安全电子拍卖的研究
|
摘要
电子拍卖是最重要的电子商务应用之一,精心设计的电子拍卖系统可以实现资源的最优分配,提供公开、公平和公正的经济交易环境,这对我国的经济发展特别是电子商务的健康发展具有重要现实意义,而且有助于建立社会信用机制;同时,电子拍卖涉及到多种网络和信息安全技术,这些技术不仅可以用于电子拍卖,也可以用于其它电子商务和电子政务。电子拍卖的安全研究对网络与信息安全的研究也有重要意义。本文主要通过使用密码学中一些基本常用工具(数字签名、Hash函数、秘密共享和零知识证明等)对安全电子拍卖进行系统的研究和设计。本文的主要研究成果如下:
1.结合零知识证明协议,给出了一个新的高效的匹配协议,证明了协议是语义安全的,协议是高效的,计算复杂性和通信复杂性都为O(1);并利用该匹配协议,提出了一种安全电子拍卖方案,可达到最小泄漏,泄漏的只是中标价,其余标价及其相互关系在任何勾结情况下都是保密的,而且,标价的正确性可以公开验证。
2.应用二次剩余理论对RSA中Z n?的代数结构进行了研究;基于RSA函数,给出了一个M+1电子拍卖方案,实现投标者的身份匿名,任何投标者不能否认所投的标书,未中标价不会被泄露,执行开标算法至多需要p轮交互,至多2 p log2t次模乘法运算,计算量与投标者的数量无关,方案安全、高效。
3.提出一种公平安全、简单高效的可公开验证电子拍卖方案,采用较多的对称加解密代替公钥体制加解密,大大提高了效率,克服了第三方和恶意投标者勾结,使恶意投标者以一个最优价赢得投标的缺陷,体现了拍卖的公平性,可以保护投标者的匿名身份,所有投标价可以公开验证。
4.基于Hash链,提出了一种简单的电子拍卖协议,创建一条Hash链,把链的根和随机数的Hash值一次提交到拍卖中心,实现标价的匿名性,在计算效率和通信效率上有显著提高。
5.利用签名技术和位承诺协议,提出了一个安全高效的M+1电子拍卖协议,协议不仅保证了标价的保密性和可验证性,投标者对所投标价的不可否认性和匿名性,而且保证了在整个拍卖过程中,无人可以操纵其他人的投标,即使某一投标者与拍卖代理相互勾结,也不会影响协议的安全性和有效性。
Electronic auction is one of the most important application of e-commerce. Well-designed electronic auction system can achieve optimal allocation of resources, and provide an open, fair and just trading environment for the economy, which has important practical significance to Chinese economic development, especially the healthy development of e-commerce, and is also conducive to the establishment of social credit mechanisms. Meanwhile, electronic auction involves the application of a variety of network and information security technologies that not only can be used for electronic auction, can also be used for other e-commerce and e-government activities. Research on security of electronic auction also has great significance to study of network and information security. In this thesis, through the use of some basic cryptography tools(digital signature, Hash function, secret sharing and zero-knowledge proof, and so on), the systemic research and design of secure electronic auction is carried out. The main research results are as follows:
1. A new efficient match protocol is presented, which is of semantic security and also highly efficient. The complexity of computation and communication are both O (1). Taking advantage of the new match protocol, a secure electronic auction scheme is proposed. The scheme can minimize leakage. The only leakage is the selling price while the other bids and their relation keep confidential in any collusion. The correctness of bids can be publicly verified.
2. The algebra structure of Z n? in RSA arithmetic is researched . A new (M+1)-st electronic auction scheme based on the RSA function is presented, which preserves losing bids and bidders’s anonymous identities. No bidder can repudiate his or her bid. In the scheme , opening bids requires at most p rounds of interactions and 2 p log2t modular multiplications where p is the range of bids and t is the RSA public-key. The computational cost is independent of the number of bidders. The scheme is secure and highly efficient.
3. A fair and efficient secure electronic auction scheme is presented, which is simple and can be publicly verified. The scheme adopts more symmetric encryption/decryption instead of public key cryptosystem which makes the scheme more efficient.The scheme overcomes the drawback that the third party conspires with a malicious bidder so that he can win the auction with an optimal bidding price, and then provides fairness. The scheme preserves losing bids and bidders’s anonymous identities. No bidder can repudiate his or her bid and all the bidding prices can be publicly verified.
4. A simple electron auction scheme based on hash chain is presented, with constructing a hash chain, and root of the chain and hash value of the random number submitted to the auctioneer by only one time. The scheme preserves losing bids and bidders’s anonymous identities. Its efficiency is distinctly improved in computation and communication.
5. A secure and efficient (M+1)-st auction protocol is designed. Using the digital signature technology and bit commitment protocol, it not only guarantees the non-repudiation and anonymity of bidders, but also ensures that nobody can manipulate others in the whole auction. And also , this protocol achieves properties of bid secrecy and verifiability. Even when malicious bidders collude with auctioneers, it is still secure and valid.
1.结合零知识证明协议,给出了一个新的高效的匹配协议,证明了协议是语义安全的,协议是高效的,计算复杂性和通信复杂性都为O(1);并利用该匹配协议,提出了一种安全电子拍卖方案,可达到最小泄漏,泄漏的只是中标价,其余标价及其相互关系在任何勾结情况下都是保密的,而且,标价的正确性可以公开验证。
2.应用二次剩余理论对RSA中Z n?的代数结构进行了研究;基于RSA函数,给出了一个M+1电子拍卖方案,实现投标者的身份匿名,任何投标者不能否认所投的标书,未中标价不会被泄露,执行开标算法至多需要p轮交互,至多2 p log2t次模乘法运算,计算量与投标者的数量无关,方案安全、高效。
3.提出一种公平安全、简单高效的可公开验证电子拍卖方案,采用较多的对称加解密代替公钥体制加解密,大大提高了效率,克服了第三方和恶意投标者勾结,使恶意投标者以一个最优价赢得投标的缺陷,体现了拍卖的公平性,可以保护投标者的匿名身份,所有投标价可以公开验证。
4.基于Hash链,提出了一种简单的电子拍卖协议,创建一条Hash链,把链的根和随机数的Hash值一次提交到拍卖中心,实现标价的匿名性,在计算效率和通信效率上有显著提高。
5.利用签名技术和位承诺协议,提出了一个安全高效的M+1电子拍卖协议,协议不仅保证了标价的保密性和可验证性,投标者对所投标价的不可否认性和匿名性,而且保证了在整个拍卖过程中,无人可以操纵其他人的投标,即使某一投标者与拍卖代理相互勾结,也不会影响协议的安全性和有效性。
Electronic auction is one of the most important application of e-commerce. Well-designed electronic auction system can achieve optimal allocation of resources, and provide an open, fair and just trading environment for the economy, which has important practical significance to Chinese economic development, especially the healthy development of e-commerce, and is also conducive to the establishment of social credit mechanisms. Meanwhile, electronic auction involves the application of a variety of network and information security technologies that not only can be used for electronic auction, can also be used for other e-commerce and e-government activities. Research on security of electronic auction also has great significance to study of network and information security. In this thesis, through the use of some basic cryptography tools(digital signature, Hash function, secret sharing and zero-knowledge proof, and so on), the systemic research and design of secure electronic auction is carried out. The main research results are as follows:
1. A new efficient match protocol is presented, which is of semantic security and also highly efficient. The complexity of computation and communication are both O (1). Taking advantage of the new match protocol, a secure electronic auction scheme is proposed. The scheme can minimize leakage. The only leakage is the selling price while the other bids and their relation keep confidential in any collusion. The correctness of bids can be publicly verified.
2. The algebra structure of Z n? in RSA arithmetic is researched . A new (M+1)-st electronic auction scheme based on the RSA function is presented, which preserves losing bids and bidders’s anonymous identities. No bidder can repudiate his or her bid. In the scheme , opening bids requires at most p rounds of interactions and 2 p log2t modular multiplications where p is the range of bids and t is the RSA public-key. The computational cost is independent of the number of bidders. The scheme is secure and highly efficient.
3. A fair and efficient secure electronic auction scheme is presented, which is simple and can be publicly verified. The scheme adopts more symmetric encryption/decryption instead of public key cryptosystem which makes the scheme more efficient.The scheme overcomes the drawback that the third party conspires with a malicious bidder so that he can win the auction with an optimal bidding price, and then provides fairness. The scheme preserves losing bids and bidders’s anonymous identities. No bidder can repudiate his or her bid and all the bidding prices can be publicly verified.
4. A simple electron auction scheme based on hash chain is presented, with constructing a hash chain, and root of the chain and hash value of the random number submitted to the auctioneer by only one time. The scheme preserves losing bids and bidders’s anonymous identities. Its efficiency is distinctly improved in computation and communication.
5. A secure and efficient (M+1)-st auction protocol is designed. Using the digital signature technology and bit commitment protocol, it not only guarantees the non-repudiation and anonymity of bidders, but also ensures that nobody can manipulate others in the whole auction. And also , this protocol achieves properties of bid secrecy and verifiability. Even when malicious bidders collude with auctioneers, it is still secure and valid.
引文
[1]王育民,刘建伟.通信网的安全——-—理论与技术[M].西安,西安电子科技大学出版社, 1999.
[2]杨千里,王育民.电子商务技术与应用[M].北京,电子工业出版社, 1999.
[3]冯登国.电子商务的安全认证问题[R].博士后出站报告, 1997.
[4] H.Kikuch, M.Harkavy and J.D.Tygar. Multi-round anonymous auction protocols[A]. Proc. of the 1st IEEE Workshop on Dependable and Real-time E-Commence systems[C], IEEE Computer Society, 1998: 62--69.
[5] M.Harkavy, H.Kikuch and J.D.Tygar. Electronic auction with private bids[A]. Proc. Of the 3rd USENIX Workshop on Electronic Commence[C], 1998.
[6] P.Milgrom. Auction theory[A]. In Advances in Economic Theory 1985:Fifth World Congress[C], Cambridge university Press, 1985.
[7] W.Vickrey. Counterspeculation, auctions, and competitive sealed tenders[J]. Journal of Finance, 1961, 16(1): 8-37.
[8] P.R.Wurman, W.E.Walsh and M.P.Wellman. Flexible double auction for electronic commerce:theory and implementation, decision support system , 24, page 17-27 [DB/OL]. http://www.csc.ncsu.edu/faculty/wurman/papers/Wurman-Dss-98.pdf,2002-05-15.
[9] R.Cannetti. De-mystifying random oracles [DB/OL]. http://www.cs.uct.ac.za/coursex/CS400W/NIS/papers99/omarte/#Exec,2002-01-20.
[10] A.Lysyanskaya, Z.Ramzan. Group blind digital signatures: a scalable solution to electronic cash [A]. Proceedings of the Second International Conference on Financial Cryptography[C] , LNCS 1465, Berlin: Springer-Verlag , 1994: 184-197.
[11] J.Camenisch, M.Stadler. Efficienty group signature schemes for large groups [A]. In Advances in Cryptology-CRYPTO’97 [C], Berlin: Springer-Verlag, 1997: 410-424.
[12] K.Q.Nguyen, A.Traore. An online public action protocol protecting bidderprivacy[A]. ACISP 2000[C], Brisbane: Springer-Verlag, 2000:427-442.
[13] Z.Ramzan. Group blind digital signatures: theory and applications[DB/OL]. http://www.zeroknowledge.com/default.asp,2002-01-10.
[14] S.P.Vadhan. A study of statistical zero-knowledge proofs[D] . Cambridge: MIT, 1999.
[15] Reyzin, Leonid. Zero-knowledge with Public Keys[DB/OL]. http://theory.ics.mit.edu,2002-01-10.
[16] Zhou Jianying. Non-repudiation in electronic commerce[DB/OL]. http://www.techbooks.co.uk,2002-01-19.
[17] N.Asokan, V.Shoup and M.Waidner. Optimistic fair exchange of digital signatures[A]. Advances in Cryptography-Eurocrypt’98[C], LNCS 1403, Berlin: Springer-Verlag, 1998: 591-606.
[18] Y.Mu, V.Varadharajan. An internet anonymous auction scheme[A]. Lecture Notes in Computer Science[C]. Berlin: Springer-Verlag, 2001: 171-182.
[19] Liu Shengli, Zhang Fangguo and Wang Yumin. A multi-round secure auction protocol[J]. Chinese Journal of Electronics, 2000, 9(2).
[20] K.Sakurai, S.Miyazai. An anonymous electronic bidding protocol based on a new convertible group signature scheme[A]. ACISP 2000[C], LNCS 1841, Berlin: Springer-verlag, 2000: 385--399.
[21] M.K.Franklin, M.K.Reiter. The design and implementation of a secure auction server[J]. IEEE Trans. on Software Engineering, 1996, 22(5): 302--312.
[22] M.Gaynor, J.Megquier and V.Sethaput. Secure vickrey auction protocol. Available at: Http://sonnet.eas.harvard.edu/auction/paper.html
[23]陈晓峰,毛剑,王育民.一种新的Vickrey安全拍卖协议[J].电子学报,2002, 30(4): 471-472.
[24]陈晓峰,张方国,王育民.一种改进的密封式标价拍卖协议[J].电子与信息学报,2002, 24(4): 499-501.
[25] D.C.Parkes, L.H.Ungar. Interative combinatorial auctions: theory and practice[A]. Proc. of 17th National Conference on Artificial Intelligence[C], 2001: 74-81.
[26] H.Kikuchi. (M+1)st-price auction[A]. Financial Cryptography'01[C], IFCA, Springer-verlag, 2001: 291-298.
[27] K.Sako, An auction protocol which hides bids of losers[A]. PKC’00[C], LNCS 1751, Berlin: Springer-verlag, 2000: 422--433.
[28] A.Shair. How to share a secret[J]. Comm. ACM, 1979, 22(11), 612--613.
[29] C.C.Chang, Y.F.Chang. Efficient anonymous auction protocols with freewheeling bids[J]. Computers & Security, 2003, 22(8): 728-734.
[30]黄秀姐,林群,王燕鸣.基于短群签名的安全电子拍卖方案[J].中山大学学报(自然科学版),2006, 45(6): 21-25.
[31]秦波,秦慧,王尚平,王育民.一种保护标价安全的电子拍卖方案[J].计算机研究与发展, 2006, 43(1): 28-32.
[32] C.C.Chang, Y.F.Chang. Enhance anonymous auction protocols with freewheeling bids[A]. Proceedings of the 20th International Conference on Advanced Information Networking and Application[C], Austria, Vienna, 2006(1): 353-358.
[33] H.T.Liaw, W.S.Juang and C.K.Lin. An electronic online bidding auction protocol with both security and efficiency[J]. Applied Mathematics and Compution, 2006, 174(2): 1487-1497.
[34] Y.F.Chang, K.H.Huang and H.H.Lee. Bidder-anonymous english auction scheme with privacy and public verifiability[J]. Journal of systems and software, 2008, 81: 113-119.
[35] T.S.Chandrashekar, Y.Narehari, and C.H.Rosa. Auction-based mechanisms for electronic procurement[J]. IEEE Trans. on Automation Science and Engineering, 2007,4(3): 297-321.
[36] J. Camenisch. Group signature schemes and payment systems based on the discrete logarithm problem[D]. ETH-Series in Information Security Cryptography, Vol.2, Hartung-Gorre Verlag, Konstanz, 1998.
[37] J. M. Pollard. A Monte Carlo method for factorization[J]. BIT, 1975, 15: 331-334.
[38] J. Camenisch, M. Stadler. Efficient group signature schemes for large groups[A]. In: Crypto'97[C], Springer-Verlag, LNCS 1294, 1997: 410-424.
[39]柯召,孙琦.《数论讲义》(第二版) [M].高等教育出版社, 2001.
[40] J.M. Pollard, M. Carlo. Methods for index computation (mod p)[J]. Mathematics of Computation, 1978, 32(143): 918-924.
[41] S.C. Pohlig, M. Hellman. An improved algorithm for computing logarithms in GF(p) and its cryptographic significance[J]. IEEE Trans. on Information Theory, 1978, 24(1): 106-111.
[42] D. Coppersmith, A. Odlyzko, R. Schroeppel, Discrete logarithms in GF(p)[J]. Algorithmica, 1986, 1:1-15.
[43] U. Maurer, S. Wolf. On the complexity of breaking the Diffie-Hellman protocol[R]. Technical report, Institute for Theoretical Computer Science, ETH Zurich, 1996.
[44] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography[M]. CRC Press, 1997.
[45] R. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public key cryptosystem [J]. Communications of ACM, 1978, 21(2): 120-126.
[46] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Trans. on Information Theory, 1985, 31(4): 469-472.
[47] E.J. Goh, S. Jarecki. A signature scheme as secure as the Diffie-Hellman problem[A]. Advances in Cryptology- EUROCRYPT[C], LNCS 2656, Berlin, Heidelberg: Springer-Verlag, 2003: 401-415.
[48] C.P. Schnorr. Efficient identification and signatures for smart cards[A]. Advances in Cryptology-Crypto’89[C], LNCS 435, Berlin: Springer-Verlag, 1990: 39-25.
[49] D. Pointcheval, J. Stern. Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000, 13(3): 361-396.
[50] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U. S. Department of Commerce, 1994.
[51] A. Fiat, A. Shamir. How to prove yourself: practical solutions to identification and signature problems[A], Advances in Cryptology-Crypto’86[C], Berlin: Springer-Verlag, 1987: 186-194.
[52] A.Yao. Protocols for secure computations[A]. Proc 23rd IEEE Symposium on Foundations of Computer Science (FOCS;82)[C]. IEEE Computer Society, 1982: 160-164.
[53] A.Yao. How to generate and exchange secrets[A]. Proc 27th IEEE Symposium on Foundations of Computer Science (FOCS;86)[C]. IEEE Computer Society, 1986: 162-167.
[54] A. Salomaa. Public-Key Cryptography[M]. Springer-Verlag, 1990.
[55] M. Jakobsson, M. Yung. Proving without knowing: on oblivious, agnostic and blindfolded provers[A]. Advances in Cryptology-CRYPTO’96[C], 1996: 218-229.
[56] Fabrice boudot[EB/OL]. http://www.informatik.uni-trier.de/-ley/ab/indices/a-tree/b/Boudot:Fabrice.html.
[57] E. Fujisaki, T. Okamoto. Statistical zero dnowledge protocols to prove modular polynomial relations[A]. Proceedings of CRYPTO’97[C], Berlin: Springer-verlag, 1997: 16-30.
[58] D. Boneh. The decision diffie-hellman problem[A]. Third Algorithmic Number Theory Symposium[C], LNCS 1423, 1993: 88-102.
[59] D. Chaum, J.H. Evertse, V.D. Graaf. An improved pxotocol for demonstraring possession of discrete logarithm and some generalizations[A]. Proceedings of EUROCRYPT’87[C], Berlin: Springer-verlag, 1998: 127-141.
[60] C.P. Schnorr. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991, 4(3): 161-174.
[61] T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes[A]. Advances in Cyptology-CRYPTO’92[C]. Berlin: Springer-verlag, 1993: 31-53.
[62] D. Chaum, T. R. Pedeersen. Wallet databases with observers[A]. Advances in Cryptology-CRYPTO’92[C]. Berlin: Springer-Verlag, 1993: 89-105.
[63] Q. WU, J. ZHANG, Y. WANG. Practical t-out-n oblivious transfer and its application[A]. ICICS’03[C], Berlin: Springer-Verlag, 2003: 226-237。
[64] F. Brandit. Secure and private auctions without auctioneers[R]. Technical Report FKI-245-02. Institute füInformatik, Technische University Muhen, 2002.
[65]司光东,杨加喜,谭示崇,肖国镇. RSA算法中的代数结构.电子学报, 2009. (录用待发表)
[66] G. Ateniese, J. Camenisch, M. Joye, G. Tsudik. A practical and provably secure coalition-resistant group signature scheme[A]. Advances in Cryptology-Crypto 2000[C], Santa Barbara, California, USA, 2000: 255-270.
[67] B. Scheneier. Applied Cryptography(second edition)[M]. Wiley, New York, 1996.
[68] D. Mahony, M. Pierce, H. Tewari. Electronic Payment Systems[M]. Artech House, 1996.
[69] S.P. Shieh, C.T. Lin, W.B. Yang. Digital multisignature schemes for authenticating delegates in mobile code systems[J]. IEEE Trans. on Veh. Tech., 2000, 49(4): 1464-1473.
[70] S. Bruce. Applied Cryptography second edition: Protocols, Algorithms, and Source Code in C[M]. Beijing: China, Machine Press, 2000: 60-61.
[71] F. Zhang, S. Reihaneh, W. Susilo. An efficient signature scheme from bilinear pairings and its applications[A]. Feng Bao, Robert Deng, Jianying Zhou(Eds.). In PKC’04[C], Singapore: Springer-Verlag, 2004: 277-290.
[72] M. K. Franklin and M. K. Reiter, The design and implementation of a secure auction service[J]. IEEE Trans. on Software Engineering, 1996, 22(5): 302-312.
[73] H. Kikuchi, M. Harkavy and J. D. Tygar. Multi-round anonymous auction[J]. IEICE Trans. Inf.& Syst., E82-D(4), 1999: 769-777.
[74] M. Yokoo, Y. Sakurai and S. Matsubara. Robust combinatorial auction protocol against false-name bids[J]. Artificial Intelligence, 2001, 30(2): 167–181.
[75] M.Yokoo, and K.Suzuki. Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions[A]. Proceed-ings of the First International Conference on Autonomous Agents and Multiagent Systems[C], 2002.
[76] H. Kikuchi. M+1-st Price auction protocol[A]. In Paul Syverson, editor, Financial Cryptography—Fifth International Conference[C], LNCS, Grand Cayman,Springer-Verlag, 2001.
[77] Chen xiaofeng, Gao huming, Wang yumin. An anonymous auction protocol with randomly sealed bids[J]. Chinese Journal of Electronics, 2002, 11(4): 499-501.
[78] Wang Chanjie, Zhang Fangguo, Wang Yumin. Secure web transaction with anonymous mobile agent over internet[J]. Journal of Computer Science & Technology, 2003, 18(1): 84-89.
[79] Chen Xiaofeng, Wang Changjie and Wang Yumin. Fair electronic cash based on double signatures[J]. Journal of Computer Science & Technology, 2003, 17(6): 830-835,.
[80]张维迎,博弈论与信息经济学,上海人民出版社,1996.
[81] J. Zhang and W. Zou. A robust verifiably encrypted signature scheme[A]. Emerging Directions in Embedded and Ubiquitous Computing-EUC’06[C], LNCS 4097, Berlin: Springer-Verlag, 2006: 731-740.
[82] C. Gu, Y. Zhu, and Y. Zheng. Certified E-mail protocol in the ID-based setting[A]. Applied Cryptography and Network Security-ACNS’07[C], LNCS 4521, Berlin: Springer-Verlag, 2007: 340-353.
[83] S. Kwon and S.H. Lee. An efficient ID-based verifiably encrypted signature scheme based on Hess scheme[A]. Information Security Practice and Experience-ISPEC’07[C], LNCS 4464, Berlin: Springer-Verlag, 2007: 93-104.
[84] J. Zhang and J. Mao. A novel verifiably encrypted signature scheme without random oracle[A]. International Conference on Information Security Practice and Experience-ISPEC’07[C], LNCS 4464, Berlin: Springer-Verlag, 2007: 65-78.
[85] X. Huang, W. Susilo, Y. Mu, and F. Zhang. Certificateless designated verifier signature schemes[A]. 20th International Conference on Advanced Information Networking and Applications-AINA’06[C], IEEE Computer Society, 2006: 15-19.
[86] W.S. Yap, S. M. Chow, S.H. Heng, and B.M. Goi. Security mediated certificateless signatures[A]. Applied Cryptography and Network Security-ACNS’07[C], LNCS 4521, Berlin: Springer-Verlag, 2007: 459-477.
[87] L. Zhang, F. Zhang, and W. Wu. A provably secure ring signature scheme in certificateless cryptography[A]. Provable Secuirty-ProvSec’07[C], LNCS 4784,Berlin: Springer-Verlag, 2007: 103-121.
[88]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文, 2007.
[89]孙淑玲.应用密码学.清华大学出版社, 2004.
[90] D. Boneh, X. Boyen. Short signatures without random oracle[A]. EURO- CRYPT 2004[C], Berlin: Springer-Verlag, 2004: 56-73.
[91] R. Cramer, V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack[A]. Advances in Cryptology-Crypto’98[C], LNCS 1462, Berlin: Springer-Verlag, 1998: 13-25.
[92] N. Koblitz, A. Menezes. Another look at“provable security”[J]. Journal of Cryptology, 2007, 20(1): 3–37.
[93] N.P. Smart. An identity based authenticated key agreement protocol based on the Weil pairing[J]. Electron. Lett., 2002, 38(13): 630-632.
[94] Q. Wu, F. Zhang, W. Susilo et al. An efficient static blind ring signature scheme [A]. ICISC 2005[C], Springer-Verlag, 2006: 410-423.
[95] S. Halevi, H. Krawczyk. Strengthening digital signatures via randomized Hashing[A]. In CRYPTO’2006[C]. Santa Barbara, California: Springer-Verlag, 2006: 41-59.
[96] F. Laguillaumie, D. Vergnaud. Multi-designated verifiers signatures[A]. International Conference on Information and Communications Security-ICICS’04[C], LNCS 3269, Berlin: Springer-Verlag, 2004: 27-29.
[97] R. Jiang, L. Pan, J.H. Li. An improvement on efficient anonymous auction protocols[J]. Computers and Security, 2005, 24(2): 169-174.
[98] W.S. Juang, H.T. Liaw, P.C. Lin, C.K. Lin. The design of a secure and fair sealed auction service[J]. Mathematical and Computer Modelling, 2005, 41(8): 973-985.
[99] A. Pekec, M. Rothkopf. Combinatorial auction design[J]. Manag. Sci., 2003, 49: 1485-1503.
[100] R.R. Chen, G. Janakiraman. Efficient auctions for supply chain procurement[J]. Manag. Sci., 2005, 51(3): 467-482.
[101] Y. Narahari, P. Dayama. Combinatorial auctions for electronic business[J]. Sadhana (Special Issue Electron. Comm. Electronic Bus.), 2005, 30: 179-211.
[102] T. S. Chen. An English auction scheme in the online transaction environment[J]. Computers and Security, 2004, 23(5): 389-399.
[2]杨千里,王育民.电子商务技术与应用[M].北京,电子工业出版社, 1999.
[3]冯登国.电子商务的安全认证问题[R].博士后出站报告, 1997.
[4] H.Kikuch, M.Harkavy and J.D.Tygar. Multi-round anonymous auction protocols[A]. Proc. of the 1st IEEE Workshop on Dependable and Real-time E-Commence systems[C], IEEE Computer Society, 1998: 62--69.
[5] M.Harkavy, H.Kikuch and J.D.Tygar. Electronic auction with private bids[A]. Proc. Of the 3rd USENIX Workshop on Electronic Commence[C], 1998.
[6] P.Milgrom. Auction theory[A]. In Advances in Economic Theory 1985:Fifth World Congress[C], Cambridge university Press, 1985.
[7] W.Vickrey. Counterspeculation, auctions, and competitive sealed tenders[J]. Journal of Finance, 1961, 16(1): 8-37.
[8] P.R.Wurman, W.E.Walsh and M.P.Wellman. Flexible double auction for electronic commerce:theory and implementation, decision support system , 24, page 17-27 [DB/OL]. http://www.csc.ncsu.edu/faculty/wurman/papers/Wurman-Dss-98.pdf,2002-05-15.
[9] R.Cannetti. De-mystifying random oracles [DB/OL]. http://www.cs.uct.ac.za/coursex/CS400W/NIS/papers99/omarte/#Exec,2002-01-20.
[10] A.Lysyanskaya, Z.Ramzan. Group blind digital signatures: a scalable solution to electronic cash [A]. Proceedings of the Second International Conference on Financial Cryptography[C] , LNCS 1465, Berlin: Springer-Verlag , 1994: 184-197.
[11] J.Camenisch, M.Stadler. Efficienty group signature schemes for large groups [A]. In Advances in Cryptology-CRYPTO’97 [C], Berlin: Springer-Verlag, 1997: 410-424.
[12] K.Q.Nguyen, A.Traore. An online public action protocol protecting bidderprivacy[A]. ACISP 2000[C], Brisbane: Springer-Verlag, 2000:427-442.
[13] Z.Ramzan. Group blind digital signatures: theory and applications[DB/OL]. http://www.zeroknowledge.com/default.asp,2002-01-10.
[14] S.P.Vadhan. A study of statistical zero-knowledge proofs[D] . Cambridge: MIT, 1999.
[15] Reyzin, Leonid. Zero-knowledge with Public Keys[DB/OL]. http://theory.ics.mit.edu,2002-01-10.
[16] Zhou Jianying. Non-repudiation in electronic commerce[DB/OL]. http://www.techbooks.co.uk,2002-01-19.
[17] N.Asokan, V.Shoup and M.Waidner. Optimistic fair exchange of digital signatures[A]. Advances in Cryptography-Eurocrypt’98[C], LNCS 1403, Berlin: Springer-Verlag, 1998: 591-606.
[18] Y.Mu, V.Varadharajan. An internet anonymous auction scheme[A]. Lecture Notes in Computer Science[C]. Berlin: Springer-Verlag, 2001: 171-182.
[19] Liu Shengli, Zhang Fangguo and Wang Yumin. A multi-round secure auction protocol[J]. Chinese Journal of Electronics, 2000, 9(2).
[20] K.Sakurai, S.Miyazai. An anonymous electronic bidding protocol based on a new convertible group signature scheme[A]. ACISP 2000[C], LNCS 1841, Berlin: Springer-verlag, 2000: 385--399.
[21] M.K.Franklin, M.K.Reiter. The design and implementation of a secure auction server[J]. IEEE Trans. on Software Engineering, 1996, 22(5): 302--312.
[22] M.Gaynor, J.Megquier and V.Sethaput. Secure vickrey auction protocol. Available at: Http://sonnet.eas.harvard.edu/auction/paper.html
[23]陈晓峰,毛剑,王育民.一种新的Vickrey安全拍卖协议[J].电子学报,2002, 30(4): 471-472.
[24]陈晓峰,张方国,王育民.一种改进的密封式标价拍卖协议[J].电子与信息学报,2002, 24(4): 499-501.
[25] D.C.Parkes, L.H.Ungar. Interative combinatorial auctions: theory and practice[A]. Proc. of 17th National Conference on Artificial Intelligence[C], 2001: 74-81.
[26] H.Kikuchi. (M+1)st-price auction[A]. Financial Cryptography'01[C], IFCA, Springer-verlag, 2001: 291-298.
[27] K.Sako, An auction protocol which hides bids of losers[A]. PKC’00[C], LNCS 1751, Berlin: Springer-verlag, 2000: 422--433.
[28] A.Shair. How to share a secret[J]. Comm. ACM, 1979, 22(11), 612--613.
[29] C.C.Chang, Y.F.Chang. Efficient anonymous auction protocols with freewheeling bids[J]. Computers & Security, 2003, 22(8): 728-734.
[30]黄秀姐,林群,王燕鸣.基于短群签名的安全电子拍卖方案[J].中山大学学报(自然科学版),2006, 45(6): 21-25.
[31]秦波,秦慧,王尚平,王育民.一种保护标价安全的电子拍卖方案[J].计算机研究与发展, 2006, 43(1): 28-32.
[32] C.C.Chang, Y.F.Chang. Enhance anonymous auction protocols with freewheeling bids[A]. Proceedings of the 20th International Conference on Advanced Information Networking and Application[C], Austria, Vienna, 2006(1): 353-358.
[33] H.T.Liaw, W.S.Juang and C.K.Lin. An electronic online bidding auction protocol with both security and efficiency[J]. Applied Mathematics and Compution, 2006, 174(2): 1487-1497.
[34] Y.F.Chang, K.H.Huang and H.H.Lee. Bidder-anonymous english auction scheme with privacy and public verifiability[J]. Journal of systems and software, 2008, 81: 113-119.
[35] T.S.Chandrashekar, Y.Narehari, and C.H.Rosa. Auction-based mechanisms for electronic procurement[J]. IEEE Trans. on Automation Science and Engineering, 2007,4(3): 297-321.
[36] J. Camenisch. Group signature schemes and payment systems based on the discrete logarithm problem[D]. ETH-Series in Information Security Cryptography, Vol.2, Hartung-Gorre Verlag, Konstanz, 1998.
[37] J. M. Pollard. A Monte Carlo method for factorization[J]. BIT, 1975, 15: 331-334.
[38] J. Camenisch, M. Stadler. Efficient group signature schemes for large groups[A]. In: Crypto'97[C], Springer-Verlag, LNCS 1294, 1997: 410-424.
[39]柯召,孙琦.《数论讲义》(第二版) [M].高等教育出版社, 2001.
[40] J.M. Pollard, M. Carlo. Methods for index computation (mod p)[J]. Mathematics of Computation, 1978, 32(143): 918-924.
[41] S.C. Pohlig, M. Hellman. An improved algorithm for computing logarithms in GF(p) and its cryptographic significance[J]. IEEE Trans. on Information Theory, 1978, 24(1): 106-111.
[42] D. Coppersmith, A. Odlyzko, R. Schroeppel, Discrete logarithms in GF(p)[J]. Algorithmica, 1986, 1:1-15.
[43] U. Maurer, S. Wolf. On the complexity of breaking the Diffie-Hellman protocol[R]. Technical report, Institute for Theoretical Computer Science, ETH Zurich, 1996.
[44] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography[M]. CRC Press, 1997.
[45] R. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public key cryptosystem [J]. Communications of ACM, 1978, 21(2): 120-126.
[46] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Trans. on Information Theory, 1985, 31(4): 469-472.
[47] E.J. Goh, S. Jarecki. A signature scheme as secure as the Diffie-Hellman problem[A]. Advances in Cryptology- EUROCRYPT[C], LNCS 2656, Berlin, Heidelberg: Springer-Verlag, 2003: 401-415.
[48] C.P. Schnorr. Efficient identification and signatures for smart cards[A]. Advances in Cryptology-Crypto’89[C], LNCS 435, Berlin: Springer-Verlag, 1990: 39-25.
[49] D. Pointcheval, J. Stern. Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000, 13(3): 361-396.
[50] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U. S. Department of Commerce, 1994.
[51] A. Fiat, A. Shamir. How to prove yourself: practical solutions to identification and signature problems[A], Advances in Cryptology-Crypto’86[C], Berlin: Springer-Verlag, 1987: 186-194.
[52] A.Yao. Protocols for secure computations[A]. Proc 23rd IEEE Symposium on Foundations of Computer Science (FOCS;82)[C]. IEEE Computer Society, 1982: 160-164.
[53] A.Yao. How to generate and exchange secrets[A]. Proc 27th IEEE Symposium on Foundations of Computer Science (FOCS;86)[C]. IEEE Computer Society, 1986: 162-167.
[54] A. Salomaa. Public-Key Cryptography[M]. Springer-Verlag, 1990.
[55] M. Jakobsson, M. Yung. Proving without knowing: on oblivious, agnostic and blindfolded provers[A]. Advances in Cryptology-CRYPTO’96[C], 1996: 218-229.
[56] Fabrice boudot[EB/OL]. http://www.informatik.uni-trier.de/-ley/ab/indices/a-tree/b/Boudot:Fabrice.html.
[57] E. Fujisaki, T. Okamoto. Statistical zero dnowledge protocols to prove modular polynomial relations[A]. Proceedings of CRYPTO’97[C], Berlin: Springer-verlag, 1997: 16-30.
[58] D. Boneh. The decision diffie-hellman problem[A]. Third Algorithmic Number Theory Symposium[C], LNCS 1423, 1993: 88-102.
[59] D. Chaum, J.H. Evertse, V.D. Graaf. An improved pxotocol for demonstraring possession of discrete logarithm and some generalizations[A]. Proceedings of EUROCRYPT’87[C], Berlin: Springer-verlag, 1998: 127-141.
[60] C.P. Schnorr. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991, 4(3): 161-174.
[61] T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes[A]. Advances in Cyptology-CRYPTO’92[C]. Berlin: Springer-verlag, 1993: 31-53.
[62] D. Chaum, T. R. Pedeersen. Wallet databases with observers[A]. Advances in Cryptology-CRYPTO’92[C]. Berlin: Springer-Verlag, 1993: 89-105.
[63] Q. WU, J. ZHANG, Y. WANG. Practical t-out-n oblivious transfer and its application[A]. ICICS’03[C], Berlin: Springer-Verlag, 2003: 226-237。
[64] F. Brandit. Secure and private auctions without auctioneers[R]. Technical Report FKI-245-02. Institute füInformatik, Technische University Muhen, 2002.
[65]司光东,杨加喜,谭示崇,肖国镇. RSA算法中的代数结构.电子学报, 2009. (录用待发表)
[66] G. Ateniese, J. Camenisch, M. Joye, G. Tsudik. A practical and provably secure coalition-resistant group signature scheme[A]. Advances in Cryptology-Crypto 2000[C], Santa Barbara, California, USA, 2000: 255-270.
[67] B. Scheneier. Applied Cryptography(second edition)[M]. Wiley, New York, 1996.
[68] D. Mahony, M. Pierce, H. Tewari. Electronic Payment Systems[M]. Artech House, 1996.
[69] S.P. Shieh, C.T. Lin, W.B. Yang. Digital multisignature schemes for authenticating delegates in mobile code systems[J]. IEEE Trans. on Veh. Tech., 2000, 49(4): 1464-1473.
[70] S. Bruce. Applied Cryptography second edition: Protocols, Algorithms, and Source Code in C[M]. Beijing: China, Machine Press, 2000: 60-61.
[71] F. Zhang, S. Reihaneh, W. Susilo. An efficient signature scheme from bilinear pairings and its applications[A]. Feng Bao, Robert Deng, Jianying Zhou(Eds.). In PKC’04[C], Singapore: Springer-Verlag, 2004: 277-290.
[72] M. K. Franklin and M. K. Reiter, The design and implementation of a secure auction service[J]. IEEE Trans. on Software Engineering, 1996, 22(5): 302-312.
[73] H. Kikuchi, M. Harkavy and J. D. Tygar. Multi-round anonymous auction[J]. IEICE Trans. Inf.& Syst., E82-D(4), 1999: 769-777.
[74] M. Yokoo, Y. Sakurai and S. Matsubara. Robust combinatorial auction protocol against false-name bids[J]. Artificial Intelligence, 2001, 30(2): 167–181.
[75] M.Yokoo, and K.Suzuki. Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions[A]. Proceed-ings of the First International Conference on Autonomous Agents and Multiagent Systems[C], 2002.
[76] H. Kikuchi. M+1-st Price auction protocol[A]. In Paul Syverson, editor, Financial Cryptography—Fifth International Conference[C], LNCS, Grand Cayman,Springer-Verlag, 2001.
[77] Chen xiaofeng, Gao huming, Wang yumin. An anonymous auction protocol with randomly sealed bids[J]. Chinese Journal of Electronics, 2002, 11(4): 499-501.
[78] Wang Chanjie, Zhang Fangguo, Wang Yumin. Secure web transaction with anonymous mobile agent over internet[J]. Journal of Computer Science & Technology, 2003, 18(1): 84-89.
[79] Chen Xiaofeng, Wang Changjie and Wang Yumin. Fair electronic cash based on double signatures[J]. Journal of Computer Science & Technology, 2003, 17(6): 830-835,.
[80]张维迎,博弈论与信息经济学,上海人民出版社,1996.
[81] J. Zhang and W. Zou. A robust verifiably encrypted signature scheme[A]. Emerging Directions in Embedded and Ubiquitous Computing-EUC’06[C], LNCS 4097, Berlin: Springer-Verlag, 2006: 731-740.
[82] C. Gu, Y. Zhu, and Y. Zheng. Certified E-mail protocol in the ID-based setting[A]. Applied Cryptography and Network Security-ACNS’07[C], LNCS 4521, Berlin: Springer-Verlag, 2007: 340-353.
[83] S. Kwon and S.H. Lee. An efficient ID-based verifiably encrypted signature scheme based on Hess scheme[A]. Information Security Practice and Experience-ISPEC’07[C], LNCS 4464, Berlin: Springer-Verlag, 2007: 93-104.
[84] J. Zhang and J. Mao. A novel verifiably encrypted signature scheme without random oracle[A]. International Conference on Information Security Practice and Experience-ISPEC’07[C], LNCS 4464, Berlin: Springer-Verlag, 2007: 65-78.
[85] X. Huang, W. Susilo, Y. Mu, and F. Zhang. Certificateless designated verifier signature schemes[A]. 20th International Conference on Advanced Information Networking and Applications-AINA’06[C], IEEE Computer Society, 2006: 15-19.
[86] W.S. Yap, S. M. Chow, S.H. Heng, and B.M. Goi. Security mediated certificateless signatures[A]. Applied Cryptography and Network Security-ACNS’07[C], LNCS 4521, Berlin: Springer-Verlag, 2007: 459-477.
[87] L. Zhang, F. Zhang, and W. Wu. A provably secure ring signature scheme in certificateless cryptography[A]. Provable Secuirty-ProvSec’07[C], LNCS 4784,Berlin: Springer-Verlag, 2007: 103-121.
[88]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文, 2007.
[89]孙淑玲.应用密码学.清华大学出版社, 2004.
[90] D. Boneh, X. Boyen. Short signatures without random oracle[A]. EURO- CRYPT 2004[C], Berlin: Springer-Verlag, 2004: 56-73.
[91] R. Cramer, V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack[A]. Advances in Cryptology-Crypto’98[C], LNCS 1462, Berlin: Springer-Verlag, 1998: 13-25.
[92] N. Koblitz, A. Menezes. Another look at“provable security”[J]. Journal of Cryptology, 2007, 20(1): 3–37.
[93] N.P. Smart. An identity based authenticated key agreement protocol based on the Weil pairing[J]. Electron. Lett., 2002, 38(13): 630-632.
[94] Q. Wu, F. Zhang, W. Susilo et al. An efficient static blind ring signature scheme [A]. ICISC 2005[C], Springer-Verlag, 2006: 410-423.
[95] S. Halevi, H. Krawczyk. Strengthening digital signatures via randomized Hashing[A]. In CRYPTO’2006[C]. Santa Barbara, California: Springer-Verlag, 2006: 41-59.
[96] F. Laguillaumie, D. Vergnaud. Multi-designated verifiers signatures[A]. International Conference on Information and Communications Security-ICICS’04[C], LNCS 3269, Berlin: Springer-Verlag, 2004: 27-29.
[97] R. Jiang, L. Pan, J.H. Li. An improvement on efficient anonymous auction protocols[J]. Computers and Security, 2005, 24(2): 169-174.
[98] W.S. Juang, H.T. Liaw, P.C. Lin, C.K. Lin. The design of a secure and fair sealed auction service[J]. Mathematical and Computer Modelling, 2005, 41(8): 973-985.
[99] A. Pekec, M. Rothkopf. Combinatorial auction design[J]. Manag. Sci., 2003, 49: 1485-1503.
[100] R.R. Chen, G. Janakiraman. Efficient auctions for supply chain procurement[J]. Manag. Sci., 2005, 51(3): 467-482.
[101] Y. Narahari, P. Dayama. Combinatorial auctions for electronic business[J]. Sadhana (Special Issue Electron. Comm. Electronic Bus.), 2005, 30: 179-211.
[102] T. S. Chen. An English auction scheme in the online transaction environment[J]. Computers and Security, 2004, 23(5): 389-399.