混合密码体制的理论研究与方案设计
|
摘要
公钥密码体制在安全通信中的最大优势就在于去掉了对双方分享秘密信息的要求,但公钥密码体制大多建立在大的代数结构中,这就意味着需要昂贵的代数计算。因此,在长期的密码学应用过程中,混合密码的思想被提出,即用公钥密码加密一个用于对称加密的短期密码,再由这个短期密码在对称加密体制下加密实际需要安全传输的数据。最初混合密码体制的使用仅限于从执行效率方面进行考虑,直到2000年Cramer和Shoup提出了KEM-DEM结构的混合加密体制,使得混合密码体制成为一种解决IND-CCA安全而且实际的公钥密码体制。2005年Dent又将签密思想引入混合密码体制中,提出了混合签密的概念。由于混合密码体制能实际有效的兼顾密码体制应用中的安全性和效率,因此成为公钥密码研究的一个热点。且几个未来加密标准计划中,最有希望的公钥加密候选方案,比如NESSIE和ISO,都具有混合加密的形式。
针对混合密码体制中密钥封装的形式化定义和方案设计等关键问题,本文对现有混合密码体制进行了分析,抽象出混合加密密钥封装与混合签密密钥封装的一般模型和安全定义。结合密码学其他相关研究内容,对特殊形式下密钥封装机制的设计进行了探索性研究。本文的主要研究工作如下:
1.研究现有混合加密和混合签密方案,在此基础上总结了混合加密密钥封装和混合签密密钥封装的一般结构模型和形式化安全定义。提出一个新的内部攻击者安全模式下的签密密钥封装形式化方案和安全定义,在新方案中引入标签,保证签密密钥封装的不可伪造性安全性。
2.从公钥管理角度研究基于特殊密钥管理方式下的混合加密体制。提出了基于身份的混合签密密钥封装一般模型及其形式化安全定义,并基于椭圆曲线双线性映射上的困难问题给出一个基于身份的签密密钥封装实例方案。在随机预言机模型下对该方案的保密性安全和不可伪造性安全进行了证明。该方案在密钥封装阶段不需要进行对运算,而只需要进行指数运算,同时还避免了映射到椭圆曲线群点的Hash函数计算,和现有同类方案相比,新方案在效率上有很大提高。本文提出了一个基于椭圆曲线离散对数的无证书混合加密方案,并对提出方案的公钥安全性和消息保密性进行了分析。该方案利用椭圆曲线离散对数问题来构建,从而避免了传统无证书混合加密方案依赖的双线性对和椭圆曲线求幂运算。
3.结合多用户环境下基于角色的密码学思想,研究了支持密码工作流模式的混合签密密钥封装机制。在支持密码工作流这一模式下,解密成为一种授权行为,只有接收用户在拥有适当的授权证书集的条件下才能对密文进行解密。本文提出了支持密码工作流模式的签密密钥封装一般模型及其形式化安全定义。结合秘密共享方案、基于身份加密方案和签密方案,给出了支持密码工作流的签密密钥封装机制结构方案。在标准模型下利用序列游戏证明方法对该结构方案的接收人安全和外部安全特性进行了详细证明。
4.根据混合密码体制在实践中的应用需求对多重签密体制进行了研究。本文首先分析了现有多重签密方案存在的不足,结合陷门置换混合签密体制提出了一个新的多重签密方案,并对该方案的安全性和执行效率进行了分析。本文还对应用于陷门置换混合签密体制以及众多密码方案中的承诺方案进行了研究,提出一个基于椭圆曲线离散对数困难问题的承诺方案,该承诺方案参与方不需要进行消息交互,构造简洁。承诺方案具有消息隐藏性和消息绑定性。
The advantage of public key cryptography is removing the request of sharing secrete information in security communication. But in general most of public key cryptographic function operates in very large algebraic structure which means expensive algebraic operation. In a long time application of cryptography the idea of hybrid cryptography is proposed. In this cryptosystems message is encrypted by a symmetric encryption scheme with a randomly generated symmetric key. On the other hand the random symmetric key is encrypted by an asymmetric encryption scheme. Initially the application of hybrid cryptography is limited to areas from the implementation of efficiency considerations. Until 2000 Cramer and Shoup proposed a KEM-DEM model for hybrid encryption. Since then hybrid cryptography became a general solution to IND-CCA secure and practical public key cryptosystem. In 2005 Dent introduced the idea of signcryption to hybrid cryptography and proposed the concept of hybrid signcryption.Hybrid cryptography can take into account security and effectiveness in application of cryptography. So the hybrid cryptography is increasingly being used in real-world scenarios. Hybrid cryptography has been a research focus in the field of public key cryptography. In the projects of future encryption standard such as NESSIE and ISO the most promising candidates are required to provide the figure of hybrid encryption.
Aiming at the key issues of formal definition and scheme design for hybrid cryptography KEM .Existing hybrid cryptography schemes are analyzed in this dissertation. The generic models and security definitions for hybrid encryption and hybrid signcryption KEMs are abstracted. Combine with other cryptographic research fields exploring research work has been done for KEM design. The main research fruits in this dissertation are as follows:
1. Existing hybrid encryption schemes and hybrid signcryption schemes are analyzed. Based on these schemes the general models and security criteria for hybrid encryption KEM and hybrid signcryption KEM are summarized. A new general definition for hybrid signcryption KEM with insider security is proposed. In the new definition a random tag and a verification algorithm is introduced to provide security. The security definition is considered both to confidentiality and unforgeability in concept of provable security.
2. From the perspective of public key management hybrid cryptography based on special key management model is researched. A general model and security criteria for signcryption hybrid KEM based on identity-based public key with insider security is proposed. Using Sakai-Kalahari keys contracture and elliptic curves related hard problems an instance scheme of ID-based signcryption KEM is presented. Security of our scheme is proven in random oracle model. The proposed scheme is ID-IND-CCA secure in confidentiality and ID-UF-CMA secure in unforgeability. In the encapsulation phase no paring computing and no MapToPoint hash function are required. According to the recent advances in pairings optimized computing and point reduction our scheme is not only security but also have advantage on performance. The proposed scheme is more efficient on performance than existing schemes. The certificateless public key cryptography CL-PKC which has the advantages of ID-PKC can overcome the key escrow limitation in ID-PKC. A certificateless hybrid encryption scheme based on elliptic curve discrete logarithm problem is proposed. We analysis the proposed scheme in public-key security and message confidential security .In the proposed scheme the main operations is point operation in elliptic. Compare with traditional certificateless encryption schemes built on bilinear pairing operation the proposed scheme is more efficient on performance than the existing schemes.
3. Based on the idea of role-based cryptography in multi-user scenarios. The hybrid signcryption KEM supporting cryptographic workflow is studied. Cryptographic workflow is a special cryptographic working model, in which to encrypt a message according to some policy so that only entities fulfilling the policy are able to decrypt ciphertext. A new key encapsulation mechanism based on signcryption supporting cryptographic workflow is proposed. Firstly the generic model and security issues of this key encapsulation scheme are defined. According to the generic model a construction scheme for key encapsulation mechanism supporting cryptographic workflow is presented from combining secret sharing scheme, ID-based encryption scheme and signcryption scheme. The security of construction scheme is proved in standard model by the security proofs methods "Sequences of games". The proposed scheme is satisfied with receiver security and external security characters.
4. Hybrid cryptography application in practical occasions is studied further. Based on hybrid signcryption instance scheme "parallel signcryption" a new multi-signcryption scheme is proposed. In this dissertation existing multi-signcryption schemes are analysed.Weaknesses of these schemes are pointed out. The proposed scheme can provide message confidentiality, unforgeability and non-repudiation security. At the same time new scheme is more efficient and flexible than existed multi-signcryption schemes. Proposed scheme can be built by trapdoor permutation function such as RSA. So it is simple and can be set up easily. Proposed scheme is suitable to some occasions such as E-commerce and E-government. Owing to commitment scheme is the fundamental cryptographic primitive used as a basic building block throughout modern cryptography research work related with commitment scheme also is done in this in this dissertation. Based on elliptic curve discrete logarithm problem a new commitment scheme is proposed. In new commitment scheme the information exchange among participants is not needed. Just through the implementation of one round commitments phase and decommitment phase a commitment of message can be achieved from the sender. The detail security analysis of the proposed scheme is presented. The new commitment scheme has message hiding and binding properties.
针对混合密码体制中密钥封装的形式化定义和方案设计等关键问题,本文对现有混合密码体制进行了分析,抽象出混合加密密钥封装与混合签密密钥封装的一般模型和安全定义。结合密码学其他相关研究内容,对特殊形式下密钥封装机制的设计进行了探索性研究。本文的主要研究工作如下:
1.研究现有混合加密和混合签密方案,在此基础上总结了混合加密密钥封装和混合签密密钥封装的一般结构模型和形式化安全定义。提出一个新的内部攻击者安全模式下的签密密钥封装形式化方案和安全定义,在新方案中引入标签,保证签密密钥封装的不可伪造性安全性。
2.从公钥管理角度研究基于特殊密钥管理方式下的混合加密体制。提出了基于身份的混合签密密钥封装一般模型及其形式化安全定义,并基于椭圆曲线双线性映射上的困难问题给出一个基于身份的签密密钥封装实例方案。在随机预言机模型下对该方案的保密性安全和不可伪造性安全进行了证明。该方案在密钥封装阶段不需要进行对运算,而只需要进行指数运算,同时还避免了映射到椭圆曲线群点的Hash函数计算,和现有同类方案相比,新方案在效率上有很大提高。本文提出了一个基于椭圆曲线离散对数的无证书混合加密方案,并对提出方案的公钥安全性和消息保密性进行了分析。该方案利用椭圆曲线离散对数问题来构建,从而避免了传统无证书混合加密方案依赖的双线性对和椭圆曲线求幂运算。
3.结合多用户环境下基于角色的密码学思想,研究了支持密码工作流模式的混合签密密钥封装机制。在支持密码工作流这一模式下,解密成为一种授权行为,只有接收用户在拥有适当的授权证书集的条件下才能对密文进行解密。本文提出了支持密码工作流模式的签密密钥封装一般模型及其形式化安全定义。结合秘密共享方案、基于身份加密方案和签密方案,给出了支持密码工作流的签密密钥封装机制结构方案。在标准模型下利用序列游戏证明方法对该结构方案的接收人安全和外部安全特性进行了详细证明。
4.根据混合密码体制在实践中的应用需求对多重签密体制进行了研究。本文首先分析了现有多重签密方案存在的不足,结合陷门置换混合签密体制提出了一个新的多重签密方案,并对该方案的安全性和执行效率进行了分析。本文还对应用于陷门置换混合签密体制以及众多密码方案中的承诺方案进行了研究,提出一个基于椭圆曲线离散对数困难问题的承诺方案,该承诺方案参与方不需要进行消息交互,构造简洁。承诺方案具有消息隐藏性和消息绑定性。
The advantage of public key cryptography is removing the request of sharing secrete information in security communication. But in general most of public key cryptographic function operates in very large algebraic structure which means expensive algebraic operation. In a long time application of cryptography the idea of hybrid cryptography is proposed. In this cryptosystems message is encrypted by a symmetric encryption scheme with a randomly generated symmetric key. On the other hand the random symmetric key is encrypted by an asymmetric encryption scheme. Initially the application of hybrid cryptography is limited to areas from the implementation of efficiency considerations. Until 2000 Cramer and Shoup proposed a KEM-DEM model for hybrid encryption. Since then hybrid cryptography became a general solution to IND-CCA secure and practical public key cryptosystem. In 2005 Dent introduced the idea of signcryption to hybrid cryptography and proposed the concept of hybrid signcryption.Hybrid cryptography can take into account security and effectiveness in application of cryptography. So the hybrid cryptography is increasingly being used in real-world scenarios. Hybrid cryptography has been a research focus in the field of public key cryptography. In the projects of future encryption standard such as NESSIE and ISO the most promising candidates are required to provide the figure of hybrid encryption.
Aiming at the key issues of formal definition and scheme design for hybrid cryptography KEM .Existing hybrid cryptography schemes are analyzed in this dissertation. The generic models and security definitions for hybrid encryption and hybrid signcryption KEMs are abstracted. Combine with other cryptographic research fields exploring research work has been done for KEM design. The main research fruits in this dissertation are as follows:
1. Existing hybrid encryption schemes and hybrid signcryption schemes are analyzed. Based on these schemes the general models and security criteria for hybrid encryption KEM and hybrid signcryption KEM are summarized. A new general definition for hybrid signcryption KEM with insider security is proposed. In the new definition a random tag and a verification algorithm is introduced to provide security. The security definition is considered both to confidentiality and unforgeability in concept of provable security.
2. From the perspective of public key management hybrid cryptography based on special key management model is researched. A general model and security criteria for signcryption hybrid KEM based on identity-based public key with insider security is proposed. Using Sakai-Kalahari keys contracture and elliptic curves related hard problems an instance scheme of ID-based signcryption KEM is presented. Security of our scheme is proven in random oracle model. The proposed scheme is ID-IND-CCA secure in confidentiality and ID-UF-CMA secure in unforgeability. In the encapsulation phase no paring computing and no MapToPoint hash function are required. According to the recent advances in pairings optimized computing and point reduction our scheme is not only security but also have advantage on performance. The proposed scheme is more efficient on performance than existing schemes. The certificateless public key cryptography CL-PKC which has the advantages of ID-PKC can overcome the key escrow limitation in ID-PKC. A certificateless hybrid encryption scheme based on elliptic curve discrete logarithm problem is proposed. We analysis the proposed scheme in public-key security and message confidential security .In the proposed scheme the main operations is point operation in elliptic. Compare with traditional certificateless encryption schemes built on bilinear pairing operation the proposed scheme is more efficient on performance than the existing schemes.
3. Based on the idea of role-based cryptography in multi-user scenarios. The hybrid signcryption KEM supporting cryptographic workflow is studied. Cryptographic workflow is a special cryptographic working model, in which to encrypt a message according to some policy so that only entities fulfilling the policy are able to decrypt ciphertext. A new key encapsulation mechanism based on signcryption supporting cryptographic workflow is proposed. Firstly the generic model and security issues of this key encapsulation scheme are defined. According to the generic model a construction scheme for key encapsulation mechanism supporting cryptographic workflow is presented from combining secret sharing scheme, ID-based encryption scheme and signcryption scheme. The security of construction scheme is proved in standard model by the security proofs methods "Sequences of games". The proposed scheme is satisfied with receiver security and external security characters.
4. Hybrid cryptography application in practical occasions is studied further. Based on hybrid signcryption instance scheme "parallel signcryption" a new multi-signcryption scheme is proposed. In this dissertation existing multi-signcryption schemes are analysed.Weaknesses of these schemes are pointed out. The proposed scheme can provide message confidentiality, unforgeability and non-repudiation security. At the same time new scheme is more efficient and flexible than existed multi-signcryption schemes. Proposed scheme can be built by trapdoor permutation function such as RSA. So it is simple and can be set up easily. Proposed scheme is suitable to some occasions such as E-commerce and E-government. Owing to commitment scheme is the fundamental cryptographic primitive used as a basic building block throughout modern cryptography research work related with commitment scheme also is done in this in this dissertation. Based on elliptic curve discrete logarithm problem a new commitment scheme is proposed. In new commitment scheme the information exchange among participants is not needed. Just through the implementation of one round commitments phase and decommitment phase a commitment of message can be achieved from the sender. The detail security analysis of the proposed scheme is presented. The new commitment scheme has message hiding and binding properties.
引文
[1]W.Diffie.The First Ten Years of Public Key Cryptology.Contemporary Cryptology.The Science of Information Integrity.IEEE Press,1992:135-175.
[2]曹珍富,薛庆水.密码学的发展方向与最新进展.计算机教育.2005,1:19-21.
[3]D.Boneh,M.Franklin.Identity-Based Encryption from the Weil Pairing.In Advances in Cryptology-Proceedings of CRYPTO'01.LNCS 2139,Springer-Verlag,2000:213-229.
[4]K.E.B.Hickman.The SSL Protocol.Online document,1995.Available at http://www.netscap.com/eng/security/SSL_2.html.
[5]M.Bellare,A.Desai,D.Pointcheval,and P.Rogaway.Relation Among Notions of Security for Public-key Encryption Schemes.Advances in Cryptology-Crypto'98,LNCS 1462,Springer-Verlag,1998:26-45.
[6]J.H.An.Authenticated Encryption in the Public-Key Setting:Security notions and Analyses.Available from http://eprint.iacr.org/2001/079,2001.
[7]A.W.Dent.Hybrid Cryptography.Cryptology ePrint Archive:Report 2004/210.Available at http://eprint.iacr.org/2004/210.
[8]R.Cramer,V.Shoup.Design and Analysis of Practical Public-Key Encryption Schemes Secure Against Adaptive Chosen Ciphertext Attack.SIAM Journal on Computing.2004,33(1):167-226.
[9]V.Shoup.Using Hash Functions as A Hedge Against Chosen Ciphertext Attack.In Advances in Cryptology Eurocrypt 2000,LNCS 1807,Springer-Verlag,2000:275-288.
[10]Y.Zheng.Signcryption and Its Applications in Efficient Public Key Solutions.Proceedings of 1997 Information Security Workshop(ISW'97).LNCS 1397,Springer-Verlag 1998:291-312.
[11]V.Shoup.A Proposal for An ISO Standard for Public Key Encryption.Available at http://eprint.iacr.org/2001/112,2001.
[12]E.Fujisaki,T.Okamoto.Secure Integration of Asymmetric and Symmetric Encryption Schemes.In Advances in Cryptology- Proceedings of CRYPTO'99,LNCS 1666.Springer Verlag,199:537-554.
[13]D.Pointcheval.New Public Key Cryptosystems Based on the Dependent RSA Problem.In Eurocrypt'99,LNCS 1592.Springer Verlag,1999:239-254.
[14]M.Abdalla,M.Bellare,and P.Rogaway.DHIES:An Encryption Scheme Based on the Diffie-Hellman Problem.In RSA Conference 2001-Proceeding of CT-RSA 2001,LNCS 2020.Springer Verlag,2001:143-158.
[15]T.Okamoto,D.Pointcheval.REACT:Rapid Enhanced-Security Asymmetric Cryptosystem Transform.In RSA Conference 2001-Proceeding of CT-RSA 2000,LNCS 2000Springer-Verlag,2001:159-175.
[16]K.Kurosawa,Y.Desmedt.A New Paradigm of Hybrid Encryption Scheme.In Advances in Cryptology-CRYPTO 2004,LNCS 3152.Springer-Verlag,2004:426-442.
[17]J.S.Coron,H.Handscuh,M.Joy,P.Pailiere,D.Pointcheval,and C.Tymen.GEM:A Generic Chosen-Chiphertext Secures Encryption Method.In cryptology-CT-RSA'02,LNCS 2271.Springer-Verlag,2002:175-184.
[18]E.Fujisak,T.Okamoto.How to enhance the Security of Public-key Encryption and Minimum Cost.Proceeding of Public-Key Cryptograhy 99,LNCS 15601.Springer-Verlag,1999:53-68.
[19]M.Abe,R.Gennaro,K.Kurosawa and V.Shoup.Tag-KEM/DEM:A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Demedt KEM.Proceeding of Eurocrypt 2005,LNCS 3494.Springer-Verlag,2005:128-146.
[20]W.A.Dent.Hybrid Signcryption Schemes with Outsider Security.Proceedings of ISC'2005,LNCS 3650.Springer-Verlag,2005:203-217.
[21]W.A.Dent.Hybrid Signcryption Schemes with Insider Security.Proceedings,of ACISP '2005,LNCS 3574.Springer-Verlag,2005:253-266.
[22]冯登国.可证明安全性理论与方法研究.软件学报,2005.16(10):1743-1756.
[23]A.Shamir.Identity-Based Cryptosystems and Signature Schemes.In Advances in Cryptography- Crypto'84,LNCS 196.Springer-Verlag,1984:47-53.
[24]S.S Al-Riyami,K.G.Paterson.Certificateless Public Key Cryptography.Proceeding of ASI-ACRYPT'03,LNCS 2894.Springer-Verlag,2003:452-473.
[25]S.Goldwasser,S.Micali,Probabilistic Encryption and How to Play Mental Poker Keeping Secret all Partial Information.Proceeding of 14th ACM Symposium on Theory of Computing.1982:365-377.
[26]S.Goldwasser,S.Micali.Probabilistic Encryption.Journal of Computer and System Science.1984,28(4):270-299.
[27]S.Goldwasser,S.Micali,R.Rivest.A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks.Proceeding of SIAM Journal of Computing.1988,17(2):281-308.
[28]M.Bellare,P.Rogaway P.Random Oracles are Practical:A Paradigm for Designing Efficient Protocols.Proceedings of ACM Conference on Computer and Communication Security.1993:62-67.
[29]M.Naor,M.Yung,Public-Key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks.Proceedings of 22nd ACM Symposium of Theory of Computing,1990:427-437.
[30]D.Dolev,C.Dwork and M.Naor.Nonmalleable Cryptograhpy.Proceedings of SIAM Journal on Computing.2000:391-437.
[31]M.Bellare,A.Sahai.Nonmalleable Encryption:Equivalence between Two Notions,and an Indistinguishability-Based Characterization.In Advance in Cryptology-Crypto'99,LNCS 1666.Springer-Verlag,1999:519-536.
[32]王育民,刘建伟.通信网的安全-理论与技术.西安电子科技大学出版社.1999.
[33]A.Menezes,P.Oorschot,S.Vanstone.Handbook of Applied Cryptography.CRC Press.1996.
[34]W.Mao.Modern Cryptography:Theory&Practice.Prentice Hall.2003.
[35]B.Schneier著,吴世忠译.应用密码学-协议、算法和C源程序.机械工业出版社.2000.
[36]冯登国,吴文玲.分组密码的设计与分析.清华大学出版社.2000.
[37]罗启彬,张健.流密码的现状与发展.信息与电子工程.2006,4(1):75-80.
[38]M.Bellare,A.Sahai,E.Jokipii and P.A.Rogaway.Concrete Security Treatment of Symmetric Encryption:Analysis of the DES Modes of Operation.Proceedings of FOCS.1997:394-403.
[39]G.Hanaoka,Y.Zheng,and H.Imai.LITESET:A Light-Weight Secure Electronic Transaction Protocol.Proceeding of ACISP'98,LNCS 1438.Springer-Verlag,1998:215-226.
[40]Y.Wang and T.Li.LITESET/A++:A New Agent-Assisted Secure Payment Protocol.Proceedings of the IEEE International Conference on E-Commerce Technology(CEC'04),2004.IEEE Computer Society,2004,5:244-251.
[41]S.H.Seo,T.N.Cho,S.H.Lee.A Secure Mobile Agent Protocol for AMR Systems in Home Network Environments.Proceedings of ICOIN 2005,LNCS 3391.Springer-Verlag,2005:814-823.
[42]G.Li and W.Han.A New Scheme for Key Management in ad hoc Networks.Proceeding of ICN 2005,LNCS 3421.Springer-Verlag,2005:242-249.
[43]H.Deng and D.P.Agrawal.TIDS:Threshold and Identity-based Security Scheme for Wireless ad hoc Networks.Adhoc Networks.2004,2(3):291-307.
[44]B.N.Park,J.Myung,and W.Lee.ISSRP:A Secure Routing Protocol using Identity-based Signcryption Scheme in ad-hoc Networks.Proceedings of PDCAT 2004,LNCS 3320.Springer-Verlag,2004:711-714.
[45]B.N.Park and W.Lee.ISMANET:A Secure Routing Protocol using Identity-based Signcryption Scheme for Mobile ad-hoc Networks.IEICE Transactions on Communications.2005,E88-B(6):2548-2556.
[46]J.H.An,Y.Dodis,and T.Rabin.On the Security of Joint Signature and Encryption.In Advances in Cryptology -Eurocrypt 2002,LNCS 2332,Springer-Verlag,2002:83-107.
[47]V.Miller.User of Elliptic Curves in Cryptography.In Advances in Cryptology-Proceeding of CRYPTO'85,LNCS 218.Springer-Verlag,1985:417-426.
[48]N.Koblitz.Elliptic Curve Cryptosystme.Math.Comp.1987,48(5):203-209.
[49]K.McCurley.The Discrete Logarithm Problem.Cryptography and Computational Number Theory.1990,42:49-74.
[50]Pollard J.,Monte Carlo Methods for Index Computation mod p.Mathematics of Computation.1978,32:918-924.
[51]A.J.Menezes,T.Okamoto,and S.A.Vanstone.Reducing Elliptic Curve Logarithms to Finite Field.IEEE Transactions on Information Theory.1993,39(5):1636-1646.
[52]R.Sakai,K.Ohgishi,and M.Kasahara.Cryptosystem Based on Pairing.In 2000 Symposium on Cryptography and Information Security(SCIS2000).2000,26-28.
[53] A.Joux. A one Round Protocol for Tripartite Diffie-Hellman. Symposium Algorithmic Number theory IV-th, LNCS 1838. Springer-Verlag, 2000: 385-394.
[54] A. Joux, K.Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Journal of Cryptology. 2003,16:239-247.
[55] A. W. Dent. The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model. Proceedings of ISC 2005, LNCS 3650 .Springer-Verlag, 2005:203-217.
[56] A.Shamir. Identity-based Cryptosystems and Signature Schemes. In Advances in Cryptology-Proceedings of CRYPTO'84, LNCS196. Springer-Verlag, 1985:48-53.
[57] Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. In Advances in Cryptology Crypto 2001, LNCS 2139. Springer-Verlag, 2001:213-229.
[58] J. M.Lee. Identity Based Signcryption. Cryptology ePrint Archive Report 2002/098.Available at http://eprint.iacr.org/2002/098.
[59] B. Libert, J.J. Quisquater. New Identity Based Signcryption Schemes from Pairings. Cryptology ePrint Archive Report: 2003/023.Available at http://eprint.iacr.org/2003/023.
[60] S.M.M. Chow, S.M. Yiu, L.C.K. Hui, and K.P. Chow. Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. Information Security and Cryptology 2003,LNCS 2971. Springer-Verlag, 2004:352-369.
[61] F. Zhang, R. S.Naini and W. Susilo. An Efficient Signature Scheme from Bilinear Pairings and its Applications. Proceedings of International Workshop on Practice and Theory in Public Key Cryptography, LNCS 2947. Springer-Verlag, 2004:277-290.
[62] K. Bentahar, P. Farshim, J. M.Lee and N.P. Smart. Generic Constructions of Identity-based and Certificateless KEMs (2005). Cryptology ePrint Archive: Report 2005/058.Availabe from http://eprint.iacr.org/2005/058.
[63] D.Pointcheval and J.Stern Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology .2000, 13(3):361-369.
[64] S.L.M. Barreto and H.Y. Kim. Fast Hashing onto Elliptic Curves over Fields of Characteristic-3,Cryptology ePrint Archive:Report 2001/098.Available at http://eprint.iacr.org/2001/098.
[65]M.Scott.Computing the Tate Pairing.Proceeding of CT-RSA 2005,LNCS 3376.Spring-Verlag,2005:293-304.
[66]M.Scott and P.S.Barreto.Compressed Pairings.Proceeding of CRYPTO'2004,LNCS 3152.Springer-Verlag,2004:140-156.
[67]S.M.R.Sakai and M.Kasahara.A New Traitor Tracing.Proceeding of IEICE 2002.Transactions on Fundamentals of Electronics,Communications and Computer Sciences.2002,E85-A(2):481-484.
[68]A.W.Dent.A Designer's Guide to KEMs.Coding and Cryptography,LNCS2898.Springer-Verlag,2003:133-151.
[69]B.Lynn.Authenticated Identity-based Encryption.Cryptology ePrint Archive:Report 2002/072.Available at http://eprint.iacr.org/2002/072.
[70]B.Libert and J.J.Quisquater.New Identity Based Signcryption Schemes from Pairings.Cryptology ePrint Archive Report:2003/023.Available at http://eprint.iacr.org/2003/023.
[71]S.M.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow.Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity.Information Security and Cryptology 2003,LNCS 2971.Springer-Verlag,2004:352-369.
[72]K.Bentahar,P.Farshim,J.M.Lee and N.P.Smart.Generic constructions of identity-based and Certificateless KEMs.Cryptology ePrint Archive:Report 2005/058.Available at http://eprint.iacr.org/2005/058.
[73]S.S.Al-Riyami and K.G.Paterson.CBE from CL-PKE:A Generic Construction and Efficient Schemes.Proceeding of Public Key Cryptography 2005,LNCS 3386.Springer-Verlag,2005:398-415.
[74]X.Huang,W.Susilo,Y.Mu and F.Zhang.On the Security of Certificateless Signature Schemes.Proceedings of CANS 2005,LNCS 3810.Springer-Verlag 2005:13-25.
[75]X.Li,K.Chen and L.Sun.Certificateless Signature and Proxy Signature Schemes from Bilinear Pairings.Lithuanian Mathematical Journal.Springer-Verlag,2005(45):76-83.
[76]B.Libert and J.J.Quisquater.On Constructing Certificateless Cryptosystems from Identity based Encryption.Proceeding of PKC'06,LNCS 3958.Springer-Verlag,2006:474-490.
[77]D.H.Yum,P.J.Lee.Generic Construction of Certificateless Encryption.Proceeding of ICCSA2004,LNCS 3043.Springer-Verlag,2004:802-811.
[78]D.Galindo,S.Martin,P.Morillo,and J.Villar.Fujisaki-Okamoto IND-CCA hybrid encryption revisited.Cryptology ePrint archive report 2003/107.Available at http://eprint.iacr.org/2003/107.
[79]L.Chen,K.Harrison,A.Moss,D.Soldera and N.P.Smart.Certification of Public Keys within an Identity Based System.Proceedings of EISC'2002,LNCS 2433.Springer-Verlag,2002:322-333.
[80]K.G.Paterson.Cryptography from Pairings:A Snapshot of Current Research.Information Security Technical Report.2002,7(3):41-54.
[81]S.S.Al-Riyami,J.Malone-Lee and N.P.Smart.Escrow-Free Encryption Supporting Cryptographic Workflow.International Journal of Information Security.2006,5(3):217-229.
[82]R.Cramer and V.Shoup.Design and Analysis of Practical Public-key Encryption Schemes Secure against adaptive chosen ciphertext Attack.SIAM Journal on Computing.2003,33(1):167-226.
[83]M.Bartbosa and P.Farshim.Secure Cryptographic Workflow in the Standard Model.Progress in Cryptology-INDOCRYPT 2006,LNCS 3429.Springer,2006:379-393.
[84]D.Boneh,X.Boyen Secure Identity-based Encryption without Random Oracles.Advance in Cryptology-CRYPTO 2004,LNCS 3152.Springer-Verlag,2004:443-459.
[85]R.Canetti,S.Halevi and J.Katz.Chosen-ciphertext Security from Identity-based Encryption.In Advances in Cryptology-EUROCRYPT '04,LNCS 3027.Springer-Verlag,2004:207-222.
[86]J.Benaloh and J.Leichter.Generalized secret sharing and monotone functions.In Advances in Cryptology-CRYPTO '88,LNCS 403.Springer-Verlag,1990:27-35.
[87]H.Krawczyk.Secret Sharing Made Short.In Advances in Cryptology -CRYPTO '93.Springer-Verlag 1994.LNCS 0773:136-146.
[88]J.Baek,R.Steinfeld,and Y.Zheng.Formal proofs for the security of signcryption.Public key cryptography(PKC2002),LNCS 2274.Springer-Verlag,2002:80-98.
[89]V.Shoup.Sequences of Games:A Tool for Taming Complexity in Security proofs.Cryptology ePrint report 2004/332.Available at http://eprint.iacr.org/2004/332.
[90]L.Chen and Z.Cheng.Security Proof of Sakai-Kasahara's Identity-based Encryption Scheme.Cryptography and Coding.LNCS 3796.Springer-Verlag,2005:442-459.
[91]MItomi S,Miyaji A.A General Model of Multi-signature Schemes with Message Flexibility,Order Flexibility and Order Verifiability.IEICE Transaction Fundamentals,2001,E84-A(10):2488-2499.
[92]Pang Xiaolin,Catania Barbara,Tan Kian-Lee.Securing Your Data in Agent-Based P2P Systems.Proceedings of the Eighth International Conference on Database Systems for Advanced Applications.IEEE Computer Society.2003:55-65.
[93]Seung-Hyun Seo,Sang-Ho Lee.A Secure and Flexible Multi-signcryption Scheme.Proceeding of ICCSA 2004,LNCS 3046.Springer-Verlag,2004:689-697.
[94]张键红,王继林,王育民.一种多重签密模型及其应用.西安电子科技大学学报(自然科学版).2004,31(3):462-464
[95]J.H.An,Y.Dodis,and T.Rabin.On the Security of Joint Signature and Encryption.In Advances in Cryptology-EUROCRYPT 2002,LNCS 2332.Springer-Verlag,2002:83-107.
[96]Y.Dodis,M.J.Freedman,S.Jarecki,and S.Walfish.Optimal Signcryption from Any Trapdoor Permutation.Cryptology ePrint Archive,Report 2004/020.Available at http://eprint.iacr.org/2004/020.
[97]Y.Dodis,M.J.Freedman,S.Walfish.Parallel Signcryption with OAEP,PSS-R,and other Feistel paddings.Cryptology ePrint Archive,Report 2003/043.Available at http://eprint.iacr.org/2003/043.
[98]R.L.Rivest,A.Shamir,and L.Adleman.A Method for Obtaining Digital Signatures and Public-key Cryptosystem.Communication of ACM.1978,21(2):120-126.
[99]W.Diffie and M.E.Hellman.New Direction in Cryptography.IEEE Transaction on Information Theory.1976,IT-22(6):644-654.
[100]National Bureau of Standards,"Data Encryption Standard," Federal Information Processing Standards Publication FIPS PUB 46 U.S.Department of Commerce,1977.
[101]M.Bellare and P.Rogaway.Optimal Asymmetric Encryption.In Advance in Cryptology-Proceeding of Eurocrypt'94,LNCS 950.Springer-Verlag,1995:92-111.
[102]M.Bellare and P.Rogaway.The Exact Security of Digital Signature-How to Sign with RSA and Rabin.In Advance in Cryptology-Proceeding of Eurocrypt'96,LNCS 1070.Springer-Verlag,1996:399-416.
[103]M.Blum.Coin flipping by telephone a protocol for solving impossible problems.ACM SIGACT News.1983,15(1):23-27.
[104]M.Bellare,S.Goldwasser.New paradigms for digital signatures and message authentication based on non-interative zero knowledge proofs.Proceeding of CRYPTO' 1989,LNCS 435.Springer-Verlag,1990:194-211.
[105]G.Bleumer,B.Pfitzman and M.Waidner.A Remark on a Signature Scheme where Forgery can be proved.Proceeding of Eurocrypto'90,LNCS 473.Springer-Verlag,1990:441-445.
[106]D.Chaum,E.van Heijst and B.Pfitzmann.Cryptographically Sstrong Undeniable sSgnature,Unconditionally Secure for Signer.Proceeding of Crypto'91,LNCS 576.Springer-Verlag,1992:470-484.
[107]I.B.Damgard.Practical and Provably Secure Release of a Secret and Exchange of Signature.Proceeding of.EuroCrypto'93,LNCS 765.Springer-Verlag,1994:200-217.
[108]G.Di Crescenzo,Y.Ishai,and R.Ostrovsky.Non-interactive and Non-malleable Commitment.Proceeding:of 30th Annual ACM Symposium on Theory of Computing.1998:141-150.
[109]周玉洁,冯登国.公开密钥密码算法及其快速实现.北京,国防工业出版社.2002年9月.
[110]M.Bellare,A.Desai,E.Jokipii,and P.Rogaway.A Concrete Security Treatment of Symmetric Encryption.Proceedings of the 38th Symposium on Foundations of Computer Science.IEEE Computer Society,1997:394-403.
[111]M.Abe,R.Gennaro,K.Karosawa,and V.Shoup.Tag-KEM/DEM:A New Framework for Hybrid Encryption.In Advance in Cryptology -Eurocrypt 2005,LNCS 3494.Springer-Verlag,2003:128-146.
[112]Y.Driencourt,J.Michon,Elliptic Codes over A Field of Characteristic 2.Journal of Pure and Applied Algebra.1987,45:15-39.
[113]B.Kaliski.One-way Permutaion on Elliptic Curves.Journal of Cryptography.1997,10:71-72.
[114]S.Goldwasser,J.Kilian.Almost All Primes Can Be Quickly Certified Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing.1986:316-329.
[115]H.W.Lenstra.Factoring Integers with Elliptic Curves.Annals of Mathematics.1987,26:649-673.
[2]曹珍富,薛庆水.密码学的发展方向与最新进展.计算机教育.2005,1:19-21.
[3]D.Boneh,M.Franklin.Identity-Based Encryption from the Weil Pairing.In Advances in Cryptology-Proceedings of CRYPTO'01.LNCS 2139,Springer-Verlag,2000:213-229.
[4]K.E.B.Hickman.The SSL Protocol.Online document,1995.Available at http://www.netscap.com/eng/security/SSL_2.html.
[5]M.Bellare,A.Desai,D.Pointcheval,and P.Rogaway.Relation Among Notions of Security for Public-key Encryption Schemes.Advances in Cryptology-Crypto'98,LNCS 1462,Springer-Verlag,1998:26-45.
[6]J.H.An.Authenticated Encryption in the Public-Key Setting:Security notions and Analyses.Available from http://eprint.iacr.org/2001/079,2001.
[7]A.W.Dent.Hybrid Cryptography.Cryptology ePrint Archive:Report 2004/210.Available at http://eprint.iacr.org/2004/210.
[8]R.Cramer,V.Shoup.Design and Analysis of Practical Public-Key Encryption Schemes Secure Against Adaptive Chosen Ciphertext Attack.SIAM Journal on Computing.2004,33(1):167-226.
[9]V.Shoup.Using Hash Functions as A Hedge Against Chosen Ciphertext Attack.In Advances in Cryptology Eurocrypt 2000,LNCS 1807,Springer-Verlag,2000:275-288.
[10]Y.Zheng.Signcryption and Its Applications in Efficient Public Key Solutions.Proceedings of 1997 Information Security Workshop(ISW'97).LNCS 1397,Springer-Verlag 1998:291-312.
[11]V.Shoup.A Proposal for An ISO Standard for Public Key Encryption.Available at http://eprint.iacr.org/2001/112,2001.
[12]E.Fujisaki,T.Okamoto.Secure Integration of Asymmetric and Symmetric Encryption Schemes.In Advances in Cryptology- Proceedings of CRYPTO'99,LNCS 1666.Springer Verlag,199:537-554.
[13]D.Pointcheval.New Public Key Cryptosystems Based on the Dependent RSA Problem.In Eurocrypt'99,LNCS 1592.Springer Verlag,1999:239-254.
[14]M.Abdalla,M.Bellare,and P.Rogaway.DHIES:An Encryption Scheme Based on the Diffie-Hellman Problem.In RSA Conference 2001-Proceeding of CT-RSA 2001,LNCS 2020.Springer Verlag,2001:143-158.
[15]T.Okamoto,D.Pointcheval.REACT:Rapid Enhanced-Security Asymmetric Cryptosystem Transform.In RSA Conference 2001-Proceeding of CT-RSA 2000,LNCS 2000Springer-Verlag,2001:159-175.
[16]K.Kurosawa,Y.Desmedt.A New Paradigm of Hybrid Encryption Scheme.In Advances in Cryptology-CRYPTO 2004,LNCS 3152.Springer-Verlag,2004:426-442.
[17]J.S.Coron,H.Handscuh,M.Joy,P.Pailiere,D.Pointcheval,and C.Tymen.GEM:A Generic Chosen-Chiphertext Secures Encryption Method.In cryptology-CT-RSA'02,LNCS 2271.Springer-Verlag,2002:175-184.
[18]E.Fujisak,T.Okamoto.How to enhance the Security of Public-key Encryption and Minimum Cost.Proceeding of Public-Key Cryptograhy 99,LNCS 15601.Springer-Verlag,1999:53-68.
[19]M.Abe,R.Gennaro,K.Kurosawa and V.Shoup.Tag-KEM/DEM:A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Demedt KEM.Proceeding of Eurocrypt 2005,LNCS 3494.Springer-Verlag,2005:128-146.
[20]W.A.Dent.Hybrid Signcryption Schemes with Outsider Security.Proceedings of ISC'2005,LNCS 3650.Springer-Verlag,2005:203-217.
[21]W.A.Dent.Hybrid Signcryption Schemes with Insider Security.Proceedings,of ACISP '2005,LNCS 3574.Springer-Verlag,2005:253-266.
[22]冯登国.可证明安全性理论与方法研究.软件学报,2005.16(10):1743-1756.
[23]A.Shamir.Identity-Based Cryptosystems and Signature Schemes.In Advances in Cryptography- Crypto'84,LNCS 196.Springer-Verlag,1984:47-53.
[24]S.S Al-Riyami,K.G.Paterson.Certificateless Public Key Cryptography.Proceeding of ASI-ACRYPT'03,LNCS 2894.Springer-Verlag,2003:452-473.
[25]S.Goldwasser,S.Micali,Probabilistic Encryption and How to Play Mental Poker Keeping Secret all Partial Information.Proceeding of 14th ACM Symposium on Theory of Computing.1982:365-377.
[26]S.Goldwasser,S.Micali.Probabilistic Encryption.Journal of Computer and System Science.1984,28(4):270-299.
[27]S.Goldwasser,S.Micali,R.Rivest.A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks.Proceeding of SIAM Journal of Computing.1988,17(2):281-308.
[28]M.Bellare,P.Rogaway P.Random Oracles are Practical:A Paradigm for Designing Efficient Protocols.Proceedings of ACM Conference on Computer and Communication Security.1993:62-67.
[29]M.Naor,M.Yung,Public-Key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks.Proceedings of 22nd ACM Symposium of Theory of Computing,1990:427-437.
[30]D.Dolev,C.Dwork and M.Naor.Nonmalleable Cryptograhpy.Proceedings of SIAM Journal on Computing.2000:391-437.
[31]M.Bellare,A.Sahai.Nonmalleable Encryption:Equivalence between Two Notions,and an Indistinguishability-Based Characterization.In Advance in Cryptology-Crypto'99,LNCS 1666.Springer-Verlag,1999:519-536.
[32]王育民,刘建伟.通信网的安全-理论与技术.西安电子科技大学出版社.1999.
[33]A.Menezes,P.Oorschot,S.Vanstone.Handbook of Applied Cryptography.CRC Press.1996.
[34]W.Mao.Modern Cryptography:Theory&Practice.Prentice Hall.2003.
[35]B.Schneier著,吴世忠译.应用密码学-协议、算法和C源程序.机械工业出版社.2000.
[36]冯登国,吴文玲.分组密码的设计与分析.清华大学出版社.2000.
[37]罗启彬,张健.流密码的现状与发展.信息与电子工程.2006,4(1):75-80.
[38]M.Bellare,A.Sahai,E.Jokipii and P.A.Rogaway.Concrete Security Treatment of Symmetric Encryption:Analysis of the DES Modes of Operation.Proceedings of FOCS.1997:394-403.
[39]G.Hanaoka,Y.Zheng,and H.Imai.LITESET:A Light-Weight Secure Electronic Transaction Protocol.Proceeding of ACISP'98,LNCS 1438.Springer-Verlag,1998:215-226.
[40]Y.Wang and T.Li.LITESET/A++:A New Agent-Assisted Secure Payment Protocol.Proceedings of the IEEE International Conference on E-Commerce Technology(CEC'04),2004.IEEE Computer Society,2004,5:244-251.
[41]S.H.Seo,T.N.Cho,S.H.Lee.A Secure Mobile Agent Protocol for AMR Systems in Home Network Environments.Proceedings of ICOIN 2005,LNCS 3391.Springer-Verlag,2005:814-823.
[42]G.Li and W.Han.A New Scheme for Key Management in ad hoc Networks.Proceeding of ICN 2005,LNCS 3421.Springer-Verlag,2005:242-249.
[43]H.Deng and D.P.Agrawal.TIDS:Threshold and Identity-based Security Scheme for Wireless ad hoc Networks.Adhoc Networks.2004,2(3):291-307.
[44]B.N.Park,J.Myung,and W.Lee.ISSRP:A Secure Routing Protocol using Identity-based Signcryption Scheme in ad-hoc Networks.Proceedings of PDCAT 2004,LNCS 3320.Springer-Verlag,2004:711-714.
[45]B.N.Park and W.Lee.ISMANET:A Secure Routing Protocol using Identity-based Signcryption Scheme for Mobile ad-hoc Networks.IEICE Transactions on Communications.2005,E88-B(6):2548-2556.
[46]J.H.An,Y.Dodis,and T.Rabin.On the Security of Joint Signature and Encryption.In Advances in Cryptology -Eurocrypt 2002,LNCS 2332,Springer-Verlag,2002:83-107.
[47]V.Miller.User of Elliptic Curves in Cryptography.In Advances in Cryptology-Proceeding of CRYPTO'85,LNCS 218.Springer-Verlag,1985:417-426.
[48]N.Koblitz.Elliptic Curve Cryptosystme.Math.Comp.1987,48(5):203-209.
[49]K.McCurley.The Discrete Logarithm Problem.Cryptography and Computational Number Theory.1990,42:49-74.
[50]Pollard J.,Monte Carlo Methods for Index Computation mod p.Mathematics of Computation.1978,32:918-924.
[51]A.J.Menezes,T.Okamoto,and S.A.Vanstone.Reducing Elliptic Curve Logarithms to Finite Field.IEEE Transactions on Information Theory.1993,39(5):1636-1646.
[52]R.Sakai,K.Ohgishi,and M.Kasahara.Cryptosystem Based on Pairing.In 2000 Symposium on Cryptography and Information Security(SCIS2000).2000,26-28.
[53] A.Joux. A one Round Protocol for Tripartite Diffie-Hellman. Symposium Algorithmic Number theory IV-th, LNCS 1838. Springer-Verlag, 2000: 385-394.
[54] A. Joux, K.Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Journal of Cryptology. 2003,16:239-247.
[55] A. W. Dent. The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model. Proceedings of ISC 2005, LNCS 3650 .Springer-Verlag, 2005:203-217.
[56] A.Shamir. Identity-based Cryptosystems and Signature Schemes. In Advances in Cryptology-Proceedings of CRYPTO'84, LNCS196. Springer-Verlag, 1985:48-53.
[57] Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. In Advances in Cryptology Crypto 2001, LNCS 2139. Springer-Verlag, 2001:213-229.
[58] J. M.Lee. Identity Based Signcryption. Cryptology ePrint Archive Report 2002/098.Available at http://eprint.iacr.org/2002/098.
[59] B. Libert, J.J. Quisquater. New Identity Based Signcryption Schemes from Pairings. Cryptology ePrint Archive Report: 2003/023.Available at http://eprint.iacr.org/2003/023.
[60] S.M.M. Chow, S.M. Yiu, L.C.K. Hui, and K.P. Chow. Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. Information Security and Cryptology 2003,LNCS 2971. Springer-Verlag, 2004:352-369.
[61] F. Zhang, R. S.Naini and W. Susilo. An Efficient Signature Scheme from Bilinear Pairings and its Applications. Proceedings of International Workshop on Practice and Theory in Public Key Cryptography, LNCS 2947. Springer-Verlag, 2004:277-290.
[62] K. Bentahar, P. Farshim, J. M.Lee and N.P. Smart. Generic Constructions of Identity-based and Certificateless KEMs (2005). Cryptology ePrint Archive: Report 2005/058.Availabe from http://eprint.iacr.org/2005/058.
[63] D.Pointcheval and J.Stern Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology .2000, 13(3):361-369.
[64] S.L.M. Barreto and H.Y. Kim. Fast Hashing onto Elliptic Curves over Fields of Characteristic-3,Cryptology ePrint Archive:Report 2001/098.Available at http://eprint.iacr.org/2001/098.
[65]M.Scott.Computing the Tate Pairing.Proceeding of CT-RSA 2005,LNCS 3376.Spring-Verlag,2005:293-304.
[66]M.Scott and P.S.Barreto.Compressed Pairings.Proceeding of CRYPTO'2004,LNCS 3152.Springer-Verlag,2004:140-156.
[67]S.M.R.Sakai and M.Kasahara.A New Traitor Tracing.Proceeding of IEICE 2002.Transactions on Fundamentals of Electronics,Communications and Computer Sciences.2002,E85-A(2):481-484.
[68]A.W.Dent.A Designer's Guide to KEMs.Coding and Cryptography,LNCS2898.Springer-Verlag,2003:133-151.
[69]B.Lynn.Authenticated Identity-based Encryption.Cryptology ePrint Archive:Report 2002/072.Available at http://eprint.iacr.org/2002/072.
[70]B.Libert and J.J.Quisquater.New Identity Based Signcryption Schemes from Pairings.Cryptology ePrint Archive Report:2003/023.Available at http://eprint.iacr.org/2003/023.
[71]S.M.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow.Efficient Forward and Provably Secure ID-based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity.Information Security and Cryptology 2003,LNCS 2971.Springer-Verlag,2004:352-369.
[72]K.Bentahar,P.Farshim,J.M.Lee and N.P.Smart.Generic constructions of identity-based and Certificateless KEMs.Cryptology ePrint Archive:Report 2005/058.Available at http://eprint.iacr.org/2005/058.
[73]S.S.Al-Riyami and K.G.Paterson.CBE from CL-PKE:A Generic Construction and Efficient Schemes.Proceeding of Public Key Cryptography 2005,LNCS 3386.Springer-Verlag,2005:398-415.
[74]X.Huang,W.Susilo,Y.Mu and F.Zhang.On the Security of Certificateless Signature Schemes.Proceedings of CANS 2005,LNCS 3810.Springer-Verlag 2005:13-25.
[75]X.Li,K.Chen and L.Sun.Certificateless Signature and Proxy Signature Schemes from Bilinear Pairings.Lithuanian Mathematical Journal.Springer-Verlag,2005(45):76-83.
[76]B.Libert and J.J.Quisquater.On Constructing Certificateless Cryptosystems from Identity based Encryption.Proceeding of PKC'06,LNCS 3958.Springer-Verlag,2006:474-490.
[77]D.H.Yum,P.J.Lee.Generic Construction of Certificateless Encryption.Proceeding of ICCSA2004,LNCS 3043.Springer-Verlag,2004:802-811.
[78]D.Galindo,S.Martin,P.Morillo,and J.Villar.Fujisaki-Okamoto IND-CCA hybrid encryption revisited.Cryptology ePrint archive report 2003/107.Available at http://eprint.iacr.org/2003/107.
[79]L.Chen,K.Harrison,A.Moss,D.Soldera and N.P.Smart.Certification of Public Keys within an Identity Based System.Proceedings of EISC'2002,LNCS 2433.Springer-Verlag,2002:322-333.
[80]K.G.Paterson.Cryptography from Pairings:A Snapshot of Current Research.Information Security Technical Report.2002,7(3):41-54.
[81]S.S.Al-Riyami,J.Malone-Lee and N.P.Smart.Escrow-Free Encryption Supporting Cryptographic Workflow.International Journal of Information Security.2006,5(3):217-229.
[82]R.Cramer and V.Shoup.Design and Analysis of Practical Public-key Encryption Schemes Secure against adaptive chosen ciphertext Attack.SIAM Journal on Computing.2003,33(1):167-226.
[83]M.Bartbosa and P.Farshim.Secure Cryptographic Workflow in the Standard Model.Progress in Cryptology-INDOCRYPT 2006,LNCS 3429.Springer,2006:379-393.
[84]D.Boneh,X.Boyen Secure Identity-based Encryption without Random Oracles.Advance in Cryptology-CRYPTO 2004,LNCS 3152.Springer-Verlag,2004:443-459.
[85]R.Canetti,S.Halevi and J.Katz.Chosen-ciphertext Security from Identity-based Encryption.In Advances in Cryptology-EUROCRYPT '04,LNCS 3027.Springer-Verlag,2004:207-222.
[86]J.Benaloh and J.Leichter.Generalized secret sharing and monotone functions.In Advances in Cryptology-CRYPTO '88,LNCS 403.Springer-Verlag,1990:27-35.
[87]H.Krawczyk.Secret Sharing Made Short.In Advances in Cryptology -CRYPTO '93.Springer-Verlag 1994.LNCS 0773:136-146.
[88]J.Baek,R.Steinfeld,and Y.Zheng.Formal proofs for the security of signcryption.Public key cryptography(PKC2002),LNCS 2274.Springer-Verlag,2002:80-98.
[89]V.Shoup.Sequences of Games:A Tool for Taming Complexity in Security proofs.Cryptology ePrint report 2004/332.Available at http://eprint.iacr.org/2004/332.
[90]L.Chen and Z.Cheng.Security Proof of Sakai-Kasahara's Identity-based Encryption Scheme.Cryptography and Coding.LNCS 3796.Springer-Verlag,2005:442-459.
[91]MItomi S,Miyaji A.A General Model of Multi-signature Schemes with Message Flexibility,Order Flexibility and Order Verifiability.IEICE Transaction Fundamentals,2001,E84-A(10):2488-2499.
[92]Pang Xiaolin,Catania Barbara,Tan Kian-Lee.Securing Your Data in Agent-Based P2P Systems.Proceedings of the Eighth International Conference on Database Systems for Advanced Applications.IEEE Computer Society.2003:55-65.
[93]Seung-Hyun Seo,Sang-Ho Lee.A Secure and Flexible Multi-signcryption Scheme.Proceeding of ICCSA 2004,LNCS 3046.Springer-Verlag,2004:689-697.
[94]张键红,王继林,王育民.一种多重签密模型及其应用.西安电子科技大学学报(自然科学版).2004,31(3):462-464
[95]J.H.An,Y.Dodis,and T.Rabin.On the Security of Joint Signature and Encryption.In Advances in Cryptology-EUROCRYPT 2002,LNCS 2332.Springer-Verlag,2002:83-107.
[96]Y.Dodis,M.J.Freedman,S.Jarecki,and S.Walfish.Optimal Signcryption from Any Trapdoor Permutation.Cryptology ePrint Archive,Report 2004/020.Available at http://eprint.iacr.org/2004/020.
[97]Y.Dodis,M.J.Freedman,S.Walfish.Parallel Signcryption with OAEP,PSS-R,and other Feistel paddings.Cryptology ePrint Archive,Report 2003/043.Available at http://eprint.iacr.org/2003/043.
[98]R.L.Rivest,A.Shamir,and L.Adleman.A Method for Obtaining Digital Signatures and Public-key Cryptosystem.Communication of ACM.1978,21(2):120-126.
[99]W.Diffie and M.E.Hellman.New Direction in Cryptography.IEEE Transaction on Information Theory.1976,IT-22(6):644-654.
[100]National Bureau of Standards,"Data Encryption Standard," Federal Information Processing Standards Publication FIPS PUB 46 U.S.Department of Commerce,1977.
[101]M.Bellare and P.Rogaway.Optimal Asymmetric Encryption.In Advance in Cryptology-Proceeding of Eurocrypt'94,LNCS 950.Springer-Verlag,1995:92-111.
[102]M.Bellare and P.Rogaway.The Exact Security of Digital Signature-How to Sign with RSA and Rabin.In Advance in Cryptology-Proceeding of Eurocrypt'96,LNCS 1070.Springer-Verlag,1996:399-416.
[103]M.Blum.Coin flipping by telephone a protocol for solving impossible problems.ACM SIGACT News.1983,15(1):23-27.
[104]M.Bellare,S.Goldwasser.New paradigms for digital signatures and message authentication based on non-interative zero knowledge proofs.Proceeding of CRYPTO' 1989,LNCS 435.Springer-Verlag,1990:194-211.
[105]G.Bleumer,B.Pfitzman and M.Waidner.A Remark on a Signature Scheme where Forgery can be proved.Proceeding of Eurocrypto'90,LNCS 473.Springer-Verlag,1990:441-445.
[106]D.Chaum,E.van Heijst and B.Pfitzmann.Cryptographically Sstrong Undeniable sSgnature,Unconditionally Secure for Signer.Proceeding of Crypto'91,LNCS 576.Springer-Verlag,1992:470-484.
[107]I.B.Damgard.Practical and Provably Secure Release of a Secret and Exchange of Signature.Proceeding of.EuroCrypto'93,LNCS 765.Springer-Verlag,1994:200-217.
[108]G.Di Crescenzo,Y.Ishai,and R.Ostrovsky.Non-interactive and Non-malleable Commitment.Proceeding:of 30th Annual ACM Symposium on Theory of Computing.1998:141-150.
[109]周玉洁,冯登国.公开密钥密码算法及其快速实现.北京,国防工业出版社.2002年9月.
[110]M.Bellare,A.Desai,E.Jokipii,and P.Rogaway.A Concrete Security Treatment of Symmetric Encryption.Proceedings of the 38th Symposium on Foundations of Computer Science.IEEE Computer Society,1997:394-403.
[111]M.Abe,R.Gennaro,K.Karosawa,and V.Shoup.Tag-KEM/DEM:A New Framework for Hybrid Encryption.In Advance in Cryptology -Eurocrypt 2005,LNCS 3494.Springer-Verlag,2003:128-146.
[112]Y.Driencourt,J.Michon,Elliptic Codes over A Field of Characteristic 2.Journal of Pure and Applied Algebra.1987,45:15-39.
[113]B.Kaliski.One-way Permutaion on Elliptic Curves.Journal of Cryptography.1997,10:71-72.
[114]S.Goldwasser,J.Kilian.Almost All Primes Can Be Quickly Certified Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing.1986:316-329.
[115]H.W.Lenstra.Factoring Integers with Elliptic Curves.Annals of Mathematics.1987,26:649-673.