密钥安全相关密码体系的研究
|
摘要
随着计算机网络技术的飞速发展,各种网络服务已经渗透到人们生活的各个领域,这一方面给人类活动带来了巨大的便利和好处,另一方面又带来了前所未有的威胁。由于一些重要数据在网络上的传送,所以其保密性、完整性和可用性必须得到保证,密码和信息安全技术则是解决这一问题的有效方法。
在密码和信息安全领域中,密钥的安全性是一个非常重要的核心问题。一旦密钥泄漏了,无论密码算法多么强壮,对应于这个密钥的所有密码操作都是不安全的。因此,密钥泄漏严重威胁着密码体系的安全,如何利用密码学的方法来减小密钥泄漏的可能性,以及在密钥泄漏时,如何降低其对系统造成的危害,是十分有意义的研究工作。秘密共享和门限密码、前向安全密码、密钥隔离密码、抗入侵密码、安全的密钥提取协议都是关于密钥安全方面十分重要的工作。
秘密共享和门限密码的主要思想是将一个密钥分割成若干份额分散存储于多个服务器成员,当需要重构密钥或使用它进行某种密码运算时,必须多于特定数量的成员才能共同完成,少于特定数量的任何成员组都不能计算得到此密钥。这种方法直接降低了密钥泄漏的可能性,它也是密码学中的一个重要分支。这个领域中一个重要的研究内容是秘密再分发协议,它解决的是如何将已经分发到一组成员集合中的秘密,正确的重新分发到另一组成员集合中的问题,同时满足:在再分发过程中不能有可信中心存在,也不能重构秘密。目前存在的秘密再分发协议都存在一个问题,即在协议执行时,不能鉴别哪些成员是不诚实的。我们在第三章中探讨一些相关问题,并提出新的协议来解决这些问题,同时也将探讨门限密码的安全性证明方法,并提出某些门限方案。
前向安全的方法主要目的是为了降低密钥泄漏产生的危害。要让密钥绝对不泄漏是不可能的,所以,当密钥泄漏时,我们需要尽量减小其带来的危害。前向安全的主要思想是:每经过一定的时间都通过单向函数更新密钥,并删除旧密钥,这样,如果当前的密钥泄漏了,敌手也不能知道以前时间段的密钥,以前时间段的密码操作仍然有效。其中,前向安全签名的一个重要的核心问题是效率问题,如何减小各个算法执行时对总共时间段数T的依赖性是Itkis提出的一个公开问题,第四章中,
With the advance of the technique about computer network, all kinds of network sevices have soaked in many aspects of people's life. On the one hand, they bring much convience and advantage to people's actions. On the other hand, they bring an unparalleled threat. The confidentiality, integrity and availability should be satisfied because some important data are transferred by network. The technique of cryptology and information security is an effective means to deal with this problem.
The security of secret key is a very important and central problem in the field of cryptology and information security. Once a secret key is exposed, all cryptological operations related to this secret key are insecure no matter how strong the cryptological algorithm is. Therefore, the exposure of secret key threatens the security of cryptosystem greatly. How to reduce the probability of secret key exposure and how to reduce the damage by means of cryptography when secret key exposure happens are very significant research work. Secret sharing and threshold cryptography, forward secure cryptography, key-insulated cryptography, intrusion-resilient cryptography and secure key retrieval protocol are all important work related to secret key security.
The main idea of secret sharing and threshold cryptology is to divide the secret key into several shares and store them in multiple severs respectively. When we need to construct this secret key or do some cryptological operation related to this secret key, only no fewer than a certain number of severs can complete this work. Any severs group fewer than the certain number can't computer this secret key. This method reduces the probability of secret key exposure directly, which is an important offset in cryptography. One of the important research objects is secret redistribution protocol, which deals with the problem of how to redistribute the secret that has been shared in a group of shareholders to a new group of shareholders correctly. Secret redistribution protocol must be run without any trusted dealer and without reconstruction of the secret. Unfortunately, there is a problem in present verifiable secret redistribution protocols, that is, these
在密码和信息安全领域中,密钥的安全性是一个非常重要的核心问题。一旦密钥泄漏了,无论密码算法多么强壮,对应于这个密钥的所有密码操作都是不安全的。因此,密钥泄漏严重威胁着密码体系的安全,如何利用密码学的方法来减小密钥泄漏的可能性,以及在密钥泄漏时,如何降低其对系统造成的危害,是十分有意义的研究工作。秘密共享和门限密码、前向安全密码、密钥隔离密码、抗入侵密码、安全的密钥提取协议都是关于密钥安全方面十分重要的工作。
秘密共享和门限密码的主要思想是将一个密钥分割成若干份额分散存储于多个服务器成员,当需要重构密钥或使用它进行某种密码运算时,必须多于特定数量的成员才能共同完成,少于特定数量的任何成员组都不能计算得到此密钥。这种方法直接降低了密钥泄漏的可能性,它也是密码学中的一个重要分支。这个领域中一个重要的研究内容是秘密再分发协议,它解决的是如何将已经分发到一组成员集合中的秘密,正确的重新分发到另一组成员集合中的问题,同时满足:在再分发过程中不能有可信中心存在,也不能重构秘密。目前存在的秘密再分发协议都存在一个问题,即在协议执行时,不能鉴别哪些成员是不诚实的。我们在第三章中探讨一些相关问题,并提出新的协议来解决这些问题,同时也将探讨门限密码的安全性证明方法,并提出某些门限方案。
前向安全的方法主要目的是为了降低密钥泄漏产生的危害。要让密钥绝对不泄漏是不可能的,所以,当密钥泄漏时,我们需要尽量减小其带来的危害。前向安全的主要思想是:每经过一定的时间都通过单向函数更新密钥,并删除旧密钥,这样,如果当前的密钥泄漏了,敌手也不能知道以前时间段的密钥,以前时间段的密码操作仍然有效。其中,前向安全签名的一个重要的核心问题是效率问题,如何减小各个算法执行时对总共时间段数T的依赖性是Itkis提出的一个公开问题,第四章中,
With the advance of the technique about computer network, all kinds of network sevices have soaked in many aspects of people's life. On the one hand, they bring much convience and advantage to people's actions. On the other hand, they bring an unparalleled threat. The confidentiality, integrity and availability should be satisfied because some important data are transferred by network. The technique of cryptology and information security is an effective means to deal with this problem.
The security of secret key is a very important and central problem in the field of cryptology and information security. Once a secret key is exposed, all cryptological operations related to this secret key are insecure no matter how strong the cryptological algorithm is. Therefore, the exposure of secret key threatens the security of cryptosystem greatly. How to reduce the probability of secret key exposure and how to reduce the damage by means of cryptography when secret key exposure happens are very significant research work. Secret sharing and threshold cryptography, forward secure cryptography, key-insulated cryptography, intrusion-resilient cryptography and secure key retrieval protocol are all important work related to secret key security.
The main idea of secret sharing and threshold cryptology is to divide the secret key into several shares and store them in multiple severs respectively. When we need to construct this secret key or do some cryptological operation related to this secret key, only no fewer than a certain number of severs can complete this work. Any severs group fewer than the certain number can't computer this secret key. This method reduces the probability of secret key exposure directly, which is an important offset in cryptography. One of the important research objects is secret redistribution protocol, which deals with the problem of how to redistribute the secret that has been shared in a group of shareholders to a new group of shareholders correctly. Secret redistribution protocol must be run without any trusted dealer and without reconstruction of the secret. Unfortunately, there is a problem in present verifiable secret redistribution protocols, that is, these
引文
[1] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Advances in Cryptology-Asiacrypt'01, LNCS 2248, C. Boyd ed., pp. 514-532, Berlin:Springer-Verlag, 2001.
[2] National Bureau of Stardards. Data Encrypton. FIPS PUB 46, National Bureau of Stardards, Washington, D.C Jan., 1977
[3] http://www.nist.gov/aes/.
[4] R. L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 1978, 21(2): 120-126.
[5] T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, 31:469-472.
[6] C. P. Schnorr. Efficient Signature Generation ofr Smart Cards. Journal of Cryptology,1991, 4(30): 239-252.
[7] Digital Signature Standard(DSS). Federal Information Procee Sing Standards Pbulication (FIPS PUB 186). U.S. Department of Commerce/NIST, National Technical Information Service. Springfield, Virginia, 1994.
[8] M. O. Rabin. Digital Signatures and Public-key Functions as Factorization. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212. Jan., 1979.
[9] X. Y. Wang. Collisions for Some Hash Functions MD4, MD5, HAVAL-128,RIPEMD, Crypto'04,2004.
[10] Xiaoyun Wang, Hongbo Yu, and Yiqun Lisa Yin. Efficient Collision Search Attacks on SHA-0,Crypto'05, 2005.
[11] Xiaoyun Wang, Yiqun Yin, and Hongbo Yu. Finding Collisions in the Full SHA-1 Collision Search Attacks on SHA1, Crypto'05, 2005.
[12] X. Y. Wang, X. J. Lai etc, Cryptanalysis for Hash Functions MD4 and RIPEMD,Eurocrypto'05, 2005.
[13] X. Y. Wang, and Hongbo Yu, How to Break MD5 and Other Hash Functions, Eurocrypto'05, 2005.
[14] D. Chaum, and T. P. Pedersen. Transferred cash grows in size. Advance in Cryptology-Eurocrypt'92 Proceedings, LNCS 658, R. A. Rueppel ed., pp. 390-407,Berlin: Springer-Verlag, 1992.
[15] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pp. 62-73, 1993.
[16] A. Fiat and A. Shamir. How to prove yourself: Practical Solutions to identification and signature problems. Advance in Cryptology-Crypto'86 Proceedings, LNCS 263, A.Odlyzko ed., pp. 186-194, Berlin: Springer-Verlag, 1986.
[17] A. Shamir. How to Share a Secret. Communications of the ACM, 22(11): 612-613,1979.
[18] G. R. Blakley. Safeguarding cryptographic keys. In Proc. AFIPS 1979 National Computer Conference, pp. 313-317. AFIPS, 1979.
[19] J. Benaloh, J. Leichter. Generalized secret sharing and monotone functions.Advances in Cryptology- Crypto'88, LNCS 403, S. Goldwasser, pp. 27-35, Berlin:Springer-Verlag, 1989.
[20] G. R. Blakley, G. A. Kabatianski. On general perfect secret sharing schemes,Advances in Cryptology- Crypto'95, LNCS 963, D. Coppersmith ed., pp. 367-371,1995.
[21] R.G.Bleuikli, G. A. Kabatyanskiuli. Generalized ideal secret sharing schemes and matroids, Problems Infrom, Transmission, 33, 1997:277-284.
[22] H. Y. Lin, L. Ham. A generalized secret sharing scheme with cheater detection,Advances in Cryptology- Asiacrypt'91, LNCS 739, H. Imai, R. Rivest, and T.Matsumoto eds., pp. 149-158, Berlin: Springer-Verlag, 1993.
[23] M. Ito, A. Saito, and T. Nishizeki. Secret sharing scheme realizing general access structure, Eletron. Comm. Eletron. Sci, 72, 1989, 56-63.
[24] B. Chor, S. Goldwasser, S. Micali., and B. Werbuch. Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. In: Proc. 26th IEEE Symposium on Foundations of Computer Sciences(FOCS'85). Los Angeles: IEEE Computer Society,1985, 383-395.
[25] P. Feldman. A Pratical Scheme for Non-Interactive Verifiable Secret Sharing. In Proc. 28th Annual FOCS, pages 427-437. IEEE, 1987.
[26] T. P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Advances in Cryptology-Crypto'91, LNCS 576, J. Feigenbaum ed., pp.129-140, Berlin: Springer-Verlag 1992
[27] R. Gennaro, M. O. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In 17th ACM Symposium Annual on Principles of Distributed Computing, pp. 101-111, Puerto Vallarta, Mexico,1998.
[28] Y. Frankel, P.D. Mackenzie, and M. Yung. Robust efficient distributed RSA-key generation. In Proceedings of the 30th Annual ACM Symposium on the Theory of Computing (STOC'98), pp. 663-672. ACM, 1998.
[29] R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin. Secure distributed key generation for discrete-log based cryptosystems. Advances in Cryptology-Eurocrypt'99,LNCS 1592, J. Stern ed., pp. 295-310, Berlin: Springer-Verlag, 1999.
[30] A.C.Yao. Protocols for secure computations. In Proc. 23rd IEEE Symp. On the Foundation of Computer Science, pp. 160-164. IEEE, 1982.
[31] O. Goldreich, S. Micali, and A. Wigderson. How to Play Any Mental Game. In:Proc. 19th ACM Symposium on the Theory of Computing (STOC'87). pp. 218-229,IEEE, 1987.
[32] D.Chaum, C.Crepeau, and I.Damgard. Multiparty unconditionally secure protocols (extended abstract). In Proc. 20th ACM Symp. On the Theory of Computing,pp.11-19,1988.
[33] S.Goldwasser and L.Levin. Fair computation of general functions in presence of immoral majority. In Advances in Cryptology-CRYPTO' 90. LNCS 537. A. Menezes and S. Vanstone eds., pp. 77-93, Berlin: Springer-Verlag, 1990.
[34] M. K. Franklin and M. K. Reiter, The design and implementation of a secure auction service, IEEE Trans, on Software Engineering, 22(5), 1996, pp. 302-312.
[35] M.jakobsson and A.Juels. Millimix:Mixing in small batches, DIMACS Technical Report 99-33,1999.
[36]M. Abe. A mix-network on permutation networks. ASLACRYPT'99, LNCS 1716,K.Y.lam, C.Xing, and E.Okamoto eds., pp. 258-273, Berlin: Springer-Verlag,1999.
[37] M.jakobsson and A.Juels. Mix and Match:Secure Function Evaluation via Ciphertexts. In Advances in Cryptology-ASIACRYPT 2000, LNCS 1976, T. Okamoto,pp. 162-177, Berlin: Springer-Verlag, 2000.
[38] B. Schoenmakers. A simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting. Advances in Cryptology- Crypto'99, LNCS 1666, M.Wiener ed., pp. 148-164, Berlin: Springer-Verlag, 1999.
[39] M. Stadler. Public verifiable secret sharing, Advances in Cryptology-EUROCRYPT'96, LNCS 1070, U. Maurer ed., pp.190-199, Berlin: Springer-Verlag,1996.
[40] E. Fujisaki, T. Okamoto. A practical and provably secure scheme for publicly verifiable secret shaing and its applications. Advances in Cryptology- Eurocrypt'98,LNCS 1403, Berlin: Springer-Verlag, 1998, 32-47.
[41] A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, Proactive Secret Sharing, or: how to cope with perpetual leakage, Advances in Crytptolgy-Crypto'95, LNCS 963, D.Coppersmith ed., pp. 339-352, Berlin: Springer-Verlag, 1995.
[42] R. Ostrovsky and M. Yung. How to withstand mobile virus attacks, Proc. Of the 10th ACM Symposium on the Principles in Distributed Computing, pp. 51-61,1991.
[43] D. Chaum, and E. Heyst. Group Signatures, In: ed., Advances in Cryptology-Eurocrypt'91 Proceeding. LNCS 547, D.W. Davies ed., pp. 257-265, Berlin:Springer-Verlag, 1991.
[44] A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung, Proactive Public Key and Signature Systems. In 1997 ACM Conference on Computers and Communication Security, pp. 100-110, 1997.
[45] R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Robust Threshold DSS Signatures.Advances in Cryptology-Eurocrypt'96. LNCS 1070, U. Maurer ed., pp. 354-371, Berlin:Spinger-Verlag, 1996.
[46] Y. Frankel, P. Gemmell, P. Machkenzie, and M. Yung. Proactive RSA. Advances in Cryptology- Crypto'97, LNCS 1294, B. Kaliski ed., pp. 440-454, Berlin:Springer-Verlag, 1997.
[47] Y. Frankel, P. Gemmell, P. Mackenzie, and M. Yung. Optimal resilience proactive Public-key cryptosystems. In Proc. 38th FOCS, pp. 384-393. IEEE, 1997.
[48] R. Rabin. A Simplified Approach to Threshold and Proactive RSA. Advances in Cryptology- CRYPTO'98, LNCS 1462, H. Krawczyk ed., pp. 89-104, Berlin:Springer-Verlag, 1998.
[49] S. Jarecki and N. Saxena. Further Simplifications in Proactive RSASignatures. TCC 2005, LNCS 3378, J. Kilian ed., pp. 510-528, Berlin: Springer-Verlag, 2005.
[50] R. Canetti, R.Gennaro, A. Herzberg, and D. Naor. Proactive Security: Long-term Protection Against Break-ins. CryptoBytes, 3(1): 1-8, 1997.
[51] C. Cachin. On-line secret sharing. Proc. Of the 5th IMA Conf. On Cryptography and Coding, LNCS 1025, C. Boyd ed., pp. 90-198. The Inst. Of Mathematics and its Application, Berlin: Springer-Verlag, 1995.
[52] M Vails, J Villar, E Marquez. Efficient on-line secret sharing. International Meeting on Coding Theory and Cryptography. Valladolid, Spain. 1999.
[53] B. Blakley, G. R. Blakley, A. H. Chan, and J. L. Massey. Threshold schemes with disenrollment. Advances in Cryptology- Crypto'1992, LNCS 740, E. F. Brickell, ed., pp.540-548. Berlin: Springer-Verlag, 1992.
[54] K. M. Martin, R. S. Naini, H. Wang. Bounds and Techniques for Efficient Redistribution of Secret Shares to New Access Structures. Comput. J. 42 (8):638-649,1999.
[55] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its application. Technical Report ISSE TR-97-01, George Mason University, Fairfax,VA, July 1997.
[56] T. M. Wong, C. Wang, J. M. Wing Verifiable Secret Redistribution, Carnegie Mellon University, Tech Rep: CMU-CS-02-114-R, 2002.http://reports-archive.adm.cs.cmu.edu/anon /2002/ CMU-CS-02-114.pdf.
[57] T. M. Wong, C. Wang, J. M. Wing. Verifiable secret redistribution for archive systems. Proceeding of the 1st International IEEE Security in Storage Workshop, pp.94-106, New York: IEEE Press, 2002.
[58] Y. Desmedt, Y. Frankel . Threshold Cryptosystems. Advances in Cryptology-Crypto'89, LNCS 435, G. Brassard ed., pp. 307-315, Berlin: Springer - Verlag, 1990.
[59] T.P. Pedersen. A threshold cryptosystem without a trusted party. Advances in Cryptology, Advances in Cryptology- Eurocrypt'91, LNCS 547, D. W. Davies ed., pp.335-356, Berlin: Springer-Verlag, 1979.
[60] D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Advances in Cryptology- Crypto'97, LNCS 1294, B. S. Kaliski ed., pp. 425-439. Berlin:Springer-Verlag, 1997.
[61] Y. Desmedt, Y. Frankel. Shared Generation of Authenticators and Signatures.Advanced Cryptology- Crypto'91 Proceedings, LNCS 576, G. Fergenbaum ed., pp.457-469, Berlin: Springer-Verlag, 1992.
[62] R. Gennaro, S. Jarecki, H. krawczyk, T. Rabin. Robust and Efficient Sharing of RSA Functions. Advances in Cryptology- Crypto'96, LNCS 1009, N. Koblitz ed., pp.157-172, Berlin: Springer-Verlag, 1996.
[63] A. De. Satia, Y Desmedt, Y Frankel, M.Yung. How to Share a Function Securely. In Proc: 26th ACM Symposium On Theory of Computing. Santa Fe: IEEE, 1994. 522-533.
[64] V. Shoup. Practical Threshold Signature. In: Advances in Cryptology-Eurocrypt 2000. LNCS 1807, B. Preneel ed., pp. 207-220, Berlin: Spinger-Verlag, 2000.
[65] B. Libert, J. J. Quisquater, Efficient revocation and threshold pairing based cryptosystems. Symposium on Principles of Distributed Computing -- PODC'2003, 2003.
[66] J. Baek and Y. Zheng. Identity-Based threshold decryption. Public Key Cryptography Proceedings of PKC 2004, LNCS 2947, F. Bao ed., pp. 262-276, Berlin:Springer-Verlag, 2004.
[67] X. F. Chen, F. G. Zhang, D. M. Konidala and K. Kim. New ID-Based Threshold Signature Scheme from Bilinear Pairings. INDOCRYPT 2004, LNCS 3348, A. Canteaut and K. Viswanathan Eds., pp. 371-383, Berlin: Springer-Verlag, 2004.
[68] S. S. Duan, Z. F. Cao, R. X. Liu. Robust ID-based Threshold Signcryption Scheme From Pairings. Proceedings of the 3rd international conference on Information security, ACM Press. 2004, 33-37.
[69] S. S. M. Chow, L. C. K. Hui, S. M. Yiu, "Identity Based Threshold Ring Signature," Cryptology ePrint Archive, Report 2004/179, 2004.
[70] D. L. Vo, F. Zhang, K. Kim. A New Threshold Blind Signature Scheme from Pairings, 2003 Symposium on Cryptography and Information Security (SCIS2003), pp. 233-238, 2003.
[71] J. Xu, Z. F. Zhang, and D. G. Feng. Identity Based Threshold Proxy Signature. Cryptology ePrint Archive, Report 2004/250.
[72] M. Abdalla, S. Miner, and C. Namprempre, Forward-secure threshold signature schemes, Topics in Cryptology-CT-RSA 2001, LNCS 2020, D. Naccache ed., pp. 441-456, Berlin: Springer-Verlag, 2001.
[73] Zhi-Jia Tzeng and Wen-Guey Tzeng. Robust forward signature schemes with proactive security. In Proceedings of the Public-Key Cryptography(PKC'01), LNCS 1992, K. Kim ed., pp. 264-276, Berlin: Springer-Verlag, 2001.
[74] A Shamir. Identity-based cryptosystems and signature schemes. B Blakely. Advances in Cryptology-Crypto'84, LNCS 196, D. Pitt et al. eds., pp. 47-53, Berlin: Springer-Verlag, 1984.
[75] Y Desmedt, J Quisquater. Public-key systems based on the difficulty of tampering. Advances in Cryptology-Crypto '86, LNCS 263, A. M. Odlyzko ed., pp. 111-117, Berlin: Springer-Verlag, 1987.
[76] H. Tanaka. A realization scheme for the identity-based cryptosystem. Advances in Cryptology-Crypto '87, LNCS 293, C. Pomerance ed., pp. 341-349, Berlin: Springer-Verlag, 1987.
[77] U. Maurer, Y. Yacobi. Non-interactive public-key cryptography. D W Davies. Advances in Cryptology- Eurocrypto '91, LNCS 547, D. W. Davies ed., pp. 498~507, Berlin: Springer-Verlag, 1992.
[78] D. Boneh, M. Franklin. Identity based encryption from the Weil pairing. Advances in Cryptology-Crypto'01, LNCS 2139, J Kilian ed., pp. 213~229 Berlin: Springer-Verlag, 2001.
[79] C. Cocks. An identity based encryption scheme based on quadratic residues. Advances in Cryptography and Coding, LNCS 2260, B. Honary ed., pp. 360-363, Berlin: Springer-Verlag, 2001.
[80] F. Zhang, K. Kim. [D-based blind signature and ring signature from pairings. Advances in Cryptology-Asiacrypt 2002, LNCS 2501, Y Zheng ed., pp. 533-547, Berlin: Springer-Verlag, 2002.
[81] F. Hess. Efficient identity based signature schemes based on pairings. Selected Areas in Cryptography Proceedings of SAC 2002, LNCS 2595, K. Nyberg ed., pp. 310-324, Berlin: Springer-Verlag, 2002.
[82] X. Boyen. Multipurpose Identity-Based signcryption: A Swiss Army Knife for Identity-Based Cryptography. Advances in Cryptology-Crypto 2003, LNCS 2729, D. Boneh ed., pp. 382-398, Berlin: Springer-Verlag, 2003.
[83] J. Cha, J. Cheon. An identity-based signature from Diffie-Hellman groups. Public Key Cryptography Proceedings of PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 18-30, Berlin: Springer-Verlag, 2003.
[84] X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. In Proceedings of CT-RSA '03, LNCS 2612, M. Joye ed., pp. 193-210, Berlin: Springer-Verlag, 2003.
[85] D. Boneh, X. Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles. Advances in Cryptology--Eurocrypt'2004, LNCS 3027, C. Cachin, and J. Cameniseh eds., pp. 223—238, Berlin: Springer-Verlag, 2004.
[86] C Gentry and A Silverberg. Hierarchical ID-based cryptography. Advances in Cryptology-Asiacrypt'02. LNCS 2501, Y. Zheng ed., pp. 548-566, Berlin: Springer-Verlag, 2002.
[87] J. Horwitz, B. Lynn. Toward hierarchical identity-based encryption. Advances in Cryptology-Eurocrypt 2002, LNCS 2332, L. Knudsen ed., pp. 466-481, Berlin: Springer-Verlag, 2002.
[88] R Anderson. Two remarks on public key cryptology. Invited Lecture, 4th ACM Conference on Computer and Communications Security. Zurich, 1997.
[89] M. Bellare and S. Miner. A forward-secure digital signature scheme. Advances in Cryptology-Crypto'99, LNCS 1666, M. Wiener ed., pp. 431-448, Berlin: Springer-Verlag, 1999.
[90] M. Abdalla and L. Reyzin. A new forward-secure digital signature scheme. Advances in Cryptology-Asiacrypt 2000, LNCS 1976, Okamoto T ed., pp. 116-129, Berlin: Springer-Verlag, 2000.
[91] H. Krawczyk. Simple forward-secure signatures for any signature scheme, Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 108-115, ACM Press 2000.
[92] G. Itkis and L. Reyzin. Forward-secure signatures with optimal signing and verifying. Advances in Cryptology- Crypto 2001, LNCS 2139, J. Kilian ed., pp. 499-514, Berlin: Springer-Verlag, 2001.
[93] A. Kozlov and L. Reyzin. Forward-secure signatures with fast key update. Security in Communication Network, LNCS 2576, S. Cimato,. C. Galdi, G. Persiano, eds., pp. 247-262, Berlin: Springer-Verlag, 2002.
[94] T. Malkin, D. Miceiancio, and S. K. Miner. Efficient generic forward-secure signatures with an unbounded number of time periods. Advances in Cryptology Eurocrypt 2002, LNCS 2332, L. Knudsen ed., pp. 400-417, Berlin: Springer-Verlag, 2002.
[95] R. Canetti, S. Halevi and J. Katz. A forward-secure public-key encryption scheme. Advances in Cryptology-Eurocrypt '03, LNCS 2656, E. Biham ed., pp. 255-271, Berlin: Springer-Verlag, 2003.
[96] F. Hu, C. H. Wu and Irwin. A new forward secure signature scheme using bilinear maps. Cryptology ePrint Archive, Report 2003/188, 2003.
[97] B G Kang, J H Park and S G Halm. A new forward secure signature scheme. Cryptology ePrint Archive, Report 2004/183, 2004.
[98] D. L. Vo and K. Kim. Yet another forward secure signature from bilinear pairings. The 8th Annual International Conference on Information Security and Cryptology. 2005.
[99] J. Camenisch and M. Koprowski. Fine-grained forward-secure signature schemes without random oracles. In international workshop on coding and cryptography. INRIA and ENSTA, 2003.
[100] R. Canetti, S. Halevi, and J. Katz. A forward-secure public-key encryption scheme, Advances in. Cryptology-EUROCRYPT 2003, LNCS 2656, E. Biham ed., pp. 255-271, Berlin: Springer-Verlag, 2003.
[101] D. Boneh, X. Boyen and E. J. Goh. Hierarchical Identity Based Encryption with Constant Size Ciphertext. Advances in Cryptology-Eurocrypt'05. LNCS 3494, R. Cramer ed., pp. 440-456. Berlin: Springer-Verlag, 2005.
[102] M. Bellare and B. Yee, Forward-security in private-key cryptography, Topics in Cryptology-CT-RSA, 2003, LNCS 2612, M. Joye ed., pp. 1-18, Berlin: Springer-Verlag, 2003.
[103] S. Chow, S. Yiu, L. Hui and K. Chow. Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. 6th International Conference on Information Security and CryptologyICISC'2003, LNCS 2971, JI Lim and DH Lee eds., pp. 352—369, Berlin: Springer-Verlag, 2004.
[104] N. McCullagh, P. Barreto. Efficient and Forward-Secure Identity-Based Signcryption. Cryptology ePrint Archive, Report 2004/117.
[105] D. Yao, and A. Lysyanskaya. Forward-Secure Hierarchical ID-Based Cryptography. Cryptology ePrint Archive, Report 2003/149.
[106] G. Itkis. Forward security adaptive cryptography: time evolution. 2005. At: www.cs.bu.edu/~itkis/pap/forward-secure-survey.pdf.
[107] C. H. Lim and P. J. Lee, More flexible exponentiation with precomputation, Advances in Cryptology-Crypto'94, LNCS 839, Y. Desmedt ed., pp. 95-107, Berlin: Springer-Vedag, 1994.
[108] C. Chu, L Liu, and W Tzeng. A Threshold GQ Signature Scheme. Cryptology ePrint Archive, Report 2003/016, 2003.
[109] Y. Frankel, P.D. Mackenzie, and M. Yung. Adaptively-secure optimal-resilience proactive RSA. Advances in Cryptotogy -ASIACRYPT'99, LNCS 1716, K. Lam, C. Xing, and E. Okamoto eds., pp. 180-194, Berlin: Springer-Verlag, 1999.
[110] Y. Dodis, J. Katz, S. Xu, and M. Yung, Key-insulated public key cryptosystems, Advances in Cryptology-Eurocrypt 2002, LNCS 2332, R. Knudsen ed., pp. 65-82, Berlin: Springer-Verlag, 2002
[111] Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature scheme, Advances in Public key Cryptography-PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 130-144, Berlin: Springer-Verlag, 2003.
[112] N. Gonzalez-Deleito, O. Markowitch and E. DallOlio. A New Key-Insulated Signature Scheme. In Proceedings of the 6th International Conference on Information and Communications Security (ICICS 2004), LNCS 3269, J. Lopez, S. Qing, and E.Okamoto Eds., pp. 465-479, Berlin: Springer-Verlag, 2004.
[113] X. Y. Guo, Q. Zhang, and C. J. Tang. On the Security of Two Key-Updating Signature Schemes. Australasian Conference on Information Security and Privacy,ACISP 2005, LNCS 3574, Boyd et al. eds., pp. 506-517, Berlin: Springer-Verlag.
[114] Y. Dodis, M. Franklin, J.Katz, A. Miyaji, and M. Yung. Intrusion resilient public-key encryption, Topics in Cryptology-CT-RSA 2003, LNCS 2612, M. Joye ed.,pp. 19-32, Berlin: Springer-Verlag, 2003.
[115] Y. Dodis, M. Franklin, J.Katz, A. Miyaji, and M. Yung. A Generic Construction for Intrusion-Resilient Public-Key Encryption. In: CT-RSA 2004, LNCS 2964, T.Okamoto ed., pp. 81-98. Berlin: Springer-Verlag, 2004.
[116] G. Itkis. Intrusion-resilient signature: Generic constructions, or Defeating a strong adversary with minimal assumption. Security in communication Networks, LNCS 2576,S. Cimato ed., pp. 102-118, Berlin: Springer-Verlag, 2002.
[117] G. Itkis and L. Reyzin. SiBIR: Signer-base intrusion-resilient signatures, Advances in Cryptology- CRYPTO 2002, LNCS 2442, M. Yung ed., pp. 499-514, Berlin:Springer-Verlag, 2002.
[118] R. Perlman and C. Kaufman. Secure Password-Based Protocol for Downing a Private Key, Proc. 1999 Network and Distributed System Security Symposium, Internet Society, 1999.
[119] W. Ford and B. Kaliski. Server-Assisted Generation of a Strong Secret from a Password. Proc.9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, IEEE, 2000.
[120] D. Jablon. Password Authentication Using Multiple Servers. CT-RSA2001, LNCS 2020, D. Naccache ed., pp. 344-360, Berlin: Springer-Verlag, 2001.
[121] S. Lee, K. Han, S. Kang, K. Kim. Threshold Password-Based Authentication Using Bilinear Pairings. EuroPKI 2004, pp. 350-363, 2004.
[2] National Bureau of Stardards. Data Encrypton. FIPS PUB 46, National Bureau of Stardards, Washington, D.C Jan., 1977
[3] http://www.nist.gov/aes/.
[4] R. L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 1978, 21(2): 120-126.
[5] T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, 31:469-472.
[6] C. P. Schnorr. Efficient Signature Generation ofr Smart Cards. Journal of Cryptology,1991, 4(30): 239-252.
[7] Digital Signature Standard(DSS). Federal Information Procee Sing Standards Pbulication (FIPS PUB 186). U.S. Department of Commerce/NIST, National Technical Information Service. Springfield, Virginia, 1994.
[8] M. O. Rabin. Digital Signatures and Public-key Functions as Factorization. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212. Jan., 1979.
[9] X. Y. Wang. Collisions for Some Hash Functions MD4, MD5, HAVAL-128,RIPEMD, Crypto'04,2004.
[10] Xiaoyun Wang, Hongbo Yu, and Yiqun Lisa Yin. Efficient Collision Search Attacks on SHA-0,Crypto'05, 2005.
[11] Xiaoyun Wang, Yiqun Yin, and Hongbo Yu. Finding Collisions in the Full SHA-1 Collision Search Attacks on SHA1, Crypto'05, 2005.
[12] X. Y. Wang, X. J. Lai etc, Cryptanalysis for Hash Functions MD4 and RIPEMD,Eurocrypto'05, 2005.
[13] X. Y. Wang, and Hongbo Yu, How to Break MD5 and Other Hash Functions, Eurocrypto'05, 2005.
[14] D. Chaum, and T. P. Pedersen. Transferred cash grows in size. Advance in Cryptology-Eurocrypt'92 Proceedings, LNCS 658, R. A. Rueppel ed., pp. 390-407,Berlin: Springer-Verlag, 1992.
[15] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pp. 62-73, 1993.
[16] A. Fiat and A. Shamir. How to prove yourself: Practical Solutions to identification and signature problems. Advance in Cryptology-Crypto'86 Proceedings, LNCS 263, A.Odlyzko ed., pp. 186-194, Berlin: Springer-Verlag, 1986.
[17] A. Shamir. How to Share a Secret. Communications of the ACM, 22(11): 612-613,1979.
[18] G. R. Blakley. Safeguarding cryptographic keys. In Proc. AFIPS 1979 National Computer Conference, pp. 313-317. AFIPS, 1979.
[19] J. Benaloh, J. Leichter. Generalized secret sharing and monotone functions.Advances in Cryptology- Crypto'88, LNCS 403, S. Goldwasser, pp. 27-35, Berlin:Springer-Verlag, 1989.
[20] G. R. Blakley, G. A. Kabatianski. On general perfect secret sharing schemes,Advances in Cryptology- Crypto'95, LNCS 963, D. Coppersmith ed., pp. 367-371,1995.
[21] R.G.Bleuikli, G. A. Kabatyanskiuli. Generalized ideal secret sharing schemes and matroids, Problems Infrom, Transmission, 33, 1997:277-284.
[22] H. Y. Lin, L. Ham. A generalized secret sharing scheme with cheater detection,Advances in Cryptology- Asiacrypt'91, LNCS 739, H. Imai, R. Rivest, and T.Matsumoto eds., pp. 149-158, Berlin: Springer-Verlag, 1993.
[23] M. Ito, A. Saito, and T. Nishizeki. Secret sharing scheme realizing general access structure, Eletron. Comm. Eletron. Sci, 72, 1989, 56-63.
[24] B. Chor, S. Goldwasser, S. Micali., and B. Werbuch. Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. In: Proc. 26th IEEE Symposium on Foundations of Computer Sciences(FOCS'85). Los Angeles: IEEE Computer Society,1985, 383-395.
[25] P. Feldman. A Pratical Scheme for Non-Interactive Verifiable Secret Sharing. In Proc. 28th Annual FOCS, pages 427-437. IEEE, 1987.
[26] T. P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Advances in Cryptology-Crypto'91, LNCS 576, J. Feigenbaum ed., pp.129-140, Berlin: Springer-Verlag 1992
[27] R. Gennaro, M. O. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In 17th ACM Symposium Annual on Principles of Distributed Computing, pp. 101-111, Puerto Vallarta, Mexico,1998.
[28] Y. Frankel, P.D. Mackenzie, and M. Yung. Robust efficient distributed RSA-key generation. In Proceedings of the 30th Annual ACM Symposium on the Theory of Computing (STOC'98), pp. 663-672. ACM, 1998.
[29] R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin. Secure distributed key generation for discrete-log based cryptosystems. Advances in Cryptology-Eurocrypt'99,LNCS 1592, J. Stern ed., pp. 295-310, Berlin: Springer-Verlag, 1999.
[30] A.C.Yao. Protocols for secure computations. In Proc. 23rd IEEE Symp. On the Foundation of Computer Science, pp. 160-164. IEEE, 1982.
[31] O. Goldreich, S. Micali, and A. Wigderson. How to Play Any Mental Game. In:Proc. 19th ACM Symposium on the Theory of Computing (STOC'87). pp. 218-229,IEEE, 1987.
[32] D.Chaum, C.Crepeau, and I.Damgard. Multiparty unconditionally secure protocols (extended abstract). In Proc. 20th ACM Symp. On the Theory of Computing,pp.11-19,1988.
[33] S.Goldwasser and L.Levin. Fair computation of general functions in presence of immoral majority. In Advances in Cryptology-CRYPTO' 90. LNCS 537. A. Menezes and S. Vanstone eds., pp. 77-93, Berlin: Springer-Verlag, 1990.
[34] M. K. Franklin and M. K. Reiter, The design and implementation of a secure auction service, IEEE Trans, on Software Engineering, 22(5), 1996, pp. 302-312.
[35] M.jakobsson and A.Juels. Millimix:Mixing in small batches, DIMACS Technical Report 99-33,1999.
[36]M. Abe. A mix-network on permutation networks. ASLACRYPT'99, LNCS 1716,K.Y.lam, C.Xing, and E.Okamoto eds., pp. 258-273, Berlin: Springer-Verlag,1999.
[37] M.jakobsson and A.Juels. Mix and Match:Secure Function Evaluation via Ciphertexts. In Advances in Cryptology-ASIACRYPT 2000, LNCS 1976, T. Okamoto,pp. 162-177, Berlin: Springer-Verlag, 2000.
[38] B. Schoenmakers. A simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting. Advances in Cryptology- Crypto'99, LNCS 1666, M.Wiener ed., pp. 148-164, Berlin: Springer-Verlag, 1999.
[39] M. Stadler. Public verifiable secret sharing, Advances in Cryptology-EUROCRYPT'96, LNCS 1070, U. Maurer ed., pp.190-199, Berlin: Springer-Verlag,1996.
[40] E. Fujisaki, T. Okamoto. A practical and provably secure scheme for publicly verifiable secret shaing and its applications. Advances in Cryptology- Eurocrypt'98,LNCS 1403, Berlin: Springer-Verlag, 1998, 32-47.
[41] A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, Proactive Secret Sharing, or: how to cope with perpetual leakage, Advances in Crytptolgy-Crypto'95, LNCS 963, D.Coppersmith ed., pp. 339-352, Berlin: Springer-Verlag, 1995.
[42] R. Ostrovsky and M. Yung. How to withstand mobile virus attacks, Proc. Of the 10th ACM Symposium on the Principles in Distributed Computing, pp. 51-61,1991.
[43] D. Chaum, and E. Heyst. Group Signatures, In: ed., Advances in Cryptology-Eurocrypt'91 Proceeding. LNCS 547, D.W. Davies ed., pp. 257-265, Berlin:Springer-Verlag, 1991.
[44] A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung, Proactive Public Key and Signature Systems. In 1997 ACM Conference on Computers and Communication Security, pp. 100-110, 1997.
[45] R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Robust Threshold DSS Signatures.Advances in Cryptology-Eurocrypt'96. LNCS 1070, U. Maurer ed., pp. 354-371, Berlin:Spinger-Verlag, 1996.
[46] Y. Frankel, P. Gemmell, P. Machkenzie, and M. Yung. Proactive RSA. Advances in Cryptology- Crypto'97, LNCS 1294, B. Kaliski ed., pp. 440-454, Berlin:Springer-Verlag, 1997.
[47] Y. Frankel, P. Gemmell, P. Mackenzie, and M. Yung. Optimal resilience proactive Public-key cryptosystems. In Proc. 38th FOCS, pp. 384-393. IEEE, 1997.
[48] R. Rabin. A Simplified Approach to Threshold and Proactive RSA. Advances in Cryptology- CRYPTO'98, LNCS 1462, H. Krawczyk ed., pp. 89-104, Berlin:Springer-Verlag, 1998.
[49] S. Jarecki and N. Saxena. Further Simplifications in Proactive RSASignatures. TCC 2005, LNCS 3378, J. Kilian ed., pp. 510-528, Berlin: Springer-Verlag, 2005.
[50] R. Canetti, R.Gennaro, A. Herzberg, and D. Naor. Proactive Security: Long-term Protection Against Break-ins. CryptoBytes, 3(1): 1-8, 1997.
[51] C. Cachin. On-line secret sharing. Proc. Of the 5th IMA Conf. On Cryptography and Coding, LNCS 1025, C. Boyd ed., pp. 90-198. The Inst. Of Mathematics and its Application, Berlin: Springer-Verlag, 1995.
[52] M Vails, J Villar, E Marquez. Efficient on-line secret sharing. International Meeting on Coding Theory and Cryptography. Valladolid, Spain. 1999.
[53] B. Blakley, G. R. Blakley, A. H. Chan, and J. L. Massey. Threshold schemes with disenrollment. Advances in Cryptology- Crypto'1992, LNCS 740, E. F. Brickell, ed., pp.540-548. Berlin: Springer-Verlag, 1992.
[54] K. M. Martin, R. S. Naini, H. Wang. Bounds and Techniques for Efficient Redistribution of Secret Shares to New Access Structures. Comput. J. 42 (8):638-649,1999.
[55] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its application. Technical Report ISSE TR-97-01, George Mason University, Fairfax,VA, July 1997.
[56] T. M. Wong, C. Wang, J. M. Wing Verifiable Secret Redistribution, Carnegie Mellon University, Tech Rep: CMU-CS-02-114-R, 2002.http://reports-archive.adm.cs.cmu.edu/anon /2002/ CMU-CS-02-114.pdf.
[57] T. M. Wong, C. Wang, J. M. Wing. Verifiable secret redistribution for archive systems. Proceeding of the 1st International IEEE Security in Storage Workshop, pp.94-106, New York: IEEE Press, 2002.
[58] Y. Desmedt, Y. Frankel . Threshold Cryptosystems. Advances in Cryptology-Crypto'89, LNCS 435, G. Brassard ed., pp. 307-315, Berlin: Springer - Verlag, 1990.
[59] T.P. Pedersen. A threshold cryptosystem without a trusted party. Advances in Cryptology, Advances in Cryptology- Eurocrypt'91, LNCS 547, D. W. Davies ed., pp.335-356, Berlin: Springer-Verlag, 1979.
[60] D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Advances in Cryptology- Crypto'97, LNCS 1294, B. S. Kaliski ed., pp. 425-439. Berlin:Springer-Verlag, 1997.
[61] Y. Desmedt, Y. Frankel. Shared Generation of Authenticators and Signatures.Advanced Cryptology- Crypto'91 Proceedings, LNCS 576, G. Fergenbaum ed., pp.457-469, Berlin: Springer-Verlag, 1992.
[62] R. Gennaro, S. Jarecki, H. krawczyk, T. Rabin. Robust and Efficient Sharing of RSA Functions. Advances in Cryptology- Crypto'96, LNCS 1009, N. Koblitz ed., pp.157-172, Berlin: Springer-Verlag, 1996.
[63] A. De. Satia, Y Desmedt, Y Frankel, M.Yung. How to Share a Function Securely. In Proc: 26th ACM Symposium On Theory of Computing. Santa Fe: IEEE, 1994. 522-533.
[64] V. Shoup. Practical Threshold Signature. In: Advances in Cryptology-Eurocrypt 2000. LNCS 1807, B. Preneel ed., pp. 207-220, Berlin: Spinger-Verlag, 2000.
[65] B. Libert, J. J. Quisquater, Efficient revocation and threshold pairing based cryptosystems. Symposium on Principles of Distributed Computing -- PODC'2003, 2003.
[66] J. Baek and Y. Zheng. Identity-Based threshold decryption. Public Key Cryptography Proceedings of PKC 2004, LNCS 2947, F. Bao ed., pp. 262-276, Berlin:Springer-Verlag, 2004.
[67] X. F. Chen, F. G. Zhang, D. M. Konidala and K. Kim. New ID-Based Threshold Signature Scheme from Bilinear Pairings. INDOCRYPT 2004, LNCS 3348, A. Canteaut and K. Viswanathan Eds., pp. 371-383, Berlin: Springer-Verlag, 2004.
[68] S. S. Duan, Z. F. Cao, R. X. Liu. Robust ID-based Threshold Signcryption Scheme From Pairings. Proceedings of the 3rd international conference on Information security, ACM Press. 2004, 33-37.
[69] S. S. M. Chow, L. C. K. Hui, S. M. Yiu, "Identity Based Threshold Ring Signature," Cryptology ePrint Archive, Report 2004/179, 2004.
[70] D. L. Vo, F. Zhang, K. Kim. A New Threshold Blind Signature Scheme from Pairings, 2003 Symposium on Cryptography and Information Security (SCIS2003), pp. 233-238, 2003.
[71] J. Xu, Z. F. Zhang, and D. G. Feng. Identity Based Threshold Proxy Signature. Cryptology ePrint Archive, Report 2004/250.
[72] M. Abdalla, S. Miner, and C. Namprempre, Forward-secure threshold signature schemes, Topics in Cryptology-CT-RSA 2001, LNCS 2020, D. Naccache ed., pp. 441-456, Berlin: Springer-Verlag, 2001.
[73] Zhi-Jia Tzeng and Wen-Guey Tzeng. Robust forward signature schemes with proactive security. In Proceedings of the Public-Key Cryptography(PKC'01), LNCS 1992, K. Kim ed., pp. 264-276, Berlin: Springer-Verlag, 2001.
[74] A Shamir. Identity-based cryptosystems and signature schemes. B Blakely. Advances in Cryptology-Crypto'84, LNCS 196, D. Pitt et al. eds., pp. 47-53, Berlin: Springer-Verlag, 1984.
[75] Y Desmedt, J Quisquater. Public-key systems based on the difficulty of tampering. Advances in Cryptology-Crypto '86, LNCS 263, A. M. Odlyzko ed., pp. 111-117, Berlin: Springer-Verlag, 1987.
[76] H. Tanaka. A realization scheme for the identity-based cryptosystem. Advances in Cryptology-Crypto '87, LNCS 293, C. Pomerance ed., pp. 341-349, Berlin: Springer-Verlag, 1987.
[77] U. Maurer, Y. Yacobi. Non-interactive public-key cryptography. D W Davies. Advances in Cryptology- Eurocrypto '91, LNCS 547, D. W. Davies ed., pp. 498~507, Berlin: Springer-Verlag, 1992.
[78] D. Boneh, M. Franklin. Identity based encryption from the Weil pairing. Advances in Cryptology-Crypto'01, LNCS 2139, J Kilian ed., pp. 213~229 Berlin: Springer-Verlag, 2001.
[79] C. Cocks. An identity based encryption scheme based on quadratic residues. Advances in Cryptography and Coding, LNCS 2260, B. Honary ed., pp. 360-363, Berlin: Springer-Verlag, 2001.
[80] F. Zhang, K. Kim. [D-based blind signature and ring signature from pairings. Advances in Cryptology-Asiacrypt 2002, LNCS 2501, Y Zheng ed., pp. 533-547, Berlin: Springer-Verlag, 2002.
[81] F. Hess. Efficient identity based signature schemes based on pairings. Selected Areas in Cryptography Proceedings of SAC 2002, LNCS 2595, K. Nyberg ed., pp. 310-324, Berlin: Springer-Verlag, 2002.
[82] X. Boyen. Multipurpose Identity-Based signcryption: A Swiss Army Knife for Identity-Based Cryptography. Advances in Cryptology-Crypto 2003, LNCS 2729, D. Boneh ed., pp. 382-398, Berlin: Springer-Verlag, 2003.
[83] J. Cha, J. Cheon. An identity-based signature from Diffie-Hellman groups. Public Key Cryptography Proceedings of PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 18-30, Berlin: Springer-Verlag, 2003.
[84] X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. In Proceedings of CT-RSA '03, LNCS 2612, M. Joye ed., pp. 193-210, Berlin: Springer-Verlag, 2003.
[85] D. Boneh, X. Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles. Advances in Cryptology--Eurocrypt'2004, LNCS 3027, C. Cachin, and J. Cameniseh eds., pp. 223—238, Berlin: Springer-Verlag, 2004.
[86] C Gentry and A Silverberg. Hierarchical ID-based cryptography. Advances in Cryptology-Asiacrypt'02. LNCS 2501, Y. Zheng ed., pp. 548-566, Berlin: Springer-Verlag, 2002.
[87] J. Horwitz, B. Lynn. Toward hierarchical identity-based encryption. Advances in Cryptology-Eurocrypt 2002, LNCS 2332, L. Knudsen ed., pp. 466-481, Berlin: Springer-Verlag, 2002.
[88] R Anderson. Two remarks on public key cryptology. Invited Lecture, 4th ACM Conference on Computer and Communications Security. Zurich, 1997.
[89] M. Bellare and S. Miner. A forward-secure digital signature scheme. Advances in Cryptology-Crypto'99, LNCS 1666, M. Wiener ed., pp. 431-448, Berlin: Springer-Verlag, 1999.
[90] M. Abdalla and L. Reyzin. A new forward-secure digital signature scheme. Advances in Cryptology-Asiacrypt 2000, LNCS 1976, Okamoto T ed., pp. 116-129, Berlin: Springer-Verlag, 2000.
[91] H. Krawczyk. Simple forward-secure signatures for any signature scheme, Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 108-115, ACM Press 2000.
[92] G. Itkis and L. Reyzin. Forward-secure signatures with optimal signing and verifying. Advances in Cryptology- Crypto 2001, LNCS 2139, J. Kilian ed., pp. 499-514, Berlin: Springer-Verlag, 2001.
[93] A. Kozlov and L. Reyzin. Forward-secure signatures with fast key update. Security in Communication Network, LNCS 2576, S. Cimato,. C. Galdi, G. Persiano, eds., pp. 247-262, Berlin: Springer-Verlag, 2002.
[94] T. Malkin, D. Miceiancio, and S. K. Miner. Efficient generic forward-secure signatures with an unbounded number of time periods. Advances in Cryptology Eurocrypt 2002, LNCS 2332, L. Knudsen ed., pp. 400-417, Berlin: Springer-Verlag, 2002.
[95] R. Canetti, S. Halevi and J. Katz. A forward-secure public-key encryption scheme. Advances in Cryptology-Eurocrypt '03, LNCS 2656, E. Biham ed., pp. 255-271, Berlin: Springer-Verlag, 2003.
[96] F. Hu, C. H. Wu and Irwin. A new forward secure signature scheme using bilinear maps. Cryptology ePrint Archive, Report 2003/188, 2003.
[97] B G Kang, J H Park and S G Halm. A new forward secure signature scheme. Cryptology ePrint Archive, Report 2004/183, 2004.
[98] D. L. Vo and K. Kim. Yet another forward secure signature from bilinear pairings. The 8th Annual International Conference on Information Security and Cryptology. 2005.
[99] J. Camenisch and M. Koprowski. Fine-grained forward-secure signature schemes without random oracles. In international workshop on coding and cryptography. INRIA and ENSTA, 2003.
[100] R. Canetti, S. Halevi, and J. Katz. A forward-secure public-key encryption scheme, Advances in. Cryptology-EUROCRYPT 2003, LNCS 2656, E. Biham ed., pp. 255-271, Berlin: Springer-Verlag, 2003.
[101] D. Boneh, X. Boyen and E. J. Goh. Hierarchical Identity Based Encryption with Constant Size Ciphertext. Advances in Cryptology-Eurocrypt'05. LNCS 3494, R. Cramer ed., pp. 440-456. Berlin: Springer-Verlag, 2005.
[102] M. Bellare and B. Yee, Forward-security in private-key cryptography, Topics in Cryptology-CT-RSA, 2003, LNCS 2612, M. Joye ed., pp. 1-18, Berlin: Springer-Verlag, 2003.
[103] S. Chow, S. Yiu, L. Hui and K. Chow. Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. 6th International Conference on Information Security and CryptologyICISC'2003, LNCS 2971, JI Lim and DH Lee eds., pp. 352—369, Berlin: Springer-Verlag, 2004.
[104] N. McCullagh, P. Barreto. Efficient and Forward-Secure Identity-Based Signcryption. Cryptology ePrint Archive, Report 2004/117.
[105] D. Yao, and A. Lysyanskaya. Forward-Secure Hierarchical ID-Based Cryptography. Cryptology ePrint Archive, Report 2003/149.
[106] G. Itkis. Forward security adaptive cryptography: time evolution. 2005. At: www.cs.bu.edu/~itkis/pap/forward-secure-survey.pdf.
[107] C. H. Lim and P. J. Lee, More flexible exponentiation with precomputation, Advances in Cryptology-Crypto'94, LNCS 839, Y. Desmedt ed., pp. 95-107, Berlin: Springer-Vedag, 1994.
[108] C. Chu, L Liu, and W Tzeng. A Threshold GQ Signature Scheme. Cryptology ePrint Archive, Report 2003/016, 2003.
[109] Y. Frankel, P.D. Mackenzie, and M. Yung. Adaptively-secure optimal-resilience proactive RSA. Advances in Cryptotogy -ASIACRYPT'99, LNCS 1716, K. Lam, C. Xing, and E. Okamoto eds., pp. 180-194, Berlin: Springer-Verlag, 1999.
[110] Y. Dodis, J. Katz, S. Xu, and M. Yung, Key-insulated public key cryptosystems, Advances in Cryptology-Eurocrypt 2002, LNCS 2332, R. Knudsen ed., pp. 65-82, Berlin: Springer-Verlag, 2002
[111] Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature scheme, Advances in Public key Cryptography-PKC 2003, LNCS 2567, Y. Desmedt ed., pp. 130-144, Berlin: Springer-Verlag, 2003.
[112] N. Gonzalez-Deleito, O. Markowitch and E. DallOlio. A New Key-Insulated Signature Scheme. In Proceedings of the 6th International Conference on Information and Communications Security (ICICS 2004), LNCS 3269, J. Lopez, S. Qing, and E.Okamoto Eds., pp. 465-479, Berlin: Springer-Verlag, 2004.
[113] X. Y. Guo, Q. Zhang, and C. J. Tang. On the Security of Two Key-Updating Signature Schemes. Australasian Conference on Information Security and Privacy,ACISP 2005, LNCS 3574, Boyd et al. eds., pp. 506-517, Berlin: Springer-Verlag.
[114] Y. Dodis, M. Franklin, J.Katz, A. Miyaji, and M. Yung. Intrusion resilient public-key encryption, Topics in Cryptology-CT-RSA 2003, LNCS 2612, M. Joye ed.,pp. 19-32, Berlin: Springer-Verlag, 2003.
[115] Y. Dodis, M. Franklin, J.Katz, A. Miyaji, and M. Yung. A Generic Construction for Intrusion-Resilient Public-Key Encryption. In: CT-RSA 2004, LNCS 2964, T.Okamoto ed., pp. 81-98. Berlin: Springer-Verlag, 2004.
[116] G. Itkis. Intrusion-resilient signature: Generic constructions, or Defeating a strong adversary with minimal assumption. Security in communication Networks, LNCS 2576,S. Cimato ed., pp. 102-118, Berlin: Springer-Verlag, 2002.
[117] G. Itkis and L. Reyzin. SiBIR: Signer-base intrusion-resilient signatures, Advances in Cryptology- CRYPTO 2002, LNCS 2442, M. Yung ed., pp. 499-514, Berlin:Springer-Verlag, 2002.
[118] R. Perlman and C. Kaufman. Secure Password-Based Protocol for Downing a Private Key, Proc. 1999 Network and Distributed System Security Symposium, Internet Society, 1999.
[119] W. Ford and B. Kaliski. Server-Assisted Generation of a Strong Secret from a Password. Proc.9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, IEEE, 2000.
[120] D. Jablon. Password Authentication Using Multiple Servers. CT-RSA2001, LNCS 2020, D. Naccache ed., pp. 344-360, Berlin: Springer-Verlag, 2001.
[121] S. Lee, K. Han, S. Kang, K. Kim. Threshold Password-Based Authentication Using Bilinear Pairings. EuroPKI 2004, pp. 350-363, 2004.