自认证短指定验证者签名及应用
|
摘要
在现实生活中,数字签名获得了广泛的研究和发展,并成为信息安全体系的重要基础。随着计算机网络、信息技术的飞速发展,人们的日常生活越来越离不开网上电子商务和电子政务,如电子银行、电子购物、和电子投票等。1996年,Jakobsson, Sako和Impagliazzo提出了指定验证者签名,在这种签名体制中只有签名者指定的验证者才能验证签名的有效性。由于这种特殊性质,指定验证者签名得到了高度的重视和深入的研究,具有不同性质的指定验证者签名方案也不断涌现,并且被应用于电子商务和电子政务的各种场合。
对于一个安全的指定验证者签名方案来讲,如果能够缩短它的签名长度,那么对于一些带宽受限的应用场合来讲,其意义是不言而喻的。2006年,Huang,Susilo,Mu和Zhang提出了两个短的强指定验证者签名方案,是迄今为止从签名生成和签名长度上来讲是最为有效的。比如他们的方案在签名生成过程中,复杂的计算可以离线完成;当签名所选的哈希函数值域为160比特时,整个签名长度就只有160比特。因此,对于通信带宽受限的应用场合来讲,短指定验证者签名具有其特殊优势。
自认证的密码系统最初由Girault在1992年提出。作为一种介于证书密码系统与基于身份密码系统的中间类型,它可以隐式地对公钥进行认证,即不像前者那样需要明确的证书对公钥进行认证;同时又可以避免存在于后者中的密钥托管问题。基于自认证的公钥体制有诸多优点:由于不需要公钥证书,降低了对存储空间的需要;由于不再需要对公钥进行单独认证,减少了计算代价;由于不需要传输公钥证书,降低了通信代价。由于用户自选私钥,具有更高的安全性。
因此,在本篇文章中,我们首次将短指定验证者签名与自认证密码系统相结合,从而提出第一个基于自认证密码系统的短指定验证者签名方案。该方案不仅具有Huang等学者提出的短的强指定验证者签名方案的优点,又融入了自认证公钥密码体制的特点,计算代价小、通信传输量少。
随着无线网络和移动通信技术的日益普及,研究基于自认证公钥密码系统的指定验证者签名对电子商务和电子政务的建设,尤其是在移动通信网络中的建设有着重要的理论意义和应用价值。
最后,本篇文章对所提的方案作了总结与后续工作的展望。
In daily life, there is extensive research and development on digital signature, which has become important foundation of information security systems. With the rapid development of network and information technology, electronic commerce and government affairs have become more and more related to everyone, such as electronic bank, electronic shopping and electronic voting. In 1996, Jakobsson, Sako and Impagliazzo proposed the concept of designated verifier signature, in which only the designated verifier can verify the validity of signature. Because of such special property, designated verifier signature has gained intensive attention and deep research. Desginated verifier signature schemes with different feature have sprung up and applied into different scenes in electronic commerce and government affairs.
For a secure designated verifier signature scheme, if we could shorten its length, it would be significant. In 2006, Huang, Susilo, Mu and Zhang proposed two short strong designated verifier signature schemes, which are by now the most efficient on signature’s generation and length. For instance, in their schemes, complicated computing can been finished offline and the length of signature is 160 bits when the range of the selected hash function is 160 bits. Hence, short designated verifier signature is particulally usefull in circumstance where bandwidth is limited.
Self-certified cryptosystem is firstly propsed by Girault in 1992. As an intermediate type between certificate cryptosystem and id-based cryptosystem, it doesn’t need explicit authentication to public key by certificate and have the key escrow problem. Self-certified cryptosystem has lots of advantages: less storage spaces, computing and communication; more secure since user can select his private key by himself.
Therefore, in this thesis, by the first time we combine short designated verifier signature and self-certified cryptosystem and propse the first short designated verifier signature scheme based on self-certified cryptosystem, which not only has the advantage of Huang et al.’s schemes, but also takes in the feature of self-certified cryptosystem.
With the popularization of wireless network and mobile communication technology, there will be greater significance in theory and application for electronic commerce and government affairs and especially for the establishment of mobile network to study self-certified short designated verifier signature.
Finally, we give some open questions and prospect the further research focus of our scheme.
对于一个安全的指定验证者签名方案来讲,如果能够缩短它的签名长度,那么对于一些带宽受限的应用场合来讲,其意义是不言而喻的。2006年,Huang,Susilo,Mu和Zhang提出了两个短的强指定验证者签名方案,是迄今为止从签名生成和签名长度上来讲是最为有效的。比如他们的方案在签名生成过程中,复杂的计算可以离线完成;当签名所选的哈希函数值域为160比特时,整个签名长度就只有160比特。因此,对于通信带宽受限的应用场合来讲,短指定验证者签名具有其特殊优势。
自认证的密码系统最初由Girault在1992年提出。作为一种介于证书密码系统与基于身份密码系统的中间类型,它可以隐式地对公钥进行认证,即不像前者那样需要明确的证书对公钥进行认证;同时又可以避免存在于后者中的密钥托管问题。基于自认证的公钥体制有诸多优点:由于不需要公钥证书,降低了对存储空间的需要;由于不再需要对公钥进行单独认证,减少了计算代价;由于不需要传输公钥证书,降低了通信代价。由于用户自选私钥,具有更高的安全性。
因此,在本篇文章中,我们首次将短指定验证者签名与自认证密码系统相结合,从而提出第一个基于自认证密码系统的短指定验证者签名方案。该方案不仅具有Huang等学者提出的短的强指定验证者签名方案的优点,又融入了自认证公钥密码体制的特点,计算代价小、通信传输量少。
随着无线网络和移动通信技术的日益普及,研究基于自认证公钥密码系统的指定验证者签名对电子商务和电子政务的建设,尤其是在移动通信网络中的建设有着重要的理论意义和应用价值。
最后,本篇文章对所提的方案作了总结与后续工作的展望。
In daily life, there is extensive research and development on digital signature, which has become important foundation of information security systems. With the rapid development of network and information technology, electronic commerce and government affairs have become more and more related to everyone, such as electronic bank, electronic shopping and electronic voting. In 1996, Jakobsson, Sako and Impagliazzo proposed the concept of designated verifier signature, in which only the designated verifier can verify the validity of signature. Because of such special property, designated verifier signature has gained intensive attention and deep research. Desginated verifier signature schemes with different feature have sprung up and applied into different scenes in electronic commerce and government affairs.
For a secure designated verifier signature scheme, if we could shorten its length, it would be significant. In 2006, Huang, Susilo, Mu and Zhang proposed two short strong designated verifier signature schemes, which are by now the most efficient on signature’s generation and length. For instance, in their schemes, complicated computing can been finished offline and the length of signature is 160 bits when the range of the selected hash function is 160 bits. Hence, short designated verifier signature is particulally usefull in circumstance where bandwidth is limited.
Self-certified cryptosystem is firstly propsed by Girault in 1992. As an intermediate type between certificate cryptosystem and id-based cryptosystem, it doesn’t need explicit authentication to public key by certificate and have the key escrow problem. Self-certified cryptosystem has lots of advantages: less storage spaces, computing and communication; more secure since user can select his private key by himself.
Therefore, in this thesis, by the first time we combine short designated verifier signature and self-certified cryptosystem and propse the first short designated verifier signature scheme based on self-certified cryptosystem, which not only has the advantage of Huang et al.’s schemes, but also takes in the feature of self-certified cryptosystem.
With the popularization of wireless network and mobile communication technology, there will be greater significance in theory and application for electronic commerce and government affairs and especially for the establishment of mobile network to study self-certified short designated verifier signature.
Finally, we give some open questions and prospect the further research focus of our scheme.
引文
[1] D. Chaum, H. van Antwerpen. Undeniable signature. Lecture Notes in Computer Science, 435 (1990), 212-216. (Advances in Cryptology – CRYPTO '89.)
[2] D. Chaum. Blind signatures for untraceable payments. Crypto '82 Proceedings, New York: Plenum Press, 1983, pp. 199-203.
[3] D. Chaum and E. van Heyst. Group signature. Advances in Cryptology-Eurocrypt '91, Volume 547 of Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1991, pp. 257-265.
[4] M. Mambo, K. Usuda and E. Okamoto. Proxy signatures: Delegation of power to sign messages. IEICE Trans. Fundamentals, 1996, E79-A, (9), 1338-1354.
[5] R. L. Rivest, A. Shamir and Y. Tauman. How to leak a secret. Cryptology, Asiacrypt 2001, Berlin: Springer-Verlag, 1997, pp. 552-565.
[6] R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin. Robust threshold DSS signatures. Information and Computation, 2001, 164, (1), 54-84.
[7] M. Jakobsson, K. Sako and R. Impagliazzo. Designated Verifier Proofs and their Applications. Advances in Cryptology – Eurocrypt ’96, Lecture Notes in Computer Science 1070, pages 143-154, Springer-Verlag, Berlin, 1996.
[8] T. ELGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31 (1985), 469-472.
[9] Digital Signature Standard. Federal Information Processing Standard Publication 186, 1994.
[10] A. M. Odlyzko. Discrete logarithms: the past and the future. Designs, Codes, and Cryptography, 19 (2000), 129-145.
[11] D. Boneh. The decision Diffie-Hellman problem. Lecture Notes in Computer Science, 1423 (1998), 48-63. (Proceedings of the Third Algorithmic Number Theory Symposium.)
[12] W. Diffie, M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22 (1976), 644-654.
[13] C. J. Mitchell, F. Piper and P. Wild. Digital signatures. In Contemporary Cryptology, The Science of Information Integrity, 325-378. IEEE Press, 1992.
[14] R. L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21 (1978), 120-126.
[15] B. Preneel. The state of cryptographic hash functions. Lecture Notes in Computer Science, 1561 (1999), 158-182. (Lectures on Data Security.)
[16] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. First ACM journal on Computer and Communications security, 1993. Available at http://www-cse.ucsd.edu/users/mihir/cryptopapers.html.
[17] G. J. Simmons. Authentication without secrecy: A secure communication problem uniquely solvable by asymmetric encryption techniques. Proceedings of IEEE EASCON '79, 1979, pp. 661-662.
[18] G. J. Simmons. How to insure that data acquired to verify treaty compliance are trustworthy. Contemporary Cryptology: The Science of Information Integrity, IEEE Press, 1992, pp. 615-630.
[19] M. Bellare, S. Goldwasser and D. Micciancio. “Pseudo-random” number generation within cryptographic algorithms: the DSS case. Lecture Notes in Computer Science, 1294 (1997), 277-292. (Advances in Cryptology – CRYPTO '97.)
[20] C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4 (1991), 161-174.
[21] N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, v. 48, n. 177, 1987, pp. 203-209.
[22] V. S. Miller. Use of elliptic curves in cryptography. Advances in Cryptology-CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 417-426.
[23] 密码学原理与实践(第二版),Douglas R. Stinson 著,冯登国译,电子工业出版社,2005年。
[24] S. Goldwasser, S. Micali and C. Rackoff. The knowledge complexity of interactive proofsystems. The 17th ACM Symposium on Theory of Computing, Rhode Island, 1985.
[25] U. Feige, A. Fiat, A. Shamir. Zero knowledge proofs of identity. Proceedings of the 19th Annual ACM Symposium on the Theory of Computing, New York, IEEE, 1987, 210-217.
[26] S. Saeednia, S. Kramer and O. Markowitch. An efficient strong designated verifier signature scheme. The 6th International Conference on Information Security and Cryptology, 2003, 40-54.
[27] W. Susilo, F. Zhang and Y. Mu. Identity-based strong designated verifier signature schemes. ACISP 2004, LNCS 3108, Berlin, Springer-Verlag, 2004, 313-324.
[28] F. Laguillaumie, D. Vergnaud. Multi-designated verifier signature schemes. In 6th International Conference, ICICS 2004, LNCS 3269, Berlin, Springer-Verlag, 2004, 495-507.
[29] Rui Zhang, Jun Furukawa and Hideki Imai. Short signature and universal designated verifier signature without random oracles. Applied Cryptography and Network Security. Third International Conference, ACNS 2005, 2005, 7-10.
[30] D. Chaum. Zero-knowledge undeniable signatures. Advances in Cryptology Eurocrypt '90, Berlin: Springer-Verlag, 1990, 458-464.
[31] F. Laguillaumie and D. Vergnaud. Designated verifier signature: anonymity and efficient construction from any bilinear map. Fourth Conference on Security in Communication Network '04. Lecture Notes in Computer Science 3352, Berlin: Springer-Verlag, 2004, 107-121.
[32] R. Steinfeld, L. Bull, H. Wang and J. Piperzyk, Universal designated verifier signatures. Asiacrypt 2003, LNCS 2894, Berlin: Springer-Verlag, 2003, 523-542.
[33] R. Steinfeld, H. Wang and J. Piperzyk. Efficient extension of standard Schnorr/RSA signatures into universal designated verifier signatures. Proceedings of ACISP 2004. Lecture Notes in Computer Science 2947, Berlin: Springer-Verlag, 2004, 86-100.
[34] H. Lipmaa, G. Wang and F. Bao. Designated verifier signature schemes: Attacks, new security notions and a new construction. In 32nd International Colloquium on Automata, Languages and Programming, ICALP 2005. Lecture Notes in Computer Science, Vol. 3580, 2005, 459-471.
[35] K. P. Kumar, G. Shailaja and A. Saxena. Identity based strong designated verifier signature scheme. http://eprint.iacr.org/complete/134.pdf.
[36] 应用密码学,协议、算法与 C 源程序。Bruce Schneier 著,吴世忠,祝世雄,张文政等译,机械工业出版社,2005 年。
[37] 公钥密码学。曹珍富著,黑龙江教育出版社,1993 年。
[38] J. Z. Dai, X. H. Yang and J. X. Dong. Designated-receiver proxy signature scheme for electronic commerce. Proceedings of IEEE International Conference on Systems, Man and Cybernetics, 2003, 384-389.
[39] G. L. Wang. Designated-verifier proxy signature schemes. Security and Privacy in the Age of Ubiquitous Computing, Berlin: Springer-Verlag, 2005: 409-423.
[40] X. Huang, W. Susilo, Y. Mu and F. Zhang. Short (identity-based) strong designated verifier signature schemes. Proceedings of the Information Security Practice and Experience, 2nd International Conference, ISPEC 2006. Lecture Notes in Computer Science 3903, pages 214-225, Springer-Verlag, Berlin, 2006.
[41] IEEE P1363 Standard specifications for public key cryptography, Approved 30January, 2000.
[42] A. Shamir. ID-based cryptosystems and signature schemes. Proceedings of Crypto 1984, Lecture Notes in Computer Science 196, pages 47-53, Springer-Verlag, Berlin, 1985.
[43] Q. Wang and Z. Cao. An identity-based strong designated verifier proxy signature scheme. Wuhan University Journal of Natural Sciences, 11(6), 1633-1635, 2006.
[44] M. Abe and T. Okamoto. Provably secure partially blind signatures. M. Bellare (Ed.): Crypto2000, LNCS 1880, pages: 271-286, 2000.
[45] 黄振杰,郝艳华和王育民,可转换指定证实人部分盲签名。西安电子科技大学学报(自然科学版),第 31 卷第 5 期,757-760,769,2004 年 10 月。
[46] 宋考,谢冬青,一种基于 ACJT 的指定验证者的群签名方案。计算机应用研究,2006 年第 9 期,113-115。
[47] M. Girault. Self-certified public keys. Advances in Cryptology – Eurocrypt ’91, Lecture Notes in Computer Science 547, pages 491-497, Springer-Verlag, Berlin, 1991.
[48] Z. Cao. A threshold key escrow scheme based on public key cryptosystem. Science in China Series E, 44(4): 441-448, 2001.
[49] 邱飞岳,王丽萍和李浩君。基于自证明公钥系统的多重数字签名算法研究。浙江工业大学学报,第 31 卷第 4 期,372-376,2003 年 8 月。
[50] H. Petersen and P. Horster. Self-certified keys - concepts and applications. Proceedings of 3rd International Conference on Communications and Multimedia Security '97, Chapman & Hall, 1997, 102-116.
[51] S. Saeednia. Identity-based and self-certified key exchange protocols. Proceedings of Information Security and Privacy (ACISP '97). LNCS 1270, Berlin: Springer-Verlag, 1997. 303-313.
[52] Y. Chang, T. Wu and S. Huang. ELGamal-like digital signature and multisignature schemes using self-certified public keys. The Journal of Systems and Software, 2000, 50: 99-105.
[53] B. Lee and K. Kim. Self-certificate: PKI using self-certified key. Proceedings of Conference on Information Security and Cryptology 2000. Vol. 10, No. 1, 2000, 65-73.
[54] B. Lee and K. Kim. Self-certified signature. Progress in Cryptology: Indocrypt '2002. LNCS 2551, Springer-Verlag, 2002, 199-214.
[55] T. Wu and C. Hsu. Threshold proxy signature scheme using self-certified public keys. Journal of System and Software, 2003, 67: 89-97.
[56] Y. Tseng, J. Jan and H. Chien. Digital signature with message recovery using self-certified public keys and its variants. Applied Mathematics and Computation, 2003, 136: 203-214.
[57] Z. Shao. Cryptographic system using a self-certified public key based on discrete logarithms. IEEE proceedings - Computer Digital Technology 148 (6), 2001, 233-237.
[58] S. Tseng and M. Hwang. Digital signature with message recovery and its variant based on elliptic curve discrete logarithm problem. Computer Standards & Interfaces, 26, 2004, 61-71.
[59] Z. Shao. Improvement of digital signature with message recovery and its variants based on elliptic curve discrete logarithm problem. Computer Standards & Interfaces 27 (2004) 61-69.
[60] C. Shannon. Communication theory of security systems. Bell Systems Technical Journal, Vol. 28, 1949, 656-715.
[61] 信息安全数学基础。陈恭亮著,清华大学出版社,2004 年。
[62] 应用近世代数。胡冠章著,清华大学出版社,1999 年。
[63] J. Silverman. The arithmetic of elliptic curves. Graduate Texts in Math. Vol. 106, New York, Springer-Verlag, 1986, 55-63, 130-132.
[64] D. Pointcheval. Contemporary cryptology provable security for public key scheme. Advanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, June 2005, pp.133-189.
[65] W. Mao. Modern cryptography: theory and practice. Published by Prentice Hall PTR. 2003.
[66] S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks, SIAM. Journal of Computing, 17 (2), 1988, 281-308.
[67] R. Lu, X. Lin, Z. Cao, L. Qin, and X. Liang. A simple deniable authentication protocol based on the Diffie-Hellman algorithm, International Journal of Computer Mathematics, to appear.
[68] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13 (3), 2000, 361-396.
[69] A. Yao. Theory and applications of trapdoor functions. Proceedings of the 23rd symposium on the Foundation of Computer Science, 1982, pp. 80-91.
[70] S. Goldwasser and S. Micali. Probabilistic encryption and how to play mental poker, keeping secret all partial information. Proceedings of 14th ACM Symposium on Theory of Computing, 1982, pp. 365-377.
[71] M. Rabin. Digitalized signatures, foundations of secure communication. Academic Press, UK, 1978, 155-168.
[72] 陆荣幸,若干代理密码体制的研究与设计,博士学位论文,上海交通大学,2006。
[73] Z. Cao. A public key cryptosystem based on a conic over finite fields Fp. Advances in Cryptology-Chinacrypt '98, Science Press, 1998, pp.45-49.
[74] Z. Cao. Conic analog of RSA cryptosystem and some improved RSA cryptosystems. Journal of Natural Science of Heilongjiang University, 16 (4), 1999.
[75] 向新银,强指定验证者签名方案研究,硕士学位论文,西安理工大学,2007。
[76] D. Boneh and M. Franklin, Identity-based Encryption from the Weil pairing, SIAM. Journal ofComputing. Vol. 32 (3), 2003, 586-615. Extended abstract in Advances in Cryptology-Crypto '01, LNCS 2139, Berlin, Springer-Verlag, 2001, pp. 213-229.
[77] 赵男,指定验证者签名和变色龙签名的研究及应用,硕士学位论文,西安理工大学,2007。
[78] 李梅,指定多接收者签名的研究及实现,硕士学位论文,山东大学,2006。
[79] V. Shoup. OAEP reconsidered. Journal of Cryptography, 15 (4), 2002, 223-249.
[80] 李海峰,刘云芳。移动 Ad Hoc 网络中应用自认证的(t,n)门限群签名方案。北京联合大学学报(自然科学版),第 20 卷第 3 期,19-22 页,2006 年。
[81] 黄亮,卢建朱。基于椭圆曲线自验证公钥的 3G 通信认证方案。计算机工程与应用,第20 期,128-131 页。
[2] D. Chaum. Blind signatures for untraceable payments. Crypto '82 Proceedings, New York: Plenum Press, 1983, pp. 199-203.
[3] D. Chaum and E. van Heyst. Group signature. Advances in Cryptology-Eurocrypt '91, Volume 547 of Lecture Notes in Computer Science, Berlin: Springer-Verlag, 1991, pp. 257-265.
[4] M. Mambo, K. Usuda and E. Okamoto. Proxy signatures: Delegation of power to sign messages. IEICE Trans. Fundamentals, 1996, E79-A, (9), 1338-1354.
[5] R. L. Rivest, A. Shamir and Y. Tauman. How to leak a secret. Cryptology, Asiacrypt 2001, Berlin: Springer-Verlag, 1997, pp. 552-565.
[6] R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin. Robust threshold DSS signatures. Information and Computation, 2001, 164, (1), 54-84.
[7] M. Jakobsson, K. Sako and R. Impagliazzo. Designated Verifier Proofs and their Applications. Advances in Cryptology – Eurocrypt ’96, Lecture Notes in Computer Science 1070, pages 143-154, Springer-Verlag, Berlin, 1996.
[8] T. ELGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31 (1985), 469-472.
[9] Digital Signature Standard. Federal Information Processing Standard Publication 186, 1994.
[10] A. M. Odlyzko. Discrete logarithms: the past and the future. Designs, Codes, and Cryptography, 19 (2000), 129-145.
[11] D. Boneh. The decision Diffie-Hellman problem. Lecture Notes in Computer Science, 1423 (1998), 48-63. (Proceedings of the Third Algorithmic Number Theory Symposium.)
[12] W. Diffie, M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22 (1976), 644-654.
[13] C. J. Mitchell, F. Piper and P. Wild. Digital signatures. In Contemporary Cryptology, The Science of Information Integrity, 325-378. IEEE Press, 1992.
[14] R. L. Rivest, A. Shamir and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21 (1978), 120-126.
[15] B. Preneel. The state of cryptographic hash functions. Lecture Notes in Computer Science, 1561 (1999), 158-182. (Lectures on Data Security.)
[16] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. First ACM journal on Computer and Communications security, 1993. Available at http://www-cse.ucsd.edu/users/mihir/cryptopapers.html.
[17] G. J. Simmons. Authentication without secrecy: A secure communication problem uniquely solvable by asymmetric encryption techniques. Proceedings of IEEE EASCON '79, 1979, pp. 661-662.
[18] G. J. Simmons. How to insure that data acquired to verify treaty compliance are trustworthy. Contemporary Cryptology: The Science of Information Integrity, IEEE Press, 1992, pp. 615-630.
[19] M. Bellare, S. Goldwasser and D. Micciancio. “Pseudo-random” number generation within cryptographic algorithms: the DSS case. Lecture Notes in Computer Science, 1294 (1997), 277-292. (Advances in Cryptology – CRYPTO '97.)
[20] C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4 (1991), 161-174.
[21] N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, v. 48, n. 177, 1987, pp. 203-209.
[22] V. S. Miller. Use of elliptic curves in cryptography. Advances in Cryptology-CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 417-426.
[23] 密码学原理与实践(第二版),Douglas R. Stinson 著,冯登国译,电子工业出版社,2005年。
[24] S. Goldwasser, S. Micali and C. Rackoff. The knowledge complexity of interactive proofsystems. The 17th ACM Symposium on Theory of Computing, Rhode Island, 1985.
[25] U. Feige, A. Fiat, A. Shamir. Zero knowledge proofs of identity. Proceedings of the 19th Annual ACM Symposium on the Theory of Computing, New York, IEEE, 1987, 210-217.
[26] S. Saeednia, S. Kramer and O. Markowitch. An efficient strong designated verifier signature scheme. The 6th International Conference on Information Security and Cryptology, 2003, 40-54.
[27] W. Susilo, F. Zhang and Y. Mu. Identity-based strong designated verifier signature schemes. ACISP 2004, LNCS 3108, Berlin, Springer-Verlag, 2004, 313-324.
[28] F. Laguillaumie, D. Vergnaud. Multi-designated verifier signature schemes. In 6th International Conference, ICICS 2004, LNCS 3269, Berlin, Springer-Verlag, 2004, 495-507.
[29] Rui Zhang, Jun Furukawa and Hideki Imai. Short signature and universal designated verifier signature without random oracles. Applied Cryptography and Network Security. Third International Conference, ACNS 2005, 2005, 7-10.
[30] D. Chaum. Zero-knowledge undeniable signatures. Advances in Cryptology Eurocrypt '90, Berlin: Springer-Verlag, 1990, 458-464.
[31] F. Laguillaumie and D. Vergnaud. Designated verifier signature: anonymity and efficient construction from any bilinear map. Fourth Conference on Security in Communication Network '04. Lecture Notes in Computer Science 3352, Berlin: Springer-Verlag, 2004, 107-121.
[32] R. Steinfeld, L. Bull, H. Wang and J. Piperzyk, Universal designated verifier signatures. Asiacrypt 2003, LNCS 2894, Berlin: Springer-Verlag, 2003, 523-542.
[33] R. Steinfeld, H. Wang and J. Piperzyk. Efficient extension of standard Schnorr/RSA signatures into universal designated verifier signatures. Proceedings of ACISP 2004. Lecture Notes in Computer Science 2947, Berlin: Springer-Verlag, 2004, 86-100.
[34] H. Lipmaa, G. Wang and F. Bao. Designated verifier signature schemes: Attacks, new security notions and a new construction. In 32nd International Colloquium on Automata, Languages and Programming, ICALP 2005. Lecture Notes in Computer Science, Vol. 3580, 2005, 459-471.
[35] K. P. Kumar, G. Shailaja and A. Saxena. Identity based strong designated verifier signature scheme. http://eprint.iacr.org/complete/134.pdf.
[36] 应用密码学,协议、算法与 C 源程序。Bruce Schneier 著,吴世忠,祝世雄,张文政等译,机械工业出版社,2005 年。
[37] 公钥密码学。曹珍富著,黑龙江教育出版社,1993 年。
[38] J. Z. Dai, X. H. Yang and J. X. Dong. Designated-receiver proxy signature scheme for electronic commerce. Proceedings of IEEE International Conference on Systems, Man and Cybernetics, 2003, 384-389.
[39] G. L. Wang. Designated-verifier proxy signature schemes. Security and Privacy in the Age of Ubiquitous Computing, Berlin: Springer-Verlag, 2005: 409-423.
[40] X. Huang, W. Susilo, Y. Mu and F. Zhang. Short (identity-based) strong designated verifier signature schemes. Proceedings of the Information Security Practice and Experience, 2nd International Conference, ISPEC 2006. Lecture Notes in Computer Science 3903, pages 214-225, Springer-Verlag, Berlin, 2006.
[41] IEEE P1363 Standard specifications for public key cryptography, Approved 30January, 2000.
[42] A. Shamir. ID-based cryptosystems and signature schemes. Proceedings of Crypto 1984, Lecture Notes in Computer Science 196, pages 47-53, Springer-Verlag, Berlin, 1985.
[43] Q. Wang and Z. Cao. An identity-based strong designated verifier proxy signature scheme. Wuhan University Journal of Natural Sciences, 11(6), 1633-1635, 2006.
[44] M. Abe and T. Okamoto. Provably secure partially blind signatures. M. Bellare (Ed.): Crypto2000, LNCS 1880, pages: 271-286, 2000.
[45] 黄振杰,郝艳华和王育民,可转换指定证实人部分盲签名。西安电子科技大学学报(自然科学版),第 31 卷第 5 期,757-760,769,2004 年 10 月。
[46] 宋考,谢冬青,一种基于 ACJT 的指定验证者的群签名方案。计算机应用研究,2006 年第 9 期,113-115。
[47] M. Girault. Self-certified public keys. Advances in Cryptology – Eurocrypt ’91, Lecture Notes in Computer Science 547, pages 491-497, Springer-Verlag, Berlin, 1991.
[48] Z. Cao. A threshold key escrow scheme based on public key cryptosystem. Science in China Series E, 44(4): 441-448, 2001.
[49] 邱飞岳,王丽萍和李浩君。基于自证明公钥系统的多重数字签名算法研究。浙江工业大学学报,第 31 卷第 4 期,372-376,2003 年 8 月。
[50] H. Petersen and P. Horster. Self-certified keys - concepts and applications. Proceedings of 3rd International Conference on Communications and Multimedia Security '97, Chapman & Hall, 1997, 102-116.
[51] S. Saeednia. Identity-based and self-certified key exchange protocols. Proceedings of Information Security and Privacy (ACISP '97). LNCS 1270, Berlin: Springer-Verlag, 1997. 303-313.
[52] Y. Chang, T. Wu and S. Huang. ELGamal-like digital signature and multisignature schemes using self-certified public keys. The Journal of Systems and Software, 2000, 50: 99-105.
[53] B. Lee and K. Kim. Self-certificate: PKI using self-certified key. Proceedings of Conference on Information Security and Cryptology 2000. Vol. 10, No. 1, 2000, 65-73.
[54] B. Lee and K. Kim. Self-certified signature. Progress in Cryptology: Indocrypt '2002. LNCS 2551, Springer-Verlag, 2002, 199-214.
[55] T. Wu and C. Hsu. Threshold proxy signature scheme using self-certified public keys. Journal of System and Software, 2003, 67: 89-97.
[56] Y. Tseng, J. Jan and H. Chien. Digital signature with message recovery using self-certified public keys and its variants. Applied Mathematics and Computation, 2003, 136: 203-214.
[57] Z. Shao. Cryptographic system using a self-certified public key based on discrete logarithms. IEEE proceedings - Computer Digital Technology 148 (6), 2001, 233-237.
[58] S. Tseng and M. Hwang. Digital signature with message recovery and its variant based on elliptic curve discrete logarithm problem. Computer Standards & Interfaces, 26, 2004, 61-71.
[59] Z. Shao. Improvement of digital signature with message recovery and its variants based on elliptic curve discrete logarithm problem. Computer Standards & Interfaces 27 (2004) 61-69.
[60] C. Shannon. Communication theory of security systems. Bell Systems Technical Journal, Vol. 28, 1949, 656-715.
[61] 信息安全数学基础。陈恭亮著,清华大学出版社,2004 年。
[62] 应用近世代数。胡冠章著,清华大学出版社,1999 年。
[63] J. Silverman. The arithmetic of elliptic curves. Graduate Texts in Math. Vol. 106, New York, Springer-Verlag, 1986, 55-63, 130-132.
[64] D. Pointcheval. Contemporary cryptology provable security for public key scheme. Advanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, June 2005, pp.133-189.
[65] W. Mao. Modern cryptography: theory and practice. Published by Prentice Hall PTR. 2003.
[66] S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks, SIAM. Journal of Computing, 17 (2), 1988, 281-308.
[67] R. Lu, X. Lin, Z. Cao, L. Qin, and X. Liang. A simple deniable authentication protocol based on the Diffie-Hellman algorithm, International Journal of Computer Mathematics, to appear.
[68] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13 (3), 2000, 361-396.
[69] A. Yao. Theory and applications of trapdoor functions. Proceedings of the 23rd symposium on the Foundation of Computer Science, 1982, pp. 80-91.
[70] S. Goldwasser and S. Micali. Probabilistic encryption and how to play mental poker, keeping secret all partial information. Proceedings of 14th ACM Symposium on Theory of Computing, 1982, pp. 365-377.
[71] M. Rabin. Digitalized signatures, foundations of secure communication. Academic Press, UK, 1978, 155-168.
[72] 陆荣幸,若干代理密码体制的研究与设计,博士学位论文,上海交通大学,2006。
[73] Z. Cao. A public key cryptosystem based on a conic over finite fields Fp. Advances in Cryptology-Chinacrypt '98, Science Press, 1998, pp.45-49.
[74] Z. Cao. Conic analog of RSA cryptosystem and some improved RSA cryptosystems. Journal of Natural Science of Heilongjiang University, 16 (4), 1999.
[75] 向新银,强指定验证者签名方案研究,硕士学位论文,西安理工大学,2007。
[76] D. Boneh and M. Franklin, Identity-based Encryption from the Weil pairing, SIAM. Journal ofComputing. Vol. 32 (3), 2003, 586-615. Extended abstract in Advances in Cryptology-Crypto '01, LNCS 2139, Berlin, Springer-Verlag, 2001, pp. 213-229.
[77] 赵男,指定验证者签名和变色龙签名的研究及应用,硕士学位论文,西安理工大学,2007。
[78] 李梅,指定多接收者签名的研究及实现,硕士学位论文,山东大学,2006。
[79] V. Shoup. OAEP reconsidered. Journal of Cryptography, 15 (4), 2002, 223-249.
[80] 李海峰,刘云芳。移动 Ad Hoc 网络中应用自认证的(t,n)门限群签名方案。北京联合大学学报(自然科学版),第 20 卷第 3 期,19-22 页,2006 年。
[81] 黄亮,卢建朱。基于椭圆曲线自验证公钥的 3G 通信认证方案。计算机工程与应用,第20 期,128-131 页。