptanalysis of the hash functions MD4 andRIPEMD. In Proc. of Eurocrypt’05, LNCS vol. 3494, pp. 1–18, Springer, 2005.
[103] X. Wang and H. Yu. How to break MD5 and other hash functions. In Proc. of Eurocrypt’05, LNCSvol. 3494, pp. 19–35,Springer, 2005.
[104] X. Wang, Y. L. Yin and H. Yu. Finding collisions in the full SHA-1. In Proc. of Crypto’05, LNCSvol. 3621, pp. 17–36, Springer, 2005.
[105] X. Wang, H. Yu and Y.L. Yin. Efficient collision search attacks on SHA-0. In Proc. of Crypto’05,LNCS vol. 3621, pp. 1–16, Springer, 2005.
[106] H. Wang, S. Wang and Z. Cao. Efficient multi-receiver ID-based encryption scheme from pairings.Preprint, 2007.
[107] G. Xie. An ID-based key agreement scheme from pairing. Cryptology ePrint Archive, Report2005/093.
[108] P. Zimmermann. Pretty Good Privacy―Public Key Encryption for the Masses, PGP User’s Guide,PGP Version 2.6.1, vols. 1 and 2, MIT Press, Cambridge, MA, 1995.
[109] F. Zhang, R. Safavi-Naini and W. Susilo. An efficient signature scheme from bilinear pairings andits applications. In Proc. of PKC’04, LNCS vol. 2947, pp. 277–290, Springer, 2004.
[2] C. Adams and S. Lloyd. Understanding Public-Key Infrastructure: Concepte, Standards and Deploy-ment Considerations. Macmillan Technical Publishing, 1999.
[3] S.S. Al-Riyami and K.G. Paterson. Certificateless public key cryptography. In Proc. of ASI-ACRYPT’03, LNCS vol. 2894, pp. 452–473, 2003.
[4] P. S. L. M. Barreto. The pairing based crypto lounge. http://planeta.terra. com.br/informatica/ paulo-barreto/pblounge.html.
[5] D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity-Based Encryption Without RandomOracles. In Proc. of EUROCRYPT’04, LNCS vol. 3027, pp. 223–238. Springer, 2004.
[6] D. Boneh and X. Boyen. Secure identity based encryption without random oracles. In Proc. ofCrypto’04, LNCS vol. 3152, pp. 443–459. Springer, 2004.
[7] M. Bellare, A. Boldyreva and A. Palacio. An uninstantiable random oracle model scheme for a hybrid-encryption problem. In Proc. of Eurocrypt’04, LNCS vol. 3027, pp. 171-188, Springer, 2004.
[8] C. Boyd and K.-K. R. Choo. Security of two-party identity-based key agreement. In Proc. of MY-CRYPT’05, LNCS vol. 3715, Springer, pp. 229–243, 2005.
[9] M. Bellare, A. Desai, D. Pointcheval and P. Rogaway. Relation among notions of security for public-key encryption schemes, In Proc. of CRYPTO’98, LNCS vol. 1462, pp. 26–46, Springer, 1998.
[10] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proc. of CRYPTO’01,LNCS vol. 2139, pp. 213–229, Springer, 2001.
[11] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM J. Computing,32(3):586–615, 2003.
[12] S. Blake-Wilson, D. Johnson and A. Menezes. Key agreement protocols and their security analysis.In Proc. of 6th IMA International Conference on Cryptography and Coding, LNCS vol. 1355, pp.30–45. Springer, 1997.
[13] P.S.L.M. Barreto, H.Y. Kim and B. Lynn. Efficient algorithms for pairing-based cryptosystems. InProc. CRYPTO 2002, LNCS vol. 2442, pp. 354–368. Springer, 2002.
[14] P. Barreto, B. Lynn and M. Scott. On the selection of pairing-friendly groups. In Proc. of SAC’03,LNCS vol. 3006, pp. 17–25, Springer, 2004.
[15] S. Blake-Wilson and A. Menezes. Authenticated Diffie-Hellman key agreement protocols. In Proc.of SAC’98, LNCS vol. 1556, pp. 339–361. Springer, 1999.
[16] C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Springer, June 2003.
[17] C. Boyd, W. Mao and K. Paterson. Key agreement using statically keyed authenticators. In Proc. ofACNS 2004, LNCS vol. 3089, pp. 248–262, Springer, 2004.
[18] M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing effiient proto-cols. In Proc. of CCS’93, pp.62–73, ACM press, 1993.
[19] M. Bellare and P. Rogaway. Entity authentication and key distribution. In Proc. of CRYPTO 1993,LNCS vol. 773, pp. 110–125, Springer, 1994.
[20] I. Blake, G. Seroussi and N. Smart. Elliptic Curves in Cryptography. Cambridge University Press,New York, NY, USA, 1999.
[21] J. Baek, R. Safavi-Naini and W. Susilo. Efficient multi-receiver identity-based encryption and itsapplication to broadcast encryption. In Proc. of PKC’05, LNCS vol. 3386, pp. 380–397, Springer,2005.
[22]曹珍富.公钥密码学,哈尔滨,黑龙江教育出版社,1993.
[23] K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland. On session identifiers in provably secureprotocols: The Bellare-Rogaway three-party key distribution protocol revisited. In Proc. of SCN’04,LNCS vol. 3352, pp. 351–366, Springer, 2005.
[24] K.-K. R. Choo, C. Boyd and Y. Hitchcock. On session key construction in provably secure protocols.In Proc. of MYCRYPT’05, LNCS vol. 3715, pp. 116–131. Springer, 2005.
[25] K.-K. R. Choo, C. Boyd and Y. Hitchcock. Errors in computational complexity proofs for protocols.In Proc. of ASIACRYPT’05, LNCS vol. 3788, pp. 624–643, Springer, 2005.
[26] L. Chen and Z. Cheng. Security proof of Sakai-Kasahara’s identity-based encryption scheme. InProc. of 2005 IMA Int. Conf., pp. 442–459, 2005.
[27] L. Chen, Z. Cheng and N. P. Smart. Identity-based key agreement protocols from pairings. Cryptol-ogy ePrint Archive, Report 2006/199.
[28] R. Canetti, O. Goldreich and S. Halevi. The random oracle methodology, revisited. In Proc. ofSTOC’98, pp. 209–218, ACM Press, 1998.
[29] R. Canetti and S. Hohenberger. Chosen-Ciphertext Secure Proxy Re-Encryption. In Proc. of ACM-CCS’007, pp. 185–194, 2007.
[30] Y. J. Choie, E. Jeong and E. Lee. Efficient identity-based authenticated key agreement protocol frompairings. Journal of Applied Mathematics and Computation, 162(1), pp. 179–188, 2005.
[31] R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building securechannels. In Proc. of EUROCRYPT’01, LNCS vol. 2045, pp. 453–474, Springer, 2001.
[32] L. Chen, C. Kudla. Identity based key agreement protocols from pairings. In Proc. of the 16th IEEEComputer Security Foundations Workshop, IEEE Computer Society, pp. 219–213, 2002. (See alsoCryptology ePrint Archive, Report 2002/184.)
[33] Z. Cheng, M. Nistazakis, R. Comley and L. Vasiu. On the indistinguishability-based security modelof key agreement protocols - simple cases. In Proc. of ACNS’04 (technical track). The full paperavailable on Cryptology ePrint Archive, Report 2005/129
[34] C. Cocks. An identity based encryption scheme based on quadratic residues. In Proc. of 8th IMA Int.Conf., LNCS vol. 2260, pp. 360–363, Springer, 2001.
[35] R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptivechosen ciphertext attack. In Proc. of Crypto’98, LNCS vol. 1462, pp. 13-–25, Springer, 1998.
[36] R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secureagainst adaptive chosen ciphertext attack. SIAM Journal of Computing, 33: 167–226, 2003.
[37] S. S. M. Chow, S. M. Yiu, L. C. K. Hui and K. P. Chow. Efficient forward and provably secureID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proc. ofICISC’03, LNCS vol. 2971, pp. 352–369, Springer, 2003.
[38] R. Dutta, R. Barua and Palash Sarkar. Pairing-based cryptographic protocols: a survey. CryptologyePrint Archive, Report 2004/064, 2004.
[39] D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. In Proc. of STOC’91, pp. 542–552,ACM Press, 1991.
[40] W. Diffie, M.E. Hellman. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6), pp.644 -654, 1976.
[41] Y. Dodis and A. Ivan. Proxy cryptography revisited. In Proc. of the Tenth Network and DistributedSystem Security Symposium, Paper No. 14, 2003.
[42] T. Diament, H. K. Lee, A. D. Keromytis and M. Yung. The dual receiver cryptosystem and itsapplications. In Proc. of ACM-CCS’04, pp. 330-343, ACM Press, 2004.
[43] Y. Desmedt and J. J. Quisquater. Public-key systems based on the difficulty of tampering. In Proc.of Crypto’86, LNCS vol. 263, pp. 111–117, Springer, 1986.
[44] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEETrans. Info. Theory, 31(4), pp. 469–472, 1985.
[45] E. Fujisaki and T. Okamoto. How to enhance the security of public-key encryption at minimum cost.IEICE Trans. Fundamentals, E83-9(1):24–32, 2000.
[46] G. Frey, M. Muller and H. Ruck. The tate pairing and the discrete logarithm applied to elliptic curvecryptosystems, 1999.
[47] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signatureproblems. In Proc. of CRYPTO’86, LNCS vol. 263, pp. 186–194, Springer, 1986.
[48] T. Garefalakis. The generalized Weil pairing and the discrete logarithm problem on elliptic curves.Theor. Comput. Sci., 321(1): 59–72, 2004.
[49] M. Green and G. Ateniese. Identity-Based proxy re-encryption. In Proc. of ACNS’07, LNCS vol.4521, pp. 288–306, Springer, 2007.
[50] D. Galindo. Boneh-Franklin identity based encryption revisited. In Proc. of ICALP’05, LNCS vol.3580, pp. 791–802, Springer, 2003.
[51] C. Gentry. Certificate-based encryption and the certificate revocation problem. In Proc. of Euro-rypt’03, LNCS vol. 2656, pp. 272–293, Springer, 2003.
[52] C. Gentry. Practical identity-based encryption without random oracles. In Proc. of EUROCRYPT2006, LNCS vol. 4004, pp. 445–464. Springer, 2006.
[53] M. C. Gorantla, R. Gangishetti and A. Saxena. A survey on ID-based cryptographic primitives.Cryptology ePrint Archive, Report 2005/094, 2005.
[54] S.D. Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing. In Proc. of ANTS-V,LNCS vol. 2369, pp. 324–337. Springer, 2002.
[55] S. Goldwasser and S. Micali. Probabilitic encryption and how to paly mental poker keeping secretall partial information. In Proc. of 14th ACM Symp. on Theory of Computing, pp. 365–377, ACMPress, 1982.
[56] K. C. Goss. Cryptographic method and apparatus for public key exchange with authentication. USPatent 4,956,863, September 1990.
[57] C. Gentry and A. Silverberg. Hierarchical ID-based cryptography, In Proc. of Asiacrypt’02, LNCSvol. 2501, pp.548–566, Springer, 2002.
[58] D. Huhnlein, M. Jacobson and D. Weber. Towards practical non-interactive public key cryptosystemsusing non-maximal imaginary quadratic orders. In Proc. of SAC’00, LNCS vol. 2012, pp. 275–287,Springer, 2000.
[59] J. Horwitz and B. Lynn. Toward hierarchical identity-based encryption, In Proc. of Eurocrypt’02,LNCS vol. 2332, pp. 466–481, Springer, 2002.
[60] S. Haber and B. Pinkas. Securely combining public-key cryptosystems. In Proc. of ACM-CCS’01,pp. 215–224, ACM Press, 2001.
[61] A. Joux. A one round protocol for tripartite Diffie-Hellman. In Proc. of ANTS-IV, LNCS vol. 1838,pp. 385–394, Springer, 2000.
[62] D. Kahn. The Codebreakers: The Story of Secret Writing. The Macmillan Company, New York,1967.
[63] L. M. Kohnfelder. Towards a practical public-key cryptosystem. B.S. Thesis, supervised by L. Adle-man, MIT, Cambridge, MA, May 1978.
[64] K. Kurosawa and Y. Desmedt. A new paradigm of hybrid encryption scheme. In Proc. of Crypto’04,LNCS vol. 3152, pp. 426-–442, Springer, 2004.
[65] C. Kudla and K. G. Paterson. Modular Security Proofs for Key Agreement Protocols. In Proc. ofASIACRYPT’05, LNCS vol. 3788, pp. 549–565, Springer, 2005.
[66] S. Kunz-Jacques and David Pointcheval. About the security of MTI/C0 and MQV. In Proc. ofSCN’06, LNCS vol. 4116, pp. 156–172, Springer, 2006.
[67] H. Krawczyk. HMQV: A high performance secure Diffie-Hellman protocol. In Proc. of Crypto’05,LNCS 3621, pp. 546–566, Springer, 2005.
[68] C. Kudla. Special signature schemes and key agreement protocols. PhD Thesis, Royal HollowayUniversity of London, 2006.
[69] B. Libert. New secure applications of bilinear map in cryptography. PhD Thesis, University ofCatholique De Louvain, 2006.
[70]刘远航. PKI实现与应用中的一些问题.吉林大学博士论文, 2004.
[71] S. Lal and P. Sharma. Security proof for Shengbao Wang’s identity-based encryption scheme. Cryp-tology ePrint Archive, Report 2007/316. http://eprint.iarc.org.
[72] B. Lynn. Authenticated ID-based encryption. Cryptology ePrint Archive, Report 2002/072, 2002.
[73] B. Lynn. On the Implementation of Pairing-Based Cryptography. PhD thesis, Stanford University,2006.
[74] W. Mao. Modern Cryptography: Theory and Practice, published by by Prentice Hall PTR, 2003.
[75] N. McCullagh and P.S.L.M. Barreto. A new two-party identity-based authenticated key agreement.In Proc. of CT-RSA’05, LNCS vol. 3376, pp. 262–274. Springer, 2005.
[76] A. J. Menezes, T. Okamoto and S. Vanstone. Reducing elliptic curve logarithms to logarithms in afinite field. IEEE Trans. on Inf. Theory, 39:1639–1646, 1993.
[77] A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography, pp. 237–238.CRC Press, 1997.
[78] T. Matsumoto, Y. Takashima and H. Imai. On seeking smart public-key distribution systems. Trans.IECE of Japan, E69, pp.99–106, 1986.
[79] U. Maurer and Y. Yacobi. Non-interactive public-key cryptography. In Proc. of Crypto’91, LNCSvol. 547, pp. 498–507, Springer, 1991.
[80] NIST, SKIPJACK and KEA Algorithm Specification, http://csrc.nist.gov/encryption/skipjack/skipjack.pdf, 1998.
[81] T. Okamoto and D. Pointcheval. The Gap-Problems: a New Class of Problems for the Security ofCryptographic Schemes. In Kwangjo Kim, editor. In Proc. of PKC’01, LNCS vol. 1992, pp. 104–118,Springer, 2001.
[82] M. O. Rabin. Digital signatures and public-key functions as intractible as factorization. TechnicalReport LCS/TR-212, MIT Labrary for Computer Science, 1979.
[83] C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen cipher-text attack, In Proc. of CRYPTO’91, LNCS vol. 576, pp. 433–444, 1991.
[84] R.L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public keycryptosystem, Comm. ACM., 21, pp. 120–126, 1978.
[85] E.K. Ryu, E.J. Yoon and K.Y. Yoo. An efficient ID-based authenticated key agreement protocol frompairings. In Proc. of NETWORKING’04, LNCS vol. 3042, pp. 1458–1463, Springer, 2004.
[86] A. Shamir. Identity-based cryptosystems and signature schemes. In Proc. of CRYPTO 1984, LNCSvol. 196, pp. 47–53. Springer, 1984.
[87] C. E. Shannon. Communication Theory of Communication, Bell Syst Tech. J., Vol.28, pp. 656–715,1949.
[88] K. Shim. Efficient ID-based authenticated key agreement protocol based on Weil pairing. Electron.Lett., 39(8), pp. 653–654, 2003.
[89] H. Sun, B. Hsieh. Security analysis of Shim’s authenticated key agreement protocols from pairings.IACR Cryptology ePrint Archive, Report 2003/113, 2003.
[90] J.H. Silverman. The Arithmetic of Elliptic Curves, Springer, New York, 1986.
[91] R. Sakai and M. Kasahara. ID based cryptosystems with pairing on elliptic curve. Cryptology ePrintArchive, Report 2003/054.
[92] N. Smart. An ID-based authenticated key agreement protocol based on the Weil pairing. Electron.Lett., 38(13), pp. 630–632, 2002.
[93] R. Sakai, K. Ohgishi and M. Kasahara. Cryptosystems based on pairing. In Proc. of SCIS’00, Oki-nawa, Japan, 2000.
[94] S. Santesson, W. Polk, P. Barzin and M. Nystrom. Internet X.509 Public Key Infrastructure, Quali-fied Certificates Profile, RFC 3039, IETF, January 2001.
[95] A. Sahai and Brent Waters. Fuzzy identity-based encryption. In Proc. of EUROCRYPT’05, LNCSvol. 3494, pp. 457–473, 2005.
[96] H. Tanaka. A realization scheme for the identity-based cryptosystem. In Proc. of Crypto’87, LNCSvol. 293, pp. 341–349, Springer, 1987.
[97] S. Tsuji and T. Itoh. An ID-based cryptosystem based on the discrete logarithm problem. IEEEJournal on Selected Areas in Communication, 7(4): 467–473, 1989.
[98] E. R. Verheul. Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. InProc. of Eurocrypt’01, LNCS vol. 2045, pp. 195–210, Springer, 2001.
[99] S. Wang. On the relations between authenticated Diffie-Hellman and ID-based authenticated keyagreement from pairings. Preprint, Jan. 2008.
[100] Y. Wang. Efficient identity-based and authenticated key agreement protocol. Cryptology ePrintArchive, Report 2005/108.
[101] B. Waters. Efficient identity-based encryption without random oracles. In Proc. of Eurocrypt’05,LNCS vol. 3494, pp. 114–127. Springer, 2005.
[102] X. Wang, X. Lai, D. Feng, H. Chen and X. Yu. Cryptanalysis of the hash functions MD4 andRIPEMD. In Proc. of Eurocrypt’05, LNCS vol. 3494, pp. 1–18, Springer, 2005.
[103] X. Wang and H. Yu. How to break MD5 and other hash functions. In Proc. of Eurocrypt’05, LNCSvol. 3494, pp. 19–35,Springer, 2005.
[104] X. Wang, Y. L. Yin and H. Yu. Finding collisions in the full SHA-1. In Proc. of Crypto’05, LNCSvol. 3621, pp. 17–36, Springer, 2005.
[105] X. Wang, H. Yu and Y.L. Yin. Efficient collision search attacks on SHA-0. In Proc. of Crypto’05,LNCS vol. 3621, pp. 1–16, Springer, 2005.
[106] H. Wang, S. Wang and Z. Cao. Efficient multi-receiver ID-based encryption scheme from pairings.Preprint, 2007.
[107] G. Xie. An ID-based key agreement scheme from pairing. Cryptology ePrint Archive, Report2005/093.
[108] P. Zimmermann. Pretty Good Privacy―Public Key Encryption for the Masses, PGP User’s Guide,PGP Version 2.6.1, vols. 1 and 2, MIT Press, Cambridge, MA, 1995.
[109] F. Zhang, R. Safavi-Naini and W. Susilo. An efficient signature scheme from bilinear pairings andits applications. In Proc. of PKC’04, LNCS vol. 2947, pp. 277–290, Springer, 2004.