代理重加密体制的研究
|
摘要
代理重加密(Proxy Re-Encryption)是由密码学家Blaze, Bleumer和Strauss在Eurocrypt’98上提出的一个密码学概念。在代理重加密系统中,代理者(proxy)在获得由授权人(delegator)产生的针对被授权人(delegatee)的转换钥(即代理重加密密钥)后,能够将原本加密给授权人的密文转换为针对被授权人的密文,然后被授权人只需利用自己的私钥就可以解密该转换后的密文。代理重加密能够进一步保证:虽然代理者拥有转换钥,他依然无法获取关于密文中对应明文的任何信息。代理重加密在很多场合有着广泛的应用,如数字版权保护、分布式文件系统、加密垃圾邮件过滤、云计算等等。本文对代理重加密体制展开了深入的研究,取得了如下的研究成果:
1.传统的代理重加密允许代理者对授权人的所有密文进行转换,因而无法较好地控制代理者的转换能力。为了解决这一问题,翁健等人提出了条件代理重加密(Conditional Proxy Re-Encryption,C-PRE)的概念,在C-PRE中,只有当密文符合某种条件时,代理才可以成功地对该密文进行转换。本文对条件代理重加密的形式化定义和安全模型作了进一步的研究,给出了更完善的形式化定义和安全模型,在此基础上提出了一个更加高效的选择密文安全的条件代理重加密方案。所提方案在随机预言机模型下达到了可证明安全,并在通信开销和运算代价两方面均具有较明显的优势。2.目前学界对条件代理重加密的研究大多局限于公钥基础设施环境中。本
文探讨了如何构建基于身份的条件代理重加密(Identity-Based ConditionalProxy Re-Encryption,IBCPRE)方案,形式化地给出基于身份的条件代理重加密的定义和安全模型。在此基础上,成功构造了两个IBCPRE方案,分别在在标准模型下选择身份(selective-ID)安全和标准模型下完全(Adaptvie-ID)安全。
3.目前的PRE方案大部分都是基于传统的公钥加密(PKE)和基于身份的加密(IBE)来构造的。为了克服PKI中的证书管理问题和基于身份公钥系统中的密钥托管问题(例如,可信第三方KGC可以解密任何IBE方案中的密文)。本文对无证书环境下代理重加密(Certifcateless ProxyRe-Encryption,CL-PRE)的安全模型做了进一步的研究,在此基础上,提出了具体的无证书代理重加密方案。并在随机预言机模型下证明了方案的安全性。
In Eurocrypt’98, Blaze, Bleumer and Strauss introduced the concept of Proxy Re-Encryption (PRE). In a PRE system, the proxy is given a re-encryption key so thatit is able to transform a ciphertext under the public key of delegator into a ciphertextwhich is forwarded to another user. However, this proxy acquires no knowledge ofthese two ciphertexts both of which are encryptions of the same plaintext. There aremany practical applications of PRE in real life, such as digital rights management,distributed fle systems, outsourced fltering of encrypted spam, and cloud computing.In this paper, we study on proxy re-encryption schemes, and achieve the followingresults:
1. Traditional PRE enables the proxy to convert all of delegator’s ciphertexts, with-out any discrimination, so it can not implement fne-grained delegation of de-cryption rights. To address this issue, Jian Weng and others introduced the no-tion of conditional proxy re-encryption (C-PRE), in such systems, ciphertextsare generated with respect to a certain condition, and the proxy can translate aciphertext only if the associated condition is satifed. In this paper we reformal-ize more rigorous defnition and security notions for C-PRE, and then propose amore efcient C-PRE scheme. Our scheme is, in the random oracle model, prov-able secure. Furthermore, the scheme has obvious advantages in communicationoverhead and computational cost.
2. The existing conditions proxy re-encryption research is mostly limited to the en-vironment of a public key infrastructure.In this paper, we discuss how to con-structidentity-basedconditionalproxyre-encryption(IBCPRE)scheme, formal-ize the formal defnition and security model of identity-based conditional proxyre-encryptionandsecuritymodel, andthenproposetwoIBCPREschemes:oneis selective-ID security without random oracle model, and the other is adaptive-IDsecurity without random oracle model.
3. Although, lots of PRE schemes have been proposed, the majority of them arebased on either traditional public key encryption (PKE) or identity-based en-cryption (IBE). However, it is well known that traditional PKE sufers from theproblems of certifcate management, like revocation, and IBE has inherent keyescrowproblem(forexample, theKeyGenerationCenter(KGC)candecryptanyciphertext in an IBE scheme). In this paper, we reformalize more rigorous secu-rity notions for certifcateless proxy re-encryption (CL-PRE), and then proposeCL-PRE scheme. Our scheme is, in the random oracle, provable secure.
1.传统的代理重加密允许代理者对授权人的所有密文进行转换,因而无法较好地控制代理者的转换能力。为了解决这一问题,翁健等人提出了条件代理重加密(Conditional Proxy Re-Encryption,C-PRE)的概念,在C-PRE中,只有当密文符合某种条件时,代理才可以成功地对该密文进行转换。本文对条件代理重加密的形式化定义和安全模型作了进一步的研究,给出了更完善的形式化定义和安全模型,在此基础上提出了一个更加高效的选择密文安全的条件代理重加密方案。所提方案在随机预言机模型下达到了可证明安全,并在通信开销和运算代价两方面均具有较明显的优势。2.目前学界对条件代理重加密的研究大多局限于公钥基础设施环境中。本
文探讨了如何构建基于身份的条件代理重加密(Identity-Based ConditionalProxy Re-Encryption,IBCPRE)方案,形式化地给出基于身份的条件代理重加密的定义和安全模型。在此基础上,成功构造了两个IBCPRE方案,分别在在标准模型下选择身份(selective-ID)安全和标准模型下完全(Adaptvie-ID)安全。
3.目前的PRE方案大部分都是基于传统的公钥加密(PKE)和基于身份的加密(IBE)来构造的。为了克服PKI中的证书管理问题和基于身份公钥系统中的密钥托管问题(例如,可信第三方KGC可以解密任何IBE方案中的密文)。本文对无证书环境下代理重加密(Certifcateless ProxyRe-Encryption,CL-PRE)的安全模型做了进一步的研究,在此基础上,提出了具体的无证书代理重加密方案。并在随机预言机模型下证明了方案的安全性。
In Eurocrypt’98, Blaze, Bleumer and Strauss introduced the concept of Proxy Re-Encryption (PRE). In a PRE system, the proxy is given a re-encryption key so thatit is able to transform a ciphertext under the public key of delegator into a ciphertextwhich is forwarded to another user. However, this proxy acquires no knowledge ofthese two ciphertexts both of which are encryptions of the same plaintext. There aremany practical applications of PRE in real life, such as digital rights management,distributed fle systems, outsourced fltering of encrypted spam, and cloud computing.In this paper, we study on proxy re-encryption schemes, and achieve the followingresults:
1. Traditional PRE enables the proxy to convert all of delegator’s ciphertexts, with-out any discrimination, so it can not implement fne-grained delegation of de-cryption rights. To address this issue, Jian Weng and others introduced the no-tion of conditional proxy re-encryption (C-PRE), in such systems, ciphertextsare generated with respect to a certain condition, and the proxy can translate aciphertext only if the associated condition is satifed. In this paper we reformal-ize more rigorous defnition and security notions for C-PRE, and then propose amore efcient C-PRE scheme. Our scheme is, in the random oracle model, prov-able secure. Furthermore, the scheme has obvious advantages in communicationoverhead and computational cost.
2. The existing conditions proxy re-encryption research is mostly limited to the en-vironment of a public key infrastructure.In this paper, we discuss how to con-structidentity-basedconditionalproxyre-encryption(IBCPRE)scheme, formal-ize the formal defnition and security model of identity-based conditional proxyre-encryptionandsecuritymodel, andthenproposetwoIBCPREschemes:oneis selective-ID security without random oracle model, and the other is adaptive-IDsecurity without random oracle model.
3. Although, lots of PRE schemes have been proposed, the majority of them arebased on either traditional public key encryption (PKE) or identity-based en-cryption (IBE). However, it is well known that traditional PKE sufers from theproblems of certifcate management, like revocation, and IBE has inherent keyescrowproblem(forexample, theKeyGenerationCenter(KGC)candecryptanyciphertext in an IBE scheme). In this paper, we reformalize more rigorous secu-rity notions for certifcateless proxy re-encryption (CL-PRE), and then proposeCL-PRE scheme. Our scheme is, in the random oracle, provable secure.
引文
[1] C. E. Shannon.Communication Theory of Communication. Bell Syst Tech.J.,Vol.28,pp.656-715,1949..
[2] W. Dife and M. Hellman, New directions in cryptography. IEEE Trans. Infor-mation Theory,1976,22, pp.644-654.
[3] R. L. Rivest, A. Shamir, and L. Aldleman. A menthod for obtaining digital sig-natures and public-key cryptosystems. Comm. of the ACM,21(1978),120-126.
[4] M. O. Rabin. Digital signatures and public-key functions as intractible as fac-torization. Technical report LCS/TR-212, MIT Labrary for Computer Science,1979.
[5] T. ElGamal. A public-key cryptosystem and a signature based on discrete loga-rithms. IEEE Tansactions on Information Theory,31(1985),469-472.
[6] N. Koblitz. Ellipic curve cryptosystems. Mathematics of Computation, Vol.48,pp.203-209,1987
[7] A. J. Menezes, P. C. van Oorschot and S. A. Vanstone. Handbook of AppliedCryptography, CRC Press,1997.
[8] V. M ller. Use of ellipitic curvers in cryptography. In Adcances in Cryptology-Crypto’85, LNCS218, pp.417-426. Springer-Verlag,
[9] A. Shamir. Identity-based cryptosystems and signature schemes. In Advanecs inCryptology-Crypto’84, LNCS196, pp.47-53. Springer-Verlag,1984.
[10] D. Boneh and M. Franklin. Identity based encryption from the Weil pairing. InAdvanecs in Cryptology-Crypto’01, LNCS2139, pp.213-229. Springer-Verlag,2001.
[11] C.Cocks. An identity based encryption scheme based on quadratic residues. InProc. of the8th IMA Int. Conf., pp.26-8,2001.
[12] R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key EncryptionScheme. In Advances in Cryptology-Eurocrypt’03, LNCS2656, pp.255-271.Springer-Verlag,2003.
[13] D. Boneh and X. Boyen. Efcient selective-ID secure identity-based encryptionwithout random oracles. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027,pp.223-238. Springer-Verlag,2004.
[14] D. Boneh and X. Boyen. Secure identity based encryption without random ora-cles.InAdvanecsinCryptology-Crypto’04,LNCS3152,pp.443-459.Springer-Verlag,2004.
[15] B. Waters. Efcient identity-based encryption without random oracles. In Ad-vanecs in Cryptology-Eurocrypt’05, LNCS3494, pp.114-127. Springer-Verlag,2005.
[16] C. Gentry. Practical identity-based encryption without random oracles. In Ad-vanecs in Cryptology-Eurocrypt’06, LNCS3027, pp.445-464. Springer-Verlag,2006.
[17] D. Boneh, C. Gentry and M. Hamburg. Space-Efcient Identity Based Encryp-tion Without Parings. In FOCS’07, pp.647-657. IEEE Computer Society,2007.
[18] S. S. Al-Riyami and K. Paterson. Certifcateless public key cryptography. InASIACRYPT2003, LNCS2894, pp.452-473. Springer-Verlag,2003.
[19] Al-Riyami, S.S., Paterson, K. CBE from CL-PKE: A generic construction andefcient scheme. In Proc. of PKC’05, LNCS3386, pp.398-415. Springer-Verlag,2005.
[20] Y. Shi and J. Li. Provable efcient certifcateless public key encryption. Cryp-tology ePrint Archive, Report2005/287,2005.
[21] Z. Cheng and R. Comley. Efcient certifcateless public key encryption. Cryp-tology ePrint Archive, Report2005/012,2005.
[22] J. Baek, R. Safavi-Naini, and W. Susilo. Certifcateless public key encryptionwithout pairing. In ISC’05, LNCS3650, pp.134-148. Springer-Verlag,2005.
[23] Y. Sun, F. Zhang and J. Baek. Strongly Secure Certifcateless Public Key En-cryption without Pair ing. In CANS’2007, LNCS4856, pp.194-208. Springer-Verlag,2007.
[24] B. Libert and J. Quisquater. On constructing certifcateless cryptosystems fromidentity based en cryption. In PKC2006, LNCS3958, pp.474-490. Springer-Verlag,2006.
[25] A. W. Dent. A survey of certifcateless encryption schemes and security models.Cryptology ePrint Archive, Report2006/211,2006.
[26] A. Dent, B. Libert, K. Paterson. Certifcateless encryption schemes strongly se-cure in the standard model. In Proc. of PKC2008, pp.344-359, Springer-Verlag,2008.
[27] M. Blaze, G. Bleumer, and M. Strauss. Divertible Protocols and Atomic ProxyCryptography. In advances in Cryptology-Eurocrypt’98, LNCS1403, pp.127-144, Springer-Verlag,1998.
[28] T. Smith. DVD Jon: buy DRM-less tracks from Apple iTunes. Available onlineat http://www.theregister.co.uk/2005/03/18/itunes pymusique,2005
[29] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. In Proc.of NDSS2005, pp.29-43,2005.
[30] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACMTransactions on Information and System Security (TISSEC),9(1):1-30, Febru-ary2006.
[31] A. Ivan, Y. Dodis. Proxy Cryptography Revisited. In Proc. of NDSS’03,2003.
[32] R.CanettiandS.Hohenberger.Chosen-CiphertextSecureProxyRe-Encryption.In Proceeding of ACM CCS2007, pp.185-194,2007.
[33] B. Libert and D. Vergnaud. Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption. In Proc. of PKC’08, LNCS4929, pp.360-379, Springer-Verlag,2008.
[34] J. Weng, M. Chen, Y. Yang, et al. CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles[J]. ScienceChina Information Sciences, Vol.53(3), pp.593-606,2010.
[35]翁健,陈泯融等.无需随机预言机的自适应攻陷模型下选择密文安全的单向代理重加密方案[J].中国科学:信息科学, Vol.40(2), pp.298-312,2010.
[36] R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-ciphertext secure proxy re-encryption without pairings. In CANS2008, LNCS5339, pp.1-17. Springer-Verlag,2008.
[37] J. Weng, R-H. Deng, S. Liu, et al. Chosen-ciphertext secure bidirectional proxyre-encryption schemes without pairings[J]. Information Sciences, Vol.180(24),pp.5077-5089,2010.
[38] J. Shao and Z. Cao. CCA-secure proxy re-encryption without pairings. In Proc.of PKC’09, LNCS5443, pp.357-376, Springer-Verlag,2009.
[39] S. Chow, J. Weng, Y. Yang, R-H. Deng. Efcient unidirectional proxy re-encryption. In AFRICACRYPT2010, LNCS6055, pp.316-332, Springer-Verlag,2010.
[40] X. Zhang, M. Chen, X. Li. Comments on Shao-Cao’s Unidirectional Prox-y Re-Encryption Scheme from PKC2009. Cryptology ePrint Archive, Report2009/344,2009.
[41] R. Canetti, O. Goldreich, and Shai Halevi. The random oracle methodology,revisited. In Proc. of STOC’98, pp.209-218,1998.
[42] T.Matsuda,R.Nishimaki,K.Tanaka.CCAproxyre-encryptionwithoutbilinearmaps in the standardmodel. n Proc. of PKC2010, pp.261-278, Springer-Verlag,2010.
[43] J. Weng, Y. Zhao, G. Hanaoka. On the security of a bidirectional proxy re-encryption scheme from PKC2010. In Proc. of PKC2011, pp.284-295,Springer-Verlag,2011.
[44] J. SUN, Y. HU. CCA-secure unidirectional proxy broadcast re-encryption in thestandard model[J]. Journal of Computational Information Systems, Vol.8(14),pp.5909-5916,2012.
[45] H.Wang, Z.Cao.MoreefcientCCA-secureunidirectionalproxyre-encryptionschemes without random oracles[J]. Security and Communication Networks,2012.
[46] G. Hanaoka, Y. Kawai, N. Kunihiro, et al. Generic construction of chosen ci-phertext secure proxy re-encryption. In Proc. of CT-RSA2012, LNCS7178, pp.349-364, Springer-Verlag,2012.
[47] T. Isshiki, M. Nguyen, K. Tanaka. Proxy Re-Encryption in a Stronger SecurityModel Extended from CT-RSA2012. In Proc. of CT-RSA2013, pp.277-293,Springer-Verlag,2013
[48]邵俊.代理重密码的研究[D].上海交通大学博士学位论文,2007.
[49] G. Ateniese, K. Benson, S. Hohenberger. Key-private proxy re-encryption. InProc. of CT-RSA’09, LNCS5473, pp.279-294, Springer-Verlag,2009.
[50] J. Shao, P. Liu, Y. Zhou. Achieving key privacy without losing CCA securi-ty in proxy re-encryption[J]. Journal of Systems and Software, Vol.85(3), pp.655–665,2011.
[51] W. Yau, R. Phan, S. Heng, et al. Proxy re-encryption with keyword search: newdefnitions and algorithms[J]. In Security Technology, Disaster Recovery andBusiness Continuity, Vol.122, pp.149-160,2010.
[52] J.Shao, Z. Cao, et al. Proxy re-encryption with keyword search[J]. InformationSciences, Vol.180(13), pp.2576-2587,2010.
[53] C.Sur, C.Jung, Y.Park, K.Rhee.Chosen-ciphertextsecurecertifcatelessproxyre-encryption. In Proc. of Communications and Multimedia Security’2010, pp.214-232,2010.
[54] N. Chandran, M. Chase, V. Vaikuntanathan. Functional re-encryption andcollusion-resistant obfuscation..Theory of Cryptography,pp.404–421,2012.
[55] Y. Yang, L. Gu, F. Bao. Addressing Leakage of Re-encryption Key in Proxy Re-encryption Using Trusted Computing[J]. Trusted Systems, pp.189-199,2011.
[56] Q. Tang. Type-based proxy re-encryption and its construction. In Proc. of In-docrypt’08, LNCS5365, pp.130-144. Springer-Verlag,2008.
[57] J. Weng, R. H. Deng, X. Ding, C.-K. Chu, and J. Lai. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proc. of ACM ASIACC-S’09, pp.322–332,2009.
[58] L. Fang, W. Susilo, J. Wang. Anonymous conditional proxy re-encryption with-out random oracle. In Proc. of ProvSec2009, LNCS5854, pp.47-60, Springer-Verlag,2009.
[59] J. Weng, Y. Yang, Q. Tang Q, et al. Efcient conditional proxy re-encryptionwith chosen-ciphertext security. In the12th Information Security Conference(ISC2009), LNCS5735, pp.151-166, Springer-Verlag,2009.
[60] L.Fang, W.Susilo, C.Ge, etal.Interactiveconditionalproxyre-encryptionwithfne grain policy[J]. Journal of Systems and Software, Vol.84(12), pp.2293-2302,2011.
[61] X. Jia, J. Shao, J. Jing J, et al. CCA-secure type-based proxy re-encryption withinvisible proxy. In Computer and Information Technology (CIT2010),, pp.1299-1305,2010.
[62] S. Vivek, S. Selvi, V. Radhakishan V, et al. Efcient conditional proxy re-encryption with chosen ciphertext security[J]. International Journal of NetworkSecurity and Its Applications(IJNSA), Vol.4(2), pp.179-199,2012.
[63] L.Fang,W.Susilo,C.Ge,etal.Chosen-ciphertextsecureanonymouscondition-al proxy re-encryption with keyword search[J]. Theoretical Computer Science,Vol.462, pp.39-58,2012.
[64] L. Fang L, J. Wang, C. Ge, et al. Fuzzy conditional proxy re-encryption[J]. SCI-ENCE CHINA Information Sciences, Vol.56(5),2013.
[65] A. Sahai and B. Waters. Fuzzy identity-based encryption. In Advanecs inCryptology-Eurocrypt’05, LNCS3494, pp.457-473. Springer-Verlag,2005.
[66] Q. Liu, C. Tan, et al. Reliable re-encryption in unreliable clouds. In Global T-elecommunications Conference (GLOBECOM2011), pp.1-5,2011.
[67] C. Chu, J. Weng, et al. Conditional proxy broadcast re-encryption. In ACISP2009, LNCS5594, pp.327–342, Springer-Verlag,2009
[68] X. Liang X, Z. Cao Z, H. Lin H, et al. Attribute based proxy re-encryption withdelegating capabilities. In ACM ASIACCS2009, pp.276-286,2009
[69] L.Fang, W.Susilo, etal.Hierarchicalconditionalproxyre-encryption[J]..Com-puter Standards&Interfaces,2012.
[70] M. Green M, G. Ateniese. Identity-based proxy re-encryption. In Proc. of AC-NS’07. LNCS4521, pp.288-306, Springer-Verlag,2007.
[71] C. Chu, W. Tzeng. Identity-based proxy re-encryption without random oracles..In Proc. of ISC’07, LNCS4779, pp.189-202, Springer-Verlag,2007.
[72] Q. Tang, P. Hartel, W. Jonker. Inter-domain identity-based proxy re-encryption.In Proc. of Information Security and Cryptology., pp.332-347,2009.
[73] J. Lai, W. Zhu, R-H. Deng, S. Liu and W. Kou. New constructions for identity-based unidirectional proxy re-encryption[J]. Journal of Computer Science andTechnology, Vol.25(4), pp.793-806,2010.
[74] L. Wang, L. Wang, M. Mambo and E. Okamoto. New identity-based proxyre-encryption schemes to prevent collusion attacks. In Proc. of Pairing-BasedCryptography-Pairing2010, LNCS6487, pp.327-346,2010.
[75] H.Wang,Z.Cao,L.Wang.Multi-useandunidirectionalidentity-basedproxyre-encryption schemes. Information Sciences, Vol.180(20), pp.4042-4059,2010.
[76] Z. WAN, J. WENG, X. LAI, et al. On the relation between identity-based proxyre-encryption and mediated identity-based encryption. J. Inf. Sci. Eng, pp.243-259,2011.
[77]楼圣铭,曹珍富.基于身份的门限多代理者的代理重加密方案.黑龙江大学自然科学学报, Vol.40(2), pp.298–312,2010.
[78] T. Matsuo. Proxy re-encryption systems for identity-based encryption. In Proc.of Pairing2007, LNCS4575, pp.247-267,2007.
[79] X. Wang, X. Yang X. On the Insecurity of an Identity Based Proxy Re-encryptionScheme[J].FundamentaInformaticae, Vol.98(2), pp.277-281,2010.
[80] T. Mizuno, H. Doi. Hybrid proxy re-encryption scheme for attribute-based en-cryption. In Inscrypt2009, LNCS6151, pp.288-302,2010.
[81] Y. Ren, D. Gu, S. Wang, X. Zhang. Hierarhical Identity-Based Proxy Re-encryption without Random Oracles. International Journal of Foundations ofComputer Science, Vol.21(6), pp.1049-1063,2010.
[82] J. Shao J, G. Wei, Y. Ling, M. Xie. Identity-based conditional proxy re-encryption. In Proc. of2011IEEE ICC2011,pp.1–5,2011.
[83] K. Emura, A. Miyaji, K. Omote.An identity-based proxy re-encryption schemewith source hiding property, and its application to a mailing-list system. In Eu-roPKI2010, LNCS6711, pp.77-91,2011.
[84] T. Mizuno, D. Hiroshi Doi. IEICE transactions on fundamentals of electronics,communications and computer sciences, Vol.94(1), pp.36-44,2011.
[85] J. Zhang, X. Wang. Security analysis of a multi-use identity based cca-secureproxy re-encryption scheme. In Proc. of Intelligent Networking and Collabora-tive Systems (INCoS), pp.581–586,2012.
[86] J. Shao. Anonymous ID-based proxy re-encryption. In Proc. of ACISP2012,LNCS7372, pp.364–375, Springer-Verlag,2012.
[87] J. Shao, Z. Cao. Multi-use unidirectional identity-based proxy re-encryptionfrom hierarchical identity-based encryption. Information Sciences,2012.
[88] S. Luo, Q. Shen, Z. Chen. Fully secure unidirectional identity-based proxy re-encryption. In Proc. of Information Security and Cryptology-ICISC2011, p-p.109–126,2011.
[89] O. Goldreich. Foundation of Cryptography-Basic Tools. New York: CambridgeUniversity Press,2001.
[90]翁健.基于身份的密钥泄漏保护机制的研究[D].上海交通大学博士学位论文,2008.
[91] W. Mao. Modern Cryptography: Theory and Practice. Published by PrenticeHall PTR,2003.
[92] A. C. Yao, Theory and Applications of Trapdoor functions, In FOCS’82, IEEE,1982, pp.80-91.
[93] S. Goldwasser and S. Micali. Probabilitic encryption and how to play mentalpoker keeping secret all partial information, In STOC’82, ACM, pp.365-377,1982.
[94]冯登国.可证明安全性理论与方法研究.软件学报, Vol.16, No.10,2005:1743-1756.
[95] S. Goldwasser, S. Micali. Probabilistic encryption. Journal of Computer andSystem Science, Vol.28, pp.270-299,1984
[96] M. Bellare. Practice-Oriented Provable-Security. In ISW’97, LNCS1396, pp.221-231. Springer-Verlag,1997.
[97] M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for de-signing efcient protocols. In1st ACM Conference on Computer and Commu-nications Security, pp.62-73, Fairfax, USA,1993. ACM Press.
[98] M. Bellare, and P. Rogaway. The exact security of digital signatures-How tosign with RSA and Rabin. In Advances in Cryptology-Eurocrypt’96, LNCS1070, pp.399-416. Springer-Verlag,1996.
[99] J.-S. Coron. On the Exact Security of Full Domain Hash. In Advances inCryptology-Crypto’2000, LNCS1880, pp.229-235. Springer-Verlag,2000.
[100] J.B.Nielsen.Separatingrandomoracleproofsfromcomplexitytheoreticproofs:the non-committing encryption case. In Advanecs in Cryptology-Eurocrypt’02,LNCS2442, pp.111-126. Springer-Verlag,2002.
[101] S. Goldwasser and Y. Tauman. On the (in)security of the Fiat-Shamir paradigm.In Proc. of FOCS2003, IEEE, pp.102-113,2003.
[102] M. Bellare, A. Boldyreva and A. Palacio. An uninstantiable random oraclemodel scheme for a hybrid-encryption problem. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027, pp.171-188. Springer-Verlag,2004.
[103] R. Cramer and V. Shoup. A practical public key cryptosystem provably secureagainstadaptivechosenciphertextattack.InAdvancesinCryptology-Crypto’98,LNCS1462, pp.13-25. Springer-Verlag,1998.
[104] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identifca-tion and signature problems. In Advanecs in Cryptology-Crypto’86, LNCS263,pp.186-194. Springer-Verlag,1987.
[105] R. Canetti, O. Goldreich, S. Halevi. The random oracle methodology, revisited.Journal of the ACM, Vol.51(4), pp.557-594,2004
[106] D. Pointcheval. Asymmetric cryptography and practical security. Journal of T-elecommunications and Information Technology, Vol.4, pp.41-56,2002.
[107] R. Cramer and V. Shoup. Signature schemes based on the strong RSA assump-tion. In7th ACM Conference on Computer and Communications Security, pp.46-51. ACM Press,1999.
[108] D. Boneh and X. Boyen. Short signatures without random oracles. In Advancesin Cryptology-Eurocrypt’04, LNCS3027, pp.56-73. Springer-Verlag,2004.
[109] D. Boneh, X. Boyen and E.J. Goh. Hierarchical identity based encryption withconstant size ciphertext. In Advanecs in Cryptology-Eurocrypt’05. LNCS3494,pp.440-456. Springer-Verlag,2005.
[110] S. Chatterjee and P. Sarkar. HIBE with Short Public Parameters Securein the Full Model Without Random Oracles. In Advanecs in Cryptology-Asciacrypt’06, LNCS4284, pp.145-160. Springer-Verlag,2006.
[111] D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography. In23rd An-nual ACM Symposium on Theory of Computing, pp.542-552, New Orleans.Louisiana, USA, May6-8,1991.
[112] D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography. SIAM J. Com-puting, vol.30, pp.391-437,2000.
[113] M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, Relation among notion-s of security for publickey encryption schemes. In Advances in Cryptology-CRYPTO’98, LNCS1462, pp.26-46. Springer-Verlag,1998,
[114] C. Hall, I. Goldberg, and B. Schneier., Reaction Attacks Against Several Public-Key Cryptosystems. In Proc. of ICICS’99, LNCS, pp.2-12. Springer-Verlag,1999.
[115] D. Bleichenbacher, A Chosen Ciphertext Attack against Protocols based on theRSA Encryption Standard PKCS1. In Advances in Cryptology-Crypto’98, L-NCS1462, pp.1-12. Springer-Verlag,1998.
[116] M. Joye, J. J. Quisquater, and M. Yung, On the Power of Misbehaving Adver-saries and Security Analysis of the Original EPOC. In Proc. of CT-RSA’01,LNCS2020, pp.208-222. Springer-Verlag,2001.
[117] T. Okamoto, and D. Pointcheval, REACT: Rapid Enhanced-security Asymmet-ric Cryptosystem Transform, In Proc. of CT-RSA’01, LNCS2020, pp.159-175.Springer-Verlag,2001.
[118] A.J.Menezes, T.Okamoto, andS.Vanstone.Reducingellipticcurvelogarithmsto logarithms in a fnite feld. IEEE Trans. on Inf. Theory,39:1639-1646,1993.
[119] G. Frey and H. G. Rück. A remark concerning m-divisibility and the discretelogarithm in the divisor class group of curves. Math. Comp.,62(206):865-874,1994.
[120] A. Joux. A one round protocol for tripartite Dife-Hellman. In ANTS-IV, vol-ume1838of LNCS, pp.385-394. Springer-Verlag,2000.
[121] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption forFine-Grained Access Conrol of Encrypted Data. In Proc. of ACM CCS’06, pp.89-98, Alexandria, VA, USA,2006. ACM Press.
[122] J. Baek, W. Susilo and J. Zhou. New Constructions of Fuzzy Identity-BasedEncryption. In Asi aCCS’07, pp.161-172,2007. ACM Press.
[123] R. Ostrovsky, A. Sahai and B. Waters. Attribute-Based Encryption with Non-Monotonic Access Structures. In ACM CCS’07, pp.195-203,2007. ACMPress.
[124] L. Cheung and C. Newport. Provably Secure Ciphertext Policy ABE. In ACMCCS’07, pp.456-465,2007. ACM Press.
[125] V. Goyal, A. Jain, O. Pandey, et al. Bounded ciphertext policy attribute basedencryption[J]. Automata, Languages and Programming, pp.579-591,2008.
[126] B. Waters. Ciphertext-policy attribute-based encryption: An expressive, ef-cient, and provably secure realization. In Proc. of PKC’11, pp.53–70,2011.
[127] J. Lai, R.H. Deng, Y. Li. Expressive CP-ABE with partially hidden access struc-tures.In Proc.ofthe7thACMSymposiumonInformation, Computerand Com-munications Security, pp.18-29,2012.
[128] E. Fujisaki, T.Okamoto. Secure integration of asymmetric and symmetric en-cryption schemes. In Advances in Cryptology—CRYPTO’99, LNCS1666,pp.535-554,1999.
[129] X. Boyen. A tapestry of identity-based encryption: practical frameworks com-pared[J]. International Journal of Applied Cryptography, Vol.1(1), pp.3-21,2008.
[130] R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027, pp.207-222. Springer-Verlag,2004.
[2] W. Dife and M. Hellman, New directions in cryptography. IEEE Trans. Infor-mation Theory,1976,22, pp.644-654.
[3] R. L. Rivest, A. Shamir, and L. Aldleman. A menthod for obtaining digital sig-natures and public-key cryptosystems. Comm. of the ACM,21(1978),120-126.
[4] M. O. Rabin. Digital signatures and public-key functions as intractible as fac-torization. Technical report LCS/TR-212, MIT Labrary for Computer Science,1979.
[5] T. ElGamal. A public-key cryptosystem and a signature based on discrete loga-rithms. IEEE Tansactions on Information Theory,31(1985),469-472.
[6] N. Koblitz. Ellipic curve cryptosystems. Mathematics of Computation, Vol.48,pp.203-209,1987
[7] A. J. Menezes, P. C. van Oorschot and S. A. Vanstone. Handbook of AppliedCryptography, CRC Press,1997.
[8] V. M ller. Use of ellipitic curvers in cryptography. In Adcances in Cryptology-Crypto’85, LNCS218, pp.417-426. Springer-Verlag,
[9] A. Shamir. Identity-based cryptosystems and signature schemes. In Advanecs inCryptology-Crypto’84, LNCS196, pp.47-53. Springer-Verlag,1984.
[10] D. Boneh and M. Franklin. Identity based encryption from the Weil pairing. InAdvanecs in Cryptology-Crypto’01, LNCS2139, pp.213-229. Springer-Verlag,2001.
[11] C.Cocks. An identity based encryption scheme based on quadratic residues. InProc. of the8th IMA Int. Conf., pp.26-8,2001.
[12] R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key EncryptionScheme. In Advances in Cryptology-Eurocrypt’03, LNCS2656, pp.255-271.Springer-Verlag,2003.
[13] D. Boneh and X. Boyen. Efcient selective-ID secure identity-based encryptionwithout random oracles. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027,pp.223-238. Springer-Verlag,2004.
[14] D. Boneh and X. Boyen. Secure identity based encryption without random ora-cles.InAdvanecsinCryptology-Crypto’04,LNCS3152,pp.443-459.Springer-Verlag,2004.
[15] B. Waters. Efcient identity-based encryption without random oracles. In Ad-vanecs in Cryptology-Eurocrypt’05, LNCS3494, pp.114-127. Springer-Verlag,2005.
[16] C. Gentry. Practical identity-based encryption without random oracles. In Ad-vanecs in Cryptology-Eurocrypt’06, LNCS3027, pp.445-464. Springer-Verlag,2006.
[17] D. Boneh, C. Gentry and M. Hamburg. Space-Efcient Identity Based Encryp-tion Without Parings. In FOCS’07, pp.647-657. IEEE Computer Society,2007.
[18] S. S. Al-Riyami and K. Paterson. Certifcateless public key cryptography. InASIACRYPT2003, LNCS2894, pp.452-473. Springer-Verlag,2003.
[19] Al-Riyami, S.S., Paterson, K. CBE from CL-PKE: A generic construction andefcient scheme. In Proc. of PKC’05, LNCS3386, pp.398-415. Springer-Verlag,2005.
[20] Y. Shi and J. Li. Provable efcient certifcateless public key encryption. Cryp-tology ePrint Archive, Report2005/287,2005.
[21] Z. Cheng and R. Comley. Efcient certifcateless public key encryption. Cryp-tology ePrint Archive, Report2005/012,2005.
[22] J. Baek, R. Safavi-Naini, and W. Susilo. Certifcateless public key encryptionwithout pairing. In ISC’05, LNCS3650, pp.134-148. Springer-Verlag,2005.
[23] Y. Sun, F. Zhang and J. Baek. Strongly Secure Certifcateless Public Key En-cryption without Pair ing. In CANS’2007, LNCS4856, pp.194-208. Springer-Verlag,2007.
[24] B. Libert and J. Quisquater. On constructing certifcateless cryptosystems fromidentity based en cryption. In PKC2006, LNCS3958, pp.474-490. Springer-Verlag,2006.
[25] A. W. Dent. A survey of certifcateless encryption schemes and security models.Cryptology ePrint Archive, Report2006/211,2006.
[26] A. Dent, B. Libert, K. Paterson. Certifcateless encryption schemes strongly se-cure in the standard model. In Proc. of PKC2008, pp.344-359, Springer-Verlag,2008.
[27] M. Blaze, G. Bleumer, and M. Strauss. Divertible Protocols and Atomic ProxyCryptography. In advances in Cryptology-Eurocrypt’98, LNCS1403, pp.127-144, Springer-Verlag,1998.
[28] T. Smith. DVD Jon: buy DRM-less tracks from Apple iTunes. Available onlineat http://www.theregister.co.uk/2005/03/18/itunes pymusique,2005
[29] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. In Proc.of NDSS2005, pp.29-43,2005.
[30] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACMTransactions on Information and System Security (TISSEC),9(1):1-30, Febru-ary2006.
[31] A. Ivan, Y. Dodis. Proxy Cryptography Revisited. In Proc. of NDSS’03,2003.
[32] R.CanettiandS.Hohenberger.Chosen-CiphertextSecureProxyRe-Encryption.In Proceeding of ACM CCS2007, pp.185-194,2007.
[33] B. Libert and D. Vergnaud. Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption. In Proc. of PKC’08, LNCS4929, pp.360-379, Springer-Verlag,2008.
[34] J. Weng, M. Chen, Y. Yang, et al. CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles[J]. ScienceChina Information Sciences, Vol.53(3), pp.593-606,2010.
[35]翁健,陈泯融等.无需随机预言机的自适应攻陷模型下选择密文安全的单向代理重加密方案[J].中国科学:信息科学, Vol.40(2), pp.298-312,2010.
[36] R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-ciphertext secure proxy re-encryption without pairings. In CANS2008, LNCS5339, pp.1-17. Springer-Verlag,2008.
[37] J. Weng, R-H. Deng, S. Liu, et al. Chosen-ciphertext secure bidirectional proxyre-encryption schemes without pairings[J]. Information Sciences, Vol.180(24),pp.5077-5089,2010.
[38] J. Shao and Z. Cao. CCA-secure proxy re-encryption without pairings. In Proc.of PKC’09, LNCS5443, pp.357-376, Springer-Verlag,2009.
[39] S. Chow, J. Weng, Y. Yang, R-H. Deng. Efcient unidirectional proxy re-encryption. In AFRICACRYPT2010, LNCS6055, pp.316-332, Springer-Verlag,2010.
[40] X. Zhang, M. Chen, X. Li. Comments on Shao-Cao’s Unidirectional Prox-y Re-Encryption Scheme from PKC2009. Cryptology ePrint Archive, Report2009/344,2009.
[41] R. Canetti, O. Goldreich, and Shai Halevi. The random oracle methodology,revisited. In Proc. of STOC’98, pp.209-218,1998.
[42] T.Matsuda,R.Nishimaki,K.Tanaka.CCAproxyre-encryptionwithoutbilinearmaps in the standardmodel. n Proc. of PKC2010, pp.261-278, Springer-Verlag,2010.
[43] J. Weng, Y. Zhao, G. Hanaoka. On the security of a bidirectional proxy re-encryption scheme from PKC2010. In Proc. of PKC2011, pp.284-295,Springer-Verlag,2011.
[44] J. SUN, Y. HU. CCA-secure unidirectional proxy broadcast re-encryption in thestandard model[J]. Journal of Computational Information Systems, Vol.8(14),pp.5909-5916,2012.
[45] H.Wang, Z.Cao.MoreefcientCCA-secureunidirectionalproxyre-encryptionschemes without random oracles[J]. Security and Communication Networks,2012.
[46] G. Hanaoka, Y. Kawai, N. Kunihiro, et al. Generic construction of chosen ci-phertext secure proxy re-encryption. In Proc. of CT-RSA2012, LNCS7178, pp.349-364, Springer-Verlag,2012.
[47] T. Isshiki, M. Nguyen, K. Tanaka. Proxy Re-Encryption in a Stronger SecurityModel Extended from CT-RSA2012. In Proc. of CT-RSA2013, pp.277-293,Springer-Verlag,2013
[48]邵俊.代理重密码的研究[D].上海交通大学博士学位论文,2007.
[49] G. Ateniese, K. Benson, S. Hohenberger. Key-private proxy re-encryption. InProc. of CT-RSA’09, LNCS5473, pp.279-294, Springer-Verlag,2009.
[50] J. Shao, P. Liu, Y. Zhou. Achieving key privacy without losing CCA securi-ty in proxy re-encryption[J]. Journal of Systems and Software, Vol.85(3), pp.655–665,2011.
[51] W. Yau, R. Phan, S. Heng, et al. Proxy re-encryption with keyword search: newdefnitions and algorithms[J]. In Security Technology, Disaster Recovery andBusiness Continuity, Vol.122, pp.149-160,2010.
[52] J.Shao, Z. Cao, et al. Proxy re-encryption with keyword search[J]. InformationSciences, Vol.180(13), pp.2576-2587,2010.
[53] C.Sur, C.Jung, Y.Park, K.Rhee.Chosen-ciphertextsecurecertifcatelessproxyre-encryption. In Proc. of Communications and Multimedia Security’2010, pp.214-232,2010.
[54] N. Chandran, M. Chase, V. Vaikuntanathan. Functional re-encryption andcollusion-resistant obfuscation..Theory of Cryptography,pp.404–421,2012.
[55] Y. Yang, L. Gu, F. Bao. Addressing Leakage of Re-encryption Key in Proxy Re-encryption Using Trusted Computing[J]. Trusted Systems, pp.189-199,2011.
[56] Q. Tang. Type-based proxy re-encryption and its construction. In Proc. of In-docrypt’08, LNCS5365, pp.130-144. Springer-Verlag,2008.
[57] J. Weng, R. H. Deng, X. Ding, C.-K. Chu, and J. Lai. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proc. of ACM ASIACC-S’09, pp.322–332,2009.
[58] L. Fang, W. Susilo, J. Wang. Anonymous conditional proxy re-encryption with-out random oracle. In Proc. of ProvSec2009, LNCS5854, pp.47-60, Springer-Verlag,2009.
[59] J. Weng, Y. Yang, Q. Tang Q, et al. Efcient conditional proxy re-encryptionwith chosen-ciphertext security. In the12th Information Security Conference(ISC2009), LNCS5735, pp.151-166, Springer-Verlag,2009.
[60] L.Fang, W.Susilo, C.Ge, etal.Interactiveconditionalproxyre-encryptionwithfne grain policy[J]. Journal of Systems and Software, Vol.84(12), pp.2293-2302,2011.
[61] X. Jia, J. Shao, J. Jing J, et al. CCA-secure type-based proxy re-encryption withinvisible proxy. In Computer and Information Technology (CIT2010),, pp.1299-1305,2010.
[62] S. Vivek, S. Selvi, V. Radhakishan V, et al. Efcient conditional proxy re-encryption with chosen ciphertext security[J]. International Journal of NetworkSecurity and Its Applications(IJNSA), Vol.4(2), pp.179-199,2012.
[63] L.Fang,W.Susilo,C.Ge,etal.Chosen-ciphertextsecureanonymouscondition-al proxy re-encryption with keyword search[J]. Theoretical Computer Science,Vol.462, pp.39-58,2012.
[64] L. Fang L, J. Wang, C. Ge, et al. Fuzzy conditional proxy re-encryption[J]. SCI-ENCE CHINA Information Sciences, Vol.56(5),2013.
[65] A. Sahai and B. Waters. Fuzzy identity-based encryption. In Advanecs inCryptology-Eurocrypt’05, LNCS3494, pp.457-473. Springer-Verlag,2005.
[66] Q. Liu, C. Tan, et al. Reliable re-encryption in unreliable clouds. In Global T-elecommunications Conference (GLOBECOM2011), pp.1-5,2011.
[67] C. Chu, J. Weng, et al. Conditional proxy broadcast re-encryption. In ACISP2009, LNCS5594, pp.327–342, Springer-Verlag,2009
[68] X. Liang X, Z. Cao Z, H. Lin H, et al. Attribute based proxy re-encryption withdelegating capabilities. In ACM ASIACCS2009, pp.276-286,2009
[69] L.Fang, W.Susilo, etal.Hierarchicalconditionalproxyre-encryption[J]..Com-puter Standards&Interfaces,2012.
[70] M. Green M, G. Ateniese. Identity-based proxy re-encryption. In Proc. of AC-NS’07. LNCS4521, pp.288-306, Springer-Verlag,2007.
[71] C. Chu, W. Tzeng. Identity-based proxy re-encryption without random oracles..In Proc. of ISC’07, LNCS4779, pp.189-202, Springer-Verlag,2007.
[72] Q. Tang, P. Hartel, W. Jonker. Inter-domain identity-based proxy re-encryption.In Proc. of Information Security and Cryptology., pp.332-347,2009.
[73] J. Lai, W. Zhu, R-H. Deng, S. Liu and W. Kou. New constructions for identity-based unidirectional proxy re-encryption[J]. Journal of Computer Science andTechnology, Vol.25(4), pp.793-806,2010.
[74] L. Wang, L. Wang, M. Mambo and E. Okamoto. New identity-based proxyre-encryption schemes to prevent collusion attacks. In Proc. of Pairing-BasedCryptography-Pairing2010, LNCS6487, pp.327-346,2010.
[75] H.Wang,Z.Cao,L.Wang.Multi-useandunidirectionalidentity-basedproxyre-encryption schemes. Information Sciences, Vol.180(20), pp.4042-4059,2010.
[76] Z. WAN, J. WENG, X. LAI, et al. On the relation between identity-based proxyre-encryption and mediated identity-based encryption. J. Inf. Sci. Eng, pp.243-259,2011.
[77]楼圣铭,曹珍富.基于身份的门限多代理者的代理重加密方案.黑龙江大学自然科学学报, Vol.40(2), pp.298–312,2010.
[78] T. Matsuo. Proxy re-encryption systems for identity-based encryption. In Proc.of Pairing2007, LNCS4575, pp.247-267,2007.
[79] X. Wang, X. Yang X. On the Insecurity of an Identity Based Proxy Re-encryptionScheme[J].FundamentaInformaticae, Vol.98(2), pp.277-281,2010.
[80] T. Mizuno, H. Doi. Hybrid proxy re-encryption scheme for attribute-based en-cryption. In Inscrypt2009, LNCS6151, pp.288-302,2010.
[81] Y. Ren, D. Gu, S. Wang, X. Zhang. Hierarhical Identity-Based Proxy Re-encryption without Random Oracles. International Journal of Foundations ofComputer Science, Vol.21(6), pp.1049-1063,2010.
[82] J. Shao J, G. Wei, Y. Ling, M. Xie. Identity-based conditional proxy re-encryption. In Proc. of2011IEEE ICC2011,pp.1–5,2011.
[83] K. Emura, A. Miyaji, K. Omote.An identity-based proxy re-encryption schemewith source hiding property, and its application to a mailing-list system. In Eu-roPKI2010, LNCS6711, pp.77-91,2011.
[84] T. Mizuno, D. Hiroshi Doi. IEICE transactions on fundamentals of electronics,communications and computer sciences, Vol.94(1), pp.36-44,2011.
[85] J. Zhang, X. Wang. Security analysis of a multi-use identity based cca-secureproxy re-encryption scheme. In Proc. of Intelligent Networking and Collabora-tive Systems (INCoS), pp.581–586,2012.
[86] J. Shao. Anonymous ID-based proxy re-encryption. In Proc. of ACISP2012,LNCS7372, pp.364–375, Springer-Verlag,2012.
[87] J. Shao, Z. Cao. Multi-use unidirectional identity-based proxy re-encryptionfrom hierarchical identity-based encryption. Information Sciences,2012.
[88] S. Luo, Q. Shen, Z. Chen. Fully secure unidirectional identity-based proxy re-encryption. In Proc. of Information Security and Cryptology-ICISC2011, p-p.109–126,2011.
[89] O. Goldreich. Foundation of Cryptography-Basic Tools. New York: CambridgeUniversity Press,2001.
[90]翁健.基于身份的密钥泄漏保护机制的研究[D].上海交通大学博士学位论文,2008.
[91] W. Mao. Modern Cryptography: Theory and Practice. Published by PrenticeHall PTR,2003.
[92] A. C. Yao, Theory and Applications of Trapdoor functions, In FOCS’82, IEEE,1982, pp.80-91.
[93] S. Goldwasser and S. Micali. Probabilitic encryption and how to play mentalpoker keeping secret all partial information, In STOC’82, ACM, pp.365-377,1982.
[94]冯登国.可证明安全性理论与方法研究.软件学报, Vol.16, No.10,2005:1743-1756.
[95] S. Goldwasser, S. Micali. Probabilistic encryption. Journal of Computer andSystem Science, Vol.28, pp.270-299,1984
[96] M. Bellare. Practice-Oriented Provable-Security. In ISW’97, LNCS1396, pp.221-231. Springer-Verlag,1997.
[97] M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for de-signing efcient protocols. In1st ACM Conference on Computer and Commu-nications Security, pp.62-73, Fairfax, USA,1993. ACM Press.
[98] M. Bellare, and P. Rogaway. The exact security of digital signatures-How tosign with RSA and Rabin. In Advances in Cryptology-Eurocrypt’96, LNCS1070, pp.399-416. Springer-Verlag,1996.
[99] J.-S. Coron. On the Exact Security of Full Domain Hash. In Advances inCryptology-Crypto’2000, LNCS1880, pp.229-235. Springer-Verlag,2000.
[100] J.B.Nielsen.Separatingrandomoracleproofsfromcomplexitytheoreticproofs:the non-committing encryption case. In Advanecs in Cryptology-Eurocrypt’02,LNCS2442, pp.111-126. Springer-Verlag,2002.
[101] S. Goldwasser and Y. Tauman. On the (in)security of the Fiat-Shamir paradigm.In Proc. of FOCS2003, IEEE, pp.102-113,2003.
[102] M. Bellare, A. Boldyreva and A. Palacio. An uninstantiable random oraclemodel scheme for a hybrid-encryption problem. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027, pp.171-188. Springer-Verlag,2004.
[103] R. Cramer and V. Shoup. A practical public key cryptosystem provably secureagainstadaptivechosenciphertextattack.InAdvancesinCryptology-Crypto’98,LNCS1462, pp.13-25. Springer-Verlag,1998.
[104] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identifca-tion and signature problems. In Advanecs in Cryptology-Crypto’86, LNCS263,pp.186-194. Springer-Verlag,1987.
[105] R. Canetti, O. Goldreich, S. Halevi. The random oracle methodology, revisited.Journal of the ACM, Vol.51(4), pp.557-594,2004
[106] D. Pointcheval. Asymmetric cryptography and practical security. Journal of T-elecommunications and Information Technology, Vol.4, pp.41-56,2002.
[107] R. Cramer and V. Shoup. Signature schemes based on the strong RSA assump-tion. In7th ACM Conference on Computer and Communications Security, pp.46-51. ACM Press,1999.
[108] D. Boneh and X. Boyen. Short signatures without random oracles. In Advancesin Cryptology-Eurocrypt’04, LNCS3027, pp.56-73. Springer-Verlag,2004.
[109] D. Boneh, X. Boyen and E.J. Goh. Hierarchical identity based encryption withconstant size ciphertext. In Advanecs in Cryptology-Eurocrypt’05. LNCS3494,pp.440-456. Springer-Verlag,2005.
[110] S. Chatterjee and P. Sarkar. HIBE with Short Public Parameters Securein the Full Model Without Random Oracles. In Advanecs in Cryptology-Asciacrypt’06, LNCS4284, pp.145-160. Springer-Verlag,2006.
[111] D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography. In23rd An-nual ACM Symposium on Theory of Computing, pp.542-552, New Orleans.Louisiana, USA, May6-8,1991.
[112] D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography. SIAM J. Com-puting, vol.30, pp.391-437,2000.
[113] M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, Relation among notion-s of security for publickey encryption schemes. In Advances in Cryptology-CRYPTO’98, LNCS1462, pp.26-46. Springer-Verlag,1998,
[114] C. Hall, I. Goldberg, and B. Schneier., Reaction Attacks Against Several Public-Key Cryptosystems. In Proc. of ICICS’99, LNCS, pp.2-12. Springer-Verlag,1999.
[115] D. Bleichenbacher, A Chosen Ciphertext Attack against Protocols based on theRSA Encryption Standard PKCS1. In Advances in Cryptology-Crypto’98, L-NCS1462, pp.1-12. Springer-Verlag,1998.
[116] M. Joye, J. J. Quisquater, and M. Yung, On the Power of Misbehaving Adver-saries and Security Analysis of the Original EPOC. In Proc. of CT-RSA’01,LNCS2020, pp.208-222. Springer-Verlag,2001.
[117] T. Okamoto, and D. Pointcheval, REACT: Rapid Enhanced-security Asymmet-ric Cryptosystem Transform, In Proc. of CT-RSA’01, LNCS2020, pp.159-175.Springer-Verlag,2001.
[118] A.J.Menezes, T.Okamoto, andS.Vanstone.Reducingellipticcurvelogarithmsto logarithms in a fnite feld. IEEE Trans. on Inf. Theory,39:1639-1646,1993.
[119] G. Frey and H. G. Rück. A remark concerning m-divisibility and the discretelogarithm in the divisor class group of curves. Math. Comp.,62(206):865-874,1994.
[120] A. Joux. A one round protocol for tripartite Dife-Hellman. In ANTS-IV, vol-ume1838of LNCS, pp.385-394. Springer-Verlag,2000.
[121] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption forFine-Grained Access Conrol of Encrypted Data. In Proc. of ACM CCS’06, pp.89-98, Alexandria, VA, USA,2006. ACM Press.
[122] J. Baek, W. Susilo and J. Zhou. New Constructions of Fuzzy Identity-BasedEncryption. In Asi aCCS’07, pp.161-172,2007. ACM Press.
[123] R. Ostrovsky, A. Sahai and B. Waters. Attribute-Based Encryption with Non-Monotonic Access Structures. In ACM CCS’07, pp.195-203,2007. ACMPress.
[124] L. Cheung and C. Newport. Provably Secure Ciphertext Policy ABE. In ACMCCS’07, pp.456-465,2007. ACM Press.
[125] V. Goyal, A. Jain, O. Pandey, et al. Bounded ciphertext policy attribute basedencryption[J]. Automata, Languages and Programming, pp.579-591,2008.
[126] B. Waters. Ciphertext-policy attribute-based encryption: An expressive, ef-cient, and provably secure realization. In Proc. of PKC’11, pp.53–70,2011.
[127] J. Lai, R.H. Deng, Y. Li. Expressive CP-ABE with partially hidden access struc-tures.In Proc.ofthe7thACMSymposiumonInformation, Computerand Com-munications Security, pp.18-29,2012.
[128] E. Fujisaki, T.Okamoto. Secure integration of asymmetric and symmetric en-cryption schemes. In Advances in Cryptology—CRYPTO’99, LNCS1666,pp.535-554,1999.
[129] X. Boyen. A tapestry of identity-based encryption: practical frameworks com-pared[J]. International Journal of Applied Cryptography, Vol.1(1), pp.3-21,2008.
[130] R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. In Advanecs in Cryptology-Eurocrypt’04, LNCS3027, pp.207-222. Springer-Verlag,2004.