基于身份密码方案的研究
|
摘要
在传统的公钥密码体制中,公钥的使用首先依赖于被称为认证中心(CA,Certificate Authority)的可信第三方为用户颁发公钥证书。公钥证书中CA的签名将用户身份和看似随机的公钥信息联系起来,只有经过CA签名的用户身份和公钥才是合法的,因而CA机构是这种架构下的核心部门,负责用户公钥证书生命周期的每一个环节。这些证书的使用需要耗费巨大的计算和存储开销,管理工作比较复杂,对作为系统中心的CA机构要求较高,系统负担较重。
为简化证书管理工作,1984年,著名密码学家Shamir提出了基于身份密码学(IBC, Identity-Based Cryptography)的思想,基本想法就是将用户的身份与其公钥以最自然的方式捆绑在一起:用户的身份信息即为用户公钥,用户的私钥则由被称为私钥生成中心(PKG, Private Key Generator)的可信第三方产生后发送给用户。在基于身份的公钥体制架构下,不需存放公钥或证书目录,简化了公钥证书的管理过程,公钥的使用方式也更直接,从而降低了计算和存储开销。
本文围绕基于身份的密码体制进行研究,特别是标准模型下基于身份密码方案的设计与分析,侧重于方案的安全模型建立和形式化可证安全性,对基于身份密码体制下的强指定验证者签名、签密、多签密、多接收者匿名签密以及面向群组的加密和签密、安全密钥分发协议等密码学方案的安全性定义和具体实现做了重点研究,力图设计高效的可证安全的基于身份密码体制。
基于身份的密码体制大部分都是使用双线性对构造的,减少双线性对运算的次数是提高基于身份密码方案效率的关键。最近,李继国等人提出了一个新的基于身份的签名方案,其验证算法比Paterson等人的方案减少了一个双线性对运算,效率显著提高。在第三章,我们对该方案进行了分析,遗憾地发现该方案存在安全弱点,不能抵御已知私钥或已知签名的存在性伪造攻击。
在现实世界中,为实现对签名的完全控制,防止签名滥用,人们希望能指定签名的验证者,只有被指定的验证者可以验证并接受签名内容,非指定验证者则无法确定签名者的身份。根据验证算法中是否需要使用验证者私钥,指定验证者的签名可以分为指定验证者签名和强指定验证者签名两种。在第四章,我们在随机预言模型下提出了一个可证安全的强指定验证者代理签名方案和一个基于身份的强指定验证者代理签名方案,方案同时满足代理签名和强指定验证者签名的安全特性,可以有效防止签名滥用和签名内容的泄露。另外,我们还提出了首个标准模型下可证安全的基于身份的强指定验证者签名方案。
加密和签名是能够获得保密性和认证性的最基本的密码学工具,1997年,Zheng提出了签密这一新的密码学概念,使得能够在公开信道中使用单个逻辑步骤完成加密和签名两种操作,实现信息传递过程中的保密性和认证性,同时降低传统的先签名后加密方法的计算和通信费用。基于身份的签密方案是签密研究领域的热点之一,本文在基于身份签密方案的研究中取得了以下成果:
1.在第三章我们对首个在标准模型下构造的基于身份签密方案进行了安全性分析,指出其存在的安全问题并进行了改进,改进后的方案满足自适应选择密文攻击下的密文不可区分性和选择消息攻击下的密文存在性不可伪造性。
2.在第五章我们完善了基于身份多签密方案的安全模型,提出了首个标准模型下可证安全的基于身份多签密方案,对接收者来说,合法的签密密文表示所有签名者对明文消息的认可。方案具有较高的效率,即使在退化情况下(只有一个签密者)较现有的单签密者签密方案在效率上也有所提高。
3.在第五章我们首次给出了基于身份多接收者匿名签密方案的形式化定义和完备安全模型,并在标准模型下构造了一个具体方案,方案可以实现签密者身份的无条件匿名性,提高面向多接收者信息传递过程中的计算和传输效率。
某些网络应用需要将同样的消息向多个实体进行发送,最简单的方式就是发送者将消息分别加密多次进行点对点传送,显然,这种方法在接收群组规模较大时效率是非常低的,必会产生极大的计算量与通信量。为解决将数字内容向接收者群组进行有效广播的问题,Fiat等人于1993年提出了广播加密的概念,信息广播者对信息进行加密,只有获得认证的用户可以解密密文获得有效信息,广播者同时可以对信息接收者进行子群划分,从而将不同的信息发给指定子群用户,子群外的用户不能获得广播信息的内容。基于身份的广播签密方案也大量出现,这些方案实现了群组通信过程中的信息私密性和认证性,然而在获得这些优点的同时,如何获得常数规模的系统参数一直是该领域研究的难点问题。另一个问题是已有方案在建立阶段必须固定一个大的接收者群组,广播者必须清楚地知道群组成员的个体公钥,但在某些应用中,信息发布者可能并不清楚信息接收者的信息,而且接收者也有可能是动态增加的。在第六章,我们首次提出了基于身份的面向群组加密和签密的概念,并给出了具体构造。新方案中的系统参数和密文长度均为常数,信息发送者仅需使用接收群组的身份信息就能产生签密密文,信息接收群组中成员可独立解密密文并验证签名的合法性,新方案在基于身份选择密文攻击以及选择消息攻击下是可证安全的。
在基于身份的密码系统中,PKG为用户产生私钥,然后通过安全信道将私钥传送给用户。因为PKG对用户私钥的完全掌握,必须要求所有用户对其是完全信任的。然而,在现实生活中,这样的可信实体一般不容易找到,特别是在基于身份密码系统刚刚开始应用,基础设施并不完善的初级阶段,存在出现恶意PKG的可能,这样的PKG或者出售用户私钥或者解密用户密文或者伪造用户签名,甚至在完成恶意行为后,也不会被察觉,这是因为无法区分这些行为造成的结果(私钥泄露、加密消息泄露及签名伪造等)是由用户自己故意或无意导致的,还是确实是由PKG恶意完成的。这种PKG完全掌握用户私钥的问题被称为“密钥托管”问题,是基于身份密码体制的固有问题,妨碍了基于身份密码系统的广泛应用。在第七章,我们对密钥托管问题进行了研究,对已有解决方案在PKG主动攻击行为下的特点进行了分析,结果表明,单次认证方式不能真正解决密钥托管问题,在综合已有解决方案的优点后,我们提出了新的基于身份密钥分发机制,可以有效抵御PKG发起的主动攻击,避免PKG对用户私钥的完全掌握。
In traditional public key cryptosystems, user's public key is a random string unrelated to his identity. When Alice wants to send a message to Bob, she must first obtain Bob's authenticated public key. Typical solutions to this problem involve public key directories which are maintained by a trusted third party named Certificate Authority (CA). Problems with the traditional Public key cryptosystems are the high cost of the infrastructure needed to manage and authenticate public keys, and the difficulty in managing multiple communities.
Identity-based cryptosystems were introduced by Shamir in 1984. Its main idea is that the public keys of a user can be easily derived from arbitrary strings corresponding to his identity information such as name, telephone number or email address. A Private Key Generator (PKG) computes private keys from a master secret and distributes them to the users participating in the scheme. This eliminates the need for certificates as used in a traditional public key infrastructure. Identity-based systems may be a good alternative for certificate-based systems from the viewpoint of efficiency and convenience. So it is of theoretical and practical significance on study in identity-based cryptosystems.
This dissertation investigates the design and security analysis of identity-based schemes, including identity-based signcryption, identity-based multi-signcryption, identity-based anonymous signcrypiton for multiple receivers and the secure key issuing protocols. The contributions of this dissertation can be summarized as following:
Bilinear pairing computations are used in almost all of the concrete identity-based schemes. Reduce the number of pairing computations is the key to increase the efficiency of these schemes. Recently, Li et al proposed a new identity-based signature scheme, in which the verification algorithm reduced a pairing computing than Paterson's scheme, and efficiency has been improved significantly. In chapter 3, we analyse this scheme and find out that there are some security weaknesses in the scheme. The scheme can not resist the existence forgery attack if the attacker has some private keys or some valid signatures already.
In real world, in order to achieve the complete control of signatures, people want to specify the verifier. Only the designated verifier can verify and accept the signatures. Non-designated verifier can not determine the identity of the signer. In chapter 4, we propose a strong designated verifier proxy signature and an identity-based strong designated verifier proxy signature in the random oracle model respectly. The schemes satisfied all security requirements of proxy signature and strong designated verifier signature. We also propose the first identity-based strong designated verifier signature in the standard model.
Two fundamental tools of Public Key Cryptography (PKC) are privacy and authenticity, achieved through encryption and signature respectively. In 1997, Zheng proposed a new cryptographic primitive:signcryption, which can perform digital signature and public key encryption simultaneously at lower computational costs and communication overheads than sign-then-encrypt way to obtain private and authenticated communications. Signcryption is a very important technology in message security and the sender's identity authentication for communication in the open channel. In this paper, we get three results in the research on identity-based signcryption scheme:
1. Recently, Yu et al. proposed the first identity-based signcryption scheme in standard model. However, in chapter 3, we show that the scheme still has some security weaknesses. Further, we propose a corrected version of the scheme and formally prove its security under the existing security model for identity-based signcryption.
2. Adapted to multi-user settings, in chapter 5, we define the security model of identity-based multi-signcryption scheme and propose the first identity-based multi-signcryption scheme without random oracles based on Waters' identity-based encryption scheme. The scheme is proved secure against adaptive chosen ciphertext attacks and adaptive chosen message attacks under decisional bilinear Diffie-Hellman assumption and computational Diffie-Hellman assumption respectively. Even after being changed to a one-signcrypter scheme, the new one also has higher efficiency compared with the existed one-signcrypter scheme.
3. Anonymous signcryption is a novel cryptographic primitive which provides anonymity of the sender along with the advantage of traditional signcryption scheme. In chapter 5, we define the fully secure model of identity-based anonymous signcryption and propose the first concrete scheme in the standard model. The proposed scheme satisfies the semantic security, unforgeability and signcrypter identity's ambiguity. We also give the formal security proof on its semantic security under the hardness of Decisional Bilinear Diffie-Hellman problem and its unforgeability under the Computational Diffie-Hellman assumption.
In some network applications, people have to distribute a same message to all n group members. A simple approach for achieving this goal is that the sender encrypts the message for each member of the group respectively. Obviously, the cost of using the approach in large group is very high. Broadcast encryption, which is first proposed by Fiat and Naor in 1993, considers this problem of broadcasting digital contents to a large set of authorized users. Such applications include paid-TV systems, copyrighted CD/DVD distributions, and fee-based online databases. The broadcaster encrypts the message and only the authorized users have the decryption keys to recover the data. In this type of scheme the sender encrypts a message for some subset of receivers and sends the ciphertext by broadcast over Internet. Any receiver in the designated subset can use his private key to decrypt the ciphertext. However, nobody outside the subset can get any information about the contents of the broadcast. Broadcast encryption has lots of advantages. However, these advantages make the broadcast encryption scheme much more complicated. It is very difficult to make the schemes satisfy so many advantages while keep the ciphertext and keys constant size simultaneity. Another problem is that the broadcast encryption schemes must fix a max receiver's set in the system setup phase and the broadcaster should know everyone's identity in the receiving group clearly. But in many applications, the member is unknown to the message sender. In chapter 6, we formalize the notion of identity-based broadcast group-oriented encryption and signcryption scheme and propose a concrete construction based on Gentry's IBE scheme. In our new scheme, the broadcaster could encrypt the message using the designated receiving group's identity and any receiver in the designated group can independently decrypt the ciphertexts. The newly proposed scheme has the following merits:Every member of the receiving group needs to keep only one private key. Both ciphertexts and system parameters are of constant size. A sender can send a secure message just by using the receive group's identity information, even before the receiver in the designated group obtains his private key from a PKG
In identity-based cryptosystem, user's private key is computed by PKG from a master secret. Therefore, the PKG can decrypt any ciphertext or forge signature on any message. This inherent problem of identity-based cryptosystems is named as "key escrow", i.e. PKG knows the user's private key, resulting in no user privacy and authenticity. So PKG must be trusted as a trusted third party. But in the real world, the trusted third party is not easily found. Another criticism is that identity-based cryptosystems require a secure channel for private key delivering between the users and the PKG Due to these inherent problems, identity-based cryptosystems are considered to be suitable only for closed user networks with lower security requirements. Therefore, eliminating these problems in identity-based cryptosystems is essential to make it more applicable in the real world. In chapter 7, we show that the existed schemes solving key escrow still have some security weaknesses under the PKG active attacks. Furthermore, we present a new key issuing mechanism which is undeniable and secure against PKG's active attacks.
为简化证书管理工作,1984年,著名密码学家Shamir提出了基于身份密码学(IBC, Identity-Based Cryptography)的思想,基本想法就是将用户的身份与其公钥以最自然的方式捆绑在一起:用户的身份信息即为用户公钥,用户的私钥则由被称为私钥生成中心(PKG, Private Key Generator)的可信第三方产生后发送给用户。在基于身份的公钥体制架构下,不需存放公钥或证书目录,简化了公钥证书的管理过程,公钥的使用方式也更直接,从而降低了计算和存储开销。
本文围绕基于身份的密码体制进行研究,特别是标准模型下基于身份密码方案的设计与分析,侧重于方案的安全模型建立和形式化可证安全性,对基于身份密码体制下的强指定验证者签名、签密、多签密、多接收者匿名签密以及面向群组的加密和签密、安全密钥分发协议等密码学方案的安全性定义和具体实现做了重点研究,力图设计高效的可证安全的基于身份密码体制。
基于身份的密码体制大部分都是使用双线性对构造的,减少双线性对运算的次数是提高基于身份密码方案效率的关键。最近,李继国等人提出了一个新的基于身份的签名方案,其验证算法比Paterson等人的方案减少了一个双线性对运算,效率显著提高。在第三章,我们对该方案进行了分析,遗憾地发现该方案存在安全弱点,不能抵御已知私钥或已知签名的存在性伪造攻击。
在现实世界中,为实现对签名的完全控制,防止签名滥用,人们希望能指定签名的验证者,只有被指定的验证者可以验证并接受签名内容,非指定验证者则无法确定签名者的身份。根据验证算法中是否需要使用验证者私钥,指定验证者的签名可以分为指定验证者签名和强指定验证者签名两种。在第四章,我们在随机预言模型下提出了一个可证安全的强指定验证者代理签名方案和一个基于身份的强指定验证者代理签名方案,方案同时满足代理签名和强指定验证者签名的安全特性,可以有效防止签名滥用和签名内容的泄露。另外,我们还提出了首个标准模型下可证安全的基于身份的强指定验证者签名方案。
加密和签名是能够获得保密性和认证性的最基本的密码学工具,1997年,Zheng提出了签密这一新的密码学概念,使得能够在公开信道中使用单个逻辑步骤完成加密和签名两种操作,实现信息传递过程中的保密性和认证性,同时降低传统的先签名后加密方法的计算和通信费用。基于身份的签密方案是签密研究领域的热点之一,本文在基于身份签密方案的研究中取得了以下成果:
1.在第三章我们对首个在标准模型下构造的基于身份签密方案进行了安全性分析,指出其存在的安全问题并进行了改进,改进后的方案满足自适应选择密文攻击下的密文不可区分性和选择消息攻击下的密文存在性不可伪造性。
2.在第五章我们完善了基于身份多签密方案的安全模型,提出了首个标准模型下可证安全的基于身份多签密方案,对接收者来说,合法的签密密文表示所有签名者对明文消息的认可。方案具有较高的效率,即使在退化情况下(只有一个签密者)较现有的单签密者签密方案在效率上也有所提高。
3.在第五章我们首次给出了基于身份多接收者匿名签密方案的形式化定义和完备安全模型,并在标准模型下构造了一个具体方案,方案可以实现签密者身份的无条件匿名性,提高面向多接收者信息传递过程中的计算和传输效率。
某些网络应用需要将同样的消息向多个实体进行发送,最简单的方式就是发送者将消息分别加密多次进行点对点传送,显然,这种方法在接收群组规模较大时效率是非常低的,必会产生极大的计算量与通信量。为解决将数字内容向接收者群组进行有效广播的问题,Fiat等人于1993年提出了广播加密的概念,信息广播者对信息进行加密,只有获得认证的用户可以解密密文获得有效信息,广播者同时可以对信息接收者进行子群划分,从而将不同的信息发给指定子群用户,子群外的用户不能获得广播信息的内容。基于身份的广播签密方案也大量出现,这些方案实现了群组通信过程中的信息私密性和认证性,然而在获得这些优点的同时,如何获得常数规模的系统参数一直是该领域研究的难点问题。另一个问题是已有方案在建立阶段必须固定一个大的接收者群组,广播者必须清楚地知道群组成员的个体公钥,但在某些应用中,信息发布者可能并不清楚信息接收者的信息,而且接收者也有可能是动态增加的。在第六章,我们首次提出了基于身份的面向群组加密和签密的概念,并给出了具体构造。新方案中的系统参数和密文长度均为常数,信息发送者仅需使用接收群组的身份信息就能产生签密密文,信息接收群组中成员可独立解密密文并验证签名的合法性,新方案在基于身份选择密文攻击以及选择消息攻击下是可证安全的。
在基于身份的密码系统中,PKG为用户产生私钥,然后通过安全信道将私钥传送给用户。因为PKG对用户私钥的完全掌握,必须要求所有用户对其是完全信任的。然而,在现实生活中,这样的可信实体一般不容易找到,特别是在基于身份密码系统刚刚开始应用,基础设施并不完善的初级阶段,存在出现恶意PKG的可能,这样的PKG或者出售用户私钥或者解密用户密文或者伪造用户签名,甚至在完成恶意行为后,也不会被察觉,这是因为无法区分这些行为造成的结果(私钥泄露、加密消息泄露及签名伪造等)是由用户自己故意或无意导致的,还是确实是由PKG恶意完成的。这种PKG完全掌握用户私钥的问题被称为“密钥托管”问题,是基于身份密码体制的固有问题,妨碍了基于身份密码系统的广泛应用。在第七章,我们对密钥托管问题进行了研究,对已有解决方案在PKG主动攻击行为下的特点进行了分析,结果表明,单次认证方式不能真正解决密钥托管问题,在综合已有解决方案的优点后,我们提出了新的基于身份密钥分发机制,可以有效抵御PKG发起的主动攻击,避免PKG对用户私钥的完全掌握。
In traditional public key cryptosystems, user's public key is a random string unrelated to his identity. When Alice wants to send a message to Bob, she must first obtain Bob's authenticated public key. Typical solutions to this problem involve public key directories which are maintained by a trusted third party named Certificate Authority (CA). Problems with the traditional Public key cryptosystems are the high cost of the infrastructure needed to manage and authenticate public keys, and the difficulty in managing multiple communities.
Identity-based cryptosystems were introduced by Shamir in 1984. Its main idea is that the public keys of a user can be easily derived from arbitrary strings corresponding to his identity information such as name, telephone number or email address. A Private Key Generator (PKG) computes private keys from a master secret and distributes them to the users participating in the scheme. This eliminates the need for certificates as used in a traditional public key infrastructure. Identity-based systems may be a good alternative for certificate-based systems from the viewpoint of efficiency and convenience. So it is of theoretical and practical significance on study in identity-based cryptosystems.
This dissertation investigates the design and security analysis of identity-based schemes, including identity-based signcryption, identity-based multi-signcryption, identity-based anonymous signcrypiton for multiple receivers and the secure key issuing protocols. The contributions of this dissertation can be summarized as following:
Bilinear pairing computations are used in almost all of the concrete identity-based schemes. Reduce the number of pairing computations is the key to increase the efficiency of these schemes. Recently, Li et al proposed a new identity-based signature scheme, in which the verification algorithm reduced a pairing computing than Paterson's scheme, and efficiency has been improved significantly. In chapter 3, we analyse this scheme and find out that there are some security weaknesses in the scheme. The scheme can not resist the existence forgery attack if the attacker has some private keys or some valid signatures already.
In real world, in order to achieve the complete control of signatures, people want to specify the verifier. Only the designated verifier can verify and accept the signatures. Non-designated verifier can not determine the identity of the signer. In chapter 4, we propose a strong designated verifier proxy signature and an identity-based strong designated verifier proxy signature in the random oracle model respectly. The schemes satisfied all security requirements of proxy signature and strong designated verifier signature. We also propose the first identity-based strong designated verifier signature in the standard model.
Two fundamental tools of Public Key Cryptography (PKC) are privacy and authenticity, achieved through encryption and signature respectively. In 1997, Zheng proposed a new cryptographic primitive:signcryption, which can perform digital signature and public key encryption simultaneously at lower computational costs and communication overheads than sign-then-encrypt way to obtain private and authenticated communications. Signcryption is a very important technology in message security and the sender's identity authentication for communication in the open channel. In this paper, we get three results in the research on identity-based signcryption scheme:
1. Recently, Yu et al. proposed the first identity-based signcryption scheme in standard model. However, in chapter 3, we show that the scheme still has some security weaknesses. Further, we propose a corrected version of the scheme and formally prove its security under the existing security model for identity-based signcryption.
2. Adapted to multi-user settings, in chapter 5, we define the security model of identity-based multi-signcryption scheme and propose the first identity-based multi-signcryption scheme without random oracles based on Waters' identity-based encryption scheme. The scheme is proved secure against adaptive chosen ciphertext attacks and adaptive chosen message attacks under decisional bilinear Diffie-Hellman assumption and computational Diffie-Hellman assumption respectively. Even after being changed to a one-signcrypter scheme, the new one also has higher efficiency compared with the existed one-signcrypter scheme.
3. Anonymous signcryption is a novel cryptographic primitive which provides anonymity of the sender along with the advantage of traditional signcryption scheme. In chapter 5, we define the fully secure model of identity-based anonymous signcryption and propose the first concrete scheme in the standard model. The proposed scheme satisfies the semantic security, unforgeability and signcrypter identity's ambiguity. We also give the formal security proof on its semantic security under the hardness of Decisional Bilinear Diffie-Hellman problem and its unforgeability under the Computational Diffie-Hellman assumption.
In some network applications, people have to distribute a same message to all n group members. A simple approach for achieving this goal is that the sender encrypts the message for each member of the group respectively. Obviously, the cost of using the approach in large group is very high. Broadcast encryption, which is first proposed by Fiat and Naor in 1993, considers this problem of broadcasting digital contents to a large set of authorized users. Such applications include paid-TV systems, copyrighted CD/DVD distributions, and fee-based online databases. The broadcaster encrypts the message and only the authorized users have the decryption keys to recover the data. In this type of scheme the sender encrypts a message for some subset of receivers and sends the ciphertext by broadcast over Internet. Any receiver in the designated subset can use his private key to decrypt the ciphertext. However, nobody outside the subset can get any information about the contents of the broadcast. Broadcast encryption has lots of advantages. However, these advantages make the broadcast encryption scheme much more complicated. It is very difficult to make the schemes satisfy so many advantages while keep the ciphertext and keys constant size simultaneity. Another problem is that the broadcast encryption schemes must fix a max receiver's set in the system setup phase and the broadcaster should know everyone's identity in the receiving group clearly. But in many applications, the member is unknown to the message sender. In chapter 6, we formalize the notion of identity-based broadcast group-oriented encryption and signcryption scheme and propose a concrete construction based on Gentry's IBE scheme. In our new scheme, the broadcaster could encrypt the message using the designated receiving group's identity and any receiver in the designated group can independently decrypt the ciphertexts. The newly proposed scheme has the following merits:Every member of the receiving group needs to keep only one private key. Both ciphertexts and system parameters are of constant size. A sender can send a secure message just by using the receive group's identity information, even before the receiver in the designated group obtains his private key from a PKG
In identity-based cryptosystem, user's private key is computed by PKG from a master secret. Therefore, the PKG can decrypt any ciphertext or forge signature on any message. This inherent problem of identity-based cryptosystems is named as "key escrow", i.e. PKG knows the user's private key, resulting in no user privacy and authenticity. So PKG must be trusted as a trusted third party. But in the real world, the trusted third party is not easily found. Another criticism is that identity-based cryptosystems require a secure channel for private key delivering between the users and the PKG Due to these inherent problems, identity-based cryptosystems are considered to be suitable only for closed user networks with lower security requirements. Therefore, eliminating these problems in identity-based cryptosystems is essential to make it more applicable in the real world. In chapter 7, we show that the existed schemes solving key escrow still have some security weaknesses under the PKG active attacks. Furthermore, we present a new key issuing mechanism which is undeniable and secure against PKG's active attacks.
引文
[1]Diffie W and Hellman M. New directions in cryptography. IEEE Transactions on Information Theory,1976,22(6):644-654.
[2]Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology-Crypto 1984, Springer-Verlag,1984, Lecture Notes in Computer Science 196:47-53.
[3]Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium-TV, Springer-Verlag,2000, Lecture Notes in Computer Science 1838:385-394.
[4]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[5]Cocks C. An identity based encryption scheme based on quadratic residues. In Cryptography and Coding, Springer-Verlag,2001, Lecture Notes in Computer Science 2260:360-363.
[6]Horwitz J and Lynn B. Toward hierarchical identity-based encryption. In Advances in Cryptology-Eurocrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2332:466-481.
[7]Gentry C and Silverberg A. Hierarchical identity-based cryptography. In Advances in Cryptology-Asiacrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2501:548-566.
[8]Katz J and Wang N. Efficiency improvements for signature schemes with tight security reductions. In:ACM Conference on Computer and Communications Security,2003,155-164.
[9]Canetti R, Halevi S and Katz J. A forward-secure public-key encryption scheme. In Advances in Cryptology-Eurocrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2656:255-271.
[10]Canetti R, Halevi S and Katz J. Chosen-ciphertext security from identity based encryption. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:207-222.
[11]Boneh D and Boyen X. Efficient selective-id identity based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag, 2004, Lecture Notes in Computer Science 3027:223-238.
[12]Boneh D and Boyen X. Secure identity based encryption without random oracles. In Advances in Cryptology-Crypto 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3152:443-459.
[13]Waters B. Efficient identity-based encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:114-127.
[14]Boneh D, Boyen X and Goh E. Hierarchical identity based encryption with constant size ciphertext. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:440-456.
[15]Boyen X and Waters B. Anonymous hierarchical identity-based encryption (without random oracles). Cryptology ePrint Archive 2006/085.
[16]Gentry C. Practical identity-based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4004:445-464.
[17]Gentry C and Halevi S. Hierarchical identity based encryption with polynomially many levels. In Proceeding of TCC 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5444:437-456.
[18]Boneh D, Gentry C and Hamburg M. Space-efficient identity based encryption without pairings. In Proceeding of the 48th Annual IEEE Symposium on Foundations of Computer Science,2007,647-657.
[19]Gentry C, Peikert C and Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions. In Proceeding of STOC,2008,197-206.
[20]Waters B. Dual system encryption:Realizing fully secure IBE and HIBE under simple assumptions. In Advances in Cryptology-Crypto 2009, Springer-Verlag, 2009, Lecture Notes in Computer Science 5677:619-636.
[21]Lewko A and Waters B. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In Proceeding of TCC 2010, Springer-Verlag, 2010, Lecture Notes in Computer Science 5978:455-479.
[22]Shi E and Waters B. Delegating capabilities in predicate encryption systems. In Proceeding of ICALP 2008, Springer-Verlag,2008, Lecture Notes in Computer Science 5126:560-578.
[23]Sakai R, Ohgishi K and Kasahara M. Cryptosytems based on pairing. In Proceedings of Symposium on Cryptography and Information Security-SCIS'00, 2000,233-238.
[24]Paterson K. ID-based signatures from pairings on elliptic curves. Cryptology ePrint Archive, Report 2002/004,2002. Available at http://eprint.iacr.org/2002/00 4.
[25]Hess F. Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography-SAC'02, Springer-Verlag,2003, Lecture Notes in Computer Science 2595:310-324.
[26]Cha J and Cheon J. An identity-based signature from gap Diffie-Hellman groups. In Proceedings of PKC'03, Springer-Verlag,2002, Lecture Notes in Computer Science 2567:18-30.
[27]Cheon J, Kim Y and Yoon H. A new id-based signature with batch verification. Cryptology ePrint Archive, Report 2004/131,2004. Available at http://eprint.iacr. org/2004/131.
[28]Yi X. An identity-based signature scheme from the Weil pairing. IEEE Communication Letters,7(2):76-78,2003.
[29]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure Identity-based signature and signcryption from bilinear maps. In Advances in Cryptology-Asiacrypt 2005, Berlin:Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[30]Paterson K and Schuldt J. Efficient identity based signatures secure in the standard model. In Proceeding of Information Security and Privacy-ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:207-222.
[31]李继国,姜平进.标准模型下可证安全的基于身份的高效签名方案.计算机学报,2009,32(11):2130-2136.
[32]Chaum D. Blind signatures for untraceable payments. In Advances in Cryptology-Crypto 1982, Prenum Publishing Corporation,1982,199-203.
[33]Chaum D and Van H. Undeniable signatures. In Advances in Cryptology-Crypto 1989, Springer-Verlag,1990, Lecture Notes in Computer Science 435: 212-216.
[34]Chaum D and Heyst E. Group signatures. In Advances in Cryptology-Eurocrypt 1991, Springer-Verlag, Berlin,1992. Lecture Notes in Computer Science 547: 257-265.
[35]Mambo M, Usuda K and Okamoto E. Proxy signature. In Proceedings of the 1995 Symposium on Cryptography and information security, SCIS'95,1995, 147-158.
[36]Jakobsson M, Sako K and Impagliazzo R. Designated verifier proofs and their applications. In Advances in Cryptology-Eurocrypt 96,1996. Lecture Notes in Computer Science 1070:143-154.
[37]Zheng Y. Digital signcryption or how to achieve cost (signature & encryption) < [38]Rivest R, Shamir A and Tauman Y. How to leak a secret. In Advance in Cryptology-Asiacrypt 2001, Berlin:Springer-Verlag,2001, Lecture Notes in Computer Science 2248:552-565.
[39]Zhang F and Kim K. ID-based blind signature and ring signature form pairings. In Advances in Cryptology-Asiacrypt 2001, Berlin:Springer-Verlag,2002, Lecture Notes in Computer Science 2501:533-547.
[40]Park S, Kim S and Won D. ID-based group signature. Electronics Letters,1997, 33(19):1616-1617.
[41]Chen X, Zhang F and Kim K. A new id-based group signature scheme from bilinear pairings. In Proceeding of WISA'03, Springer-Verlag,2003, Lecture Notes in Computer Science 2908:585-592.
[42]Xu J, Zhang Z and Feng D. ID-Based proxy signature using bilinear pairings. Parallel and Distributed Processing and Applications-ISPA 2005 Workshops, Springer-Verlag,2005, Lecture Notes in Computer Science 3759:359-367.
[43]Huang X, Mu Y, Susilo W, et al. Short designated verifier proxy signature from pairings. In The First International Workshop on Security in Ubiquitous Computing Systems-SecUbiq 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3823:835-844.
[44]Malone-Lee J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[45]Libert B and Quisquater J-J. New identity based signcryption schemes from pairings. Cryptology ePrint Archive, Report 2003/023, February 2003. Available at http://eprint.iacr.org/2003/023.
[46]Yuen T and Wei V. Fast and proven secure blind identity-based signcryption from pairings. In Topics in Cryptology CT-RSA'05, Springer-Verlag,2005, Lecture Notes in Computer Science 3376:305-322.
[47]Bellare M, Namprempre C and Neven G Security proofs for identity-based identification and signature schemes. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:268-286.
[48]Galindo D, Herranz J and Kiltz E. On the generic construction of identity-based signatures with additional properties. In Advance in Cryptology-ASIACRYPT 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4284:179-193.
[49]张方国,陈晓峰.基于身份的密码体制的研究综述.北京,电子工业出版社,中国密码学发展报告2008:1-31.
[50]Gentry C. Certificate-based encryption and the certificate revocation problem. In Advance in Cryptology-Eurocrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science2656:272-293.
[51]Girault M. Self-certified public keys. In Advance in Cryptology-Eurocrypt 1991, Springer-Verlag,1991, Lecture Notes in Computer Science 547:490-497.
[52]Al-Riyami S and Paterson K. Certificateless public key cryptography. In Advance in Cryptology-Asiacrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2894:452-473.
[53]Goldwasser S and Micali S. Probabilistic encryption. Journal of Computer and System Science,1984,28:270-299.
[54]Goldwasser S, Micali S and Rivest R. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing,1988,17(2): 281-308.
[55]冯登国.可证明安全性理论与方法研究.软件学报,2005,16(10):1743-1756.
[56]Bellare M and Rogaway P. Random oracles are practical:A paradigm for designing efficient protocols. In Proceeding of the 1st ACM Conference on Computer and Communications Security. New York, ACM Press,1993:62-73.
[57]Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. In Proceedings of the STOC 1998, Texas, USA,1998:209-218 (preliminary version). Journal of the ACM,2004,51(4):557-594 (full version).
[58]Silverman J. The arithmetic of elliptic curves.1986. Graduate Texts in Mathematics,1986. Springer, Berlin.
[59]Tate J. Fourier analysis in number fields and Hecke's zeta functions (Tate's 1950 thesis). Reprinted in Algebraic Number Theory by Cassels J, Frohlich A. ISBN 0-12-163251-2.
[60]Lichtenbaum S. Duality theorems for curves over p-adic fields. Inventiones Mathematicae, 1969,7:120-136.
[61]Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to a finite field. IEEE Transactions on Information Theory,1993,39:1639-1646.
[62]Frey G and Ruck H. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation,1994, 62:865-874.
[63]Frey G, Muller M and Ruck H. The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Transactions on Information Theory, 1999,45(5):1717-1719.
[64]Boneh D and Boyen X. Short signatures without random oracles. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:56-73.
[65]Nalla D and Reddy K. Signcryption scheme for identity-based cryptosystems. Cryptology ePrint Archive, Report 2003/066,2003. Available at: http://eprint.iacr.org/2003/066.
[66]Chow S, Yiu S, Hui L, et al. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proceedings of the ICISC 2003, Seoul, Korea,2004:352-369.
[67]Boyen X. Multipurpose identity based signcryption:a Swiss army knife for identity based cryptography. In Advance in Cryptology-CRYPTO 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2729:383-399.
[68]Chen L and Malone-Lee J. Improved identity-based signcryption. In Proceedings of the PKC 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3386:362-379.
[69]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure identity based signatures and signcryption from bilinear maps. In Advance in Cryptology-Asiacrypt, Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[70]李发根,胡予濮,李刚.一个高效的基于身份的签密方案.计算机学报,2006,29(9):1641-1647.
[71]赖欣,黄晓芳,何大可.基于身份的高效签密密钥封装方案.计算机研究与发展.2009,5:857-863.
[72]Yu Y, Yang B, Sun Y, et al. Identity based signcryption scheme without random oracles. Computer Standards & Interfaces,2009,31 (1):56-62.
[73]An J, Dodis Y and Rabin T. On the security of joint signature and encryption. In Advance in Cryptology-Eurocrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2332:83-107.
[74]Boneh D, Shen E and Waters B. Strongly unforgeable signatures based on computational Diffie-Hellman. In Proceedings of PKC 2006, Springer-Verlag, 2006, Lecture Notes in Computer Science 3958:229-240.
[75]Desmedt Y and Yun M. Weakness of undeniable signature schemes. In Advance in Cryptology-Eurocrypt 1991, Springer-Verlag,1992, Lecture Notes in Computer Science 547:205-220.
[76]Jakobsson M. Blackmailing using undeniable signatures. In Advance in Cryptology-Eurocrypt 1994, Springer-Verlag,1995, Lecture Notes in Computer Science 950:425-427.
[77]Saeednia S, Kremer S and Markowitch O. An efficient strong designated verifier signature scheme.6th International Conference on Information Security and Cryptology ICISC 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2971:40-54.
[78]Huang X, Susilo W, Mu Y, et al. Short (identity-based) strong designated verifier signature schemes. In Proceeding of 2ed Information Security Practice and Experience-ISPEC 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 3903:214-225.
[79]Huang X, Susilo W, Mu Y, et al. Short designated verifier signature scheme and its identity-based variant. International Joural of Network Security-IJNS 2006, 42(1):71-74.
[80]Kumar K, Shailaja G and Saxena A. Identity based strong designated verifier signature scheme. Cryptology ePrint Archive:Report 2006/134,2006. Available at:http://eprint.iacr.org/2006/134.pdf.
[81]Zhang K. Nonrepudiable proxy signature schemes based on discrete logarithm problem. Manuscript,1997.
[82]Zhang K. Threshold proxy signature schemes. In Proceeding of 1997 Information Security Workshop, Japan,1997,191-197.
[83]Hwang J and Shi C. A simple multi-proxy signature scheme. Communications of the CCISA,2001,8(1):88-92.
[84]Lee B, Kim H, Kim K. Strong proxy signature and its application. The 2001 Symposium on Cryptography and Information Security. Oiso:2001:603-608.
[85]Fiat A and Naor M. Broadcast encryption. In Advances in Cryptology-Crypto 1993, Springer-Verlag,1993, Lecture Notes in Computer Science 773:480-491.
[86]Ma C, Mei Q and Li J. Broadcast group-oriented encryption for group communication. Journal of Computational Information Systems,2007,3(1): 63-71.
[87]Kiayias A, Tsiounis Y and Yung M. Group encryption. In Advance in Cryptology-ASIACRYPT 2007, Springer-Verlag,2008, Lecture Notes in Computer Science 4833:181-199.
[88]Desmedt Y and Frankel Y Threshold cryptosystems. In Advance in Cryptology-Crypto 1989, Springer-Verlag,1990, Lecture Notes in Computer Science 435:307-315.
[89]Boneh D, Gentry C, Lynn B, et al. Aggregate and verifiably encrypted signatures from bilinear maps. In Advance in Cryptology-Eurocrypt 2003, Springer-Verlag, 2003, Lecture Notes in Computer Science 2656:416-432.
[90]Chen L, Kudla C and Paterson K. Concurrent signatures. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:287-305.
[91]Mitomi S and Miyaji A. A general model of multisignature schemes with message flexibility, order flexibility, and order verifiability. IEICE Transaction on Fundamentals,2001, E84-A(10):2488-2499.
[92]Burmester M, Desmedt Y, Doi H, et al. A structed ElGamal-type multisignature scheme. Advances in Cryptology-PKC 2000, Springer-Verlag,2000, Lecture Notes in Computer Science:466-482.
[93]Mitomi S and Miyaji A. A multisignature scheme with message flexibility, order flexibility, and order verifiability. In Proceedings of ACISP 2000, Springer-Verlag, 2000, Lecture Notes in Computer Science 1841:298-312.
[94]Pang X, Catania B and Tan K. Securing your data in agent-based P2P systems. In Proceedings of Eight International Conference on Database Systems for Advanced Applications (DASFAA'03),2003,55-65.
[95]Zhang J and Mao J. A novel identity-based multi-signcryption scheme. Computer Communications,2009,32 (1):14-18.
[96]Au M, Liu J, Yuen T, et al. ID-Based ring signature scheme secure in the standard model. In Proceeding of IWSEC2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4266:1-16.
[97]Huang X, Su W and Mu Y. Identity-based ring signcryption scheme: cryptographic primitives for preserving privacy and authenticity in the ubiquitous world. In Proceeding of ACISP 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2727:649-654.
[98]Li F, Xiong H and Yu Y. An efficient id-based ring signcryption scheme. In Proceeding of International conference on Communications, Circuits and Systems, ICCCAS 2008,2008,483-487.
[99]Zhu Z, Zhang Y and Wang F. An efficient and provable secure identity based ring signcryption scheme. Computer Standards & Interfaces,2008,31(6):649-654.
[100]Zhang J, Gao S, Chen H, et al. A novel ID-based anonymous signcryption scheme. In Proceeding of APWeb/WAIM 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5446:604-610.
[101]Duan S and Cao Z. Efficient and provably secure multi-receiver Identity-based signcryption. In Proceedings of the ACISP 2006, Springer-Verlag, 2006, Lecture Notes in Computer Science 4058:195-206.
[102]Tan C. On the security of provably secure multi-receiver ID-based signcryption scheme. IEICE Transaction on Fundamentals of Electronics, Communication & Computer Science,2008, E91-A (7):1836-1838.
[103]Yu Y, Yang B, Huang X, et al. Efficient identity based signcryption scheme for multiple receivers. In Proceeding of ATC 2007, Springer-Verlag,2006, Lecture Notes in Computer Science 4610:13-21.
[104]Selvi S, Vivek S, Gopalakrishnan R, et al. On the provable security of multi-receiver signcryption schemes. Cryptology ePrint Archive:Report 2008/ 238,2008. Available at:http://eprint.iacr.org/2008/238.
[105]Lal S and Kushwah P. Anonymous ID based signcryption scheme for multiple receivers. Cryptology ePrint Archive:Report 2009/345,2009. Available at:http://eprint.iacr.org/2009/345.
[106]Zheng Y. Signcryption and its applications in efficient public key solutions. In Proceeding of ISW 1997. Springer-Verlag,1998, Lecture Notes in Computer Science 1396:291-312.
[107]Bellare M, Boldyreva A and Micali S. Public-key encryption in a multi-user setting:Security proofs and improvements. In Advance in Cryptology-Eurocrypt 2000, Springer-Verlag,2000, Lecture Notes in Computer Science 1807:259-274.
[108]Bohio M and Miri A. An authenticated broadcasting scheme for wireless ad hoc network. In Proceeding of 2nd Annual Conference on Communication Networks and Services Research, CNSR2004,2004.69-74.
[109]Mu Y, Susilo W and Lin Y X. Identity-based authenticated broadcast encryption and distributed authenticated encryption. In Proceedings of the 9th Asian Computing Science Conference, ASIAN 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3321:169-181.
[110]Li F, Xin X and Hu Y. Identity based broadcast signcryption. Computer Standards and Interfaces,2008,30(12):89-94.
[111]Chen L, Harrison K, Smart N, et al. Applications of Multiple Trust Authorities in pairing based Cryptosystems. InfraSec 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2437:260-275.
[112]Lee B, Boyd C, Dawson E, et al. Secure Key Issuing in ID-based Cryptography. In proceedings of the Second Australian Information Security Workshop-AISW 2004, ACS Conferences in Research and Practice in Information Technology,2004,32:69-74.
[113]Gangishetti R, Gorantla M, Das M, et al. An Efficient Secure Key Issuing Protocol in ID-Based Cryptosystems. In Proceedings of the International Conference on Information Technology:Coding and Computing, ITCC'05,2005, 1:674-678.
[114]Gangishetti R, Gorantla M, Das M, et al. Threshold key issuing in identity-based cryptosystems. Computer Standards & Interfaces,2007,29(2): 260-264.
[115]Goyal V. Reducing trust in the PKG in Identity Based Cryptosystems. In Advance in Cryptology-Crypto 2007, Springer-Verlag,2007, Lecture Notes in Computer Science 4622:430-447.
[116]Au M, Huang Q, Liu J, et al. Traceable and retrievable identity-based encryption. In ACNS 2008, Springer-Verlag 2008, Lecture Notes in Computer Science 5037:94-110.
[117]Goyal V, Lu S, Sahai A, et al. Black-box accountable authority identity-based encryption. In Proceeding of CCS 2008, ACM,2008,427-436.
[118]Chow S. Removing escrow from identity-based encryption. In Proceeding of PKC 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5443: 256-276.
[119]Shamir A. How to share a secret. Communications of the ACM,1979,24(11): 612-613.
[120]Xu C, Zhou J and Qin Z. A Note on Secure Key Issuing in ID-based Cryptography. Cryptology ePrint Archive, Report 2005/180,2005. Avaliable at: http://eprint.iacr.Org/2005/180.pdf
[121]Gennaro R, Jareki A, Krawczyk H, et al. Secure distributed key generation for discrete-log based cryptosystems. In Advance in Cryptology-Eurocrypt 1999, Springer-Verlag,1999, Lecture Notes in Computer Science 1592:295-310.
[122]Canetti R. University composable security:A new paradigm for cryptographic protocols. In Proceeding of the 42nd IEEE symposium on Foundations of Computer Science, IEEE Computer Society,2001,136-145.
[1]Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology-Crypto 1984, Springer-Verlag,1984, Lecture Notes in Computer Science 196:47-53.
[2]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[3]Hess F. Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography-SAC'02, Springer-Verlag,2003, Lecture Notes in Computer Science 2595:310-324.
[4]Cha J and Cheon J. An identity-based signature from gap Diffie-Hellman groups. In Proceedings of PKC'03, Springer-Verlag,2002, Lecture Notes in Computer Science 2567:18-30.
[5]Waters B. Efficient identity-based encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:114-127.
[6]Paterson K and Schuldt J. Efficient identity based signatures secure in the standard model. In Proceeding of Information Security and Privacy-ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:207-222.
[7]Zheng Y. Digital signcryption or how to achieve cost (signature & encryption) < [8]Malone-Lee J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[9]Libert B and Quisquater J-J. New identity based signcryption schemes from pairings. Cryptology ePrint Archive, Report 2003/023, February 2003. Available at http://eprint.iacr.org/2003/023.
[10]Chow S, Yiu S, Hui L, et al. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proceedings of the ICISC 2003, Seoul, Korea,2004:352-369.
[11]Boyen X. Multipurpose identity based signcryption:a Swiss army knife for identity based cryptography. In Advance in Cryptology-CRYPTO 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2729:383-399.
[12]Chen L and Malone-Lee J. Improved identity-based signcryption. In Proceedings of the PKC 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3386:362-379.
[13]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure identity based signatures and signcryption from bilinear maps. In Advance in Cryptology-Asiacrypt, Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[14]Yu Y, Yang B, Sun Y, et al. Identity based signcryption scheme without random oracles. Computer Standards & Interfaces,2009,31 (1):56-62.
[15]Duan S and Cao Z. Efficient and provably secure multi-receiver Identity-based signcryption. In Proceedings of the ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:195-206.
[16]Bellare M, Neven G Identity-based multi-signatures from RSA. In Proceedings of the CT-RSA 2007, CA, USA,2007:145-182.
[17]Zhang J and Mao J. A novel identity-based multi-signcryption scheme. Computer Communications,2009,32 (1):14-18.
[18]Bellare M and Rogaway P. Random oracles are practical:A paradigm for designing efficient protocols. In Proceeding of the 1st ACM Conference on Computer and Communications Security. New York, ACM Press,1993:62-73. http://doi.acm.org/10.1145/168588.168596.
[19]Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. In Proceedings of the STOC 1998, Texas, USA,1998:209-218 (preliminary version). Journal of the ACM,2004,51(4):557-594 (full version).
[1]Fiat A and Naor M. Broadcast Encryption. In Advances in Cryptology-Crypto 1993, Springer-Verlag,1993, Lecture Notes in Computer Science 773:480-491.
[2]Delerablee C, Paillier P and Pointcheval D. Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys. In Proceeding of Pairing 2007, Springer-Verlag,2007, Lecture Notes in Computer Science 4575:39-59.
[3]Delerablee C. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In Advances in Cryptology-ASIACRYPT 2007, Springer-Verlag,2008, Lecture Notes in Computer Science 4833:200-215.
[4]Ma C, Mei Q and Li J. Broadcast Group-oriented Encryption for Group Communication. Journal of Computational Information Systems,2007,3(1): 63-71.
[5]Zheng Y. Digital signcryption or how to achieve Cost (signature & encryption) < [6]Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology-Crypto 1984, Springer-Verlag,1984, Lecture Notes in Computer Science 196:47-53.
[7]Malone-Lee J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[8]Bohio M and Miri A. An authenticated broadcasting scheme for wireless ad hoc network. In Proceeding of 2nd Annual Conference on Communication Networks and Services Research, CNSR2004,2004.69-74.
[9]Mu Y, Susilo W and Lin Y X. Identity-based authenticated broadcast encryption and distributed authenticated encryption. In Proceedings of the 9th Asian Computing Science Conference, ASIAN 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3321:169-181.
[10]Li F, Xin X and Hu Y. Identity based broadcast signcryption. Computer Standards and Interfaces,2008,30(12):89-94.
[11]Gentry C. Practical identity-based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4004:445-464.
[12]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[13]Boneh D and Boyen X. Efficient selective-id identity based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag, 2004, Lecture Notes in Computer Science 3027:223-238.
[14]Boneh D, Boyen X and Goh E. Hierarchical identity based encryption with constant size ciphertext. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:440-456.
[15]Boneh D and Boyen X. Short signatures without random oracles. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:56-73.
[2]Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology-Crypto 1984, Springer-Verlag,1984, Lecture Notes in Computer Science 196:47-53.
[3]Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium-TV, Springer-Verlag,2000, Lecture Notes in Computer Science 1838:385-394.
[4]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[5]Cocks C. An identity based encryption scheme based on quadratic residues. In Cryptography and Coding, Springer-Verlag,2001, Lecture Notes in Computer Science 2260:360-363.
[6]Horwitz J and Lynn B. Toward hierarchical identity-based encryption. In Advances in Cryptology-Eurocrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2332:466-481.
[7]Gentry C and Silverberg A. Hierarchical identity-based cryptography. In Advances in Cryptology-Asiacrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2501:548-566.
[8]Katz J and Wang N. Efficiency improvements for signature schemes with tight security reductions. In:ACM Conference on Computer and Communications Security,2003,155-164.
[9]Canetti R, Halevi S and Katz J. A forward-secure public-key encryption scheme. In Advances in Cryptology-Eurocrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2656:255-271.
[10]Canetti R, Halevi S and Katz J. Chosen-ciphertext security from identity based encryption. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:207-222.
[11]Boneh D and Boyen X. Efficient selective-id identity based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag, 2004, Lecture Notes in Computer Science 3027:223-238.
[12]Boneh D and Boyen X. Secure identity based encryption without random oracles. In Advances in Cryptology-Crypto 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3152:443-459.
[13]Waters B. Efficient identity-based encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:114-127.
[14]Boneh D, Boyen X and Goh E. Hierarchical identity based encryption with constant size ciphertext. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:440-456.
[15]Boyen X and Waters B. Anonymous hierarchical identity-based encryption (without random oracles). Cryptology ePrint Archive 2006/085.
[16]Gentry C. Practical identity-based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4004:445-464.
[17]Gentry C and Halevi S. Hierarchical identity based encryption with polynomially many levels. In Proceeding of TCC 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5444:437-456.
[18]Boneh D, Gentry C and Hamburg M. Space-efficient identity based encryption without pairings. In Proceeding of the 48th Annual IEEE Symposium on Foundations of Computer Science,2007,647-657.
[19]Gentry C, Peikert C and Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions. In Proceeding of STOC,2008,197-206.
[20]Waters B. Dual system encryption:Realizing fully secure IBE and HIBE under simple assumptions. In Advances in Cryptology-Crypto 2009, Springer-Verlag, 2009, Lecture Notes in Computer Science 5677:619-636.
[21]Lewko A and Waters B. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In Proceeding of TCC 2010, Springer-Verlag, 2010, Lecture Notes in Computer Science 5978:455-479.
[22]Shi E and Waters B. Delegating capabilities in predicate encryption systems. In Proceeding of ICALP 2008, Springer-Verlag,2008, Lecture Notes in Computer Science 5126:560-578.
[23]Sakai R, Ohgishi K and Kasahara M. Cryptosytems based on pairing. In Proceedings of Symposium on Cryptography and Information Security-SCIS'00, 2000,233-238.
[24]Paterson K. ID-based signatures from pairings on elliptic curves. Cryptology ePrint Archive, Report 2002/004,2002. Available at http://eprint.iacr.org/2002/00 4.
[25]Hess F. Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography-SAC'02, Springer-Verlag,2003, Lecture Notes in Computer Science 2595:310-324.
[26]Cha J and Cheon J. An identity-based signature from gap Diffie-Hellman groups. In Proceedings of PKC'03, Springer-Verlag,2002, Lecture Notes in Computer Science 2567:18-30.
[27]Cheon J, Kim Y and Yoon H. A new id-based signature with batch verification. Cryptology ePrint Archive, Report 2004/131,2004. Available at http://eprint.iacr. org/2004/131.
[28]Yi X. An identity-based signature scheme from the Weil pairing. IEEE Communication Letters,7(2):76-78,2003.
[29]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure Identity-based signature and signcryption from bilinear maps. In Advances in Cryptology-Asiacrypt 2005, Berlin:Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[30]Paterson K and Schuldt J. Efficient identity based signatures secure in the standard model. In Proceeding of Information Security and Privacy-ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:207-222.
[31]李继国,姜平进.标准模型下可证安全的基于身份的高效签名方案.计算机学报,2009,32(11):2130-2136.
[32]Chaum D. Blind signatures for untraceable payments. In Advances in Cryptology-Crypto 1982, Prenum Publishing Corporation,1982,199-203.
[33]Chaum D and Van H. Undeniable signatures. In Advances in Cryptology-Crypto 1989, Springer-Verlag,1990, Lecture Notes in Computer Science 435: 212-216.
[34]Chaum D and Heyst E. Group signatures. In Advances in Cryptology-Eurocrypt 1991, Springer-Verlag, Berlin,1992. Lecture Notes in Computer Science 547: 257-265.
[35]Mambo M, Usuda K and Okamoto E. Proxy signature. In Proceedings of the 1995 Symposium on Cryptography and information security, SCIS'95,1995, 147-158.
[36]Jakobsson M, Sako K and Impagliazzo R. Designated verifier proofs and their applications. In Advances in Cryptology-Eurocrypt 96,1996. Lecture Notes in Computer Science 1070:143-154.
[37]Zheng Y. Digital signcryption or how to achieve cost (signature & encryption) <
[39]Zhang F and Kim K. ID-based blind signature and ring signature form pairings. In Advances in Cryptology-Asiacrypt 2001, Berlin:Springer-Verlag,2002, Lecture Notes in Computer Science 2501:533-547.
[40]Park S, Kim S and Won D. ID-based group signature. Electronics Letters,1997, 33(19):1616-1617.
[41]Chen X, Zhang F and Kim K. A new id-based group signature scheme from bilinear pairings. In Proceeding of WISA'03, Springer-Verlag,2003, Lecture Notes in Computer Science 2908:585-592.
[42]Xu J, Zhang Z and Feng D. ID-Based proxy signature using bilinear pairings. Parallel and Distributed Processing and Applications-ISPA 2005 Workshops, Springer-Verlag,2005, Lecture Notes in Computer Science 3759:359-367.
[43]Huang X, Mu Y, Susilo W, et al. Short designated verifier proxy signature from pairings. In The First International Workshop on Security in Ubiquitous Computing Systems-SecUbiq 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3823:835-844.
[44]Malone-Lee J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[45]Libert B and Quisquater J-J. New identity based signcryption schemes from pairings. Cryptology ePrint Archive, Report 2003/023, February 2003. Available at http://eprint.iacr.org/2003/023.
[46]Yuen T and Wei V. Fast and proven secure blind identity-based signcryption from pairings. In Topics in Cryptology CT-RSA'05, Springer-Verlag,2005, Lecture Notes in Computer Science 3376:305-322.
[47]Bellare M, Namprempre C and Neven G Security proofs for identity-based identification and signature schemes. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:268-286.
[48]Galindo D, Herranz J and Kiltz E. On the generic construction of identity-based signatures with additional properties. In Advance in Cryptology-ASIACRYPT 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4284:179-193.
[49]张方国,陈晓峰.基于身份的密码体制的研究综述.北京,电子工业出版社,中国密码学发展报告2008:1-31.
[50]Gentry C. Certificate-based encryption and the certificate revocation problem. In Advance in Cryptology-Eurocrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science2656:272-293.
[51]Girault M. Self-certified public keys. In Advance in Cryptology-Eurocrypt 1991, Springer-Verlag,1991, Lecture Notes in Computer Science 547:490-497.
[52]Al-Riyami S and Paterson K. Certificateless public key cryptography. In Advance in Cryptology-Asiacrypt 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2894:452-473.
[53]Goldwasser S and Micali S. Probabilistic encryption. Journal of Computer and System Science,1984,28:270-299.
[54]Goldwasser S, Micali S and Rivest R. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing,1988,17(2): 281-308.
[55]冯登国.可证明安全性理论与方法研究.软件学报,2005,16(10):1743-1756.
[56]Bellare M and Rogaway P. Random oracles are practical:A paradigm for designing efficient protocols. In Proceeding of the 1st ACM Conference on Computer and Communications Security. New York, ACM Press,1993:62-73.
[57]Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. In Proceedings of the STOC 1998, Texas, USA,1998:209-218 (preliminary version). Journal of the ACM,2004,51(4):557-594 (full version).
[58]Silverman J. The arithmetic of elliptic curves.1986. Graduate Texts in Mathematics,1986. Springer, Berlin.
[59]Tate J. Fourier analysis in number fields and Hecke's zeta functions (Tate's 1950 thesis). Reprinted in Algebraic Number Theory by Cassels J, Frohlich A. ISBN 0-12-163251-2.
[60]Lichtenbaum S. Duality theorems for curves over p-adic fields. Inventiones Mathematicae, 1969,7:120-136.
[61]Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to a finite field. IEEE Transactions on Information Theory,1993,39:1639-1646.
[62]Frey G and Ruck H. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation,1994, 62:865-874.
[63]Frey G, Muller M and Ruck H. The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Transactions on Information Theory, 1999,45(5):1717-1719.
[64]Boneh D and Boyen X. Short signatures without random oracles. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:56-73.
[65]Nalla D and Reddy K. Signcryption scheme for identity-based cryptosystems. Cryptology ePrint Archive, Report 2003/066,2003. Available at: http://eprint.iacr.org/2003/066.
[66]Chow S, Yiu S, Hui L, et al. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proceedings of the ICISC 2003, Seoul, Korea,2004:352-369.
[67]Boyen X. Multipurpose identity based signcryption:a Swiss army knife for identity based cryptography. In Advance in Cryptology-CRYPTO 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2729:383-399.
[68]Chen L and Malone-Lee J. Improved identity-based signcryption. In Proceedings of the PKC 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3386:362-379.
[69]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure identity based signatures and signcryption from bilinear maps. In Advance in Cryptology-Asiacrypt, Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[70]李发根,胡予濮,李刚.一个高效的基于身份的签密方案.计算机学报,2006,29(9):1641-1647.
[71]赖欣,黄晓芳,何大可.基于身份的高效签密密钥封装方案.计算机研究与发展.2009,5:857-863.
[72]Yu Y, Yang B, Sun Y, et al. Identity based signcryption scheme without random oracles. Computer Standards & Interfaces,2009,31 (1):56-62.
[73]An J, Dodis Y and Rabin T. On the security of joint signature and encryption. In Advance in Cryptology-Eurocrypt 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2332:83-107.
[74]Boneh D, Shen E and Waters B. Strongly unforgeable signatures based on computational Diffie-Hellman. In Proceedings of PKC 2006, Springer-Verlag, 2006, Lecture Notes in Computer Science 3958:229-240.
[75]Desmedt Y and Yun M. Weakness of undeniable signature schemes. In Advance in Cryptology-Eurocrypt 1991, Springer-Verlag,1992, Lecture Notes in Computer Science 547:205-220.
[76]Jakobsson M. Blackmailing using undeniable signatures. In Advance in Cryptology-Eurocrypt 1994, Springer-Verlag,1995, Lecture Notes in Computer Science 950:425-427.
[77]Saeednia S, Kremer S and Markowitch O. An efficient strong designated verifier signature scheme.6th International Conference on Information Security and Cryptology ICISC 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2971:40-54.
[78]Huang X, Susilo W, Mu Y, et al. Short (identity-based) strong designated verifier signature schemes. In Proceeding of 2ed Information Security Practice and Experience-ISPEC 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 3903:214-225.
[79]Huang X, Susilo W, Mu Y, et al. Short designated verifier signature scheme and its identity-based variant. International Joural of Network Security-IJNS 2006, 42(1):71-74.
[80]Kumar K, Shailaja G and Saxena A. Identity based strong designated verifier signature scheme. Cryptology ePrint Archive:Report 2006/134,2006. Available at:http://eprint.iacr.org/2006/134.pdf.
[81]Zhang K. Nonrepudiable proxy signature schemes based on discrete logarithm problem. Manuscript,1997.
[82]Zhang K. Threshold proxy signature schemes. In Proceeding of 1997 Information Security Workshop, Japan,1997,191-197.
[83]Hwang J and Shi C. A simple multi-proxy signature scheme. Communications of the CCISA,2001,8(1):88-92.
[84]Lee B, Kim H, Kim K. Strong proxy signature and its application. The 2001 Symposium on Cryptography and Information Security. Oiso:2001:603-608.
[85]Fiat A and Naor M. Broadcast encryption. In Advances in Cryptology-Crypto 1993, Springer-Verlag,1993, Lecture Notes in Computer Science 773:480-491.
[86]Ma C, Mei Q and Li J. Broadcast group-oriented encryption for group communication. Journal of Computational Information Systems,2007,3(1): 63-71.
[87]Kiayias A, Tsiounis Y and Yung M. Group encryption. In Advance in Cryptology-ASIACRYPT 2007, Springer-Verlag,2008, Lecture Notes in Computer Science 4833:181-199.
[88]Desmedt Y and Frankel Y Threshold cryptosystems. In Advance in Cryptology-Crypto 1989, Springer-Verlag,1990, Lecture Notes in Computer Science 435:307-315.
[89]Boneh D, Gentry C, Lynn B, et al. Aggregate and verifiably encrypted signatures from bilinear maps. In Advance in Cryptology-Eurocrypt 2003, Springer-Verlag, 2003, Lecture Notes in Computer Science 2656:416-432.
[90]Chen L, Kudla C and Paterson K. Concurrent signatures. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:287-305.
[91]Mitomi S and Miyaji A. A general model of multisignature schemes with message flexibility, order flexibility, and order verifiability. IEICE Transaction on Fundamentals,2001, E84-A(10):2488-2499.
[92]Burmester M, Desmedt Y, Doi H, et al. A structed ElGamal-type multisignature scheme. Advances in Cryptology-PKC 2000, Springer-Verlag,2000, Lecture Notes in Computer Science:466-482.
[93]Mitomi S and Miyaji A. A multisignature scheme with message flexibility, order flexibility, and order verifiability. In Proceedings of ACISP 2000, Springer-Verlag, 2000, Lecture Notes in Computer Science 1841:298-312.
[94]Pang X, Catania B and Tan K. Securing your data in agent-based P2P systems. In Proceedings of Eight International Conference on Database Systems for Advanced Applications (DASFAA'03),2003,55-65.
[95]Zhang J and Mao J. A novel identity-based multi-signcryption scheme. Computer Communications,2009,32 (1):14-18.
[96]Au M, Liu J, Yuen T, et al. ID-Based ring signature scheme secure in the standard model. In Proceeding of IWSEC2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4266:1-16.
[97]Huang X, Su W and Mu Y. Identity-based ring signcryption scheme: cryptographic primitives for preserving privacy and authenticity in the ubiquitous world. In Proceeding of ACISP 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2727:649-654.
[98]Li F, Xiong H and Yu Y. An efficient id-based ring signcryption scheme. In Proceeding of International conference on Communications, Circuits and Systems, ICCCAS 2008,2008,483-487.
[99]Zhu Z, Zhang Y and Wang F. An efficient and provable secure identity based ring signcryption scheme. Computer Standards & Interfaces,2008,31(6):649-654.
[100]Zhang J, Gao S, Chen H, et al. A novel ID-based anonymous signcryption scheme. In Proceeding of APWeb/WAIM 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5446:604-610.
[101]Duan S and Cao Z. Efficient and provably secure multi-receiver Identity-based signcryption. In Proceedings of the ACISP 2006, Springer-Verlag, 2006, Lecture Notes in Computer Science 4058:195-206.
[102]Tan C. On the security of provably secure multi-receiver ID-based signcryption scheme. IEICE Transaction on Fundamentals of Electronics, Communication & Computer Science,2008, E91-A (7):1836-1838.
[103]Yu Y, Yang B, Huang X, et al. Efficient identity based signcryption scheme for multiple receivers. In Proceeding of ATC 2007, Springer-Verlag,2006, Lecture Notes in Computer Science 4610:13-21.
[104]Selvi S, Vivek S, Gopalakrishnan R, et al. On the provable security of multi-receiver signcryption schemes. Cryptology ePrint Archive:Report 2008/ 238,2008. Available at:http://eprint.iacr.org/2008/238.
[105]Lal S and Kushwah P. Anonymous ID based signcryption scheme for multiple receivers. Cryptology ePrint Archive:Report 2009/345,2009. Available at:http://eprint.iacr.org/2009/345.
[106]Zheng Y. Signcryption and its applications in efficient public key solutions. In Proceeding of ISW 1997. Springer-Verlag,1998, Lecture Notes in Computer Science 1396:291-312.
[107]Bellare M, Boldyreva A and Micali S. Public-key encryption in a multi-user setting:Security proofs and improvements. In Advance in Cryptology-Eurocrypt 2000, Springer-Verlag,2000, Lecture Notes in Computer Science 1807:259-274.
[108]Bohio M and Miri A. An authenticated broadcasting scheme for wireless ad hoc network. In Proceeding of 2nd Annual Conference on Communication Networks and Services Research, CNSR2004,2004.69-74.
[109]Mu Y, Susilo W and Lin Y X. Identity-based authenticated broadcast encryption and distributed authenticated encryption. In Proceedings of the 9th Asian Computing Science Conference, ASIAN 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3321:169-181.
[110]Li F, Xin X and Hu Y. Identity based broadcast signcryption. Computer Standards and Interfaces,2008,30(12):89-94.
[111]Chen L, Harrison K, Smart N, et al. Applications of Multiple Trust Authorities in pairing based Cryptosystems. InfraSec 2002, Springer-Verlag,2002, Lecture Notes in Computer Science 2437:260-275.
[112]Lee B, Boyd C, Dawson E, et al. Secure Key Issuing in ID-based Cryptography. In proceedings of the Second Australian Information Security Workshop-AISW 2004, ACS Conferences in Research and Practice in Information Technology,2004,32:69-74.
[113]Gangishetti R, Gorantla M, Das M, et al. An Efficient Secure Key Issuing Protocol in ID-Based Cryptosystems. In Proceedings of the International Conference on Information Technology:Coding and Computing, ITCC'05,2005, 1:674-678.
[114]Gangishetti R, Gorantla M, Das M, et al. Threshold key issuing in identity-based cryptosystems. Computer Standards & Interfaces,2007,29(2): 260-264.
[115]Goyal V. Reducing trust in the PKG in Identity Based Cryptosystems. In Advance in Cryptology-Crypto 2007, Springer-Verlag,2007, Lecture Notes in Computer Science 4622:430-447.
[116]Au M, Huang Q, Liu J, et al. Traceable and retrievable identity-based encryption. In ACNS 2008, Springer-Verlag 2008, Lecture Notes in Computer Science 5037:94-110.
[117]Goyal V, Lu S, Sahai A, et al. Black-box accountable authority identity-based encryption. In Proceeding of CCS 2008, ACM,2008,427-436.
[118]Chow S. Removing escrow from identity-based encryption. In Proceeding of PKC 2009, Springer-Verlag,2009, Lecture Notes in Computer Science 5443: 256-276.
[119]Shamir A. How to share a secret. Communications of the ACM,1979,24(11): 612-613.
[120]Xu C, Zhou J and Qin Z. A Note on Secure Key Issuing in ID-based Cryptography. Cryptology ePrint Archive, Report 2005/180,2005. Avaliable at: http://eprint.iacr.Org/2005/180.pdf
[121]Gennaro R, Jareki A, Krawczyk H, et al. Secure distributed key generation for discrete-log based cryptosystems. In Advance in Cryptology-Eurocrypt 1999, Springer-Verlag,1999, Lecture Notes in Computer Science 1592:295-310.
[122]Canetti R. University composable security:A new paradigm for cryptographic protocols. In Proceeding of the 42nd IEEE symposium on Foundations of Computer Science, IEEE Computer Society,2001,136-145.
[1]Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology-Crypto 1984, Springer-Verlag,1984, Lecture Notes in Computer Science 196:47-53.
[2]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[3]Hess F. Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography-SAC'02, Springer-Verlag,2003, Lecture Notes in Computer Science 2595:310-324.
[4]Cha J and Cheon J. An identity-based signature from gap Diffie-Hellman groups. In Proceedings of PKC'03, Springer-Verlag,2002, Lecture Notes in Computer Science 2567:18-30.
[5]Waters B. Efficient identity-based encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:114-127.
[6]Paterson K and Schuldt J. Efficient identity based signatures secure in the standard model. In Proceeding of Information Security and Privacy-ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:207-222.
[7]Zheng Y. Digital signcryption or how to achieve cost (signature & encryption) <
[9]Libert B and Quisquater J-J. New identity based signcryption schemes from pairings. Cryptology ePrint Archive, Report 2003/023, February 2003. Available at http://eprint.iacr.org/2003/023.
[10]Chow S, Yiu S, Hui L, et al. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. In Proceedings of the ICISC 2003, Seoul, Korea,2004:352-369.
[11]Boyen X. Multipurpose identity based signcryption:a Swiss army knife for identity based cryptography. In Advance in Cryptology-CRYPTO 2003, Springer-Verlag,2003, Lecture Notes in Computer Science 2729:383-399.
[12]Chen L and Malone-Lee J. Improved identity-based signcryption. In Proceedings of the PKC 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3386:362-379.
[13]Barreto P, Libert B, McCullagh N, et al. Efficient and provably-secure identity based signatures and signcryption from bilinear maps. In Advance in Cryptology-Asiacrypt, Springer-Verlag,2005, Lecture Notes in Computer Science 3788:515-532.
[14]Yu Y, Yang B, Sun Y, et al. Identity based signcryption scheme without random oracles. Computer Standards & Interfaces,2009,31 (1):56-62.
[15]Duan S and Cao Z. Efficient and provably secure multi-receiver Identity-based signcryption. In Proceedings of the ACISP 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4058:195-206.
[16]Bellare M, Neven G Identity-based multi-signatures from RSA. In Proceedings of the CT-RSA 2007, CA, USA,2007:145-182.
[17]Zhang J and Mao J. A novel identity-based multi-signcryption scheme. Computer Communications,2009,32 (1):14-18.
[18]Bellare M and Rogaway P. Random oracles are practical:A paradigm for designing efficient protocols. In Proceeding of the 1st ACM Conference on Computer and Communications Security. New York, ACM Press,1993:62-73. http://doi.acm.org/10.1145/168588.168596.
[19]Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. In Proceedings of the STOC 1998, Texas, USA,1998:209-218 (preliminary version). Journal of the ACM,2004,51(4):557-594 (full version).
[1]Fiat A and Naor M. Broadcast Encryption. In Advances in Cryptology-Crypto 1993, Springer-Verlag,1993, Lecture Notes in Computer Science 773:480-491.
[2]Delerablee C, Paillier P and Pointcheval D. Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys. In Proceeding of Pairing 2007, Springer-Verlag,2007, Lecture Notes in Computer Science 4575:39-59.
[3]Delerablee C. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In Advances in Cryptology-ASIACRYPT 2007, Springer-Verlag,2008, Lecture Notes in Computer Science 4833:200-215.
[4]Ma C, Mei Q and Li J. Broadcast Group-oriented Encryption for Group Communication. Journal of Computational Information Systems,2007,3(1): 63-71.
[5]Zheng Y. Digital signcryption or how to achieve Cost (signature & encryption) <
[7]Malone-Lee J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[8]Bohio M and Miri A. An authenticated broadcasting scheme for wireless ad hoc network. In Proceeding of 2nd Annual Conference on Communication Networks and Services Research, CNSR2004,2004.69-74.
[9]Mu Y, Susilo W and Lin Y X. Identity-based authenticated broadcast encryption and distributed authenticated encryption. In Proceedings of the 9th Asian Computing Science Conference, ASIAN 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3321:169-181.
[10]Li F, Xin X and Hu Y. Identity based broadcast signcryption. Computer Standards and Interfaces,2008,30(12):89-94.
[11]Gentry C. Practical identity-based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2006, Springer-Verlag,2006, Lecture Notes in Computer Science 4004:445-464.
[12]Boneh D and Franklin M. Identity based encryption from the weil pairing. In Advances in Cryptology-Crypto 2001, Springer-Verlag,2001, Lecture Notes in Computer Science 2139:213-229.
[13]Boneh D and Boyen X. Efficient selective-id identity based encryption without random oracles. In Advances in Cryptology-Eurocrypt 2004, Springer-Verlag, 2004, Lecture Notes in Computer Science 3027:223-238.
[14]Boneh D, Boyen X and Goh E. Hierarchical identity based encryption with constant size ciphertext. In Advances in Cryptology-Eurocrypt 2005, Springer-Verlag,2005, Lecture Notes in Computer Science 3494:440-456.
[15]Boneh D and Boyen X. Short signatures without random oracles. In Advance in Cryptology-Eurocrypt 2004, Springer-Verlag,2004, Lecture Notes in Computer Science 3027:56-73.