环签名及其应用的研究
|
摘要
数字签名作为保证信息完整性和进行身份认证的重要工具,己成为信息安全领域的一项关键技术。在现实环境中,为适应不同应用的需要,产生了许多特种签名方案,如:群签名、环签名、盲签名、代理签名、门限签名等。其中,环签名以其可以实现签名人完全匿名性的特性,成为近年密码学界的研究热点。近来,随着对环签名研究的不断深入,基于环签名的应用也日益涌现。在环签名研究取得许多重要成果的同时,仍有许多公开问题急待解决,如:环签名大小与环成员个数成正比的问题,环签名中存在的密钥泄露问题等。本文以解决这些问题为切入,以提高效率和结合应用为出发点,对简短环签名、前向安全环签名、关联环签名、可否认环签名和环签密进行了研究。
本文首先综述了环签名的研究进展。以环签名的发展为线索,从环签名的基本概念、环签名的分类(包括门限环签名、关联环签名、可撤销匿名的环签名、可否认的环签名等)、环签名的应用等方面进行了研究。并总结了环签名领域存在的问题及进一步的研究方向。
在对已有环签名方案进行了系统研究的基础上,采用单向累加器技术提出了可证安全的简短环签名方案,并将其用于构造高效的多方同时生效签名协议。该方案解决了环签名中存在的签名长度与环成员个数线性成正比的公开问题。
为了解决环签名存在的密钥泄露问题,采用了前向安全理论,并基于环Z_n上圆锥曲线的性质,如明文嵌入、阶的计算、点的运算及在圆锥曲线中逆元计算十分容易等,构造了前向安全的环签名方案。此外,基于双线性对,构造了在标准模型下可证安全的前向安全环签名方案。
在将环签名与群签名比较研究之后,构造了简短的关联环签名方案,并提出了基于该方案的公平电子现金协议。此外,首次采用关联环签名和盲环签名设计了公平的多银行电子现金协议。该协议既可以避免基于群签名的电子现金协议存在的成员撤销问题,还可以追踪重复花费者的身份,保护发币银行的匿名性,防止银行间的不正当竞争。
采用简短环签名方案,并结合基于身份的Chameleon哈希函数,构造了安全、高效的可否认环签名方案。与已有的可否认环认证方案相比,该方案是唯一一个既满足可否认环认证需求,且签名大小不依赖于环成员个数的方案。
利用无证书密码系统的优点,提出了一种可验证的无证书环签密方案模型,并基于双线性对构造了具体方案。该方案使用无证书密码系统生成用户密钥,在达到数据保密性和认证性的同时,消息的发送者可以完全匿名地发送消息,并且在需要证实签密人身份的时候,可以公开验证其身份。
最后,总结论文工作,提出了需继续研究的问题。
Digital signature is one of the great tools in information security. In order to adapt to different application environments, many specific signature schemes have been proposed, such as group signature, blind signature, proxy signature, threshold signature, ring signature and the like. As a widely used signature scheme, ring signature achieves the property of unconditional anonymity for signers. And it has become the focus of the cryptography research. With the in-depth study of ring signature, a variety of ring signature schemes and the applications are put forward recently. However, there exist many problems to be solved. For instance, the problem of the signature size depending on the group size, the problem of key exposure and the problem of whether the ring signature can be used to construct other protocols instead of the group signature, etc. This dissertation aims to propose new schemes to solve the problems mentioned above, and to apply the ring signature to some applications.
The achievements in the field of ring signature and its applications are surveyed first. The concept, sorts and applications of ring signature are studied. Then, some problems and open problem in this field are concluded. After studying the proposed ring signature schemes, a provably secure short ring signature based on one-way accumulator is proposed, which is also used to construct multi-party concurrent signatures. This is a solution to the problem of the signature size depending on the group size.
With the purpose of solving the key exposure problem, the forward-secure theory is adopted. And a forward-secure ring signature scheme based on conic curve over Z_n is presented, which is easier to accomplish for embedding plaintext, computing element order and points in curves, and speeding up the inverse operation. In addition, new forward-secure ring signature scheme based on bilinear pairings is also proposed, which is proved to be secure in standard model.
After comparing the ring signature with group signatures, a short linkable ring signature scheme is presented. A new fair e-cash protocol based on the proposed scheme is also given. That provides a solution for member revocation problem of existing e-cash protocol based on group signatures. Moreover, a new multi-bank e-cash system by using blind ring signatures and linkable ring signatures is presented, by which the client anonymity control and bank anonymity control are achieved respectively.
An identity-based deniable ring signature scheme based on the short ring signature in the dissertation is given. In the scheme, an identity-based chameleon hash function is adopted. It can be concluded that the scheme is the only scheme which satisfies the requirements of the deniable ring authentication and the constant-size signature.
A new model of verifiable certificateless ring signcryption schemes (VCRSS) is proposed. It is an important cryptographic primitive for private and anonymous communication. An efficient VCRSS scheme based on bilinear pairing is also given. In anonymous communications, the scheme allows the message sender to send the message anonymously, while the confidentiality and authenticity of the message are realized at the same time. If necessary, the real sender can prove his/her identity. The scheme does not require the use of any certificate to ensure the authenticity of public keys, and the the problem of key escrow is eliminated.
Finally, the work of the dissertation is concluded.
本文首先综述了环签名的研究进展。以环签名的发展为线索,从环签名的基本概念、环签名的分类(包括门限环签名、关联环签名、可撤销匿名的环签名、可否认的环签名等)、环签名的应用等方面进行了研究。并总结了环签名领域存在的问题及进一步的研究方向。
在对已有环签名方案进行了系统研究的基础上,采用单向累加器技术提出了可证安全的简短环签名方案,并将其用于构造高效的多方同时生效签名协议。该方案解决了环签名中存在的签名长度与环成员个数线性成正比的公开问题。
为了解决环签名存在的密钥泄露问题,采用了前向安全理论,并基于环Z_n上圆锥曲线的性质,如明文嵌入、阶的计算、点的运算及在圆锥曲线中逆元计算十分容易等,构造了前向安全的环签名方案。此外,基于双线性对,构造了在标准模型下可证安全的前向安全环签名方案。
在将环签名与群签名比较研究之后,构造了简短的关联环签名方案,并提出了基于该方案的公平电子现金协议。此外,首次采用关联环签名和盲环签名设计了公平的多银行电子现金协议。该协议既可以避免基于群签名的电子现金协议存在的成员撤销问题,还可以追踪重复花费者的身份,保护发币银行的匿名性,防止银行间的不正当竞争。
采用简短环签名方案,并结合基于身份的Chameleon哈希函数,构造了安全、高效的可否认环签名方案。与已有的可否认环认证方案相比,该方案是唯一一个既满足可否认环认证需求,且签名大小不依赖于环成员个数的方案。
利用无证书密码系统的优点,提出了一种可验证的无证书环签密方案模型,并基于双线性对构造了具体方案。该方案使用无证书密码系统生成用户密钥,在达到数据保密性和认证性的同时,消息的发送者可以完全匿名地发送消息,并且在需要证实签密人身份的时候,可以公开验证其身份。
最后,总结论文工作,提出了需继续研究的问题。
Digital signature is one of the great tools in information security. In order to adapt to different application environments, many specific signature schemes have been proposed, such as group signature, blind signature, proxy signature, threshold signature, ring signature and the like. As a widely used signature scheme, ring signature achieves the property of unconditional anonymity for signers. And it has become the focus of the cryptography research. With the in-depth study of ring signature, a variety of ring signature schemes and the applications are put forward recently. However, there exist many problems to be solved. For instance, the problem of the signature size depending on the group size, the problem of key exposure and the problem of whether the ring signature can be used to construct other protocols instead of the group signature, etc. This dissertation aims to propose new schemes to solve the problems mentioned above, and to apply the ring signature to some applications.
The achievements in the field of ring signature and its applications are surveyed first. The concept, sorts and applications of ring signature are studied. Then, some problems and open problem in this field are concluded. After studying the proposed ring signature schemes, a provably secure short ring signature based on one-way accumulator is proposed, which is also used to construct multi-party concurrent signatures. This is a solution to the problem of the signature size depending on the group size.
With the purpose of solving the key exposure problem, the forward-secure theory is adopted. And a forward-secure ring signature scheme based on conic curve over Z_n is presented, which is easier to accomplish for embedding plaintext, computing element order and points in curves, and speeding up the inverse operation. In addition, new forward-secure ring signature scheme based on bilinear pairings is also proposed, which is proved to be secure in standard model.
After comparing the ring signature with group signatures, a short linkable ring signature scheme is presented. A new fair e-cash protocol based on the proposed scheme is also given. That provides a solution for member revocation problem of existing e-cash protocol based on group signatures. Moreover, a new multi-bank e-cash system by using blind ring signatures and linkable ring signatures is presented, by which the client anonymity control and bank anonymity control are achieved respectively.
An identity-based deniable ring signature scheme based on the short ring signature in the dissertation is given. In the scheme, an identity-based chameleon hash function is adopted. It can be concluded that the scheme is the only scheme which satisfies the requirements of the deniable ring authentication and the constant-size signature.
A new model of verifiable certificateless ring signcryption schemes (VCRSS) is proposed. It is an important cryptographic primitive for private and anonymous communication. An efficient VCRSS scheme based on bilinear pairing is also given. In anonymous communications, the scheme allows the message sender to send the message anonymously, while the confidentiality and authenticity of the message are realized at the same time. If necessary, the real sender can prove his/her identity. The scheme does not require the use of any certificate to ensure the authenticity of public keys, and the the problem of key escrow is eliminated.
Finally, the work of the dissertation is concluded.
引文
[1] Diffie W, Hellman M E. New Directions in Cryptography. IEEE Transactions on Information Theory, 1976, 22(6): 644-654P
[2] Rivest R L, Shamir A, and Tauman Y. How to Leak a Secret. In Proc. of ASIACRYPT'01. Berlin: Springer-Verlag, 2001. LNCS 2248: 552-565P
[3] Abe M, Ohkubo M and Suzuki K. 1-out-of-n Signatures from a Variety of Keys. In Proc. of ASIACRYPT'02. Berlin: Springer-Verlag, 2002. LNCS 2501:415-432P
[4] Zhang F G, Kim K. ID-Based Blind Signature and Ring Signature from Pairings. In Proc. of ASIACRYPT'02. Berlin: Springer-Verlag 2002. LNCS 2501:533-547P
[5] Bresson E, Stern J and Szydlo M. Threshold Ring Signatures and Applications to Ad-hoc Groups. In Proc. of CRYPTO'02. Berlin:Springer-Verlag, 2002. LNCS 2442: 465-480P
[6] Naor M. Deniable Ring Authentication. Advances in Cryptology- Crypto'02.Berlin: Springer-Verlag, 2002. LNCS 2442: 481-498P
[7] Susilo W, Mu Y. Non-interactive Deniable Ring Authentication. ICISC 2003. Berlin: Springer-Verlag, 2004. LNCS 2971:386-401P
[8] Lv J Q, Wang X M. Verifiable Ring Signature. DMS Proceedings in CANS'03.U.S.A., 2003: 663-665P
[9] Gao C Z, Yao Z A, Li L. A Ring Signature Scheme Based on the Nyberg-Rueppel Signature Scheme. ACNS 2003. Berlin: Springer-Verlag,2003. LNCS 2846: 169-175P
[10] Herranz J, Saez G Forking Lemmas for Ring Signature Schemes. In Proc. of INDOCRYPT'03. Berlin: Springer-Verlag, 2003. LNCS 2904: 266-279P
[11] Zhang F G, Reihaneh S N and Lin C Y. New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairings.http://eprint.iacr.org/2003/104
[12]Chen L Q,Kudla C and Paterson K G.Concurrent Signatures.In Proc.of Eurocrypt '04.Berlin:Springer-Verlag,2004.LNCS 3027:287-305P
[13]Wong D S,Fung K,Liu J K,et al.On the RS-Code Construction of Ring Signature Schemes and a Threshold Setting of RST.ICICS 2003.Berlin:Springer-Verlag,2003.LNCS 2836:34-46P
[14]Liu J K,Wei V K,Wong D S.Linkable Spontaneous Anonymous Group Signature for Ad Hoe Groups.In Proc.of ACISP'04.Berlin:Springer-Verlag,2004.LNCS 3108:325-335P
[15]Benaloh J,Mare M D.One-way Accumulators:A Decentralized Alternative to Digital Signatures.In Advances in Cryptology-EUROCRYPT'93.Berlin:Springer-Verlag,1993.LNCS 765:274-285P
[16]Dodis Y,Kiayias A,Nicolost A,et al.Anonymous Identification in Ad Hoc Groups.In Proc.of EUROCRYPT'04.Berlin:Springer-Verlag,2004.LNCS 3027:609-626P
[17]甘志,陈克非.A New Verifiable Ring Signature Scheme.中山大学学报(自然科学版).2004,43(增2):132-134页
[18]Awasthi A K,Sunder L.ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings.http://eprint.iacr.org/2004/184
[19]Herranz J,Saez G.New Identity-Based Ring Signature Schemes.ICICS 2004.Berlin:Springer-Verlag,2004.LNCS 3269:27-39P
[20]Lv J Q,Ren K,Chen X,et al.Ring Authenticated Encryption:A New Type of Authenticated Encryption.The 2004 Symposium on Cryptography and Information Security,2004:1179-1184P
[21]Cao T,Lin D,Xue R.Improved Ring Authenticated Encryption Scheme.In Proc.of Tenth Joint International Computer Conference,International Academic Publishers World Publishing Corporation,2004:341-346P
[22]王继林,张键红,王育民.基于环签名思想的一种类群签名方案.电子学报,2004,Vol32(3):408-410页
[23]Chan T K,Fung K,Liu J K,et al.Blind Spontaneous Anonymous Group Signatures for Ad Hoc Groups.ESAS 2004.Berlin:Springer-Verlag,2005. LNCS 3313:82-94P
[24] Isshiki T, Tanaka K. An (n-t)-out-of-n Threshold Ring Signature Scheme. ACISP 2005. Berlin: Springer-Verlag, 2005. LNCS 3574: 406-416P
[25] Au M H, Liu J K, Tsang P P, et al. A Suite of ID-Based Threshold Ring Signature Schemes with Different Levels of Anonymity.http://eprint.iacr.org/2005/326/
[26] Lee K C, Wei H, Hwang T. Convertible Ring Signature. IEEE Proc Commum. 2005, 152(4): 411-414P
[27] Tsang P P, Wei V K. Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation. ISPEC 2005. Berlin: Springer-Verlag 2005. LNCS 3439:48-60P
[28] Nguyen L. Accumulator from Bilinear Pairings and Application to ID-based Ring Signatures and Group Membership Revocation. CT-RSA 2005. Berlin:Springer-Verlag, 2005. LNCS 3376: 275-292P
[29] Wu Q H, Zhang F G, Susilo W, et al. An Efficient Static Blind Ring Signature Scheme. ICISC 2005. Berlin: Springer-Verlag, 2006. LNCS3935: 410-423P
[30] Liu J K, Wong D S. Solutions to Key Exposure Problem in Ring Signature.http://eprint.iacr.org/2005/427/.
[31] Zhang F G, Chen X F. Cryptanalysis and Improvement of an ID-based Ad-Hoc Anonymous Identification Scheme at CT-RSA 05.http://eprint.iacr.Org/2005/103/.
[32] Chen Y Q, Susilo W, Mu Y. Identity-Based Anonymous Designated Ring Signatures. IWCMC'06. USA: ACM Press, 2006: 189-194P
[33] Chow S S M, Liu J K, Wei V K, et al. Ring Signature without Random Oracles.http://eprint.iacr.org/2005/317/. ASIACCS'06. USA: ACM Press,2006: 297-302P
[34] Bender A, Katz J, Morselli R. Ring Signatrues: Stronger Definitions, and Constructions without Random Oracles. TCC 2006. Berlin:Springer-Verlag, 2006. LNCS 3876: 60-79P
[35]黄欣沂,张福泰,伍玮.一种基于身份的环签密方案.电子学报,2006,34(2):263-266页
[36]Au M H,Chow S S M,Susilo W.Short Linkable Ring Signatures Revisited.EuroPKI' 06.Berlin:Springer-Verlag,2006.LNCS 4043:101-115P
[37]Tsang P P,Wei V K,Chan T K,et al.Separable Linkable Threshold Ring Signatures.In Proc.of INDOCRYPT'04.Berlin:Springer-Verlag,2004.LNCS 3348:384-398P
[38]Liu J K,Susilo W,Wong D S.Ring signatures with designated linkability.IWSEC 2006.Berlin:Springer-Verlag,2006.LNCS 4266:104-119P
[39]Wang C H,Liu C Y.A New Ring Signature Scheme with Signer-Admission Property.Information Sciences,2007,177(3):747-754P
[40]Zhang C L,Liu Y,He D Q.A New Verifiable Ring Signature Scheme based on Nyberg-Rueppel Scheme.ICSP2006.USA:IEEE Press,2006.
[41]Fujisaki E,Suzuki K.Traceable Ring Signature.http://eprint.iacr.org/2006/389
[42]Susilo W and Mu Y.Deniable Ring Authentication Revisited.ACNS 2004.Berlin:Springer-Verlag,2004.LNCS 3089:149-163P
[43]Komano Y,Ohta K,Shimbo A,et al.Toward the Fair Anonymous Signatures:Deniable Ring Signatures.CT-RSA 2006,Berlin:Springer-Verlag,2006.LNCS 3860:174-191P
[44]Zhang F G,Kim K.ID-Based Blind Signature and Ring Signature from Pairings.In Proc.of Asiacrypt' 02,Berlin:Springer-Verlag,2002.LNCS 2501:533-547P
[45]Lang W M,Yang Z K,Cheng W Q,et al.An improved Identity-based Proxy Ring Signature Scheme.High Technology Letters.2005,11(1):17-19P
[46]Li J,Chen X F,Yuen T H,et al.Proxy Ring Signature:Formal Definitions,Efficient Construction and New Variant.CIS 2006.USA:IEEE Press, 2006:1259-1264P
[47]Herranz J and Laguillaumie F.Blind Ring Signatures Secure under the Chosen-Target-CDH Assumption.ISC 2006.Berlin:Springer-Verlag,2006.LNCS 4176:117-130P
[48]Cao T J,Lin D D,Xue R.ID-based Ring Authenticated Encryption.AINA'05.USA:IEEE Press,2005:591-596P
[49]Lei Q,Jiang Z T,Wang Y M.Ring-Based Anonymous Fingerprinting Scheme.CIS 2005,Part Ⅱ.Berlin:Springer-Verlag,2005.LNCS 3802:1080-1085P
[50]莫宗坚,蓝以中,赵春来.代数学.北京:北京大学出版社,1986
[51]潘承洞,潘承彪.初等数论(第二版).北京:北京大学出版社,2003
[52]Lid R and Niederreiter H.Encyclopedia of Mathematics and Its Applications Volume 20:Finite Fields,Cambridge University Press,1997
[53]Mao W B.Modern Cryptography:Theory and practice.北京:电子工业出版社,2004
[54]Krawczyk H and Rabin T.Chameleon Signatures.In Proc.of the NDSS,2000:143-154P
[55]Ateniese G,Medeiros de B.Identity-based Chameleon Hash and Applications.In Financial Cryptography 2004.Berlin:Springer-Verlag,2004.LNCS 3110:164-180P
[56]Zhang F,Safavi-Naini R,and Susilo W.ID-based Chameleon Hashes from Bilinear Pairings.http://eprint.iacr.org/2003/208
[57]Chen X,Zhang F and Kim K.Chameleon Hashing without Key Exposure.ISC 2004.Berlin:Springer-Verlag,2004.LNCS 3225:87-98P
[58]Ateniese G,Medeiros B de.On the Key Exposure Problem in Chameleon Hashes.SCN 2004.Berlin:Springer-Verlag,2005.LNCS 3352:165-179P
[59]Gao W,Wang X L,Xie D Q.Chameleon Hashes without Key Exposure based on Factoring.Journal of Computer Science and Technology,2007,22(1):109-113P
[60]Chaum D,Antwerpen H.Undeniable Signatures.Crypto' 89.Berlin: Springer-Verlag,1990.LNCS 435:212-216P
[61]Bellare M and Rogaway P.Random Oracles are Practical:a Paradigm for Designing Efficient Protocols.First ACM Conference on Computer and Communications Security,Virginia,USA.ACM Press,1993,62-73P
[62]Shamir A.Identity based Cryptosystems and Signature Schemes.Advances in Cryptology-Crypto'84.Berlin:Springer-Vedag,1984.LNCS 196:47-53P
[63]Boneh D and Franklin M.Identity based Encryption from the Weil Pairing.In proc.of Crypto' 01,Berlin:Springer-Verlag,2001.LNCS 2139:213-229P
[64]张明志.用圆锥曲线分解整数.四川大学学报(自然科学版).1996,33(4):356-359页
[65]曹珍富.基于有限域F_p上圆锥曲线的公钥密码系统.密码学进展-ChinaCrypt'98.北京:科学出版社,1998,45-49页
[66]曹珍富.RSA与改进的RSA的圆锥曲线模拟.黑龙江大学自然科学学报.1999,16(4):15-18页
[67]Dai Z D,Pei D Y,Yang J H,et al.Cryptanalysis of a Public Key Cryptosystem based on Conic Curves.The International Workshop on Cryptographic Techniques & E-Commerce,Hong Kong,1999:259-261P
[68]孙琦,朱文余,王标.环Z_n上圆锥曲线和公钥密码协议.四川大学学报(自然科学版).2005,42(3):471-478页
[69]朱文余,孙琦.环Z_n上椭圆曲线及数字签名方案.电子与信息学报.2003(增),25:40-47页
[70]王标,孙琦.环Z_n上圆锥曲线的盲签名在电子现金中的应用.计算机应用.2006,26(1):78-80页
[71]肖龙,王标,孙琦.基于环Z_n上的圆锥曲线数字签名和多重数字签名.西安交通大学学报.2006,40(6):648-650页
[72]Alriyami S S,Paterson K G.Certificateless Public Key Cryptography.Advances in Cryptography Asiacrypt 2003.Berlin:Springer-Verlag,2003.LNCS 2894:452-473P
[73]Lenstra A K and Verheul E R.The XTR Public Key System.Crypto 2000,Berlin:Springer-Verlag 2000.LNCS 1880:1-19P
[74]Stam M and Lenstra A K.Speeding up XTR.ASIACRYPT' 01.Berlin:Springer-Verlag,2001.LNCS 2248:125-143P
[75]Grze'skowiak M.New Key Generation Algorithms for the XTR Cryptosytem.OTM Workshops 2006.Berlin:Springer-Verlag,2006.LNCS 4277:439-449P
[76]Han D K,Takagi T,and Lim J.Further Security Analysis of XTR.ISPEC 2006.Berlin:Springer-Verlag,2006.LNCS 3903:33-44P
[77]Chen X F,Feng F and Wang Y M.New Key Improvements and Its Application to XTR System.IEEE Proceeding of AINA'03.USA:IEEE Press,2003:561-564P
[78]Lenstra A K,Verheul E R.Key Improvements to XTR.ASIACRYPT'00,Berlin:Springer-Verlag,2000.LNCS 1976:220-233P
[79]Tonien D,Susilo W,and Safavi-Naini R.Multi-party Concurrent Signatures.ISC 2006,Berlin:Springer-Verlag,2006,LNCS 4176:131-145P
[80]Dutta R,Barua R and Sarkar P.Pairing-based Cryptographic Protocols:a Survey.http://eprint.iacr.org/2004/064
[81]Baric N,Pfitzmann B.Collision-free Accumulators and Fail-Stop Signature Schemes without Trees.In Proc.of Advances in Cryptology-EUROCRYPT'97.Berlin:Springer-Verlag,1997.LNCS 1233:480-494P
[82]Camenisch J,Lysyanskaya A.Dynamic Accumulators and Application of Anonymous Credentials.In Proc.of Advances in Cryptology-CRYPTO'02.Berlin:Springer-Verlag,2002.LNCS 2442:61-76P
[83]Nyberg K.Fast Accumulated Hashing.In Proc.of 3rd Fast Software Encryption Workshop.Berlin:Springer-Verlag,1996.LNCS 1039:83-87P
[84]Kim S,Oh H.A New Electronic Check System with Reusable Refund.International Journal of Information Security,2002,1(3):175-188P
[85]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.Crypto'86,Berlin:Springer-Verlag,1987.LNCS 263:186-194P
[86]王芷玲,张玉清,杨波.公平交换协议设计原则.中国科学院研究生院学报,2006,23(4):555-560页
[87]Chow S S M and Susilo W.Generic Construction of(identity-based)Perfect Concurrent Signatures.ICICS'05.Berlin:Springer-Vedag,2005.LNCS 3783:194-206P
[88]Susilo W and Mu Y.Tripartite Concurrent Signatures.In Proc.of IFIP/SEC 2005.Berlin:Springer-Verlag,2005.IFIP International Federation for Information Processing 181:425-441P
[89]Chow S S M,Yiu SM,Hui L C K.Efficient Identity based Ring Signature.In Proc.of ACNS'05.Berlin:Springer-Verlag,2005.LNCS 3531:499-512P
[90]Pointcheval D and Stem J.Security Proofs for Signature Schemes.In Advanced in Cryptology-Eurocrypt'96.Berlin:Springer-Verlag,1996.LNCS 1070:387-398P
[91]马春光,杨义先.可转移离线电子现金.计算机学报.2005,28(3):301-308页
[92]马春光,杨义先,胡正名.可直接花费余额的电子支票系统.电子学报.2005,33(9):1562-1566页
[93]Anderson R.Two Remarks on Public Key Cryptology.USA:Invited Lecture,ACM-CCS'97,1997.
[94]Bellare M,Miner S.A Forward-Secure Digital Signature Scheme.CRYPTO'99,Berlin:Springer-Verlag,1999.LNCS 1666:431-448P
[95]Abdalla J M,Reyzin L.A New Forward-Secure Digital Signature Scheme.ASIACRYPT'00.Berlin:Springer-Verlag,2000.LNCS 1976:116-129P
[96]Itkis G,Reyzin L.Forward-Secure Signatures with Optimal Signing and Verifying.CRYPTO'01.Berlin:Springer-Verlag,2001.LNCS 2139:499-514P
[97]Kozlov A,Reyzin L.Forward-Secure Signatures with Fast Key Update.In Proc.Of Security in communication networks,2002.Berlin:Springer-Verlag,2002.LNCS 2576:247-262P
[98]Shacham H and Waters B.Efficient Ring Signatures without Random Oracles.http://eprint.iacr.org/2006/289
[99]Boneh D,Goh EJ and Nissim K.Evaluating 2-DNF Formulas on Ciphertexts.In Proc.of TCC 2005.Berlin:Springer-Verlag,2005.LNCS 3378:325-341P
[100]徐钊,杨义先.一种安全公平的离线电子现金体制.电子学报.2003,31(7):1078-1079页
[101]Liu J K,Tsang P P,and Wong D S.Recoverable and Untraceable E-Cash.EuroPKI 2005.Berlin:Springer-Verlag,2005.LNCS 3545:206-214P
[102]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制.电子学报.2005,33(3):456--458页
[103]Lysyanslaya A,Ramazan Z.Group Blind Digital Signature:a Scalable Solution to Electronic Cash.In Proc.of FC'98.Berlin:Springer-Verlag,1998.LNCS 1465:184-197P
[104]张方国,张福泰,王育民.多银行电子现金系统.计算机学报.2001,24(5):456-462页
[105]Dwork C,Naor M,and Sahai A.Concurrent Zero-Knowledge.Journal of the ACM,2004,51(6):851-898P
[106]Aumann Y and Rabin M O.Authentication,Enhanced Security and Error Correcting Codes.CRYPTO' 98.Berlin:Springer-Verlag,1998.LNCS 1462:299-303P
[107]Deng X,Lee C H,and Zhu H.Deniable Authentication Protocols.IEE Proc.Comput.Digit.Tech,2001,148(2):101-104P
[108]Fan L,Xu C X,Li J H.Deniable Authentication Protocol based on Diffie-Hellman Algorithm,Electronics Letters,2002,38(4):705-706P
[109]Yoon E J,Ryu E K,Yoo K Y.Improvement of Fan et al.'s Deniable Authentication Protocol based on Diffie-ellman Algorithm.Applied Mathematics and Computation, 2005,167: 274-280P
[110] Raimondo M D, Gennaro R. New Approaches for Deniable Authentication. CCS'05. USA: ACM Press, 2005: 112-121P
[111] Raimondo M D, Gennaro R, Krawczyk H. Deniable Authentication and Key Exchange. CCS'06. 2006, USA: ACM Press. 400-409P
[112] Xiao D, Liao X, Wong K. An Efficient Entire Chaos-based Scheme for Deniable Authentication. Elsevier B.V. Chaos, Solitons & Fractals 2005,23(4): 1327-1331P
[113] Alvarez G Security problems with a chaos-based deniable authentication scheme. Elsevier B.V., 2005. Chaos, Solitons and Fractals 26: 7-11P
[114] Zhao Y L. A note on the Dwork-Naor timed deniable authentication. Elsevier B.V., 2006. Information Processing Letters 100: 1-7P
[115] Shao Z. Efficient deniable authentication protocol based on generalized ElGamal signature scheme. Elsevier B.V., 2004. Computer Standards&Interfaces, 26 (5): 449-454P
[116] Lu R X, Cao Z F. Non-interactive Deniable Authentication Protocol based on Factoring. Elsevier B.V., 2005. Computer Standards & Interfaces 27 (4):401-405P
[117] Lu R X, Cao Z F. A New Deniable Authentication Protocol from Bilinear Pairings. Elsevier B.V., 2005. Applied Mathematics and Computation 168(2): 954-961P
[118]Lu R X, Cao Z F, Dong X L. Group Oriented Deniable Authentication Protocol. IMSCCS'06. USA: IEEE Press, 2006: 89-92P
[119]Qian H F, Cao Z F, Wang L C. Efficient Non-interactive Deniable Authentication Protocols. CIT'05. USA: IEEE Press, 2005: 673-679P
[120] Shi Y and Li J. Identity-Based Deniable Authentication Protocol,Electronics Letters, 2005, 41 (5): 241-242P
[121]Adida B, Hohenberger S, and Rivest R L. Separable Identity-Based Ring Signatures: Theoretical Foundations for Fighting Phishing Attacks. In Proc.of the DIMACS Workshop on Theft in E-Commerce, 2005.
[122]Susilo W and Mu Y.Separable Identity-Based Deniable Authentication:Cryptographic Primitive for Fighting Phishing.EuroPKI 2006.Berlin:Springer-Verlag.LNCS 4043:68-80P
[123]Lee W B,Wu C C,Tsaur W J.A Novel Deniable Authentication Protocol using Generalized EIGamal Signature Scheme.Elsevier B.V.,2007.Information Sciences 177:1376-1381P
[124]Zheng Y L.Digital Signcryption or How to Achieve Cost(signature &encryption) << cost(signature) + cost(encryption).Advances in Cryptology- Proc.of CRYPTO' 97,Berlin:Springer-Verlag 1997.LNCS 1294:165-179P
[125]李发根.基于双线对的签密体制研究.西安电子科技大学博士论文.2007:1-4页
[126]Zheng Y L.Signcryption and Its Application in Efficient Public Key Solutions.ISW' 97.Berlin:Springer-Verlag,1998.LNCS 1396:291-312P
[127]Zheng YL,Imai H.Efficient Signcryption Scheme on Elliptic Curves.In Proc.of IFIP/SEC' 98.Inform Process Letters,1998,68(6):227-233P
[128]Back J,Steinfeld R,Zheng Y L.Formal Proofs for the Security of Signcryption.In Proc.of PKC'02.Berlin:Springer-Verlag,2002.LNCS 2274:81-98P
[129]MALONE L J.Identity based Signcryption.http://eprint.iacr.org/2002/0798.
[2] Rivest R L, Shamir A, and Tauman Y. How to Leak a Secret. In Proc. of ASIACRYPT'01. Berlin: Springer-Verlag, 2001. LNCS 2248: 552-565P
[3] Abe M, Ohkubo M and Suzuki K. 1-out-of-n Signatures from a Variety of Keys. In Proc. of ASIACRYPT'02. Berlin: Springer-Verlag, 2002. LNCS 2501:415-432P
[4] Zhang F G, Kim K. ID-Based Blind Signature and Ring Signature from Pairings. In Proc. of ASIACRYPT'02. Berlin: Springer-Verlag 2002. LNCS 2501:533-547P
[5] Bresson E, Stern J and Szydlo M. Threshold Ring Signatures and Applications to Ad-hoc Groups. In Proc. of CRYPTO'02. Berlin:Springer-Verlag, 2002. LNCS 2442: 465-480P
[6] Naor M. Deniable Ring Authentication. Advances in Cryptology- Crypto'02.Berlin: Springer-Verlag, 2002. LNCS 2442: 481-498P
[7] Susilo W, Mu Y. Non-interactive Deniable Ring Authentication. ICISC 2003. Berlin: Springer-Verlag, 2004. LNCS 2971:386-401P
[8] Lv J Q, Wang X M. Verifiable Ring Signature. DMS Proceedings in CANS'03.U.S.A., 2003: 663-665P
[9] Gao C Z, Yao Z A, Li L. A Ring Signature Scheme Based on the Nyberg-Rueppel Signature Scheme. ACNS 2003. Berlin: Springer-Verlag,2003. LNCS 2846: 169-175P
[10] Herranz J, Saez G Forking Lemmas for Ring Signature Schemes. In Proc. of INDOCRYPT'03. Berlin: Springer-Verlag, 2003. LNCS 2904: 266-279P
[11] Zhang F G, Reihaneh S N and Lin C Y. New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairings.http://eprint.iacr.org/2003/104
[12]Chen L Q,Kudla C and Paterson K G.Concurrent Signatures.In Proc.of Eurocrypt '04.Berlin:Springer-Verlag,2004.LNCS 3027:287-305P
[13]Wong D S,Fung K,Liu J K,et al.On the RS-Code Construction of Ring Signature Schemes and a Threshold Setting of RST.ICICS 2003.Berlin:Springer-Verlag,2003.LNCS 2836:34-46P
[14]Liu J K,Wei V K,Wong D S.Linkable Spontaneous Anonymous Group Signature for Ad Hoe Groups.In Proc.of ACISP'04.Berlin:Springer-Verlag,2004.LNCS 3108:325-335P
[15]Benaloh J,Mare M D.One-way Accumulators:A Decentralized Alternative to Digital Signatures.In Advances in Cryptology-EUROCRYPT'93.Berlin:Springer-Verlag,1993.LNCS 765:274-285P
[16]Dodis Y,Kiayias A,Nicolost A,et al.Anonymous Identification in Ad Hoc Groups.In Proc.of EUROCRYPT'04.Berlin:Springer-Verlag,2004.LNCS 3027:609-626P
[17]甘志,陈克非.A New Verifiable Ring Signature Scheme.中山大学学报(自然科学版).2004,43(增2):132-134页
[18]Awasthi A K,Sunder L.ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings.http://eprint.iacr.org/2004/184
[19]Herranz J,Saez G.New Identity-Based Ring Signature Schemes.ICICS 2004.Berlin:Springer-Verlag,2004.LNCS 3269:27-39P
[20]Lv J Q,Ren K,Chen X,et al.Ring Authenticated Encryption:A New Type of Authenticated Encryption.The 2004 Symposium on Cryptography and Information Security,2004:1179-1184P
[21]Cao T,Lin D,Xue R.Improved Ring Authenticated Encryption Scheme.In Proc.of Tenth Joint International Computer Conference,International Academic Publishers World Publishing Corporation,2004:341-346P
[22]王继林,张键红,王育民.基于环签名思想的一种类群签名方案.电子学报,2004,Vol32(3):408-410页
[23]Chan T K,Fung K,Liu J K,et al.Blind Spontaneous Anonymous Group Signatures for Ad Hoc Groups.ESAS 2004.Berlin:Springer-Verlag,2005. LNCS 3313:82-94P
[24] Isshiki T, Tanaka K. An (n-t)-out-of-n Threshold Ring Signature Scheme. ACISP 2005. Berlin: Springer-Verlag, 2005. LNCS 3574: 406-416P
[25] Au M H, Liu J K, Tsang P P, et al. A Suite of ID-Based Threshold Ring Signature Schemes with Different Levels of Anonymity.http://eprint.iacr.org/2005/326/
[26] Lee K C, Wei H, Hwang T. Convertible Ring Signature. IEEE Proc Commum. 2005, 152(4): 411-414P
[27] Tsang P P, Wei V K. Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation. ISPEC 2005. Berlin: Springer-Verlag 2005. LNCS 3439:48-60P
[28] Nguyen L. Accumulator from Bilinear Pairings and Application to ID-based Ring Signatures and Group Membership Revocation. CT-RSA 2005. Berlin:Springer-Verlag, 2005. LNCS 3376: 275-292P
[29] Wu Q H, Zhang F G, Susilo W, et al. An Efficient Static Blind Ring Signature Scheme. ICISC 2005. Berlin: Springer-Verlag, 2006. LNCS3935: 410-423P
[30] Liu J K, Wong D S. Solutions to Key Exposure Problem in Ring Signature.http://eprint.iacr.org/2005/427/.
[31] Zhang F G, Chen X F. Cryptanalysis and Improvement of an ID-based Ad-Hoc Anonymous Identification Scheme at CT-RSA 05.http://eprint.iacr.Org/2005/103/.
[32] Chen Y Q, Susilo W, Mu Y. Identity-Based Anonymous Designated Ring Signatures. IWCMC'06. USA: ACM Press, 2006: 189-194P
[33] Chow S S M, Liu J K, Wei V K, et al. Ring Signature without Random Oracles.http://eprint.iacr.org/2005/317/. ASIACCS'06. USA: ACM Press,2006: 297-302P
[34] Bender A, Katz J, Morselli R. Ring Signatrues: Stronger Definitions, and Constructions without Random Oracles. TCC 2006. Berlin:Springer-Verlag, 2006. LNCS 3876: 60-79P
[35]黄欣沂,张福泰,伍玮.一种基于身份的环签密方案.电子学报,2006,34(2):263-266页
[36]Au M H,Chow S S M,Susilo W.Short Linkable Ring Signatures Revisited.EuroPKI' 06.Berlin:Springer-Verlag,2006.LNCS 4043:101-115P
[37]Tsang P P,Wei V K,Chan T K,et al.Separable Linkable Threshold Ring Signatures.In Proc.of INDOCRYPT'04.Berlin:Springer-Verlag,2004.LNCS 3348:384-398P
[38]Liu J K,Susilo W,Wong D S.Ring signatures with designated linkability.IWSEC 2006.Berlin:Springer-Verlag,2006.LNCS 4266:104-119P
[39]Wang C H,Liu C Y.A New Ring Signature Scheme with Signer-Admission Property.Information Sciences,2007,177(3):747-754P
[40]Zhang C L,Liu Y,He D Q.A New Verifiable Ring Signature Scheme based on Nyberg-Rueppel Scheme.ICSP2006.USA:IEEE Press,2006.
[41]Fujisaki E,Suzuki K.Traceable Ring Signature.http://eprint.iacr.org/2006/389
[42]Susilo W and Mu Y.Deniable Ring Authentication Revisited.ACNS 2004.Berlin:Springer-Verlag,2004.LNCS 3089:149-163P
[43]Komano Y,Ohta K,Shimbo A,et al.Toward the Fair Anonymous Signatures:Deniable Ring Signatures.CT-RSA 2006,Berlin:Springer-Verlag,2006.LNCS 3860:174-191P
[44]Zhang F G,Kim K.ID-Based Blind Signature and Ring Signature from Pairings.In Proc.of Asiacrypt' 02,Berlin:Springer-Verlag,2002.LNCS 2501:533-547P
[45]Lang W M,Yang Z K,Cheng W Q,et al.An improved Identity-based Proxy Ring Signature Scheme.High Technology Letters.2005,11(1):17-19P
[46]Li J,Chen X F,Yuen T H,et al.Proxy Ring Signature:Formal Definitions,Efficient Construction and New Variant.CIS 2006.USA:IEEE Press, 2006:1259-1264P
[47]Herranz J and Laguillaumie F.Blind Ring Signatures Secure under the Chosen-Target-CDH Assumption.ISC 2006.Berlin:Springer-Verlag,2006.LNCS 4176:117-130P
[48]Cao T J,Lin D D,Xue R.ID-based Ring Authenticated Encryption.AINA'05.USA:IEEE Press,2005:591-596P
[49]Lei Q,Jiang Z T,Wang Y M.Ring-Based Anonymous Fingerprinting Scheme.CIS 2005,Part Ⅱ.Berlin:Springer-Verlag,2005.LNCS 3802:1080-1085P
[50]莫宗坚,蓝以中,赵春来.代数学.北京:北京大学出版社,1986
[51]潘承洞,潘承彪.初等数论(第二版).北京:北京大学出版社,2003
[52]Lid R and Niederreiter H.Encyclopedia of Mathematics and Its Applications Volume 20:Finite Fields,Cambridge University Press,1997
[53]Mao W B.Modern Cryptography:Theory and practice.北京:电子工业出版社,2004
[54]Krawczyk H and Rabin T.Chameleon Signatures.In Proc.of the NDSS,2000:143-154P
[55]Ateniese G,Medeiros de B.Identity-based Chameleon Hash and Applications.In Financial Cryptography 2004.Berlin:Springer-Verlag,2004.LNCS 3110:164-180P
[56]Zhang F,Safavi-Naini R,and Susilo W.ID-based Chameleon Hashes from Bilinear Pairings.http://eprint.iacr.org/2003/208
[57]Chen X,Zhang F and Kim K.Chameleon Hashing without Key Exposure.ISC 2004.Berlin:Springer-Verlag,2004.LNCS 3225:87-98P
[58]Ateniese G,Medeiros B de.On the Key Exposure Problem in Chameleon Hashes.SCN 2004.Berlin:Springer-Verlag,2005.LNCS 3352:165-179P
[59]Gao W,Wang X L,Xie D Q.Chameleon Hashes without Key Exposure based on Factoring.Journal of Computer Science and Technology,2007,22(1):109-113P
[60]Chaum D,Antwerpen H.Undeniable Signatures.Crypto' 89.Berlin: Springer-Verlag,1990.LNCS 435:212-216P
[61]Bellare M and Rogaway P.Random Oracles are Practical:a Paradigm for Designing Efficient Protocols.First ACM Conference on Computer and Communications Security,Virginia,USA.ACM Press,1993,62-73P
[62]Shamir A.Identity based Cryptosystems and Signature Schemes.Advances in Cryptology-Crypto'84.Berlin:Springer-Vedag,1984.LNCS 196:47-53P
[63]Boneh D and Franklin M.Identity based Encryption from the Weil Pairing.In proc.of Crypto' 01,Berlin:Springer-Verlag,2001.LNCS 2139:213-229P
[64]张明志.用圆锥曲线分解整数.四川大学学报(自然科学版).1996,33(4):356-359页
[65]曹珍富.基于有限域F_p上圆锥曲线的公钥密码系统.密码学进展-ChinaCrypt'98.北京:科学出版社,1998,45-49页
[66]曹珍富.RSA与改进的RSA的圆锥曲线模拟.黑龙江大学自然科学学报.1999,16(4):15-18页
[67]Dai Z D,Pei D Y,Yang J H,et al.Cryptanalysis of a Public Key Cryptosystem based on Conic Curves.The International Workshop on Cryptographic Techniques & E-Commerce,Hong Kong,1999:259-261P
[68]孙琦,朱文余,王标.环Z_n上圆锥曲线和公钥密码协议.四川大学学报(自然科学版).2005,42(3):471-478页
[69]朱文余,孙琦.环Z_n上椭圆曲线及数字签名方案.电子与信息学报.2003(增),25:40-47页
[70]王标,孙琦.环Z_n上圆锥曲线的盲签名在电子现金中的应用.计算机应用.2006,26(1):78-80页
[71]肖龙,王标,孙琦.基于环Z_n上的圆锥曲线数字签名和多重数字签名.西安交通大学学报.2006,40(6):648-650页
[72]Alriyami S S,Paterson K G.Certificateless Public Key Cryptography.Advances in Cryptography Asiacrypt 2003.Berlin:Springer-Verlag,2003.LNCS 2894:452-473P
[73]Lenstra A K and Verheul E R.The XTR Public Key System.Crypto 2000,Berlin:Springer-Verlag 2000.LNCS 1880:1-19P
[74]Stam M and Lenstra A K.Speeding up XTR.ASIACRYPT' 01.Berlin:Springer-Verlag,2001.LNCS 2248:125-143P
[75]Grze'skowiak M.New Key Generation Algorithms for the XTR Cryptosytem.OTM Workshops 2006.Berlin:Springer-Verlag,2006.LNCS 4277:439-449P
[76]Han D K,Takagi T,and Lim J.Further Security Analysis of XTR.ISPEC 2006.Berlin:Springer-Verlag,2006.LNCS 3903:33-44P
[77]Chen X F,Feng F and Wang Y M.New Key Improvements and Its Application to XTR System.IEEE Proceeding of AINA'03.USA:IEEE Press,2003:561-564P
[78]Lenstra A K,Verheul E R.Key Improvements to XTR.ASIACRYPT'00,Berlin:Springer-Verlag,2000.LNCS 1976:220-233P
[79]Tonien D,Susilo W,and Safavi-Naini R.Multi-party Concurrent Signatures.ISC 2006,Berlin:Springer-Verlag,2006,LNCS 4176:131-145P
[80]Dutta R,Barua R and Sarkar P.Pairing-based Cryptographic Protocols:a Survey.http://eprint.iacr.org/2004/064
[81]Baric N,Pfitzmann B.Collision-free Accumulators and Fail-Stop Signature Schemes without Trees.In Proc.of Advances in Cryptology-EUROCRYPT'97.Berlin:Springer-Verlag,1997.LNCS 1233:480-494P
[82]Camenisch J,Lysyanskaya A.Dynamic Accumulators and Application of Anonymous Credentials.In Proc.of Advances in Cryptology-CRYPTO'02.Berlin:Springer-Verlag,2002.LNCS 2442:61-76P
[83]Nyberg K.Fast Accumulated Hashing.In Proc.of 3rd Fast Software Encryption Workshop.Berlin:Springer-Verlag,1996.LNCS 1039:83-87P
[84]Kim S,Oh H.A New Electronic Check System with Reusable Refund.International Journal of Information Security,2002,1(3):175-188P
[85]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.Crypto'86,Berlin:Springer-Verlag,1987.LNCS 263:186-194P
[86]王芷玲,张玉清,杨波.公平交换协议设计原则.中国科学院研究生院学报,2006,23(4):555-560页
[87]Chow S S M and Susilo W.Generic Construction of(identity-based)Perfect Concurrent Signatures.ICICS'05.Berlin:Springer-Vedag,2005.LNCS 3783:194-206P
[88]Susilo W and Mu Y.Tripartite Concurrent Signatures.In Proc.of IFIP/SEC 2005.Berlin:Springer-Verlag,2005.IFIP International Federation for Information Processing 181:425-441P
[89]Chow S S M,Yiu SM,Hui L C K.Efficient Identity based Ring Signature.In Proc.of ACNS'05.Berlin:Springer-Verlag,2005.LNCS 3531:499-512P
[90]Pointcheval D and Stem J.Security Proofs for Signature Schemes.In Advanced in Cryptology-Eurocrypt'96.Berlin:Springer-Verlag,1996.LNCS 1070:387-398P
[91]马春光,杨义先.可转移离线电子现金.计算机学报.2005,28(3):301-308页
[92]马春光,杨义先,胡正名.可直接花费余额的电子支票系统.电子学报.2005,33(9):1562-1566页
[93]Anderson R.Two Remarks on Public Key Cryptology.USA:Invited Lecture,ACM-CCS'97,1997.
[94]Bellare M,Miner S.A Forward-Secure Digital Signature Scheme.CRYPTO'99,Berlin:Springer-Verlag,1999.LNCS 1666:431-448P
[95]Abdalla J M,Reyzin L.A New Forward-Secure Digital Signature Scheme.ASIACRYPT'00.Berlin:Springer-Verlag,2000.LNCS 1976:116-129P
[96]Itkis G,Reyzin L.Forward-Secure Signatures with Optimal Signing and Verifying.CRYPTO'01.Berlin:Springer-Verlag,2001.LNCS 2139:499-514P
[97]Kozlov A,Reyzin L.Forward-Secure Signatures with Fast Key Update.In Proc.Of Security in communication networks,2002.Berlin:Springer-Verlag,2002.LNCS 2576:247-262P
[98]Shacham H and Waters B.Efficient Ring Signatures without Random Oracles.http://eprint.iacr.org/2006/289
[99]Boneh D,Goh EJ and Nissim K.Evaluating 2-DNF Formulas on Ciphertexts.In Proc.of TCC 2005.Berlin:Springer-Verlag,2005.LNCS 3378:325-341P
[100]徐钊,杨义先.一种安全公平的离线电子现金体制.电子学报.2003,31(7):1078-1079页
[101]Liu J K,Tsang P P,and Wong D S.Recoverable and Untraceable E-Cash.EuroPKI 2005.Berlin:Springer-Verlag,2005.LNCS 3545:206-214P
[102]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制.电子学报.2005,33(3):456--458页
[103]Lysyanslaya A,Ramazan Z.Group Blind Digital Signature:a Scalable Solution to Electronic Cash.In Proc.of FC'98.Berlin:Springer-Verlag,1998.LNCS 1465:184-197P
[104]张方国,张福泰,王育民.多银行电子现金系统.计算机学报.2001,24(5):456-462页
[105]Dwork C,Naor M,and Sahai A.Concurrent Zero-Knowledge.Journal of the ACM,2004,51(6):851-898P
[106]Aumann Y and Rabin M O.Authentication,Enhanced Security and Error Correcting Codes.CRYPTO' 98.Berlin:Springer-Verlag,1998.LNCS 1462:299-303P
[107]Deng X,Lee C H,and Zhu H.Deniable Authentication Protocols.IEE Proc.Comput.Digit.Tech,2001,148(2):101-104P
[108]Fan L,Xu C X,Li J H.Deniable Authentication Protocol based on Diffie-Hellman Algorithm,Electronics Letters,2002,38(4):705-706P
[109]Yoon E J,Ryu E K,Yoo K Y.Improvement of Fan et al.'s Deniable Authentication Protocol based on Diffie-ellman Algorithm.Applied Mathematics and Computation, 2005,167: 274-280P
[110] Raimondo M D, Gennaro R. New Approaches for Deniable Authentication. CCS'05. USA: ACM Press, 2005: 112-121P
[111] Raimondo M D, Gennaro R, Krawczyk H. Deniable Authentication and Key Exchange. CCS'06. 2006, USA: ACM Press. 400-409P
[112] Xiao D, Liao X, Wong K. An Efficient Entire Chaos-based Scheme for Deniable Authentication. Elsevier B.V. Chaos, Solitons & Fractals 2005,23(4): 1327-1331P
[113] Alvarez G Security problems with a chaos-based deniable authentication scheme. Elsevier B.V., 2005. Chaos, Solitons and Fractals 26: 7-11P
[114] Zhao Y L. A note on the Dwork-Naor timed deniable authentication. Elsevier B.V., 2006. Information Processing Letters 100: 1-7P
[115] Shao Z. Efficient deniable authentication protocol based on generalized ElGamal signature scheme. Elsevier B.V., 2004. Computer Standards&Interfaces, 26 (5): 449-454P
[116] Lu R X, Cao Z F. Non-interactive Deniable Authentication Protocol based on Factoring. Elsevier B.V., 2005. Computer Standards & Interfaces 27 (4):401-405P
[117] Lu R X, Cao Z F. A New Deniable Authentication Protocol from Bilinear Pairings. Elsevier B.V., 2005. Applied Mathematics and Computation 168(2): 954-961P
[118]Lu R X, Cao Z F, Dong X L. Group Oriented Deniable Authentication Protocol. IMSCCS'06. USA: IEEE Press, 2006: 89-92P
[119]Qian H F, Cao Z F, Wang L C. Efficient Non-interactive Deniable Authentication Protocols. CIT'05. USA: IEEE Press, 2005: 673-679P
[120] Shi Y and Li J. Identity-Based Deniable Authentication Protocol,Electronics Letters, 2005, 41 (5): 241-242P
[121]Adida B, Hohenberger S, and Rivest R L. Separable Identity-Based Ring Signatures: Theoretical Foundations for Fighting Phishing Attacks. In Proc.of the DIMACS Workshop on Theft in E-Commerce, 2005.
[122]Susilo W and Mu Y.Separable Identity-Based Deniable Authentication:Cryptographic Primitive for Fighting Phishing.EuroPKI 2006.Berlin:Springer-Verlag.LNCS 4043:68-80P
[123]Lee W B,Wu C C,Tsaur W J.A Novel Deniable Authentication Protocol using Generalized EIGamal Signature Scheme.Elsevier B.V.,2007.Information Sciences 177:1376-1381P
[124]Zheng Y L.Digital Signcryption or How to Achieve Cost(signature &encryption) << cost(signature) + cost(encryption).Advances in Cryptology- Proc.of CRYPTO' 97,Berlin:Springer-Verlag 1997.LNCS 1294:165-179P
[125]李发根.基于双线对的签密体制研究.西安电子科技大学博士论文.2007:1-4页
[126]Zheng Y L.Signcryption and Its Application in Efficient Public Key Solutions.ISW' 97.Berlin:Springer-Verlag,1998.LNCS 1396:291-312P
[127]Zheng YL,Imai H.Efficient Signcryption Scheme on Elliptic Curves.In Proc.of IFIP/SEC' 98.Inform Process Letters,1998,68(6):227-233P
[128]Back J,Steinfeld R,Zheng Y L.Formal Proofs for the Security of Signcryption.In Proc.of PKC'02.Berlin:Springer-Verlag,2002.LNCS 2274:81-98P
[129]MALONE L J.Identity based Signcryption.http://eprint.iacr.org/2002/0798.