基于属性的数字签名算法设计与分析
|
摘要
基于属性的数字签名体制能够细粒度地划分身份特征,其身份被看作是一系列属性特征的集合,只有满足特定属性或某种特定访问控制结构的签名者才可以进行有效的签名。基于属性的数字签名体制因在强调匿名性身份和分布式网络系统方面的应用有着基于身份的密码体制无法比拟的优势,且其应用更为直观、灵活、广泛,而引起学者的广泛关注,目前已成为公钥密码学研究领域的一个热点。本文主要着眼于设计安全可靠、实用的基于属性的签名方案,重点对基于属性签名方案的多属性授权机构、无可信中心授权机构、签名托管/委托及可证明安全等问题展开研究,具体如下:
1.采用访问控制结构,设计一个多个属性授权机构的基于属性的签名方案。在方案中,用户的多个属性由不同的授权机构监管,要求多个属性授权机构之间不能互相通信,且由中心属性授权机构(CAA)统一管理。安全分析表明所提方案能够抵抗伪造性攻击和合谋攻击,并同时拥有保护签名者的私密信息和较高的签名效率的优势。
2.采用全域属性参数,使用访问结构树对属性进行细粒度划分,设计出一个多个属性授权机构的基于属性签名方案。同时,系统地证明方案的安全性归约为计算Diffie-Hellman问题,若计算Diffie-Hellman问题假设成立,则方案能够抵抗伪造性攻击及抗合谋攻击。
3.为解决多个属性授权机构不能互相通信,且需要有一个中心属性授权机构(CAA)来管理的约束,设计了一个不需要可信中心属性授权机构的多个属性授权机构签名方案。方案中,将中心属性授权机构移除,使多个属性授权机构体制的安全性不再受可信中心属性授权机构的约束,从而提高了系统的安全性和实用性,同时给出方案的安全性证明。
4.为解决基于属性的签名体制的密钥托管问题,提出不需要可信属性授权机构(AA)的方案。在方案中,由属性授权机构(AA)和用户共同产生签名私钥,从而保证属性授权机构(AA)无法冒充用户签名,能有效保证系统的安全。同时定义相应的安全模型,并证明该方案的安全归约为计算Diffie-Hellman问题。
5.为解决基于属性签名体制中签名权利委托的问题,设计一种基于属性的代理签名方案,原始签名者将签名权利委托给具有一组属性特征的代理签名人。经分析表明,所设计的方案满足可区分性、可验证性、强不可伪造性、强可识别性、强不可否认性、抗滥用性及抗合谋攻击的安全性。
6.进一步研究基于身份的代理签名体制,设计一种可证明安全的基于属性的代理签名方案。同时,定义了基于属性的代理签名的安全模型,给出方案完整的证明过程,证明该方案的安全归约为计算Diffie-Hellman问题。
The attribute-based digital signature system can be fine-grained division identity,and its identity is a set of descriptive attributes. A signer can sign validly when hepossesses some certain attributes, or some specific access control structures. Because ofthe emphasis on application of the anonymity of identity and distributed network system,the attribute-based digital signature system has many advantages compared with theidentity-based cryptography. The attribute-based digital signature scheme also has moreintuitive, flexible and extensive applications, so many scholars pay attention to it, and itis currently a hot research topic in the field of public-key cryptography. The papermainly focuses on the design of a safe, reliable and practical attribute-based signatureschemes, emphasizing on multi-authority attribute-based signature scheme,attribute-based signature scheme without a trusted authority, signature of key escrow,provable security issues and so on.Our works can be summarized mainly as follows:
1. A multi-authority attribute-based signature scheme is designed with access controlstructures, where the attributes of users are monitored by different authoritiesrespectively and it is required that these authorities can not communicate with eachother, and be managed by a center attribute authority (CAA). Security analysis shows thatthe proposed scheme is secure against forgery attack and collusion attack, and at thesame time, this scheme has some advantages, such as protecting the signer's privateinformation, and a higher efficiency in signature.
2. A multi-authority attribute-based signature scheme is designed in a large universeusing access structure tree to classify fine-grained attributes. In the meanwhile, thesecurity of the scheme is systematically proved equal to computationalDiffie-Hellman problem. If the assumption of computational Diffie-Hellman problemholds, the scheme is secure against existentially unforgeability attack and collusionattack.
3. In order to solve the restriction that multiple attribute authorities can not communicatewith each other and these multiple attribute authorities are managed by a centralattribute authority (CAA), a multi-authority attribute-based signature without a centralauthority is designed. In the scheme, central attribute authority (CAA) is removed,sothat the security of a multi-authority attribute-based signature is no longer subject tothe central attribute authority (CAA).Consequently, the scheme increases the system’ssecurity and applicability. In the meantime, gives the scheme’s security proof in this paper.
4. In order to solve the key escrow problem of attribute-based signature scheme, anattribute-based signature scheme without a trusted central attribute authority (AA) isfirstly presented in this paper whose private key is generated by the attribute authority(AA) and the user commonly, thus ensuring that the attribute authority (AA) can notimpersonate the user’s signature and effectively guaranteeing the safety of the system. Inthe meanwhile, the corresponding security model is defined, and the scheme is provedsecure equal to computational Diffie-Hellman problem.
5. To solve the delegation of the signing rights in the attributes-based signature scheme,an attribute-based proxy signature scheme is provided in this paper in which theoriginal signer delegates his private key to a proxy signer with some special attributesto sign some message on behalf of the original signer. The proposed scheme isanalyzed and proved that it possesses some security of proxy signature, such asdistinguishability, verifiability, strong unforgeability, strong identifiability, strongundeniability, anti-misuse and anti-collusion attack.
6. A provable secure attribute-based proxy signature is devised through further study onattribute-based signature scheme. We firstly give the formal syntax of anattribute-based proxy signature and the formal security model in the random oracle.The scheme is proved to be secure against existential forgery under selectiveattributes and adaptive chosen-message attack. Its security can be reduced to thehardness of the computational Diffie-Hellman problem.
1.采用访问控制结构,设计一个多个属性授权机构的基于属性的签名方案。在方案中,用户的多个属性由不同的授权机构监管,要求多个属性授权机构之间不能互相通信,且由中心属性授权机构(CAA)统一管理。安全分析表明所提方案能够抵抗伪造性攻击和合谋攻击,并同时拥有保护签名者的私密信息和较高的签名效率的优势。
2.采用全域属性参数,使用访问结构树对属性进行细粒度划分,设计出一个多个属性授权机构的基于属性签名方案。同时,系统地证明方案的安全性归约为计算Diffie-Hellman问题,若计算Diffie-Hellman问题假设成立,则方案能够抵抗伪造性攻击及抗合谋攻击。
3.为解决多个属性授权机构不能互相通信,且需要有一个中心属性授权机构(CAA)来管理的约束,设计了一个不需要可信中心属性授权机构的多个属性授权机构签名方案。方案中,将中心属性授权机构移除,使多个属性授权机构体制的安全性不再受可信中心属性授权机构的约束,从而提高了系统的安全性和实用性,同时给出方案的安全性证明。
4.为解决基于属性的签名体制的密钥托管问题,提出不需要可信属性授权机构(AA)的方案。在方案中,由属性授权机构(AA)和用户共同产生签名私钥,从而保证属性授权机构(AA)无法冒充用户签名,能有效保证系统的安全。同时定义相应的安全模型,并证明该方案的安全归约为计算Diffie-Hellman问题。
5.为解决基于属性签名体制中签名权利委托的问题,设计一种基于属性的代理签名方案,原始签名者将签名权利委托给具有一组属性特征的代理签名人。经分析表明,所设计的方案满足可区分性、可验证性、强不可伪造性、强可识别性、强不可否认性、抗滥用性及抗合谋攻击的安全性。
6.进一步研究基于身份的代理签名体制,设计一种可证明安全的基于属性的代理签名方案。同时,定义了基于属性的代理签名的安全模型,给出方案完整的证明过程,证明该方案的安全归约为计算Diffie-Hellman问题。
The attribute-based digital signature system can be fine-grained division identity,and its identity is a set of descriptive attributes. A signer can sign validly when hepossesses some certain attributes, or some specific access control structures. Because ofthe emphasis on application of the anonymity of identity and distributed network system,the attribute-based digital signature system has many advantages compared with theidentity-based cryptography. The attribute-based digital signature scheme also has moreintuitive, flexible and extensive applications, so many scholars pay attention to it, and itis currently a hot research topic in the field of public-key cryptography. The papermainly focuses on the design of a safe, reliable and practical attribute-based signatureschemes, emphasizing on multi-authority attribute-based signature scheme,attribute-based signature scheme without a trusted authority, signature of key escrow,provable security issues and so on.Our works can be summarized mainly as follows:
1. A multi-authority attribute-based signature scheme is designed with access controlstructures, where the attributes of users are monitored by different authoritiesrespectively and it is required that these authorities can not communicate with eachother, and be managed by a center attribute authority (CAA). Security analysis shows thatthe proposed scheme is secure against forgery attack and collusion attack, and at thesame time, this scheme has some advantages, such as protecting the signer's privateinformation, and a higher efficiency in signature.
2. A multi-authority attribute-based signature scheme is designed in a large universeusing access structure tree to classify fine-grained attributes. In the meanwhile, thesecurity of the scheme is systematically proved equal to computationalDiffie-Hellman problem. If the assumption of computational Diffie-Hellman problemholds, the scheme is secure against existentially unforgeability attack and collusionattack.
3. In order to solve the restriction that multiple attribute authorities can not communicatewith each other and these multiple attribute authorities are managed by a centralattribute authority (CAA), a multi-authority attribute-based signature without a centralauthority is designed. In the scheme, central attribute authority (CAA) is removed,sothat the security of a multi-authority attribute-based signature is no longer subject tothe central attribute authority (CAA).Consequently, the scheme increases the system’ssecurity and applicability. In the meantime, gives the scheme’s security proof in this paper.
4. In order to solve the key escrow problem of attribute-based signature scheme, anattribute-based signature scheme without a trusted central attribute authority (AA) isfirstly presented in this paper whose private key is generated by the attribute authority(AA) and the user commonly, thus ensuring that the attribute authority (AA) can notimpersonate the user’s signature and effectively guaranteeing the safety of the system. Inthe meanwhile, the corresponding security model is defined, and the scheme is provedsecure equal to computational Diffie-Hellman problem.
5. To solve the delegation of the signing rights in the attributes-based signature scheme,an attribute-based proxy signature scheme is provided in this paper in which theoriginal signer delegates his private key to a proxy signer with some special attributesto sign some message on behalf of the original signer. The proposed scheme isanalyzed and proved that it possesses some security of proxy signature, such asdistinguishability, verifiability, strong unforgeability, strong identifiability, strongundeniability, anti-misuse and anti-collusion attack.
6. A provable secure attribute-based proxy signature is devised through further study onattribute-based signature scheme. We firstly give the formal syntax of anattribute-based proxy signature and the formal security model in the random oracle.The scheme is proved to be secure against existential forgery under selectiveattributes and adaptive chosen-message attack. Its security can be reduced to thehardness of the computational Diffie-Hellman problem.
引文
[1] Shannon C E. A mathematical theory of communlcation. Bell System TechnicalJournal,1948,27(4):397-428.
[2] Shannon C E.Communication theory of secrecy systems.Bell System TechnicalJournal,1949,28:656-715.
[3] W. Diffie, M. Hellman. New directions in cryptography. IEEE Transactions onInformation Theory,1976,22(6):644-654.
[4] R. L. RiVest, A.Shamir, L. Adleman. A method for obtaining digital signaures andpublic key cryptosystems. Communications of the ACM, February1978,21(2):120-126.
[5] T. EIGamal. A public key cryptosystem and a signature scheme based on discretelogarithms. IEEE Transactions on Information Theory,1985,31(4):469-472.
[6] C. P. Schnorr. Efficient signature generation by smartcards. Journal of Cryptology,January1991,4(3):161-174.
[7] M. O. Rabin. Digital signatures and public-key encryptions as intractable asfactorization. Technical Report212, MIT Laboratory of Computer Science,Cambridge,1979, PP: l-16.
[8] National Institute of Standards and Technology, NIST FIPS PUB186, DigitalSignature Standard, U. S. Department of Commerce, May1994.
[9] T. Okamoto. Provably secure and practical identification schemes andcorresponding signature schemes. Advances in Cryptology-Crypto’92, LNCS740,Springer-Verlag,1992, PP:31–53.
[10]A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identificationand signature problems. Advances in Cryptology-Crypto’86, LNCS263,Springer-Verlag,1986, PP:186–194.
[11]ANSI X9.62. Public key cryptography for the financial services industry: theelliptic curve digital signature algorithm.(ECDSA),1999.
[12]D. Chaum. Blind signatures for untraceable payments. Advances In CryptologyCrypto’1982, Prenum Publishing Corporation,1982, PP:199-203.
[13]D. Chaum and E.van Heyst. Group signatures. Advances in Cryptology Eurocrypt’91, LNCS547, Springer-Verlag,1991, PP:257–265.
[14]R. L. Rivest, A. Shamir,Y. Tauman. How to leak a secret. Advances in CryptologyASIACRYPT’2001, Springer-Verlag Press,2001, LNCS2248:552-565.
[15]M. Mambo, K. Usuda and E. Okamoto. Proxy signatures for delegating signingoperation.the3rd AC-Conference on Computer and communications security(CCS’96),AC-Press, New York,1996, PP:48-57.
[16]Y. Desmedt and Y. Frankel. Shared generation of authentication and signature.Advances in Cryptology-Crypto’91, LNCS576, Springer-Verlag,1992, PP:457-469.
[17]A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: A scalable solutionto electronic cash. Financial Cryptography (FC’98), LNCS1465, Springer-Verlag,1998, PP:184-197.
[18]Z. Tan, Z. Liu and C. Tang. Digital proxy blind signature schemes based on DLPand ECDLP. MM Research Preprints, No.21,2002, MMRC, AMSS, Academia,Sinica, Beijing, PP:212–217.
[19]W. S. Juang and C. L. Lei. Blind threshold signatures based on discrete ogarithm.Proceeding of the2ndAsian Computing Science Conference, LNCS1179,Springer-Verlag,1996, PP:172-181.
[20]K. Zhang. Threshold proxy signature shcems. Information Security Workshop(ISW’97), LNCS1396, Springer-Verlag,1997:282-290.
[21]J. Li, X. Chen, T. H. Yuen, and Y. Wang. Proxy ring signature: formal definitions,efficient construction and new variant, CIS’06, LNCS4456, Springer,2007, PP:545-555.
[22]K. Amit,L. Sunder.ID-based ring signature and proxy ring signature schemes frombilinear pairings.Internal Journal of Network Security,00794(2):187-192.
[23]F. Zhang, R S Naini, C Yun. New proxy signature, proxy blind signature and proxyring signature scheme from bilinear pairings. Cryptology el'int Archive, Report2003/104, http://eprint.iacr.org/2003/104,2003.
[24]A. Shamir. Identity-based cryptosystems and signatures schemes//Proc. ofCrypto’84, LNCS196,1985, Springer, PP:47-53.
[25]K. Ohta and E. Okamoto. Practical extension of Fiat-Shamir scheme. ElectronicsLetters,1988,24(15):955-956.
[26]L. Guillou and J. Quisquater. A paradoxical identity-based signature schemeresulting from zero-knowledge. Advances in Cryptology-Crypto’88, LNCS403,Springer-Verlag,1988, PP:216-231.
[27]C. Laih, J. Lee, L. Harn and Chen. A new scheme for ID-based cryptosystem andsignature. Proceedings of the Eighth Annual Joint Conference of the IEEEComputer and Communications Societies,1989, PP:998-1002.
[28]C. Chang and C. Lin. An ID-based signature scheme based upon Rabin’s public keycryptosystem. Proceedings of the25th Annual IEEE International CarnahanConference on Security Technology,1991, PP:139–141.
[29]G. Agnem, R. Mullin and S. Vanstone. Improved digital signature scheme based ondiscrete exponentiation. Electronics Letters,1990,26(14):1024–1025.
[30]L. Harn and S. Yang. ID-based cryptographic schemes for user identification,digital signature, and key distribution. IEEE Journal on selected areas incommunications,1993,11(5):757–760.
[31]T. Nishioka, G. Hanaoka and H. Imai. A new digital signature scheme on ID-basedkey-sharing infrastructures. Information Security:2nd International Workshop(ISW’99), LNCS1729, Springer-Verlag,1999, PP:259–270.
[32]Y. Desmedt and J. Quisquater. Public-key systems based on the difficulty oftampering. Advances in Cryptology-Crypto’86, LNCS263, Springer-Verlag,1986,PP:111–117.
[33]H. Tanaka. A realization scheme for the identity-based cryptosystem. Advances inCryptology-Crypto’87, LNCS293, Springer-Verlag,1987, PP:341–349.
[34]S. Tsuji and T. Itoh. An ID-based cryptosystem based on the discrete logarithmproblem. IEEE Journal on Selected Areas in Communication,1989,7(4):467-473.
[35]U. Maurer and Y. Yacobi. Non-interactive public-key cryptography. Advances inCryptology-Crypto’91, LNCS547, Springer-Verlag,1991, PP:498-507.
[36]D. Huhnlein, M. Jacobson and D. Weber. Towards practical non-interactive publickeycryptosystems using non-maximal imaginary quadratic orders. Selected Areas inCryptography, LNCS2012, Springer-Verlag,2000, PP:275–287.
[37]D. Boneh and M. Franklin. Identity based encryption from the Weil pairing.Advances in Cryptology-Crypto’01, LNCS2139, Springer-Verlag,2001, PP:213-229.
[38]A. Joux. A one round protocol for tripartite Diffie-Hellman. Algorithmic NumberTheory Symposium, ANTS-IV, LNCS1838, Springer-Verlag,2000, PP:385-394.
[39]C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. Advances inCryptology-Asiacrypt’02, LNCS2501, Springer-Verlag,2002, PP:548-566.
[40]B. Lynn. Authenticated identity-based encryption. Cryptology ePrint Archive,Report2002/072, http://eprint.iacr.org.
[41]Canetti, S. Halevi and J. Katz. A forward-secure public-key encryption scheme.Advances in Cryptology-Eurocrypt’03, LNCS2656, Springer-Verlag,2003, PP:255-271.
[42]D. Boneh and X. Boyen. Efficient selective-ID secure identity based encryptionwithout random oracles.Advances in Cryptology-Eurocrypt’04, LNCS3027,Springer-Verlag,2004, PP:223-238.
[43]D. Boneh and X. Boyen. Secure identity based encryption without random oracles.Advances in Cryptology-Crypto’04, LNCS3152, Springer-Verlag,2004, PP:443-459.
[44]S. H. Heng and K. Kurosawa.K-resilient identity-based encryption in thestandard model. Topics in Cryptology-CT-RSA2004, LNCS2964, Springer-Verlag,2004, PP:67–80.
[45]B. R. Waters. Efficient identity-based encryption without random oraclesCryptology ePrint Archive, Report2004/180, http://eprint.iacr.org.
[46]D. Boneh, G. D. Crescenzo, R. Ostrovsky and G. Persiano. Public key encryptionwith keyword search. Advances in Cryptology-Eurocrypt’04, LNCS3027,Springer-Verlag,2004, PP:506-522.
[47]R. Sakai, K. Ohgishi and M. Kasahara. Cryptosystems based on pairing.2000Symposium on Cryptography and Information Security (SCIS2000), Okinawa,Japan,2000, PP:26–28.
[48]K. G. Paterson. ID-based signatures from pairings on elliptic curves. ElectronicsLetters,2002,38(18):1025–1026.
[49]F. Hess. Efficient identity based signature schemes based on pairings. SelectedAreas in Cryptography-SAC2002, LNCS2595, Springer-Verlag,2003, PP:310-324.
[50]J. C. Cha and J. H. Cheon. An identity-based signature from gap Diffie-Hellmangroups. Practice and Theory in Public Key Cryptography-PKC2003, LNCS2567,Springer-Verlag,2003, PP:18–30.
[51]X. Yi. An identity-based signature scheme from the Weil pairing. IEEECommunications Letters,2003,7(2):76–78.
[52]P. S. L. M. Barreto, B. Libert, N. McCullagh and J. Quisquater. Efficient andprovably-secure identity-based signatures and signcryption from bilinear maps.Advances in Cryptology-Asiacrypt’05, LNCS3788, Springer-Verlag,2005, PP:515-532.
[53]Ch X, Liu J M, Wang X M. An identity-based signature and its threshold version.AINA2005, Taipei,2005.
[54]Chen X F, Zhang F G. New ID-based threshold signature scheme from bilinearpairings. IN DOCRYPT2004, LNCS3348, Madras, India Bar-Iin,2004.
[55]D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Asiacrypt’01, Gold Coast, Australia, Dec.2001, PP:514-532.
[56]D. Pointcheval and J. Stern. Security arguments for digital signatures and blindsignatures. J Cryptology,13(3),2000, PP:361-396.
[57]V. Goyal, O. Pandey, A. Sahai and B. Waters. Attribute-based encryption forfine-grained access control of encrypted data.∥In ACM CCS’06, New York, ACMPress,2006:89–98.
[58]A. Sahai, B. Waters. Fuzzy identity-based encryption.∥Advances in Cryptology, InEurocrypt2005, LNCS3494, pp.457-473, Springer-Verlag,2005:457-473.
[59]J. Baek, W. Susilo, J. Zhou. New Constructions of fuzzy identity-based eneryption.Proceedings of the2ndACM symposium on Information, computer andcommunications security, Singapore,2007,368-370.
[60]P. Yang, Z. Cao and X. Dong. Fuzzy identity based signature. Cryptology ePrintArchive, Report2008/002. http://eprint.iacr.org/2008/002.
[61]R. Ostrovsky, A. Sahai, B. Waters. Attribute based Encryption with non-monotonicaccess structures. Procedings of the14m ACM conference on Computer andCommunicardons Security, Alexandria. Virginia, USA2007,195-203.
[62]J. Bethencourt, A. Sahai, B. Waters. Ciphertext-policy attribute-based Encryption.IEEE Symposium on Security and Privacy,2007,321-334.
[63]D. Lubicz. T. Sirvent. Attribute-based broadcast encryption scheme made efficient.Lecture Notes in Computer Science of Progress in Cryptology-AFRICA CRYPT2008. Springer, Heidelberg,2008, LNCS,5023:325-342.
[64]J.Li, K. Ren, K. Kim. Accountable attribute-based encryption for abuse free accesscontrol. Cryptology eprint Archive, Report2009/118, http://ewint. iacr.org/2009/118,2009.
[65]Q. Tang, D. Ji. Verifiable attribute-based encryption. Cryptology ePrint Archive,Report2007/46l. http://eprint.iacr.org/2007/461,2007.
[66]V. Goyal, A. Jain, O. Pandey, A. Sahai. Bounded ciphertext policy attribute basedencryption. Lecture Notes in Computer Science, Swinger Berlin, Heidelberg,2008,5126, PP:579-591.
[67]M. Pirretti, P. Traynor, P. McDaniel, B. Waters. Secure atrribute-based Systems.13thACM conference on Computer and communications security, Alexandria Virginia,USA,2006, PP:99-112.
[68]M. Chase. Multi-authority attribute based encryption.//In S. P. Vadhan, editor, ofLecture Notes in Computer Science TCC. Springer,2007,515–534.
[69]M. Chase and S. S. M. Chow. Improving privacy and security in multi-authorityattribute-based encryption.In CCS'09,2009,PP:121-130.
[70]Lin Hua, Cao Zhengfu, Liang Xiaohui, et al. Secure threshold multi authorityattribute based encryption without a central authority. Information Sciences,2010,180, PP:2618–2632.
[71]R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Robust threshold dss signatures,Inform. Comput.2001,164(1):54–84.
[72]R. Gennaro, S. Jarecki, H. Krawczyk, et al. Secure distributed key generation fordiscrete-log based cryptosystems. Cryptol.2007,20(1):51–83.
[73]H. Maji, M. Prabhakaran and M. Rosulek. Attribute-based signatures: achievingattribute-privacy and collusion-resistance.∥Cryptology ePrint Archive, Report2008/328. http://eprint.iacr.org/2007/328.
[74]S. Guo, Y. Zeng. Attribute-based signature scheme.∥Conference of InformationSecurity and Assurance (ISA2008), Xi’an: Xi’an Electronic Science&TechnologyUniversity Press.2008:509-511.
[75]D. Khader. Attribute based group signatures. Cryptology ePrint Archive, Report2007/159. http://eprint.iacr.org/2007/159.
[76]D. Khader. Attribute based group signature scheme. Cryptology ePrint Archive,Report2007/159,2007. http://eprint.iacr.org/.
[77]J. Li and K. Kim. Attribute-based ring signatures.Cryptology ePrint Archive, Report2008/394. http://eprint.iacr.org/2008/394.
[78]J.Li, M. H.Au, W.Susilo, D.Xie and K.Renal.Attribute-based signatures and itsapplications∥ASIACC’102010, Beijing, China. Copyright2010ACM:978-987.
[79] J. Li and K. Kim,"Hidden attribute-based signatures without anonymityrevocation". Information Sciences: an International Journal,2010,180(8):1681-1689.
[80] S. F. Shahandashti and R. Safavi-Naini. Threshold attribute-based signatures andtheir application to anonymous credential systems∥AFRICACRPT’2009. Berlin:Springer-Verlag,2009:198-216.
[81] D. Cao, B. K. Zhao, X. F. Wang, J. S. Su, G. F. Ji. Multi-authority attribute-basedsignature. Third International Conference on Intelligent Networking andCollaborative Systems,2011, PP:668-672.
[82] D. Cao, B. Zhao, X. Wang, J. Su, and Y. Chen,"Authenticating with attributes inonline social networks,"2th International Symposium on Frontiers in UbiquitousComputing, Networking and Applications (NeoFUSION-2011) conjunction with14th International Conference on Network-Based Information Systems(NBiS-2011), Tirana, Albania, to appear,2011.
[83]张玲艳.基于属性的签名方案研究.广州,中山大学硕士学位论文,2009年.
[84] J. Baek and Y. Zheng. Identity-based threshold signature scheme from the bilinearpairings. IAS’04Track of ITCC’04. Las Vegas: IEEE Computer Society,2004:124-128.
[85] X. Chen, F. Zhang, D. M. Konidala and K. Kim. New ID-based threshold signaturescheme from bilinear pairings. INDOCRYPT2004: LNCS3348. Berlin:Springer-Verlag,2004:372-383.
[86]王斌,李建华.无可信中心的(t, n)门限签名方案.计算机学报,2003,26(11):1581-1584.
[87] X. Chen, F. Zhang, D. M. Konidala and K. Kim. New ID-based threshold signaturescheme from bilinear pairings. Progress in Cryptology–Indocrypt2004, LNCS3348, PP:371–383.
[88]郭丽峰,程相国.一个无可信中心的(t,n)门限签名方案的安全性分析.计算机学报,2006,29(11):2013-2017.
[89]王萼芳.有限群论基础.北京:清华大学出版社,2002年.
[90] A. J. Menezes, T. Okamoto and S. Vanstone. Reducing elliptic curve logarithms tologarithms in a finite field. IEEE Trans. on Inf. Theory,39:1639–1646,1993.
[91] T. Garefalakis. The generalized Weil pairing and the discrete logarithm problem onelliptic curves. Theor. Comput. Sci.,321(1):59–72,2004.
[92] G. Frey, M. Muller and H. Ruck. The Tate pairing and the discrete logarithm appliedto elliptic curve cryptosystems,1999.
[93] S. D. Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing. In Proc.of ANTSV, LNCS vol.2369, pp.324-337. Springer,2002.
[94] J. Camenisch, M. Stadler. Efficient group signature schemes for large groups.In: Crypto'97, Springer-Verlag, LNCS1294,1997, pp:410-424.
[95]王育民,刘建伟.通信网的安全―理论与技术.西安,西安电子科技大学出版社,1999.
[96] J.H.Cheon and D. H. Lee. Diffie-Hellman problems and bilinear maps. CryptologyePrint Archive, Report2002/117, http://eprint.iacr.org.
[97]孙淑玲.应用密码学.北京:清华大学出版社,2004.
[98] W. Mao. Modern Cryptography: Theory and practice, published by Prentice HallPTR,2003.
[99] A. Menezes, P. van Oorschot and S.Vanstone.Handbook of applied cryptography,pp.237-238.CRC Press,1997.
[100]X. Y. Wang. Collisions for some hash functions MD4, MD5, HAVAL-128,RIPEMD, Crypto’04,2004.
[101]Xiaoyun Wang, Hongbo Yu and Yiqun Lisa Yin. Efficient collision search attackson SHA-0, Crypto’05,2005.
[102]Xiaoyun Wang, Yiqtm Yin and Hongbo Yu.Finding collisions in the full SHA-lcollision search attacks on SHA-l, Cryoto'05,2005.
[103]X. Y. Wang, X. J. Lai etc. Cryptanalysis for hash functions MD4and RIPEMD,Eumerypto’05,2005.
[104]X. Y. Wang and Hongbo Yu. How to break MD5and Other hash functions,Eurocrypto’05,2005.
[105]S.Goldwasser and S.Micali.Probabilistic encryption and how play mental pokerkeeping secret all partial information. Proc.14thAnnual Syrup. Theory ofComputing, ACM,1982, PP:365-377.
[106]S.Goldwasser and S.Micali.Probabilistic encryption.Journal.of Computer andSysem Sciences, April,1984, Vol.28, PP:270-299.
[107]M. Bellare. Practice-oriented provable-security. Proc. Modern Cryptology inTheory and Practice. LECTURE NOTES IN COMPUTER SCIENCE1561,1999,Berlin, Heidelberg: Springer-Verlag, PP:1-15.
[108]张乐友.可证明安全公钥密码方案的设计与分析.西安:西安电子科技大学博士学位论文,2009年.
[109]朱辉.若干安全协议的研究与设计.西安:西安电子科技大学博士学位论文,2009年.
[110]Bellare M, Rogaway P. Entity authentication and key distribution. Advances inCryptography-CRYPTO’93,1994, LNCS,773, PP:232-249.
[111]Bellare M, Rogaway P. Provably secure session key distribution: the three partycases. In Proceedings of the27th ACM Symposium on the Theory ofComputing,1995, PP:57-66.
[112]Bellare M, Canetti R, Klawczyk H. A modular approach to the design and analysisof authentication and key-exchange protocols. In Proceedings of the30th AnnualSymp.on the Theory of Computing.1998, NewYork, ACM Press.
[113]Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use forbuilding secure channels.Advances in Cryptoiogy-Euroerypt’2001, LNCS2045,PP:453-474.
[114]Bresson E, Chevassut O, Pointcheval D. Provably authenticated group DH keyexchange the dynamic ease. In Proceedings of Asiacrypt’01,2001. LNCS,2248,PP:290-309.
[115]Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman keyexchange under standard assumptions. Advances in Cryptology-Euroerypt’2002Proceedings,2002. LNCS,2332, PP:321-336.
[116]Bresson E, Chevassut O, Pointchcval D, eta1. Provably authenticated group DHkey exchange. In Proceedings of ACM CCS’01,2001, PP:255-264.
[117]Canetti R. Universally composable security: a new paradigm for cryptographicprotocols.In Proceedings of the42nd IEEE Symposium on Foundations ofComputer Science(FOCS),2001, PP:136-145.
[118]Canetti R, Krawczyk H. Universally composable notions of key exchange andsecure channels. Advances in Cryptology-Eurocrypt'02Proceedings,2002,LNCS,2332, PP:337-351.
[110]M.Bellare,P.Rogaway.Random oracles are practical:A paradigm for designingefficient protocols. Proc. of the1stACM on Computer and CommunicationsSecurity. New York: ACM Press,1993, PP:62-67.
[120]V Nechaev. Complexity of a determinate algorithm for the discrete logarithms.Mathematics Notes,1994,55(2):165-172.
[121]R. Canetti, O. Goldreich, S.Halevi. The random oracle methodology, revisited.Journal of the ACM, July2004,51(4):557-594.
[122]M. Fischlin. A note on security proofs in the generic model. Advances incryptology-Asiacrypt'2000, LNCS1976, Springer-Verlag,2000, PP:458-469.
[123]T.Okamoto. Efficient blind and partially bland signatures without random oracles.TCC’2006, LECTURE NOTES IN COMPUTER SCIENCE3876, PP:80-99.
[124]Neal Koblitz and Alfred J. Menezes. Another look at “provable security”.Journalof Cryptology, January2007,45(1):3-37.
[125]杨义先,孙伟,钮心祈.现代密码新理论.北京:科学出版社,2002.
[126]Goldwasser S, Micali S, Rivest R. A digital signature scheme scure againstadaptive chosen-message attacks. SIAM Journal of Computing,1988,17(2):281-308.
[127]A. Beimel. Secure schemes for secret sharing and key distribution.PhD thesis,Israel Institute of Technology, Technion, Haifa, Israel1996.
[128]G. R. Blakley. Safeguarding cryptographic keys.Proceeding of the NationalComputer Conference,1979,48(1979):313-317.
[129]Adi Shamir. How to share a secret. Communications ACM,1979,22(11):612–613.
[130]Asmuth C, Bloom J. A modular approach to key safeguarding. IEEE Trans.Information Theory,1983,29(2):208-210.
[131]刘木兰,张志芳.密钥共享与安全多方计算.北京:电子工业出版社,2008.
[132]M. Mambo, KUsuda, E. Okamoto. Proxy signature: delegation of the power tosign messages.IEICE Trans, Fundamentals,1996, E79-A(9):1338-1353.
[133]B. Lee, H. Kim, K. Kim. Strong proxy signature and its applications. Proceedingsof the2001symposium on cryptography and information security, Oiso Japan,2001,2(2):603-608.
[134]B. Lee, H. Kim, K. Kim. Secure mobile agent using strong non-designated proxysignature. Information security and privacy (ACISP’01), Berlin, July2001,2119:474-486.
[135]刘春刚,周廷显,强蔚.一种身份基代理签名方案的研究.哈尔滨工业大学学报.2008:1052-1054.
[136]Xu J, Zhang Z F, Feng D G. ID-based proxy signature using bilinearpairings∥Proceedings of the Third International Symposiumon Parallel andDistributed Processing and Applications. Berlin, Heidelberg: Springer-Verlag,2005,PP:359-367.
[137]Wu W, Mu Y, Susilo W, et a1. Identity-based proxy signature from pairings∥Proceedings Of the4th International Conference on Autonomic and TrustedComputing. Berlin, Heidelberg: Springer-Verlag,2007:22-31.
[138]Ji H F, Han W B, Zhao L, Wang Y J. An identity-based proxy signature from bilinearpairings∥WASE International Conference on Information Engineering,2009:14-17.
[139]Chai Z C, Cao Z F, Lu R X. An efficient provable secure ID-based proxysignature Scheme based on CDH Assumption. Journal of Shanghai JiaotongUniversity (Science),2006, E-11(3):271-278.
[140]李明祥,韩伯涛等.在标准模型下安全的基于身份的代理签名方案.华南理工大学学报(自然科学版),2009,37(5):118-122.
[141]D. Boneh, X. Boyen. Efficient selective-ID secure identity based encryptionwithout random oracles, EUROCRYPT’2004, LECTURE NOTES INCOMPUTER SCIENCE3027, Springer-Verlag,2004, PP:223-238.
[142]D. Boneh, X. Boyen and E. Goh. Hierarchical identity-based encryption withconstant ciphertext. EuroCrypt’05, LECTURE NOTES IN COMPUTERSCIENCE3494, Springer-Verlag,2005, PP:445-456.
[143]Sanjit Chattterjee and Palash Sarkar. Generalization of the selectve-ID securitymodel for HIBE protocols. PKc2006, LECTURE NOTES IN COMPUTERSCIENCE3958,2006, PP:241-256.
[2] Shannon C E.Communication theory of secrecy systems.Bell System TechnicalJournal,1949,28:656-715.
[3] W. Diffie, M. Hellman. New directions in cryptography. IEEE Transactions onInformation Theory,1976,22(6):644-654.
[4] R. L. RiVest, A.Shamir, L. Adleman. A method for obtaining digital signaures andpublic key cryptosystems. Communications of the ACM, February1978,21(2):120-126.
[5] T. EIGamal. A public key cryptosystem and a signature scheme based on discretelogarithms. IEEE Transactions on Information Theory,1985,31(4):469-472.
[6] C. P. Schnorr. Efficient signature generation by smartcards. Journal of Cryptology,January1991,4(3):161-174.
[7] M. O. Rabin. Digital signatures and public-key encryptions as intractable asfactorization. Technical Report212, MIT Laboratory of Computer Science,Cambridge,1979, PP: l-16.
[8] National Institute of Standards and Technology, NIST FIPS PUB186, DigitalSignature Standard, U. S. Department of Commerce, May1994.
[9] T. Okamoto. Provably secure and practical identification schemes andcorresponding signature schemes. Advances in Cryptology-Crypto’92, LNCS740,Springer-Verlag,1992, PP:31–53.
[10]A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identificationand signature problems. Advances in Cryptology-Crypto’86, LNCS263,Springer-Verlag,1986, PP:186–194.
[11]ANSI X9.62. Public key cryptography for the financial services industry: theelliptic curve digital signature algorithm.(ECDSA),1999.
[12]D. Chaum. Blind signatures for untraceable payments. Advances In CryptologyCrypto’1982, Prenum Publishing Corporation,1982, PP:199-203.
[13]D. Chaum and E.van Heyst. Group signatures. Advances in Cryptology Eurocrypt’91, LNCS547, Springer-Verlag,1991, PP:257–265.
[14]R. L. Rivest, A. Shamir,Y. Tauman. How to leak a secret. Advances in CryptologyASIACRYPT’2001, Springer-Verlag Press,2001, LNCS2248:552-565.
[15]M. Mambo, K. Usuda and E. Okamoto. Proxy signatures for delegating signingoperation.the3rd AC-Conference on Computer and communications security(CCS’96),AC-Press, New York,1996, PP:48-57.
[16]Y. Desmedt and Y. Frankel. Shared generation of authentication and signature.Advances in Cryptology-Crypto’91, LNCS576, Springer-Verlag,1992, PP:457-469.
[17]A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: A scalable solutionto electronic cash. Financial Cryptography (FC’98), LNCS1465, Springer-Verlag,1998, PP:184-197.
[18]Z. Tan, Z. Liu and C. Tang. Digital proxy blind signature schemes based on DLPand ECDLP. MM Research Preprints, No.21,2002, MMRC, AMSS, Academia,Sinica, Beijing, PP:212–217.
[19]W. S. Juang and C. L. Lei. Blind threshold signatures based on discrete ogarithm.Proceeding of the2ndAsian Computing Science Conference, LNCS1179,Springer-Verlag,1996, PP:172-181.
[20]K. Zhang. Threshold proxy signature shcems. Information Security Workshop(ISW’97), LNCS1396, Springer-Verlag,1997:282-290.
[21]J. Li, X. Chen, T. H. Yuen, and Y. Wang. Proxy ring signature: formal definitions,efficient construction and new variant, CIS’06, LNCS4456, Springer,2007, PP:545-555.
[22]K. Amit,L. Sunder.ID-based ring signature and proxy ring signature schemes frombilinear pairings.Internal Journal of Network Security,00794(2):187-192.
[23]F. Zhang, R S Naini, C Yun. New proxy signature, proxy blind signature and proxyring signature scheme from bilinear pairings. Cryptology el'int Archive, Report2003/104, http://eprint.iacr.org/2003/104,2003.
[24]A. Shamir. Identity-based cryptosystems and signatures schemes//Proc. ofCrypto’84, LNCS196,1985, Springer, PP:47-53.
[25]K. Ohta and E. Okamoto. Practical extension of Fiat-Shamir scheme. ElectronicsLetters,1988,24(15):955-956.
[26]L. Guillou and J. Quisquater. A paradoxical identity-based signature schemeresulting from zero-knowledge. Advances in Cryptology-Crypto’88, LNCS403,Springer-Verlag,1988, PP:216-231.
[27]C. Laih, J. Lee, L. Harn and Chen. A new scheme for ID-based cryptosystem andsignature. Proceedings of the Eighth Annual Joint Conference of the IEEEComputer and Communications Societies,1989, PP:998-1002.
[28]C. Chang and C. Lin. An ID-based signature scheme based upon Rabin’s public keycryptosystem. Proceedings of the25th Annual IEEE International CarnahanConference on Security Technology,1991, PP:139–141.
[29]G. Agnem, R. Mullin and S. Vanstone. Improved digital signature scheme based ondiscrete exponentiation. Electronics Letters,1990,26(14):1024–1025.
[30]L. Harn and S. Yang. ID-based cryptographic schemes for user identification,digital signature, and key distribution. IEEE Journal on selected areas incommunications,1993,11(5):757–760.
[31]T. Nishioka, G. Hanaoka and H. Imai. A new digital signature scheme on ID-basedkey-sharing infrastructures. Information Security:2nd International Workshop(ISW’99), LNCS1729, Springer-Verlag,1999, PP:259–270.
[32]Y. Desmedt and J. Quisquater. Public-key systems based on the difficulty oftampering. Advances in Cryptology-Crypto’86, LNCS263, Springer-Verlag,1986,PP:111–117.
[33]H. Tanaka. A realization scheme for the identity-based cryptosystem. Advances inCryptology-Crypto’87, LNCS293, Springer-Verlag,1987, PP:341–349.
[34]S. Tsuji and T. Itoh. An ID-based cryptosystem based on the discrete logarithmproblem. IEEE Journal on Selected Areas in Communication,1989,7(4):467-473.
[35]U. Maurer and Y. Yacobi. Non-interactive public-key cryptography. Advances inCryptology-Crypto’91, LNCS547, Springer-Verlag,1991, PP:498-507.
[36]D. Huhnlein, M. Jacobson and D. Weber. Towards practical non-interactive publickeycryptosystems using non-maximal imaginary quadratic orders. Selected Areas inCryptography, LNCS2012, Springer-Verlag,2000, PP:275–287.
[37]D. Boneh and M. Franklin. Identity based encryption from the Weil pairing.Advances in Cryptology-Crypto’01, LNCS2139, Springer-Verlag,2001, PP:213-229.
[38]A. Joux. A one round protocol for tripartite Diffie-Hellman. Algorithmic NumberTheory Symposium, ANTS-IV, LNCS1838, Springer-Verlag,2000, PP:385-394.
[39]C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. Advances inCryptology-Asiacrypt’02, LNCS2501, Springer-Verlag,2002, PP:548-566.
[40]B. Lynn. Authenticated identity-based encryption. Cryptology ePrint Archive,Report2002/072, http://eprint.iacr.org.
[41]Canetti, S. Halevi and J. Katz. A forward-secure public-key encryption scheme.Advances in Cryptology-Eurocrypt’03, LNCS2656, Springer-Verlag,2003, PP:255-271.
[42]D. Boneh and X. Boyen. Efficient selective-ID secure identity based encryptionwithout random oracles.Advances in Cryptology-Eurocrypt’04, LNCS3027,Springer-Verlag,2004, PP:223-238.
[43]D. Boneh and X. Boyen. Secure identity based encryption without random oracles.Advances in Cryptology-Crypto’04, LNCS3152, Springer-Verlag,2004, PP:443-459.
[44]S. H. Heng and K. Kurosawa.K-resilient identity-based encryption in thestandard model. Topics in Cryptology-CT-RSA2004, LNCS2964, Springer-Verlag,2004, PP:67–80.
[45]B. R. Waters. Efficient identity-based encryption without random oraclesCryptology ePrint Archive, Report2004/180, http://eprint.iacr.org.
[46]D. Boneh, G. D. Crescenzo, R. Ostrovsky and G. Persiano. Public key encryptionwith keyword search. Advances in Cryptology-Eurocrypt’04, LNCS3027,Springer-Verlag,2004, PP:506-522.
[47]R. Sakai, K. Ohgishi and M. Kasahara. Cryptosystems based on pairing.2000Symposium on Cryptography and Information Security (SCIS2000), Okinawa,Japan,2000, PP:26–28.
[48]K. G. Paterson. ID-based signatures from pairings on elliptic curves. ElectronicsLetters,2002,38(18):1025–1026.
[49]F. Hess. Efficient identity based signature schemes based on pairings. SelectedAreas in Cryptography-SAC2002, LNCS2595, Springer-Verlag,2003, PP:310-324.
[50]J. C. Cha and J. H. Cheon. An identity-based signature from gap Diffie-Hellmangroups. Practice and Theory in Public Key Cryptography-PKC2003, LNCS2567,Springer-Verlag,2003, PP:18–30.
[51]X. Yi. An identity-based signature scheme from the Weil pairing. IEEECommunications Letters,2003,7(2):76–78.
[52]P. S. L. M. Barreto, B. Libert, N. McCullagh and J. Quisquater. Efficient andprovably-secure identity-based signatures and signcryption from bilinear maps.Advances in Cryptology-Asiacrypt’05, LNCS3788, Springer-Verlag,2005, PP:515-532.
[53]Ch X, Liu J M, Wang X M. An identity-based signature and its threshold version.AINA2005, Taipei,2005.
[54]Chen X F, Zhang F G. New ID-based threshold signature scheme from bilinearpairings. IN DOCRYPT2004, LNCS3348, Madras, India Bar-Iin,2004.
[55]D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Asiacrypt’01, Gold Coast, Australia, Dec.2001, PP:514-532.
[56]D. Pointcheval and J. Stern. Security arguments for digital signatures and blindsignatures. J Cryptology,13(3),2000, PP:361-396.
[57]V. Goyal, O. Pandey, A. Sahai and B. Waters. Attribute-based encryption forfine-grained access control of encrypted data.∥In ACM CCS’06, New York, ACMPress,2006:89–98.
[58]A. Sahai, B. Waters. Fuzzy identity-based encryption.∥Advances in Cryptology, InEurocrypt2005, LNCS3494, pp.457-473, Springer-Verlag,2005:457-473.
[59]J. Baek, W. Susilo, J. Zhou. New Constructions of fuzzy identity-based eneryption.Proceedings of the2ndACM symposium on Information, computer andcommunications security, Singapore,2007,368-370.
[60]P. Yang, Z. Cao and X. Dong. Fuzzy identity based signature. Cryptology ePrintArchive, Report2008/002. http://eprint.iacr.org/2008/002.
[61]R. Ostrovsky, A. Sahai, B. Waters. Attribute based Encryption with non-monotonicaccess structures. Procedings of the14m ACM conference on Computer andCommunicardons Security, Alexandria. Virginia, USA2007,195-203.
[62]J. Bethencourt, A. Sahai, B. Waters. Ciphertext-policy attribute-based Encryption.IEEE Symposium on Security and Privacy,2007,321-334.
[63]D. Lubicz. T. Sirvent. Attribute-based broadcast encryption scheme made efficient.Lecture Notes in Computer Science of Progress in Cryptology-AFRICA CRYPT2008. Springer, Heidelberg,2008, LNCS,5023:325-342.
[64]J.Li, K. Ren, K. Kim. Accountable attribute-based encryption for abuse free accesscontrol. Cryptology eprint Archive, Report2009/118, http://ewint. iacr.org/2009/118,2009.
[65]Q. Tang, D. Ji. Verifiable attribute-based encryption. Cryptology ePrint Archive,Report2007/46l. http://eprint.iacr.org/2007/461,2007.
[66]V. Goyal, A. Jain, O. Pandey, A. Sahai. Bounded ciphertext policy attribute basedencryption. Lecture Notes in Computer Science, Swinger Berlin, Heidelberg,2008,5126, PP:579-591.
[67]M. Pirretti, P. Traynor, P. McDaniel, B. Waters. Secure atrribute-based Systems.13thACM conference on Computer and communications security, Alexandria Virginia,USA,2006, PP:99-112.
[68]M. Chase. Multi-authority attribute based encryption.//In S. P. Vadhan, editor, ofLecture Notes in Computer Science TCC. Springer,2007,515–534.
[69]M. Chase and S. S. M. Chow. Improving privacy and security in multi-authorityattribute-based encryption.In CCS'09,2009,PP:121-130.
[70]Lin Hua, Cao Zhengfu, Liang Xiaohui, et al. Secure threshold multi authorityattribute based encryption without a central authority. Information Sciences,2010,180, PP:2618–2632.
[71]R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Robust threshold dss signatures,Inform. Comput.2001,164(1):54–84.
[72]R. Gennaro, S. Jarecki, H. Krawczyk, et al. Secure distributed key generation fordiscrete-log based cryptosystems. Cryptol.2007,20(1):51–83.
[73]H. Maji, M. Prabhakaran and M. Rosulek. Attribute-based signatures: achievingattribute-privacy and collusion-resistance.∥Cryptology ePrint Archive, Report2008/328. http://eprint.iacr.org/2007/328.
[74]S. Guo, Y. Zeng. Attribute-based signature scheme.∥Conference of InformationSecurity and Assurance (ISA2008), Xi’an: Xi’an Electronic Science&TechnologyUniversity Press.2008:509-511.
[75]D. Khader. Attribute based group signatures. Cryptology ePrint Archive, Report2007/159. http://eprint.iacr.org/2007/159.
[76]D. Khader. Attribute based group signature scheme. Cryptology ePrint Archive,Report2007/159,2007. http://eprint.iacr.org/.
[77]J. Li and K. Kim. Attribute-based ring signatures.Cryptology ePrint Archive, Report2008/394. http://eprint.iacr.org/2008/394.
[78]J.Li, M. H.Au, W.Susilo, D.Xie and K.Renal.Attribute-based signatures and itsapplications∥ASIACC’102010, Beijing, China. Copyright2010ACM:978-987.
[79] J. Li and K. Kim,"Hidden attribute-based signatures without anonymityrevocation". Information Sciences: an International Journal,2010,180(8):1681-1689.
[80] S. F. Shahandashti and R. Safavi-Naini. Threshold attribute-based signatures andtheir application to anonymous credential systems∥AFRICACRPT’2009. Berlin:Springer-Verlag,2009:198-216.
[81] D. Cao, B. K. Zhao, X. F. Wang, J. S. Su, G. F. Ji. Multi-authority attribute-basedsignature. Third International Conference on Intelligent Networking andCollaborative Systems,2011, PP:668-672.
[82] D. Cao, B. Zhao, X. Wang, J. Su, and Y. Chen,"Authenticating with attributes inonline social networks,"2th International Symposium on Frontiers in UbiquitousComputing, Networking and Applications (NeoFUSION-2011) conjunction with14th International Conference on Network-Based Information Systems(NBiS-2011), Tirana, Albania, to appear,2011.
[83]张玲艳.基于属性的签名方案研究.广州,中山大学硕士学位论文,2009年.
[84] J. Baek and Y. Zheng. Identity-based threshold signature scheme from the bilinearpairings. IAS’04Track of ITCC’04. Las Vegas: IEEE Computer Society,2004:124-128.
[85] X. Chen, F. Zhang, D. M. Konidala and K. Kim. New ID-based threshold signaturescheme from bilinear pairings. INDOCRYPT2004: LNCS3348. Berlin:Springer-Verlag,2004:372-383.
[86]王斌,李建华.无可信中心的(t, n)门限签名方案.计算机学报,2003,26(11):1581-1584.
[87] X. Chen, F. Zhang, D. M. Konidala and K. Kim. New ID-based threshold signaturescheme from bilinear pairings. Progress in Cryptology–Indocrypt2004, LNCS3348, PP:371–383.
[88]郭丽峰,程相国.一个无可信中心的(t,n)门限签名方案的安全性分析.计算机学报,2006,29(11):2013-2017.
[89]王萼芳.有限群论基础.北京:清华大学出版社,2002年.
[90] A. J. Menezes, T. Okamoto and S. Vanstone. Reducing elliptic curve logarithms tologarithms in a finite field. IEEE Trans. on Inf. Theory,39:1639–1646,1993.
[91] T. Garefalakis. The generalized Weil pairing and the discrete logarithm problem onelliptic curves. Theor. Comput. Sci.,321(1):59–72,2004.
[92] G. Frey, M. Muller and H. Ruck. The Tate pairing and the discrete logarithm appliedto elliptic curve cryptosystems,1999.
[93] S. D. Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing. In Proc.of ANTSV, LNCS vol.2369, pp.324-337. Springer,2002.
[94] J. Camenisch, M. Stadler. Efficient group signature schemes for large groups.In: Crypto'97, Springer-Verlag, LNCS1294,1997, pp:410-424.
[95]王育民,刘建伟.通信网的安全―理论与技术.西安,西安电子科技大学出版社,1999.
[96] J.H.Cheon and D. H. Lee. Diffie-Hellman problems and bilinear maps. CryptologyePrint Archive, Report2002/117, http://eprint.iacr.org.
[97]孙淑玲.应用密码学.北京:清华大学出版社,2004.
[98] W. Mao. Modern Cryptography: Theory and practice, published by Prentice HallPTR,2003.
[99] A. Menezes, P. van Oorschot and S.Vanstone.Handbook of applied cryptography,pp.237-238.CRC Press,1997.
[100]X. Y. Wang. Collisions for some hash functions MD4, MD5, HAVAL-128,RIPEMD, Crypto’04,2004.
[101]Xiaoyun Wang, Hongbo Yu and Yiqun Lisa Yin. Efficient collision search attackson SHA-0, Crypto’05,2005.
[102]Xiaoyun Wang, Yiqtm Yin and Hongbo Yu.Finding collisions in the full SHA-lcollision search attacks on SHA-l, Cryoto'05,2005.
[103]X. Y. Wang, X. J. Lai etc. Cryptanalysis for hash functions MD4and RIPEMD,Eumerypto’05,2005.
[104]X. Y. Wang and Hongbo Yu. How to break MD5and Other hash functions,Eurocrypto’05,2005.
[105]S.Goldwasser and S.Micali.Probabilistic encryption and how play mental pokerkeeping secret all partial information. Proc.14thAnnual Syrup. Theory ofComputing, ACM,1982, PP:365-377.
[106]S.Goldwasser and S.Micali.Probabilistic encryption.Journal.of Computer andSysem Sciences, April,1984, Vol.28, PP:270-299.
[107]M. Bellare. Practice-oriented provable-security. Proc. Modern Cryptology inTheory and Practice. LECTURE NOTES IN COMPUTER SCIENCE1561,1999,Berlin, Heidelberg: Springer-Verlag, PP:1-15.
[108]张乐友.可证明安全公钥密码方案的设计与分析.西安:西安电子科技大学博士学位论文,2009年.
[109]朱辉.若干安全协议的研究与设计.西安:西安电子科技大学博士学位论文,2009年.
[110]Bellare M, Rogaway P. Entity authentication and key distribution. Advances inCryptography-CRYPTO’93,1994, LNCS,773, PP:232-249.
[111]Bellare M, Rogaway P. Provably secure session key distribution: the three partycases. In Proceedings of the27th ACM Symposium on the Theory ofComputing,1995, PP:57-66.
[112]Bellare M, Canetti R, Klawczyk H. A modular approach to the design and analysisof authentication and key-exchange protocols. In Proceedings of the30th AnnualSymp.on the Theory of Computing.1998, NewYork, ACM Press.
[113]Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use forbuilding secure channels.Advances in Cryptoiogy-Euroerypt’2001, LNCS2045,PP:453-474.
[114]Bresson E, Chevassut O, Pointcheval D. Provably authenticated group DH keyexchange the dynamic ease. In Proceedings of Asiacrypt’01,2001. LNCS,2248,PP:290-309.
[115]Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman keyexchange under standard assumptions. Advances in Cryptology-Euroerypt’2002Proceedings,2002. LNCS,2332, PP:321-336.
[116]Bresson E, Chevassut O, Pointchcval D, eta1. Provably authenticated group DHkey exchange. In Proceedings of ACM CCS’01,2001, PP:255-264.
[117]Canetti R. Universally composable security: a new paradigm for cryptographicprotocols.In Proceedings of the42nd IEEE Symposium on Foundations ofComputer Science(FOCS),2001, PP:136-145.
[118]Canetti R, Krawczyk H. Universally composable notions of key exchange andsecure channels. Advances in Cryptology-Eurocrypt'02Proceedings,2002,LNCS,2332, PP:337-351.
[110]M.Bellare,P.Rogaway.Random oracles are practical:A paradigm for designingefficient protocols. Proc. of the1stACM on Computer and CommunicationsSecurity. New York: ACM Press,1993, PP:62-67.
[120]V Nechaev. Complexity of a determinate algorithm for the discrete logarithms.Mathematics Notes,1994,55(2):165-172.
[121]R. Canetti, O. Goldreich, S.Halevi. The random oracle methodology, revisited.Journal of the ACM, July2004,51(4):557-594.
[122]M. Fischlin. A note on security proofs in the generic model. Advances incryptology-Asiacrypt'2000, LNCS1976, Springer-Verlag,2000, PP:458-469.
[123]T.Okamoto. Efficient blind and partially bland signatures without random oracles.TCC’2006, LECTURE NOTES IN COMPUTER SCIENCE3876, PP:80-99.
[124]Neal Koblitz and Alfred J. Menezes. Another look at “provable security”.Journalof Cryptology, January2007,45(1):3-37.
[125]杨义先,孙伟,钮心祈.现代密码新理论.北京:科学出版社,2002.
[126]Goldwasser S, Micali S, Rivest R. A digital signature scheme scure againstadaptive chosen-message attacks. SIAM Journal of Computing,1988,17(2):281-308.
[127]A. Beimel. Secure schemes for secret sharing and key distribution.PhD thesis,Israel Institute of Technology, Technion, Haifa, Israel1996.
[128]G. R. Blakley. Safeguarding cryptographic keys.Proceeding of the NationalComputer Conference,1979,48(1979):313-317.
[129]Adi Shamir. How to share a secret. Communications ACM,1979,22(11):612–613.
[130]Asmuth C, Bloom J. A modular approach to key safeguarding. IEEE Trans.Information Theory,1983,29(2):208-210.
[131]刘木兰,张志芳.密钥共享与安全多方计算.北京:电子工业出版社,2008.
[132]M. Mambo, KUsuda, E. Okamoto. Proxy signature: delegation of the power tosign messages.IEICE Trans, Fundamentals,1996, E79-A(9):1338-1353.
[133]B. Lee, H. Kim, K. Kim. Strong proxy signature and its applications. Proceedingsof the2001symposium on cryptography and information security, Oiso Japan,2001,2(2):603-608.
[134]B. Lee, H. Kim, K. Kim. Secure mobile agent using strong non-designated proxysignature. Information security and privacy (ACISP’01), Berlin, July2001,2119:474-486.
[135]刘春刚,周廷显,强蔚.一种身份基代理签名方案的研究.哈尔滨工业大学学报.2008:1052-1054.
[136]Xu J, Zhang Z F, Feng D G. ID-based proxy signature using bilinearpairings∥Proceedings of the Third International Symposiumon Parallel andDistributed Processing and Applications. Berlin, Heidelberg: Springer-Verlag,2005,PP:359-367.
[137]Wu W, Mu Y, Susilo W, et a1. Identity-based proxy signature from pairings∥Proceedings Of the4th International Conference on Autonomic and TrustedComputing. Berlin, Heidelberg: Springer-Verlag,2007:22-31.
[138]Ji H F, Han W B, Zhao L, Wang Y J. An identity-based proxy signature from bilinearpairings∥WASE International Conference on Information Engineering,2009:14-17.
[139]Chai Z C, Cao Z F, Lu R X. An efficient provable secure ID-based proxysignature Scheme based on CDH Assumption. Journal of Shanghai JiaotongUniversity (Science),2006, E-11(3):271-278.
[140]李明祥,韩伯涛等.在标准模型下安全的基于身份的代理签名方案.华南理工大学学报(自然科学版),2009,37(5):118-122.
[141]D. Boneh, X. Boyen. Efficient selective-ID secure identity based encryptionwithout random oracles, EUROCRYPT’2004, LECTURE NOTES INCOMPUTER SCIENCE3027, Springer-Verlag,2004, PP:223-238.
[142]D. Boneh, X. Boyen and E. Goh. Hierarchical identity-based encryption withconstant ciphertext. EuroCrypt’05, LECTURE NOTES IN COMPUTERSCIENCE3494, Springer-Verlag,2005, PP:445-456.
[143]Sanjit Chattterjee and Palash Sarkar. Generalization of the selectve-ID securitymodel for HIBE protocols. PKc2006, LECTURE NOTES IN COMPUTERSCIENCE3958,2006, PP:241-256.