无证书多重签名与无证书盲签名研究
|
摘要
无证书公钥密码学是由Al-Reyami和Paterson在2003年亚洲密码学会议上首次提出的.该体制是介于传统的基于证书公钥密码体制和基于身份公钥密码体制之间的一种新的密码体制.它不同于传统的基于证书公钥体制,不再需要证书来认证用户的公钥,从而克服了证书管理问题;也不同于基于身份的公钥密码体制,该体制只需要一个半可信的第三方,从而不存在密钥托管问题.
多重签名是由Itakura等在1983年首次提出的.多重签名是指多个签名者合作产生对同一个消息的签名,而验证者可以验证这些签名者确实参与了对该消息的签名.多重签名具有总体签名长度短及验证代价小等优点.
盲签名的概念是1982年Chaum在美洲密码年会Crypto’82上引入的,这种签名使得用户可以在签名者不知道待签消息和最终签名的情况下获得签名者的有效签名.盲签名在电子投票,电子现金系统中有着广泛的应用.
本文结合无证书签名及多重签名、盲签名的概念,提出无证书多重签名、无证书盲签名的新概念,给出相应的正式定义及安全要求,提出具体的无证书多重签名方案及无证书盲签名方案.在随机预言机模型下,对提出的方案进行了安全性分析.
Certificateless public key cryptology is firstly proposed by Al-Rayami and Paterson in Asiacrypt 2003, which is a new paradigm between traditional certificate-based public key cryptology and identity-based public key cryptology. Contrary to traditional certificate-based cryptosystem, the new paradigm does not need certificate to ensure the authentication of user’s public key, so it overcomes the problem of certificate management; Different to identity-based cryptosystem, the new paradigm only needs a semi-trusted third party, so it does not exist the problem of inherent key escrow.
Multisignature is introduced by Irakura et. in 1983. Multisignature allows multi- signers to cooperate to generate one signature for some message, and any one can verify the signature. It can decrease the total length of signatures and the cost of verification.
Blind signature is proposed by Chaum in Crypto 1982. The signature scheme can make user obtain a valid signature without knowing the signed message and the final signature. It has been widely used in electronic voting and electronic cash system.
Combining the concept of certificateless signature with multisignatue and blind signature, this paper proposes the new concepts of certificateless multisignature and blind signature, gives the according formal definition and security requirements, then constructs the concrete certificateless multisignature scheme and certificateless blind signature scheme. Finally under the random oracle model, the paper analyzes the security of the proposed schemes.
多重签名是由Itakura等在1983年首次提出的.多重签名是指多个签名者合作产生对同一个消息的签名,而验证者可以验证这些签名者确实参与了对该消息的签名.多重签名具有总体签名长度短及验证代价小等优点.
盲签名的概念是1982年Chaum在美洲密码年会Crypto’82上引入的,这种签名使得用户可以在签名者不知道待签消息和最终签名的情况下获得签名者的有效签名.盲签名在电子投票,电子现金系统中有着广泛的应用.
本文结合无证书签名及多重签名、盲签名的概念,提出无证书多重签名、无证书盲签名的新概念,给出相应的正式定义及安全要求,提出具体的无证书多重签名方案及无证书盲签名方案.在随机预言机模型下,对提出的方案进行了安全性分析.
Certificateless public key cryptology is firstly proposed by Al-Rayami and Paterson in Asiacrypt 2003, which is a new paradigm between traditional certificate-based public key cryptology and identity-based public key cryptology. Contrary to traditional certificate-based cryptosystem, the new paradigm does not need certificate to ensure the authentication of user’s public key, so it overcomes the problem of certificate management; Different to identity-based cryptosystem, the new paradigm only needs a semi-trusted third party, so it does not exist the problem of inherent key escrow.
Multisignature is introduced by Irakura et. in 1983. Multisignature allows multi- signers to cooperate to generate one signature for some message, and any one can verify the signature. It can decrease the total length of signatures and the cost of verification.
Blind signature is proposed by Chaum in Crypto 1982. The signature scheme can make user obtain a valid signature without knowing the signed message and the final signature. It has been widely used in electronic voting and electronic cash system.
Combining the concept of certificateless signature with multisignatue and blind signature, this paper proposes the new concepts of certificateless multisignature and blind signature, gives the according formal definition and security requirements, then constructs the concrete certificateless multisignature scheme and certificateless blind signature scheme. Finally under the random oracle model, the paper analyzes the security of the proposed schemes.
引文
[1] Di e W, Hellman M. Multiuser cryptographic techniques[A]. Advances in proceeding of AFISP National Computer Conference (1976 NCC), Vol 45[C]. New York: AFISP press, 1976: 109-112.
[2] Diffie W, Hellman M. New directions in cryptography[J]. IEEE Transactions on Infromation Theory, 1976, IT-22(6): 644-654.
[3] Gi lt M. Self-certified public keys [A]. Adavances in proceeding of Eurocypt 1991, Lecture Notes of Computer Science: Vol 547[C]. Berlin: Springer-Verlag, 1992: 490-497.
[4] Shamir A. Identity-based cryptosystems and signature schemes [A]. Advances in Cryptology proceeding of Crypto 1984, Lecture Notes of Computer Science: Vol 196[C]. Berlin: Springer-Verlag, 1984: 47-53.
[5] Al-Riyami S, Paterson K. Certificateless public key cryptography [A]. Advances in Cryptology proceeding of Asiacrypt 2003, Lecture Notes of Computer Science: Vol 2894[C]. Berlin: Springer-Verlag, 2003 : 452-473.
[6] Huang X, Susilo W, Mu Y, and Zhang F. On the security of certificateless signature schemes from Asiacrypt 2003[A]. Advances in CANS 2005, Lecture Notes of Computer Science: Vol 3810[C]. Berlin: Springer-Verlag, 2005: 13-25.
[7] Yum D, Lee P. Generic construction of certificateless signature [A]. Advances in ACISP 2004, Lecture Notes of Computer Science: Vol 3108[C]. Berlin: Springer-Verlag, 2004: 200-211.
[8] Hu , Wong D, Zhang Z and Deng X. Key replacement attack against a generic construction of certificateless signature[A]. Advances in ACISP 2006, Lecture Notes of Computer Science: Vol 4058[C]. Berlin: Springer-Verlag, 2006: 235-246.
[9] Go ntla M, Saxena A. An efficient Certificateless signature scheme[A]. Advances in Computational Intelligence and Security 2005, Part II, Lecture Notes in Artificial Intelligence: Vol 3802[C]. Berlin: Springer-Verlag, 2005: 110-116. 0] Cao X, Paterson K and Kou W. An attack on a certificateless signature scheme[OL]. Http://eprint.iacr.org/2006/367. ffirauBra[1
[11] Yap W, Heng S and Goi B. An efficient certificateless signature scheme[A]. Advances in proceeding of EUC Workshops 2006, Lecture Notes of Computer Science: Vol 4097[C]. Berlin: Springer-Verlag, 2006: 322-331. re scheme[A]. Advances in proceeding of PKC 2003, Lecture Notes of Computer Science: Vol 2567[C]. Berlin: Springer-Verlag, 2003: 31-46. e scheme from bilinear pairings[OL]. Http://eprint.iacr.org/2007/250. Lecture Notes of Computer Science: Vol 4521[C]. Berlin: Springer-Verlag, 2007: 443-458. Intelligence: Vol 3802[C]. Berlin: Springer-Verlag, 2005: 104-109. roup inside signature [A]. Advances in ISADS 2005, Vol 4, 178(3):
[22] Li X, Chen K and Sun L. Certificateless signature and proxy signature schemes from bilinear
[23] Huang X, Susilo W, Mu Y and Zhang F. Certificateless designated verifier signature schemes[A].
[12] Park J. An attack on the certificateless signature scheme from EUC Workshops 2006[OL]. Http://eprint.iacr.org/442.
[13] Boldyreva A. Threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signatu
[14] Du H, and Wen Q. Efficient and provably-secure certificateless short signatur
[15] Choi K, Park J, Hwang J and Lee D. Efficient certificateless signature schemes[A]. Advances in proceeding of ACNS 2007,
[16] Wang L, Cao Z, Li X and Qian H. Certificateless Threshold Signature Schemes [A]. Advances in CIS 2005, Lecture Notes in Artificial
[17] Chow S, Yap W. Certificateless ring signature[OL]. Http://eprint.iacr.org/2007/036.
[18] Ma C, Ao F and He D. Certificateless GIssue 8[C]. New York: IEEE Computer Society, 2005: 194-200.
[19] Duan S, Cao Z. Certificateless undeniable signature scheme[J]. Information Sciences, 2007, 742-755.
[20] Castro R, Dahab R. Efficient certificateless signatures suitable for aggregation[OL]. Http://eprint.iacr.org/454.
[21] Chow S, Boyd C and Nieto J. Security-mediated certificateless cryptography[A]. Advances in PKC 2006, Lecture Notes of Computer Science: Vol 3958[C]. Berlin: Springer-Verlag, 2006, 508-524. pairings [J]. Lithuanian Mathematical Journal, 2005, 45(1): 76-83.Advances in proceeding of AINA 2006, Vol 2[C]. New York: IEEE Computer, 2006:15-19.
[24] Research & Development, 1983, Itakura K, Nakamura K. A public-key cryptosystem suitable for digital multisignatures [J]. NEC 71: 1-8. Communications, 1996, 19 (9/10): 851-856.
[27] 李子臣. ElGamal多重数字签名方案[J]. 北京邮电大学学报, 1999 , 22 (2): 30-34. up multisignatures[A]. Advances in Eighth ACM Conference on Computer and Communications Security (CCS) 2001[C]. New York: ACM H. Short signatures from the Weil pairing [A]. Advances in Proceeding of Asiacrypt 2001, Lecture Notes of Computer Science: Vol 2248[C]. Berlin: rovsky R, Sahai A, Shacham H and Waters B. Sequential aggregate signatures and multisignatures without random oracles[A]. Advances in proceeding of Eurocrypt 2006, Lecture [C]. Berlin: Springer-Verlag, , Shimbo A and Kawamura S. Formal security model of multisignatures [A]. stributed Systems (TPDS) 2007, Vol 18, Issue 4[C]. New York: IEEE Computer, 2007: 562-575. e from the gap Diffie-Hellman
[25] Wu T, Chou S, Wu T. Two-based multisignature protocols for sequential and broadcasting architecture[J]. Computer
[26] Harn L. New digital signature scheme based on discrete logarithm[J]. Electronics Letters. 1994, 30(5): 396-398.
[28] Micali S, Ohta K and Reyzin L. Accountable-subgroPress, 2001: 245-254.
[29] Boneh D, Lynn B and ShachamSpringer-Verlag, 2001: 514-532.
[30] Lu S, OstNotes of Computer Science: Vol 4004[C]. Berlin: Springer -Verlag, 2006: 465-485.
[31] Waters B. Efficient identity-based encryption without random oracles [A]. Advances in Proceeding of Eurocrypt 2005, Lecture Notes of Computer Science: Vol 34942005: 114-127.
[32] Komano Y, Ohta KAdvances in ISC 2006, Lecture Notes of Computer Science: Vol 4176[C]. Berlin: Springer-Verlag, 2006: 146-160.
[33] Van der Merwe J, Dawoud D, McDonald S. A fully distributed proactively secure threshold-multisignature scheme[A]. Advances in proceeding of Transactions on Parallel and Di
[34] Lin C, Wu T and Zhang F.A structured multisignature schemgroup[OL]. Http://eprint.iacr.org/2003/090.
[35] Laih C, Yen S, Multisignature for specified group of verifiers[J]. Journal of Information Science nd Engeering, 1996, 12 (1):143-152. proxy multi-signature scheme from bilinear pairings[J]. blind multisignature from Signatures for untraceable payments[A]. Advances in Proceeding of Crypto 1982, 199-203. r-Verlag, 2003: 515-323. Laguillaumie F. Blind ring signatures secure under the chosen-target-CDH , Wang G and Li F. One-Round ID-Based Blind Signature Scheme without ROS ) 2006[C]. New York: IEEE Computer Society, 2006: 998-1003. a
[36] Gu C, Pan H and Zhu Y. A new ID-basedWuhan University Journal of Natural Sciences, 2006, 11(1): 193-197.
[37] Chen X, Zhang F and Kim K. ID-Based multi-proxy signature andbilinear pairings[A]. Advances in proceeding of KIISC 2003, Korea, 2003: 11-19.
[38] Chaum D. Blind Plenum Press,1983:
[39] Zhang F and Kim K. Efficient ID-based blind signature and proxy signature from bilinear pairings[A]. Advances in proceeding of ACISP 2003, Lecture Notes of Computer Science: Vol 2727[C]. Berlin: Springe
[40] Huang Z, Chen K and Wang Y. Efficient identity-based signatures and blind signatures[A]. Advances in proceeding of CANS 2005, Lecture Notes of Computer Science: Vol 3810[C]. Berlin: Springer-Verlag, 2005: 120-133.
[41] Okamoto T. Efficient Blind and Partially Blind Signatures Without Random Oracles[A]. Advances in proceeding of TCC 2006, Lecture Notes of Computer Science: Vol 3876[C]. Berlin: Springer-Verlag, 2006: 80-99.
[42] Han S and Chang E. A Pairing-based blind signature scheme with message Rrecovery[J]. International Journal of Information Technoligy, 2005, 2(4): 187-192.
[43] Herranz J and assumption[A]. Advances in proceeding of ISC 2006, Lecture Notes of Computer Science: Vol 4176[C]. Berlin: Springer-Verlag, 2006: 117-130.
[44] Gao W, Wang XAssumption[OL]. Http://eprint.iacr.org/2007/007.
[45] Zhong J, He D. A New Type of Group Blind Signature Scheme Based on Bilinear Pairings[OL]. Http://eprint.iacr.org/2006/439.
[46] Kim Y, Chang J. Provably secure proxy blind signature scheme[A]. Advances in IEEE International Symposium on Multimedia (ISM-44-
[47] Zhou H. R. Concurrent blind signatures without random oracles[A]. Advances in proceeding of SCN 2006, Lecture Notes of Computer Science: Vol 4116[C]. Berlin: Springer-Verlag, 2006: rentice Hall, 2003. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures[J]. Journal of sed signature from gap Diffie-Hellman groups[A]. Advances in 49-62.
[48] Mao W. Mordern cryptography: theory and practice[M]. New Jersey: P
[49] Oded Goldreich. 密码学基础[M]. 北京:电子工业出版社,2003,104-105.
[50] Cryptology, 2000, 13(3): 361-369.
[51] J.Cha and J.Cheon, An identity-baproceeding of PKC 2003, Lecture Notes of Computer Science: Vol 2567[C]. Berlin: Springer-Verlag, 2003: 18-30.
[2] Diffie W, Hellman M. New directions in cryptography[J]. IEEE Transactions on Infromation Theory, 1976, IT-22(6): 644-654.
[3] Gi lt M. Self-certified public keys [A]. Adavances in proceeding of Eurocypt 1991, Lecture Notes of Computer Science: Vol 547[C]. Berlin: Springer-Verlag, 1992: 490-497.
[4] Shamir A. Identity-based cryptosystems and signature schemes [A]. Advances in Cryptology proceeding of Crypto 1984, Lecture Notes of Computer Science: Vol 196[C]. Berlin: Springer-Verlag, 1984: 47-53.
[5] Al-Riyami S, Paterson K. Certificateless public key cryptography [A]. Advances in Cryptology proceeding of Asiacrypt 2003, Lecture Notes of Computer Science: Vol 2894[C]. Berlin: Springer-Verlag, 2003 : 452-473.
[6] Huang X, Susilo W, Mu Y, and Zhang F. On the security of certificateless signature schemes from Asiacrypt 2003[A]. Advances in CANS 2005, Lecture Notes of Computer Science: Vol 3810[C]. Berlin: Springer-Verlag, 2005: 13-25.
[7] Yum D, Lee P. Generic construction of certificateless signature [A]. Advances in ACISP 2004, Lecture Notes of Computer Science: Vol 3108[C]. Berlin: Springer-Verlag, 2004: 200-211.
[8] Hu , Wong D, Zhang Z and Deng X. Key replacement attack against a generic construction of certificateless signature[A]. Advances in ACISP 2006, Lecture Notes of Computer Science: Vol 4058[C]. Berlin: Springer-Verlag, 2006: 235-246.
[9] Go ntla M, Saxena A. An efficient Certificateless signature scheme[A]. Advances in Computational Intelligence and Security 2005, Part II, Lecture Notes in Artificial Intelligence: Vol 3802[C]. Berlin: Springer-Verlag, 2005: 110-116. 0] Cao X, Paterson K and Kou W. An attack on a certificateless signature scheme[OL]. Http://eprint.iacr.org/2006/367. ffirauBra[1
[11] Yap W, Heng S and Goi B. An efficient certificateless signature scheme[A]. Advances in proceeding of EUC Workshops 2006, Lecture Notes of Computer Science: Vol 4097[C]. Berlin: Springer-Verlag, 2006: 322-331. re scheme[A]. Advances in proceeding of PKC 2003, Lecture Notes of Computer Science: Vol 2567[C]. Berlin: Springer-Verlag, 2003: 31-46. e scheme from bilinear pairings[OL]. Http://eprint.iacr.org/2007/250. Lecture Notes of Computer Science: Vol 4521[C]. Berlin: Springer-Verlag, 2007: 443-458. Intelligence: Vol 3802[C]. Berlin: Springer-Verlag, 2005: 104-109. roup inside signature [A]. Advances in ISADS 2005, Vol 4, 178(3):
[22] Li X, Chen K and Sun L. Certificateless signature and proxy signature schemes from bilinear
[23] Huang X, Susilo W, Mu Y and Zhang F. Certificateless designated verifier signature schemes[A].
[12] Park J. An attack on the certificateless signature scheme from EUC Workshops 2006[OL]. Http://eprint.iacr.org/442.
[13] Boldyreva A. Threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signatu
[14] Du H, and Wen Q. Efficient and provably-secure certificateless short signatur
[15] Choi K, Park J, Hwang J and Lee D. Efficient certificateless signature schemes[A]. Advances in proceeding of ACNS 2007,
[16] Wang L, Cao Z, Li X and Qian H. Certificateless Threshold Signature Schemes [A]. Advances in CIS 2005, Lecture Notes in Artificial
[17] Chow S, Yap W. Certificateless ring signature[OL]. Http://eprint.iacr.org/2007/036.
[18] Ma C, Ao F and He D. Certificateless GIssue 8[C]. New York: IEEE Computer Society, 2005: 194-200.
[19] Duan S, Cao Z. Certificateless undeniable signature scheme[J]. Information Sciences, 2007, 742-755.
[20] Castro R, Dahab R. Efficient certificateless signatures suitable for aggregation[OL]. Http://eprint.iacr.org/454.
[21] Chow S, Boyd C and Nieto J. Security-mediated certificateless cryptography[A]. Advances in PKC 2006, Lecture Notes of Computer Science: Vol 3958[C]. Berlin: Springer-Verlag, 2006, 508-524. pairings [J]. Lithuanian Mathematical Journal, 2005, 45(1): 76-83.Advances in proceeding of AINA 2006, Vol 2[C]. New York: IEEE Computer, 2006:15-19.
[24] Research & Development, 1983, Itakura K, Nakamura K. A public-key cryptosystem suitable for digital multisignatures [J]. NEC 71: 1-8. Communications, 1996, 19 (9/10): 851-856.
[27] 李子臣. ElGamal多重数字签名方案[J]. 北京邮电大学学报, 1999 , 22 (2): 30-34. up multisignatures[A]. Advances in Eighth ACM Conference on Computer and Communications Security (CCS) 2001[C]. New York: ACM H. Short signatures from the Weil pairing [A]. Advances in Proceeding of Asiacrypt 2001, Lecture Notes of Computer Science: Vol 2248[C]. Berlin: rovsky R, Sahai A, Shacham H and Waters B. Sequential aggregate signatures and multisignatures without random oracles[A]. Advances in proceeding of Eurocrypt 2006, Lecture [C]. Berlin: Springer-Verlag, , Shimbo A and Kawamura S. Formal security model of multisignatures [A]. stributed Systems (TPDS) 2007, Vol 18, Issue 4[C]. New York: IEEE Computer, 2007: 562-575. e from the gap Diffie-Hellman
[25] Wu T, Chou S, Wu T. Two-based multisignature protocols for sequential and broadcasting architecture[J]. Computer
[26] Harn L. New digital signature scheme based on discrete logarithm[J]. Electronics Letters. 1994, 30(5): 396-398.
[28] Micali S, Ohta K and Reyzin L. Accountable-subgroPress, 2001: 245-254.
[29] Boneh D, Lynn B and ShachamSpringer-Verlag, 2001: 514-532.
[30] Lu S, OstNotes of Computer Science: Vol 4004[C]. Berlin: Springer -Verlag, 2006: 465-485.
[31] Waters B. Efficient identity-based encryption without random oracles [A]. Advances in Proceeding of Eurocrypt 2005, Lecture Notes of Computer Science: Vol 34942005: 114-127.
[32] Komano Y, Ohta KAdvances in ISC 2006, Lecture Notes of Computer Science: Vol 4176[C]. Berlin: Springer-Verlag, 2006: 146-160.
[33] Van der Merwe J, Dawoud D, McDonald S. A fully distributed proactively secure threshold-multisignature scheme[A]. Advances in proceeding of Transactions on Parallel and Di
[34] Lin C, Wu T and Zhang F.A structured multisignature schemgroup[OL]. Http://eprint.iacr.org/2003/090.
[35] Laih C, Yen S, Multisignature for specified group of verifiers[J]. Journal of Information Science nd Engeering, 1996, 12 (1):143-152. proxy multi-signature scheme from bilinear pairings[J]. blind multisignature from Signatures for untraceable payments[A]. Advances in Proceeding of Crypto 1982, 199-203. r-Verlag, 2003: 515-323. Laguillaumie F. Blind ring signatures secure under the chosen-target-CDH , Wang G and Li F. One-Round ID-Based Blind Signature Scheme without ROS ) 2006[C]. New York: IEEE Computer Society, 2006: 998-1003. a
[36] Gu C, Pan H and Zhu Y. A new ID-basedWuhan University Journal of Natural Sciences, 2006, 11(1): 193-197.
[37] Chen X, Zhang F and Kim K. ID-Based multi-proxy signature andbilinear pairings[A]. Advances in proceeding of KIISC 2003, Korea, 2003: 11-19.
[38] Chaum D. Blind Plenum Press,1983:
[39] Zhang F and Kim K. Efficient ID-based blind signature and proxy signature from bilinear pairings[A]. Advances in proceeding of ACISP 2003, Lecture Notes of Computer Science: Vol 2727[C]. Berlin: Springe
[40] Huang Z, Chen K and Wang Y. Efficient identity-based signatures and blind signatures[A]. Advances in proceeding of CANS 2005, Lecture Notes of Computer Science: Vol 3810[C]. Berlin: Springer-Verlag, 2005: 120-133.
[41] Okamoto T. Efficient Blind and Partially Blind Signatures Without Random Oracles[A]. Advances in proceeding of TCC 2006, Lecture Notes of Computer Science: Vol 3876[C]. Berlin: Springer-Verlag, 2006: 80-99.
[42] Han S and Chang E. A Pairing-based blind signature scheme with message Rrecovery[J]. International Journal of Information Technoligy, 2005, 2(4): 187-192.
[43] Herranz J and assumption[A]. Advances in proceeding of ISC 2006, Lecture Notes of Computer Science: Vol 4176[C]. Berlin: Springer-Verlag, 2006: 117-130.
[44] Gao W, Wang XAssumption[OL]. Http://eprint.iacr.org/2007/007.
[45] Zhong J, He D. A New Type of Group Blind Signature Scheme Based on Bilinear Pairings[OL]. Http://eprint.iacr.org/2006/439.
[46] Kim Y, Chang J. Provably secure proxy blind signature scheme[A]. Advances in IEEE International Symposium on Multimedia (ISM-44-
[47] Zhou H. R. Concurrent blind signatures without random oracles[A]. Advances in proceeding of SCN 2006, Lecture Notes of Computer Science: Vol 4116[C]. Berlin: Springer-Verlag, 2006: rentice Hall, 2003. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures[J]. Journal of sed signature from gap Diffie-Hellman groups[A]. Advances in 49-62.
[48] Mao W. Mordern cryptography: theory and practice[M]. New Jersey: P
[49] Oded Goldreich. 密码学基础[M]. 北京:电子工业出版社,2003,104-105.
[50] Cryptology, 2000, 13(3): 361-369.
[51] J.Cha and J.Cheon, An identity-baproceeding of PKC 2003, Lecture Notes of Computer Science: Vol 2567[C]. Berlin: Springer-Verlag, 2003: 18-30.