代理数字签名方案的研究
|
摘要
随着计算机网络的迅速发展,人们希望通过电子设备实现快速、远距离的交易,数字签名应运而生,并开始应用于现实社会中。数字签名已经在信息保密、身份认证、数据完整性、不可否认性以及匿名性等方面发挥了重要作用。代理数字签名作为一种特殊签名体制,可以实现普通数字签名无法解决的代理问题。代理数字签名的这种特殊性使得它可以广泛应用于电子选举、移动通信、移动代理、电子商务等领域。自从1996年Mambo、Usuda和Okamoto首次提出代理签名概念以来,人们已提出了多种代理数字签名方案,如代理多重数字签名方案、门限代理数字签名方案以及盲代理数字签名方案等,代理数字签名的研究取得了丰硕的成果。然而,已提出的大多数代理签名方案的安全性是基于方案本身的抗密码分析能力,而没有考虑密钥的安全性。我们知道,任何人可以通过选用著名的代理签名方案,并选用大的安全参数来保证签名方案的安全性。但是,如果签名密钥被盗,则会导致灾难性的后果。目前最常见的防止密钥泄露的解决方法是采用多个服务器对密钥分布式共享,如门限签名方案。但是,多个服务器的运行成本较高,并且即使采用了分布式多个服务器,可能由于操作系统的安全漏洞,极有可能使窃密者采用同一手段窃取所有分布式密钥。因此,分布式所提供的安全性并没有人们想象中的那么高。前向安全技术是指确保密钥在短期使用时间内是安全的技术,其主要思想是把密钥的使用分成若干时段,所有时段的密钥对应一个不变的公钥,不同时段使用不同的密钥,当前时段密钥的泄漏不影响以前时间段密钥的安全性。前向安全数字签名思想的本质是数字签名的方向控制,即保证密钥丢失时段以前的签名仍是安全有效的,从而使签名密钥泄露后造成的损失尽可能降到最低。论文首先对分布式密钥共享方式的代理签名—门限代理签名做了一定研究,给出了安全性更好、功能更强大的门限代理签名方案,然后对前向和后向安全技术做了一定探索,最后结合前向安全技术,给出了一个具有前向安全的代理签名方案,该方案在保证前向安全的同时,由于是基于椭圆曲线密码体制的,所以方案本身具有更高的安全性,且方案的计算量较ECDSA没有增加。故本文对代理数字签名做了一些有益的尝试和探索。
本文第一部分为绪论,首先对代理数字签名的产生背景、现实意义和发展状况进行了介绍,第二部分介绍了一些必要的相关数学和密码知识,第三部分分别介绍了三种基本数字签名方案和基本代理签名协议,并介绍了对数字签名方案的主要攻击方法。最后几部分为本文核心内容,对已提出的代理数字签名方案进行了分析,并提出了新的代理数字签名方案。
本文所取得的主要研究成果如下:
1对已有的门限代理签名方案中存在的合谋、伪造等攻击进行分析,提出了一种新的基于双线性对的门限代理签名方案,该方案不仅能抵抗合谋攻击和伪造攻击,而且可以根据原始签名人的需要,方便地回收部分代理签名人的签名权。同时,如果部分代理签名人的代理签名密钥泄露,可以方便地更换成新的代理签名密钥。
2对一个基于椭圆曲线密码体制的前向安全数字签名方案进行了分析,证明了该方案并不仅不具有前向安全性,而且存在伪造攻击;随后提出了一种全新的基于ECC的前向安全数字签名方案,该方案不仅能真正达到前向安全,而且还具后向安全特点。
3结合前向安全技术和代理数字签名特性给出了一种新的基于椭圆曲线的代理数字签名方案,该方案能真正达到前向安全性,而且在计算量上也较一般的椭圆曲线数字签名方案没有增加,这使得代理数字签名应用的安全性和实用性得到了一定的提高。
With the rapid development of computer communication networks, it is deeply hoped that people can finish their trading activities quickly in the distance by the means of electronic apparatus. As a result, digital signature came into being which is widely used in E-commerce. Digital signature has been playing a very important role in the fields of information security, identity authentication, proxy digital signature can settle some proxy problems which other normal digital signature scheme cann't solve. Because of this particularity, proxy digital signature can be widely applied to many fields, such as e-election, mobile communication, mobile agent, e-commerce activities and so on. Since the year of 1996 when Mambo, Usuda and Okamoto firstly advanced the concept of proxy signature, many proxy signature schemes have been proposed, such as proxy multi-signature scheme, threshold proxy signature scheme and proxy blind digital signature scheme. And plentiful achievem ents have been made in the studies of proxy digital signature. However, the security of many proxy signature schemes proposed are based on their anti-cryptanalysis abilities, other than the security of their private key. As we all known, anyone can construct a new and security proxy signature scheme through choosing a famous proxy signature and bigger security parameters, but, once the signature private key was stolen, the disaster result will come. The common method which prevents private key being revealed is to share the private key by many severs, such as threshold signature scheme. However, the cost of such kind of schemes is expensive through many severs sharing the private key, and even if by many severs to share the key, the thief can get all share key by the same method for the security hole of the sever operate system. So the security of the distribution is not the same secure as people think. The technique of forward security is a kind of techniques to keep the private key secure in a short period, whose main idea is that the key revealing of the present period doesn't effect the security of the keys in previous periods, that means the signatures before the present key is revealed are all secure and effective. So it is of great significance to research secure efficient feasible proxy signature schemes in combining forward security technique. This paper made some meaningful attempts in the fields mentioned above.
Chapter1, introduction of the backgrounds in which proxy digital signature e -merged, meaning in reality and development. Chapter2, introduction of some relative mathematics and cryptology. Chapter3, introduction of three classical signature systems, and three basical proxy signature protocols. The following three chapters, the main part of this paper, in this part, the author analyzed several already-proposed signature schemes and raised some new proxy signature schemes. The last part is the conclusions to the paper.
The main contribution of this paper are as follows:
1. Through the analysis of the exsisted attacks in threshold proxy signature schemes, we propose a new threshold proxy signature based on parings. The new scheme not only can resist conspiracy attack, but also can revoke the proxy signer's proxy signing capability conveniently, and can change the part proxy signer's proxy signing key effectively when needs.
2. Through the analysis of a forward security digital signature scheme of ECC cryptography scheme, we proved that it has no forward security at all. we proposed a new digital signature scheme based on ECC, which not only has forward security, but also has backward security.
3. Through combining forward security characteristic and proxy signature scheme, we proposed another new proxy digital signature scheme with forward security which promotes the security in application of the proxy digital signature.
本文第一部分为绪论,首先对代理数字签名的产生背景、现实意义和发展状况进行了介绍,第二部分介绍了一些必要的相关数学和密码知识,第三部分分别介绍了三种基本数字签名方案和基本代理签名协议,并介绍了对数字签名方案的主要攻击方法。最后几部分为本文核心内容,对已提出的代理数字签名方案进行了分析,并提出了新的代理数字签名方案。
本文所取得的主要研究成果如下:
1对已有的门限代理签名方案中存在的合谋、伪造等攻击进行分析,提出了一种新的基于双线性对的门限代理签名方案,该方案不仅能抵抗合谋攻击和伪造攻击,而且可以根据原始签名人的需要,方便地回收部分代理签名人的签名权。同时,如果部分代理签名人的代理签名密钥泄露,可以方便地更换成新的代理签名密钥。
2对一个基于椭圆曲线密码体制的前向安全数字签名方案进行了分析,证明了该方案并不仅不具有前向安全性,而且存在伪造攻击;随后提出了一种全新的基于ECC的前向安全数字签名方案,该方案不仅能真正达到前向安全,而且还具后向安全特点。
3结合前向安全技术和代理数字签名特性给出了一种新的基于椭圆曲线的代理数字签名方案,该方案能真正达到前向安全性,而且在计算量上也较一般的椭圆曲线数字签名方案没有增加,这使得代理数字签名应用的安全性和实用性得到了一定的提高。
With the rapid development of computer communication networks, it is deeply hoped that people can finish their trading activities quickly in the distance by the means of electronic apparatus. As a result, digital signature came into being which is widely used in E-commerce. Digital signature has been playing a very important role in the fields of information security, identity authentication, proxy digital signature can settle some proxy problems which other normal digital signature scheme cann't solve. Because of this particularity, proxy digital signature can be widely applied to many fields, such as e-election, mobile communication, mobile agent, e-commerce activities and so on. Since the year of 1996 when Mambo, Usuda and Okamoto firstly advanced the concept of proxy signature, many proxy signature schemes have been proposed, such as proxy multi-signature scheme, threshold proxy signature scheme and proxy blind digital signature scheme. And plentiful achievem ents have been made in the studies of proxy digital signature. However, the security of many proxy signature schemes proposed are based on their anti-cryptanalysis abilities, other than the security of their private key. As we all known, anyone can construct a new and security proxy signature scheme through choosing a famous proxy signature and bigger security parameters, but, once the signature private key was stolen, the disaster result will come. The common method which prevents private key being revealed is to share the private key by many severs, such as threshold signature scheme. However, the cost of such kind of schemes is expensive through many severs sharing the private key, and even if by many severs to share the key, the thief can get all share key by the same method for the security hole of the sever operate system. So the security of the distribution is not the same secure as people think. The technique of forward security is a kind of techniques to keep the private key secure in a short period, whose main idea is that the key revealing of the present period doesn't effect the security of the keys in previous periods, that means the signatures before the present key is revealed are all secure and effective. So it is of great significance to research secure efficient feasible proxy signature schemes in combining forward security technique. This paper made some meaningful attempts in the fields mentioned above.
Chapter1, introduction of the backgrounds in which proxy digital signature e -merged, meaning in reality and development. Chapter2, introduction of some relative mathematics and cryptology. Chapter3, introduction of three classical signature systems, and three basical proxy signature protocols. The following three chapters, the main part of this paper, in this part, the author analyzed several already-proposed signature schemes and raised some new proxy signature schemes. The last part is the conclusions to the paper.
The main contribution of this paper are as follows:
1. Through the analysis of the exsisted attacks in threshold proxy signature schemes, we propose a new threshold proxy signature based on parings. The new scheme not only can resist conspiracy attack, but also can revoke the proxy signer's proxy signing capability conveniently, and can change the part proxy signer's proxy signing key effectively when needs.
2. Through the analysis of a forward security digital signature scheme of ECC cryptography scheme, we proved that it has no forward security at all. we proposed a new digital signature scheme based on ECC, which not only has forward security, but also has backward security.
3. Through combining forward security characteristic and proxy signature scheme, we proposed another new proxy digital signature scheme with forward security which promotes the security in application of the proxy digital signature.
引文
[1]王育民,刘建伟,通信网的安全理论与技术[M],西安:西安电子科技大学出版社,1999.
[2]W.Diffie,M.E.Hellman,New directions in cryptography[J],IEEE Transactions on Information Theory,1976,Vol.22,No.6,644-654.
[3]Chaum D,Blind Signature for untraceable payments[C].Advances in Cryptology Proceedings of Crypto'82,Prenum Publishing Corporation,1982,199-204.
[4]Chaum D and Heyst E,Group signature[J],Advances in Cryptology-Eurocrypt'91,LNS 547,Springer-Verlag,1991,257-265.
[5]He Yefeng,Zhang Jianzhong,An efficient and secure group signature scheme[J],中国科学院研究生学报,Vol.21,No.4,520-525.
[6]Itakura K,Nakamura K,A public key cryptosystem suitable for digital multi-signature[J],NEC Research and Development,1983(71):1-8.
[7]杨义先,孙伟,纽芯忻,现代密码新理论[M],北京:科学出版社,2002.
[8]M.Mambo,K.Usuda,E.Okamoto,Proxy signatures for delegating signing operation[C],Proc 3rd ACM Conference on Computer and Communications Security,ACM Press,1996,48-57.
[9]M.Mambo,K.Usuda,E.Okamoto,Proxy signatures:delegation of the power to sign messages[J],IEICE Transaction on Fundamentals of Electronic Communications and Computer Science,1996,E79-A(9):1338-1354.
[10]B.Lee,H.Kim,K.Kim,Secure mobile agent using strong non-designated proxy signature[C],Proc ofACISP'2001,2001,474-486.
[11]B.Lee,H.Kim,K.Kim,Strong proxy signature and its applications[C],Proc of ACISP'2001,2001,603-608.
[12]李继国,曹珍富,李建中等,代理签名的现状与改进[J],通信学报,2003,Vol.24,No.10,114-124.
[13]吉文峰,吴秀贤,金贤珠等,移动通信环境下适用于电子商务的Proxy-Signcryption 方式[J],信息安全通信与保密,2002,No.4,42-46.
[14]K.Sako,Universally verifiable auction protocol which hides losing bids[C],Proceedings of Public Key Cryptography 2000,35-39.
[15]H.Kim,J.Back,B.Lee,K.Kim,Secret computation with secrets for mobile agent using One-time proxy signature[C],Cryptography and Information Security 2001,2001.
[16]J.Leiwo,C.Hanle,P.Homburg,Disallowing unauthorized state changes of distributed shared objects[C],SEC,2000,381-390.
[17]B.C.Neuman,Proxy based authorization and accounting for distributed systems[C],Proceed-ing 13~(th)International Conference on Distributed Computing Systems,1993,283-291.
[18]T.Okamoto,M.Tade,and E.Okamoto,Extended proxy signatures for smart cards[J],LNCS,Vol.1729,Springer-Verlag,1999.
[19]H.U.Park and L.Y Lee,A digital nominative proxy signature scheme for mobile communication[J],LNCS,Vol.2229,Springer-Verlag,2001,451-455.
[20]K.Zhang,Treshold proxy signature schemes[C],Information Security Workshop,Japan,1997,191-197.
[21]H.M.Sun,N.Y.Lee,T.Hwang,Treshold proxy signatures[J],IEEE Proc Computers &Digital Techniques,1999,Vol.146,No.5,259-263.
[22]S.Kim,S.Park,D.Won,Proxy signatures,revisited[J],Proc ICICS'97 Springer-Verlag,1997,223-232.
[23]李继国,曹珍富,一个改进的门限代理签名方案[J].计算机研究与发展,2002,Vol.39.No.11,1513-1518.
[24]H.M.Sun.An efficient nonrepudiable threshold proxy signature scheme with known signers[J],Computer Communications,1999,Vol.22,No.8,717-722.
[25]M.Hwang,I.Lin,E.Lu,A secure nonrepudiable threshold proxy signature scheme with known signers[J],International Journal of Informatiica,2000,Vol.11,No.2,1-8.
[26]C.L.Hsu,T.S.Wu,T.C.Wu,A new norepudiable threshold proxy signature scheme with known signer[J],Journal of System and Software,2001,Vol.38,No.9,119-124.
[27]谭作文,刘卓军,唐春明,基于离散对数的代理盲签名[J],软件学报,2003,Vol.14,No.11,1931-1935.
[28]Tan,Z W,Liu Z J,Tang C M,Digital proxy blind signature schemes based on DLP and ECDLP[M],in MM Research Preprints,2002,212-217.
[29]S.Lal,A.K.Awasthi,Proxy blind signature scheme[J],Journal of Irformation Science and Engineering,Cryptology ePrint Archieve,2003.
[30]Yi L J,Bai G Q,Xiao G Z,Proxy multi-signature scheme—A new type of proxy signature scheme[J],Electronic Letter,2000,Vol.36,No.6,527-528.
[31]祁明,L.Ham,基于离散对数的若干新型代理签名方案[J],电子学报,2000,Vol.28,No.11.114-115.
[32]王晓明,符方伟,一种代理多重数字签名方案的安全性分析[J],通信学报,2002,Vol.23,No.4,98-102.
[33]纪家慧,李大兴,王明强,来自双线性配对的新的代理多签名、多代理签名和多代理多签名体制[J],计算机学报,2004,Vol.27,No.10,1429-1435.
[34]H.M.Sun,B.J.Chen,Time-stamped proxy signatures with traceable receivers[C],Proceedings of the ninth National Conference on Information Security,1999,247-253.
[35]H.M.Sun,B.J.Chen,Design of time-stamped proxy signatures with traceable receivers[J].IEE Proc Computers & Digital Techniques,2000,Vol.147,No.6,462-466.
[36]钱海峰,曹珍富,薛庆水,基于双线性对的新型门限代理签名方案[J],中国科学E辑(信息科学)2004,Vol.34,No.6,711-720.
[37]S.F.Teng,M.S.Hwang,C.Y.Yang,An mprovement of non-repudiable threshold proxy sogmatire with known signers[J],Coputers and Security,2004,Vol.23,174-178.
[38]A.Shamir,How to share a secret[J],Commun.ACM,1979,Vol.22,No.11,612-613.
[39]Anderson R,Two Remarks on Public Key Cryptology[C].Proc.of the 4~(th)Annual Conference on Computer and Communications Security,ACM,1997.
[40]Koblitz N.Elliptic curve cryptosystems[J],Mathematic of Computation,1987(148):203-209.
[41]Miller V S.use of elliptic curve in cryptosystems[J],Advances in Cryptology,CRYPT-O'85 Proceding,1986(85):417-426.
[42]SECI:Elliptic curve cryptography,Standards for Efficient Cryptography[DB/OL].http://www.secg-talk@lists.certicom.com,2000-09-20.
[43]IEEE std 1363—2000,IEEE Standard Specifications for Public—Key Cryptography[S].2000-01-30.
[44]詹雄泉,洪景新,基于椭圆曲线密码体制的一种具有前向安全的数字签名方案[J],厦门大学学报,2005,44(2):189-192
[45]符茂盛,任哲,侯整风,基于ECC的前向安全数字签名的研究与改进[J],计算机工程,2006,32(14):109-113.
[46]蔡皖东编著,网络安全与信息安全[M],西安:西北工业大学出版社,2004(4):16-19.
[47]冯登国,密码分析学[M],北京:清华大学出版社,2000,93-119.
[48]Z.W.Tan,Z.J.Liu,Proxy blind signature scheme based on DLP[J],Journal of Software,2003(14):1931-1935.
[49]H.Kieslor,Digital signature scheme based on factorting and discrete logarithms[J],Electron Lerr,2001,37(.4):220-222.
[50]S.H.Wang,G.L.Wang,F.Bao,Proxy blind signature scheme based on DLP and ECDLP[J],Beijing,Key Laborary of Mathematics Mechanization Rechearch,Academy of Mathematics and Systems Science,2002(21):212-217.
[51]Chien-Lung Hsu,Tzong-Sun Wu,Self-certified threshold proxy signature schemes with message recovery[J],Nonrepudiation and Traceability,Applied Mathematics and Computation,2005(164):201-225.
[52]Shin-Jia Hwang,Li En-Ti,Cryptanalysis of Shieh-Lin-Yang-Sun signature scheme[J],IEEE communications letters,2003,7(4):195-196.
[53]柯召,孙琦,数论讲义(第二版)[M],北京:高等教育出版社,2001.
[54]T.E1Gamal,A subexponential algorithm for computing discrete logarithms over GF(P~2)[J],IEEE Trans,Information Theory,Vol.31,1985,473-481.
[55]A.Joux,K.Nguyen,Separeting decision Diffie-Hellman from Gap Diffie-Hellman in cryptographic group,Cryptology ePrint Archive,2001.
[56]J.C.Cha,J.H.Cheou,An Identity-based signature from Gap Diffie-Hellman Group[J],Public Key Cryptography-PKC 2003,LNCS,Vol.2139,Springer-Verlag,2003,8-30.
[57]D.Boneh,M.Franklin,Identity-based encryption from the Weil Paring[J],Advances in Crypto-logy-Crypto 2001,LNCS,Vol.2139,Springer-Verlag,2001,213-229.
[58]D.Boneh,B.Lynn,H.Shacham,Short signature from the Weil Paring[J],Advances in Cryptology-Crypto 2001,LNCS,Vol.2248,Springer-Vedag,2001,514-532.
[59]F.Hess,Efficient identity-based signature schemes based on paring[J],SAC 2002,LNCS,Vol.2595,Springer-Verlag,2002,310-324.
[60]R.L.Rivest,A.Shamir,L.Adelman,A method for obtain digital signatures and public-key cryptosystem[J],Commun.ACM,1978,21(2):120-126.
[61]T.EIGamal,A Public Key Cryptosystems and A Signature Scheme on Discrete Logarithm [J],IEEE Trans,Information Theory,1985,Vol.31,No.4,469-472.
[62]B.Schmeier,应用密码学—协议、算法与C源程序(吴世忠等译)[M],北京:机械工业出版社,2000.
[63]A.Fiat,A.Shamir,How to prove yourself—practical solutions to identification and signature problems[J],Advances in Cryptology-CRYPTO'86,Springer-Vedag,LNCS,Vol.263,1986,186-194.
[64]辛运帏,廖大春,卢桂章,单向散列函数的原理、实现和在密码学中的应用[J],计算机应用研究,2002,Vol.19,No.2,25-27.
[65]A.Kozlov,L.Reyzin,Forward-secure signature with fast key upadate[J],Proceedings of Security in Communication Networks,2002,241-256.
[66]傅晓彤,具有附加性质的数字签名技术应用研究[D],西安电子科技大学博士论文,2005年1月.
[67]J.C.Cha,J.H.Cheon,An identity-based signature from gap Diffie-Hellman groups[J],PKC200 3,Sprmger-Verlag,2003,LNCS2139:18-30.
[68]M.Bellare,S.Miner.A forward-secure digital signature scheme.In:Advances in Cryptology-CRYPTO '99,LNCS 1666,Springer-Verlag,1999,431-448.
[2]W.Diffie,M.E.Hellman,New directions in cryptography[J],IEEE Transactions on Information Theory,1976,Vol.22,No.6,644-654.
[3]Chaum D,Blind Signature for untraceable payments[C].Advances in Cryptology Proceedings of Crypto'82,Prenum Publishing Corporation,1982,199-204.
[4]Chaum D and Heyst E,Group signature[J],Advances in Cryptology-Eurocrypt'91,LNS 547,Springer-Verlag,1991,257-265.
[5]He Yefeng,Zhang Jianzhong,An efficient and secure group signature scheme[J],中国科学院研究生学报,Vol.21,No.4,520-525.
[6]Itakura K,Nakamura K,A public key cryptosystem suitable for digital multi-signature[J],NEC Research and Development,1983(71):1-8.
[7]杨义先,孙伟,纽芯忻,现代密码新理论[M],北京:科学出版社,2002.
[8]M.Mambo,K.Usuda,E.Okamoto,Proxy signatures for delegating signing operation[C],Proc 3rd ACM Conference on Computer and Communications Security,ACM Press,1996,48-57.
[9]M.Mambo,K.Usuda,E.Okamoto,Proxy signatures:delegation of the power to sign messages[J],IEICE Transaction on Fundamentals of Electronic Communications and Computer Science,1996,E79-A(9):1338-1354.
[10]B.Lee,H.Kim,K.Kim,Secure mobile agent using strong non-designated proxy signature[C],Proc ofACISP'2001,2001,474-486.
[11]B.Lee,H.Kim,K.Kim,Strong proxy signature and its applications[C],Proc of ACISP'2001,2001,603-608.
[12]李继国,曹珍富,李建中等,代理签名的现状与改进[J],通信学报,2003,Vol.24,No.10,114-124.
[13]吉文峰,吴秀贤,金贤珠等,移动通信环境下适用于电子商务的Proxy-Signcryption 方式[J],信息安全通信与保密,2002,No.4,42-46.
[14]K.Sako,Universally verifiable auction protocol which hides losing bids[C],Proceedings of Public Key Cryptography 2000,35-39.
[15]H.Kim,J.Back,B.Lee,K.Kim,Secret computation with secrets for mobile agent using One-time proxy signature[C],Cryptography and Information Security 2001,2001.
[16]J.Leiwo,C.Hanle,P.Homburg,Disallowing unauthorized state changes of distributed shared objects[C],SEC,2000,381-390.
[17]B.C.Neuman,Proxy based authorization and accounting for distributed systems[C],Proceed-ing 13~(th)International Conference on Distributed Computing Systems,1993,283-291.
[18]T.Okamoto,M.Tade,and E.Okamoto,Extended proxy signatures for smart cards[J],LNCS,Vol.1729,Springer-Verlag,1999.
[19]H.U.Park and L.Y Lee,A digital nominative proxy signature scheme for mobile communication[J],LNCS,Vol.2229,Springer-Verlag,2001,451-455.
[20]K.Zhang,Treshold proxy signature schemes[C],Information Security Workshop,Japan,1997,191-197.
[21]H.M.Sun,N.Y.Lee,T.Hwang,Treshold proxy signatures[J],IEEE Proc Computers &Digital Techniques,1999,Vol.146,No.5,259-263.
[22]S.Kim,S.Park,D.Won,Proxy signatures,revisited[J],Proc ICICS'97 Springer-Verlag,1997,223-232.
[23]李继国,曹珍富,一个改进的门限代理签名方案[J].计算机研究与发展,2002,Vol.39.No.11,1513-1518.
[24]H.M.Sun.An efficient nonrepudiable threshold proxy signature scheme with known signers[J],Computer Communications,1999,Vol.22,No.8,717-722.
[25]M.Hwang,I.Lin,E.Lu,A secure nonrepudiable threshold proxy signature scheme with known signers[J],International Journal of Informatiica,2000,Vol.11,No.2,1-8.
[26]C.L.Hsu,T.S.Wu,T.C.Wu,A new norepudiable threshold proxy signature scheme with known signer[J],Journal of System and Software,2001,Vol.38,No.9,119-124.
[27]谭作文,刘卓军,唐春明,基于离散对数的代理盲签名[J],软件学报,2003,Vol.14,No.11,1931-1935.
[28]Tan,Z W,Liu Z J,Tang C M,Digital proxy blind signature schemes based on DLP and ECDLP[M],in MM Research Preprints,2002,212-217.
[29]S.Lal,A.K.Awasthi,Proxy blind signature scheme[J],Journal of Irformation Science and Engineering,Cryptology ePrint Archieve,2003.
[30]Yi L J,Bai G Q,Xiao G Z,Proxy multi-signature scheme—A new type of proxy signature scheme[J],Electronic Letter,2000,Vol.36,No.6,527-528.
[31]祁明,L.Ham,基于离散对数的若干新型代理签名方案[J],电子学报,2000,Vol.28,No.11.114-115.
[32]王晓明,符方伟,一种代理多重数字签名方案的安全性分析[J],通信学报,2002,Vol.23,No.4,98-102.
[33]纪家慧,李大兴,王明强,来自双线性配对的新的代理多签名、多代理签名和多代理多签名体制[J],计算机学报,2004,Vol.27,No.10,1429-1435.
[34]H.M.Sun,B.J.Chen,Time-stamped proxy signatures with traceable receivers[C],Proceedings of the ninth National Conference on Information Security,1999,247-253.
[35]H.M.Sun,B.J.Chen,Design of time-stamped proxy signatures with traceable receivers[J].IEE Proc Computers & Digital Techniques,2000,Vol.147,No.6,462-466.
[36]钱海峰,曹珍富,薛庆水,基于双线性对的新型门限代理签名方案[J],中国科学E辑(信息科学)2004,Vol.34,No.6,711-720.
[37]S.F.Teng,M.S.Hwang,C.Y.Yang,An mprovement of non-repudiable threshold proxy sogmatire with known signers[J],Coputers and Security,2004,Vol.23,174-178.
[38]A.Shamir,How to share a secret[J],Commun.ACM,1979,Vol.22,No.11,612-613.
[39]Anderson R,Two Remarks on Public Key Cryptology[C].Proc.of the 4~(th)Annual Conference on Computer and Communications Security,ACM,1997.
[40]Koblitz N.Elliptic curve cryptosystems[J],Mathematic of Computation,1987(148):203-209.
[41]Miller V S.use of elliptic curve in cryptosystems[J],Advances in Cryptology,CRYPT-O'85 Proceding,1986(85):417-426.
[42]SECI:Elliptic curve cryptography,Standards for Efficient Cryptography[DB/OL].http://www.secg-talk@lists.certicom.com,2000-09-20.
[43]IEEE std 1363—2000,IEEE Standard Specifications for Public—Key Cryptography[S].2000-01-30.
[44]詹雄泉,洪景新,基于椭圆曲线密码体制的一种具有前向安全的数字签名方案[J],厦门大学学报,2005,44(2):189-192
[45]符茂盛,任哲,侯整风,基于ECC的前向安全数字签名的研究与改进[J],计算机工程,2006,32(14):109-113.
[46]蔡皖东编著,网络安全与信息安全[M],西安:西北工业大学出版社,2004(4):16-19.
[47]冯登国,密码分析学[M],北京:清华大学出版社,2000,93-119.
[48]Z.W.Tan,Z.J.Liu,Proxy blind signature scheme based on DLP[J],Journal of Software,2003(14):1931-1935.
[49]H.Kieslor,Digital signature scheme based on factorting and discrete logarithms[J],Electron Lerr,2001,37(.4):220-222.
[50]S.H.Wang,G.L.Wang,F.Bao,Proxy blind signature scheme based on DLP and ECDLP[J],Beijing,Key Laborary of Mathematics Mechanization Rechearch,Academy of Mathematics and Systems Science,2002(21):212-217.
[51]Chien-Lung Hsu,Tzong-Sun Wu,Self-certified threshold proxy signature schemes with message recovery[J],Nonrepudiation and Traceability,Applied Mathematics and Computation,2005(164):201-225.
[52]Shin-Jia Hwang,Li En-Ti,Cryptanalysis of Shieh-Lin-Yang-Sun signature scheme[J],IEEE communications letters,2003,7(4):195-196.
[53]柯召,孙琦,数论讲义(第二版)[M],北京:高等教育出版社,2001.
[54]T.E1Gamal,A subexponential algorithm for computing discrete logarithms over GF(P~2)[J],IEEE Trans,Information Theory,Vol.31,1985,473-481.
[55]A.Joux,K.Nguyen,Separeting decision Diffie-Hellman from Gap Diffie-Hellman in cryptographic group,Cryptology ePrint Archive,2001.
[56]J.C.Cha,J.H.Cheou,An Identity-based signature from Gap Diffie-Hellman Group[J],Public Key Cryptography-PKC 2003,LNCS,Vol.2139,Springer-Verlag,2003,8-30.
[57]D.Boneh,M.Franklin,Identity-based encryption from the Weil Paring[J],Advances in Crypto-logy-Crypto 2001,LNCS,Vol.2139,Springer-Verlag,2001,213-229.
[58]D.Boneh,B.Lynn,H.Shacham,Short signature from the Weil Paring[J],Advances in Cryptology-Crypto 2001,LNCS,Vol.2248,Springer-Vedag,2001,514-532.
[59]F.Hess,Efficient identity-based signature schemes based on paring[J],SAC 2002,LNCS,Vol.2595,Springer-Verlag,2002,310-324.
[60]R.L.Rivest,A.Shamir,L.Adelman,A method for obtain digital signatures and public-key cryptosystem[J],Commun.ACM,1978,21(2):120-126.
[61]T.EIGamal,A Public Key Cryptosystems and A Signature Scheme on Discrete Logarithm [J],IEEE Trans,Information Theory,1985,Vol.31,No.4,469-472.
[62]B.Schmeier,应用密码学—协议、算法与C源程序(吴世忠等译)[M],北京:机械工业出版社,2000.
[63]A.Fiat,A.Shamir,How to prove yourself—practical solutions to identification and signature problems[J],Advances in Cryptology-CRYPTO'86,Springer-Vedag,LNCS,Vol.263,1986,186-194.
[64]辛运帏,廖大春,卢桂章,单向散列函数的原理、实现和在密码学中的应用[J],计算机应用研究,2002,Vol.19,No.2,25-27.
[65]A.Kozlov,L.Reyzin,Forward-secure signature with fast key upadate[J],Proceedings of Security in Communication Networks,2002,241-256.
[66]傅晓彤,具有附加性质的数字签名技术应用研究[D],西安电子科技大学博士论文,2005年1月.
[67]J.C.Cha,J.H.Cheon,An identity-based signature from gap Diffie-Hellman groups[J],PKC200 3,Sprmger-Verlag,2003,LNCS2139:18-30.
[68]M.Bellare,S.Miner.A forward-secure digital signature scheme.In:Advances in Cryptology-CRYPTO '99,LNCS 1666,Springer-Verlag,1999,431-448.