具有特殊性质的数字签名和签密方案
|
摘要
信息安全是信息社会亟需解决的重要问题之一,它已经成为信息科学领域一个重要的新兴学科。数字签名技术可以提供认证性、完整性和不可否认性,是信息安全的核心技术之一,也是安全电子商务的关键技术之一。数字签密能够在一个合理的逻辑步骤内同时完成数字签名和公钥加密两项功能,而其计算量和通信代价都要低于传统的“先签名后加密”,因而它是实现既保密又认证地传输消息的一种理想方法。
本文研究了具有特殊应用的几种数字签名和签密方案,主要包括以下几个方面:
1.提出了一个在标准模型下可证安全的指定验证人代理签名方案,首先给出了形式化定义,规范了安全模型,然后描述提出的方案,最后给出了其安全性证明。现有方案的安全性要么只给出了简单的安全性分析,要么给出了在随机预言机模型下的安全性证明,提出的方案的安全性证明利用了Waters加密方案的证明技巧,其安全性证明不需要借助随机预言机模型,在标准模型下就可以完成。
2.研究了代理方案中代理权的快速撤销问题,提出了三个具有快速撤销功能的代理方案,包括两个代理签名方案和一个代理签密方案。第一个方案基于BLS短签名,利用(2,2)门限思想,引入一个安全中介SEM,其主要作用是监督代理签名人是否按照委托书的规定进行代理签名,检查代理签名人的签名权利是否被撤销。在该方案中,代理签名人只有与SEM合作才能生成有效的签名,使得方案具有快速撤销代理权的功能。第二个方案是在基于身份的代理签名中引入安全中介SEM。首先提出了一个基于身份的(t,n)门限签名并分析了其安全性,在此基础上,构造了一个基于身份的中介代理签名方案,该方案也具备快速撤销代理权的功能。第三个方案是在基于身份的代理签密中引入安全中介SEM,提出了一个基于身份的可快速撤销代理权的代理签密方案,方案的设计基于Libert和Quisquater的签密。
3.研究了代理签名中代理签名人的隐私保护问题,将代理签名和环签名相结合,提出了两个代理环签名方案。第一个方案的构造利用了BLS短签名,规范了代理环签名的安全模型并在随机预言机模型下给出了安全性证明。第二个方案的构造利用了Chow的基于身份的环签名算法,在随机预言机模型下利用环签名分叉引理证明了其不可伪造性依赖于CDH问题。与现有方案相比,这两个方案具有更高的计算效率。
4.基于Waters加密,提出了一个新的基于身份的签密方案,该方案的安全性证明不需要借助随机预言机模型,在标准模型下证明了其语义安全性和不可伪造性,方案的语义安全性基于判定性双线性Diffie-Hellman问题的困难性,不可伪造性依赖于计算性Diffie-Hellman假设.就我们所知,这是第一个在标准模型下可证安全的基于身份的签密方案。
5.研究了基于身份的多接收人的数字签密,提出了一个具体的方案,并在随机预言机模型下证明了其安全性。在该方案中,为n个不同的接收人签密一个消息只需要一次双线性对运算,与现有方案和使用一个签密方案进行n次签密运算相比,提出的方案具有更高的计算效率。
Information security is one of the important problems in modern information society and is becoming a new and important subject in information science. Digital signature, which can provide authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a crucial role in electronic commerce. Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overheads than the signature-then-encryption approach. Signcryption provides a good approach to transmit messages when both confidentiality and authenticity are needed. In this thesis, we research several problems of digital signature and signcryption, which consists of the following aspects.
1. We propose a new construction of designated verifier proxy signature whose security can be proven without using the random oracle model. Our scheme is inspired by Waters' Identity-based encryption. We firstly give the formal model of designated verifier proxy signature scheme and formalize its security model before we describe the scheme. Then, we show that the unforgeability of our scheme is based on the hardness of Gap Bilinear Diffie-Hellman problem. To our knowledge, this is the first designated verifier proxy signature scheme that can be proven secure in the standard model.
2. We focus on the problem of proxy revocation and propose three proxy schemes with fast revocation, including two proxy signature schemes and one proxy signcryption scheme. The first one is based on the BLS signature scheme. Motivated by the idea of (2,2) threshold, a SEcurity Mediator (SEM) is introduced to examine whether a proxy signer signs messages according to the warrant and to check the revocation of a proxy signer. Moreover, a proxy signer has to cooperate with the SEM to generate a valid proxy signature, which facilitates the effective and fast proxy revocation of the scheme. The SEM is introduced in ID-based proxy signature in our second scheme. We firstly propose an ID-based (t, n) threshold signature scheme and analyze its security, then we construct an ID-based mediated proxy signature scheme using our (t, n) threshold signature. Inspired by Libert and Quisquater's signcryption scheme, we also propose an ID-based proxy signcryption scheme with fast revocation. It is shown that the proposed schemes satisfy all the security requirements of a secure proxy scheme.
3. We research on the problem of proxy signer's privacy protection. We link proxy signature with ring signature and propose two proxy ring signature schemes. The first scheme is based on the BLS signature. We formalize the security model for the proxy ring signature and prove the security of our scheme in the random oracle model. We employ Chow's ID-based ring signature algorithm in the second scheme, and prove that the unforgeability of the scheme relies on the CDH problem using the forking lemma for ring signature in the random oracle model. Compared with the existing schemes, the two schemes are more efficient in computation.
4. We propose a new ID-based signcryption scheme from Waters' ID-based encryption. The security proof of this scheme does not rely on the random oracles. We prove its semantic security and the unforgeability in the standard model. Specifically, we prove its semantic security under the hardness of Decisional Bilinear Diffie-Hellman problem and its unforgeability under the Computational Diffie-Hellman assumption. As far as we know, this is the first ID-based signcryption scheme that can be proven secure without random oracles.
5. We propose an efficient ID-based signcryption scheme for multiple receivers which needs only one pairing computation to signcrypt a message for n different receivers. This scheme turns out to be more efficient than previous schemes and the approach of re-signcryption a message n times using a corresponding signcryption scheme. Finally, we prove its security in the random oracle model.
本文研究了具有特殊应用的几种数字签名和签密方案,主要包括以下几个方面:
1.提出了一个在标准模型下可证安全的指定验证人代理签名方案,首先给出了形式化定义,规范了安全模型,然后描述提出的方案,最后给出了其安全性证明。现有方案的安全性要么只给出了简单的安全性分析,要么给出了在随机预言机模型下的安全性证明,提出的方案的安全性证明利用了Waters加密方案的证明技巧,其安全性证明不需要借助随机预言机模型,在标准模型下就可以完成。
2.研究了代理方案中代理权的快速撤销问题,提出了三个具有快速撤销功能的代理方案,包括两个代理签名方案和一个代理签密方案。第一个方案基于BLS短签名,利用(2,2)门限思想,引入一个安全中介SEM,其主要作用是监督代理签名人是否按照委托书的规定进行代理签名,检查代理签名人的签名权利是否被撤销。在该方案中,代理签名人只有与SEM合作才能生成有效的签名,使得方案具有快速撤销代理权的功能。第二个方案是在基于身份的代理签名中引入安全中介SEM。首先提出了一个基于身份的(t,n)门限签名并分析了其安全性,在此基础上,构造了一个基于身份的中介代理签名方案,该方案也具备快速撤销代理权的功能。第三个方案是在基于身份的代理签密中引入安全中介SEM,提出了一个基于身份的可快速撤销代理权的代理签密方案,方案的设计基于Libert和Quisquater的签密。
3.研究了代理签名中代理签名人的隐私保护问题,将代理签名和环签名相结合,提出了两个代理环签名方案。第一个方案的构造利用了BLS短签名,规范了代理环签名的安全模型并在随机预言机模型下给出了安全性证明。第二个方案的构造利用了Chow的基于身份的环签名算法,在随机预言机模型下利用环签名分叉引理证明了其不可伪造性依赖于CDH问题。与现有方案相比,这两个方案具有更高的计算效率。
4.基于Waters加密,提出了一个新的基于身份的签密方案,该方案的安全性证明不需要借助随机预言机模型,在标准模型下证明了其语义安全性和不可伪造性,方案的语义安全性基于判定性双线性Diffie-Hellman问题的困难性,不可伪造性依赖于计算性Diffie-Hellman假设.就我们所知,这是第一个在标准模型下可证安全的基于身份的签密方案。
5.研究了基于身份的多接收人的数字签密,提出了一个具体的方案,并在随机预言机模型下证明了其安全性。在该方案中,为n个不同的接收人签密一个消息只需要一次双线性对运算,与现有方案和使用一个签密方案进行n次签密运算相比,提出的方案具有更高的计算效率。
Information security is one of the important problems in modern information society and is becoming a new and important subject in information science. Digital signature, which can provide authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a crucial role in electronic commerce. Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overheads than the signature-then-encryption approach. Signcryption provides a good approach to transmit messages when both confidentiality and authenticity are needed. In this thesis, we research several problems of digital signature and signcryption, which consists of the following aspects.
1. We propose a new construction of designated verifier proxy signature whose security can be proven without using the random oracle model. Our scheme is inspired by Waters' Identity-based encryption. We firstly give the formal model of designated verifier proxy signature scheme and formalize its security model before we describe the scheme. Then, we show that the unforgeability of our scheme is based on the hardness of Gap Bilinear Diffie-Hellman problem. To our knowledge, this is the first designated verifier proxy signature scheme that can be proven secure in the standard model.
2. We focus on the problem of proxy revocation and propose three proxy schemes with fast revocation, including two proxy signature schemes and one proxy signcryption scheme. The first one is based on the BLS signature scheme. Motivated by the idea of (2,2) threshold, a SEcurity Mediator (SEM) is introduced to examine whether a proxy signer signs messages according to the warrant and to check the revocation of a proxy signer. Moreover, a proxy signer has to cooperate with the SEM to generate a valid proxy signature, which facilitates the effective and fast proxy revocation of the scheme. The SEM is introduced in ID-based proxy signature in our second scheme. We firstly propose an ID-based (t, n) threshold signature scheme and analyze its security, then we construct an ID-based mediated proxy signature scheme using our (t, n) threshold signature. Inspired by Libert and Quisquater's signcryption scheme, we also propose an ID-based proxy signcryption scheme with fast revocation. It is shown that the proposed schemes satisfy all the security requirements of a secure proxy scheme.
3. We research on the problem of proxy signer's privacy protection. We link proxy signature with ring signature and propose two proxy ring signature schemes. The first scheme is based on the BLS signature. We formalize the security model for the proxy ring signature and prove the security of our scheme in the random oracle model. We employ Chow's ID-based ring signature algorithm in the second scheme, and prove that the unforgeability of the scheme relies on the CDH problem using the forking lemma for ring signature in the random oracle model. Compared with the existing schemes, the two schemes are more efficient in computation.
4. We propose a new ID-based signcryption scheme from Waters' ID-based encryption. The security proof of this scheme does not rely on the random oracles. We prove its semantic security and the unforgeability in the standard model. Specifically, we prove its semantic security under the hardness of Decisional Bilinear Diffie-Hellman problem and its unforgeability under the Computational Diffie-Hellman assumption. As far as we know, this is the first ID-based signcryption scheme that can be proven secure without random oracles.
5. We propose an efficient ID-based signcryption scheme for multiple receivers which needs only one pairing computation to signcrypt a message for n different receivers. This scheme turns out to be more efficient than previous schemes and the approach of re-signcryption a message n times using a corresponding signcryption scheme. Finally, we prove its security in the random oracle model.
引文
[1] Shannon C E. A mathematical theory of communication. Bell System Technical Journal, 1948, 27(4): 397-426.
[2] Shannon C E. Communication theory of secrecy systems. Bell System Technical Journal, 1949, 28: 656-715.
[3] Diffie W, Helllman M E. New directions in cryptography. IEEE transactions on information theorey, 1976, IT-31(4): 469-472.
[4] Rivest R L, Shamir A, Adleman L. A method for obtaining digital signatures and public key cryptosystem. Comm. ACM.,1978, 21: 120-126.
[5] Cao Z. A threshold key escrow scheme based on public key cryptosystem. Science in China, 2001, 44(4): 441-448.
[6] Rabin M O. Digital signature, foundations of secure communication. Academic press, UK, 1978, 155-168.
[7] ElGamal T. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE transactions on information theory. 1985, IT-31(4): 469-472.
[8] Koblitz N. Elliptic curve cryptosystems. Mathematics of computation, 1987, 48: 203-209.
[9] Goldwasser S, Micali S, Rivest R. A digital signature scheme secure against adaptive chosen message attack. SIAM J. Comput., 17(2), 1998: 281-308.
[10] Pointcheval D, Stern J. Security proofs for signature scheme. Advance in Cryptology-Proc of EUROCRYPT'96. Berlin: Springer-Verlag, 1996: 1-35.
[11] Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 2000: 361-396.
[12] Coron J. On the exact security of full domain Hash. Advances in Cryptology-Crypto'00, LNCS 1880, Berlin: Springer-Verlag, 2000: 229-235.
[34] Boneh D, Lynn B, Shacham H. Short signature from the Weil pairing. J. Cryptology, 2004: 1-23.
[14] Schnorr C P. Efficient identification and signatures for smart cards. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 239-252.
[15] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital signature standard, U.S. Department of Commerce, 1994.
[16] Chaum D. Blind signatures for untraceable payments. Advances in Cryptology-Crypto'82, Prenum Publishing Corporation, 1982: 199-204.
[17] Chaum D, Antwerpen H. Undeniable signatures. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 212-216.
[18] Even S, Goldreich O, Micali S. On-line/Off-line digital signatures. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 263-277.
[19]Desmedt Y,Frankel Y.Shared generation of authentication and signature.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1991:457-469.
[20]Chaum D,Heyst E.Group Signature.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1991:257-265.
[21]Lira C,Lee P.Modified Maurer-Yacobi's scheme and its applications.Advances in Cryptology-AUSCRYPT'92,LNCS 718,Berlin:Springer-Verlag,1992:308-323.
[22]Nyberg K,Rueppel R.Message recovery for signature schemes based on the discrete logarithm problem.Advances in Cryptology-Eurocrypt'94,LNCS 950,Berlin:Springer-Verlag,1995:182-193.
[23]Chaum D.Designated confirmer signature.Advances in Cryptology-Eurocrypt'94,LNCS 950,Berlin:Springer-Verlag,1995:86-91.
[24]Mambo M,Usuda K,Okamoto E.Proxy signature:delegation of the power to sign messages.IEICE Trans.Fundamentals,E79-A(5),1996:1338-1354.
[25]Rivest R,Shamir A,Tauman Y.How to leak a secret.Proc of Asiacrypt'01,Berlin:Springer-Verlag,2001:552-565.
[26]Micali S,Rivest R.Transitive signature scheme.Topics in Cryptology-CT-RSA'02,LNCS 2271,Berlin:Springer-Verlag,2002:236-243.
[27]Boneh D,Gentry C,Lynn B.Aggregate and verifiably encrypted signatures from bilinear maps.Advances in Cryptology-Eurocrypt'03,LNCS 2656,Berlin:Springer-Verlag,2003:416-432.
[28]Miller V S.Use of elliptic curve in cryptography.Advances in Cryptology-Crypto'85,LNCS 218,Berlin:Springer-Verlag,1986:417-426.
[29]Koblitz N.Hyperelliptic cryptography,Journal of Crypto.,1989,1(3):139-150.
[30]ANSI X9.62.Public key cryptography for the financial services industry:the elliptic curve digital signature algorithm(ECDSA),1999.
[31]Shamir A.Identity-based cryptosystems and signature schemes.Advances in Cryptology-Proceedings of CRYPTO'84.Berlin:Springer-Verlag,1985:48-53.
[32]Sakai R,Ohgishi K,Kasahara M.Cryptosystems based on pairing,Proceedings of Symposium on Cryptography and Information Security,Japan,Okinawa,2000:26-28.
[33]Boneh D,Franklin M.Identity-based encryption from the weil pairing.Advances in Cryptology-CRYPTO'01,LNCS 2139,Berlin:Springer-Verlag,2001:213-229.
[34]Boneh D,Lynn B,Shacham H.Short signatures from the weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Berlin:Springer-Verlag,2001:514-532.
[35]Zhang F,Kim K.Efficient ID-Based blind signature and proxy signature from bilinear pairings.Proc of ACISP 2003,Berlin:Springer-Verlag,2003:312-323.
[36]Chen X,Zhang F,Kim K.ID-based multi-proxy signature and blind multi-signature from bilinear pairings.KIISC conference 2003,Korea,August 17,2003:11-19.
[37]Zhang F,Kim K.ID-Based blind signature and ring signature rrom pairings.Proc of Asiacrypt'02,Berlin:Springer-Verlag,2002:533-547.
[38]Boneh D,Boyen X.Short signatures without random oracles.Advances in Cryptology-EUROCRYPT 2004,LNCS 3027,Berlin:Springer-Verlag,2004:56-73.
[39]Waters B.Efficient identity-based encryption without random oracles.Advances in Cryptology-EUROCRYPT 2005,LNCS 3494,Berlin:Springer-Verlag,2005:114-127.
[40]Zheng Y.Digital signcryption or how to achieve cost(signature & encryption) << cost (signature) + cost(encryption).Advances in Cryptology-CRYPTO'97,LNCS 1294,Berlin:Springer-Verlag,1997:165-179.
[41]Hanaoka G,Zheng Y,Imai H.LITESET:A light-weight secure electronic transaction protocol.Information Security and Privacy-ACISP'98,LNCS 1438,Berlin:Springer-Verlag,1998:215-226.
[42]Wang Y,Li T.LITESET/A++:A new agent-assisted secure payment protocol.IEEE International Conference on E-Commerce Technology,San Diego,CA,USA,2004:244-251.
[43]Seo S H,Cho T N,Lee S H.A secure mobile agent protocol for AMR systems in home network environments.Information Networking,Convergence in Broadband and Mobile Networking-ICOIN 2005,LNCS 3391,Berlin:Springer-Verlag,2005:814-823.
[44]Li G,Han W.A new scheme for key management in ad hoc networks.International Conference on Networking-ICN 2005,LNCS 3421,Berlin:Springer-Verlag,2005:242-249.
[45]Deng H,Agrawal D P.TIDS:Threshold and identity-based security scheme for wireless ad hoc networks.Ad Hoc Networks,2004,2(3):291-307.
[46]Park B N,Myung J,Lee W.ISSRP:A secure routing protocol using identity-based signcryption scheme in ad-hoc networks.Parallel and Distributed Computing:Applications and Technologies-PDCAT 2004,LNCS 3320,Berlin:Springer-Verlag,2004:711-714.
[47]Park B N,Lee W.ISMANET:A secure routing protocol using identity-based signcryption scheme for mobile ad-hoc networks.IEICE Transactions on Communications,2005,E88-B(6):2548-2556.
[48]Gamage C,Leiwo J,Zheng Y.Encrypted message authentication by firewalls.Public Key Cryptography-PKC'99,LNCS 1560,Berlin:Springer-Verlag,1999:69-81.
[49]Chow S S M,Yiu S M,Hui L C K,Chow K P.Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity.Information Security and Cryptology-ICISC 2003,LNCS 2971,Berlin:Springer-Verlag,2004:352-369.
[50]Bao F,Deng R H.A signcryption scheme with signature directly verifiable by public key.Public Key Cryptography-PKC'98,LNCS 1431,Berlin:Springer-Verlag,1998:55-59.
[51]Steinfeld R,Zheng Y.A signcryption scheme based on integer factorization.Information Security Workshop-ISW 2000,LNCS 1975,Berlin:Springer-Verlag,2000:308-322.
[52]Yum D H,Lee P J.New signcryption schemes based on KCDSA.Information Security and Cryptology-ICISC 2001,LNCS 2288,Berlin:Springer-Verlag,2002:305-317.
[53]Jung H Y,Lee D H,Lim J I,Chang K S.Signcryption schemes with forward secrecy.Information Security Application-WISA 2001,Seoul,Korea,2001:463-475.
[54]Shin J B,Lee K,Shim K.New DSA-verifiable signcryption schemes.Information Security and Cryptology-ICISC 2002,LNCS 2587,Berlin:Springer-Verlag,2003:35-47.
[55]Malone-Lee J,Mao W.Two birds one stone:signcryption using RSA.Topics in Cryptology-CT-RSA 2003,LNCS 2612,Berlin:Springer-Verlag,2003:211-226.
[56]Gamage C,Leiwo J,Zheng Y.An efficient scheme for secure message transmission using proxy-signcryption.The 22nd Australasian Computer Science Conference,Auckland,New Zealand,1999:420-431.
[57]Koo J H,Kim H J,Jeong I R.Jointly unsigncryptable signcryption schemes.Information Security Application-WISA 2001,Seoul,Korea,2001:397-407.
[58]Zhang Z,Mian C,Jin Q.Signcryption scheme with threshold shared unsigncryption preventing malicious receivers.2002 IEEE Region 10 Conference on Computers,Communications,Control and Power Engineering,Vol.1,Beijing,China,2002:196-199.
[59]Peng C,Li X.Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing.2005 International Conference on Wireless Communications,Networking and Mobile Computing,Vol.2,Wuhan,China,2005:1136-1139.
[60]Mitomi S,Miyaji A.A general model of multisignature schemes with message flexibility,order flexibility,and order verifiability.IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2001,84(10):2488-2499.
[61]Pang X,Catania B,Tan k L.Securing your data in agent-based P2P systems.Eighth International Conference on Database Systems for Advanced Applications,Kyoto,Japan,2003:422-433.
[62]Malone-Lee J.Identity based signcryption.Cryptology ePrint Archive,Report 2002/098,2002.Available from:http://eprint.iacr.org/2002/098.
[63]Libert B,Quisquater J J.A new identity based signcryption schemes from pairings.2003IEEE Information Theory Workshop,Paris,France,2003:155-158.
[64]Boyen X.Multipurpose identity-based signcryption:a swiss army knife for identity-based cryptography.Advances in Cryptology-CRYPTO 2003,LNCS 2729,Berlin:Springer-Verlag,2003:383-399.
[65]Chen L,Malone-Lee J.Improved identity-based signcryption.Public Key CryptographyPKC 2005,LNCS 3386,Berlin:Springer-Verlag,2005:362-379.
[66]Barreto P S L M,Libert B,McCullagh N,Quisquater J J.Efficient and provably-secure identity-based signatures and signcryption from bilinear maps.Advances in Cryptology-ASIACRYPT 2005,LNCS 3788,Berlin:Springer-Verlag,2005:515-532.
[67]李发根,胡予濮,李刚.一个高效的基于身份的签密方案.计算机学报,2006,29(9):1641-1647.
[68]柴震川.门限密码方案安全性和应用研究.上海:上海交通大学博士毕业论文,2007.
[69]Douglas R.Stinson,Cryptography Theory and Practice,CRC press.
[70]Bellare M,Rogaway P.Random oracles are practical:a paradiam for designing efficient protocols.The first ACM Conference on Computer and Communications Security,ACM,1993:62-73.
[71]傅晓彤.具附加性质的数字签名技术及应用研究.西安:西安电子科技大学博士毕业论文,2005.
[72]伊丽江.代理签名体制研究.西安:西安电子科技大学博士毕业论文,2001.
[73]陆荣幸.若干代理密码体制的研究与设计.上海:上海交通大学博士毕业论文,2006.
[74]辛向军.几种具有附加性质的数字签名体制的研究.西安:西安电子科技大学博士毕业论文,2007.
[75]Zhang K.Threshold proxy signature schemes.1997 Information Security Workshop,Sep.,Japan,1997:191-197.
[76]Sun H M,Lee N Y,Hwang T.Threshold proxy signatures.IEE Proc.-Computers and Digital Techniques,146(5),1999:259-263.
[77]Sun H M,Chen B J.Time-stamped proxy signatures with traceable receivers.Proceedings of the Ninth National Conference on Information Security,1999:247-253.
[78]Yi L,Bai G,Xiao G.Proxy multi-signature scheme:a new type of proxy signature scheme.ELECTRONICS LETTERS,36(6),2000:527-528.
[79]Lee B,Kim H,Kim K.Secure mobile agent using strong non-designated proxy signature.Proc of ACISP 2001,Berlin:Springer-Verlag,2001:474-486.
[80]Kim H,Baek J,Lee B,et al.Secret computation with cecrets for mobile agent using onetime proxy signature.The Symposium on Cryptography and Information Security,Oiso,Japan,2001:23-26.
[81]Shum K,Wei V K.A strong proxy signature scheme with proxy signer privacy protection.Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises 2002(WETICE'02),2002,Pittsburgh,PA,2002:55-56.
[82]Qian H,Cao Z.A novel ID-based partial delegation with warrant proxy signature scheme.ISPA Workshops 2005.Berlin:Springer-Verlag,2005:323-331.
[83]Dai J Z,Yang X H,Dong J X.Designated-receiver proxy signature scheme for electronic commerce.In Proc.of IEEE International Conference on Systems,Man and Cybernetics,Vol.1,IEEE press,2003:384-389.
[84]Wang G.Designated-receiver proxy signatures for e-commerce.IEEE 2004 International Conference on Multimedia and Expo(ICME 2004),IEEE press,2004:1731-1734.
[85]Huang X Y,Mu Y,Susilo W,Zhang F.Short designated verifier proxy signature from pairings.EUC workshops 2005,Berlin:Springer-Verlag,LNCS 3823,2005:835-844.
[86]Lu R X,Cao Z F,Dong X L.Designated verifier proxy signature scheme from bilinear pairings.Proc of the First International Multi-Symposiums on Computer and Computational Sciences 2006,IEEE press,2006:40-47.
[87]Huang X Y,Mu Y,Susilo W,Wu W.Proxy signatue without random oracles.Proc of MSN 2006,LNCS 4325,Springer-Verlag,Berlin,2006:473-484.
[88]Jakobsson M,Sako K,Impagliazzo R.Designated verifier proofs and their applications.Advances in Cryptology-Eurocrypt'96,LNCS 1070,Springer-Verlag,Berlin,1996:143-154.
[89]Sacednia S,Kramer S,Markovitch O.An efficient strong designated verifier signature scheme.Proc of ICISC 2003,Springer-Verlag,Berlin,2003:40-54.
[90]Susilo W,Zhang F,Mu Y.Identity-based strong designated verifier signature schemes.Proc of ACISP 2004,LNCS 3108,2004:313-324.
[91]Sun H M,Chen B J.Time-stamped proxy signatures with traceable receivers.Proc of the ninth national conference on Information security,Taiwan:Chaoyan University of Technology,1999:247-253.
[92]Sun H M.Design of time-stamped proxy signatures with traceable receivers.IEE Proc.-Computers and Digital Techniques:147(6).London:IEE,2000:462-466.
[93]Lu E,Hwang M S,Huang C J.A new proxy signature scheme with revocation.Applied Mathematics and Computation,2005,161(3):799-806.
[94]Seo S H,Shim K A,Lee S H.A mediated proxy signature scheme with fast revocation for electronic transactions.Proc of TrustBus 2005:LNCS 3592,Berlin:Springer-Verlag,2005:216-225.
[95]Boneh D,Ding X,Tsudik G.A method for fast revocation of public key certificates and security capabilities.Proc of the 10th USENIX Security Symposium.Washington D C,2001:297-308.
[96]Shamir A.How to share a secret.Communications of the ACM,1979,22(11):612-613.
[97]Blakley G R.Safeguarding cryptographic keys.Proc of AFIPS 1979,National Computer Conference,1979:313-317.
[98]Chor B,Goldwasser S,Micali S.Verifiable secret sharing and achieving simultaneity in the presence of faults.Proc.of 26th IEEE Symposium on Fundations of Computer Science (FOCS'85).Los Angeles:IEEE Computer Society,1985:383-395.
[99]Feldman P.A practical scheme for non-interactive verifiable secret sharing.Proc of 28th Annual FOCS.IEEE Computer Society,1987:427-437.
[100]Pederson T P.Non-interactive and information-theoretic security verifiable secret sharing.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1992:129-140.
[101]许春香.安全秘密共享及其应用研究.西安:西安电子科技大学博士论文,2003.
[102]庞辽军.秘密共享技术及其应用研究.西安:西安电子科技大学博士论文,2006.
[103]Desmedt Y.Society and group oriented cryptography:a new concept.Advances in Cryptology-Crypto'87, 1987: 120-127.
[104] Desmedt Y, Frankel Y. Threshold cryptosystems. Advances in Cryptology-Crypto'89, 1989: 307-315.
[105] Ham L. Group-oriented (t,n) threshold digital signature scheme and digital multisignature. IEE Proc- Comput. Digit. Tech, 1994, 141(5): 307-311.
[106] Gennaro R, Jarecki S, Krawczyk H, Rabin T. Robust threshold DSS. Advances in Cryptology-Eurocrypt'96, 1996: 354-371.
[107] Shoup V. Practical threshold signatures. Advances in Cryptology-Eurocrypt'00, Springer-Verlag, Berlin, 2000: 207-220.
[108] Hwang M S, Chang T Y. Threshold signatures: current status and key issues. International journal of network security: 3(1): 123-137.
[109] Baek J, Zheng Y. Identity-based threshold decryption. Public Key Cryptography-PKC 2004, LNCS 2947, Berlin: Springer-Verlag, 2004: 262-276.
[110] Hess F. Efficient identity based signature schemes based on pairings. Proc of SAC 2002, Berlin: Springer-Verlag, 2002: 310-324.
[111] Baek J, Zheng Y. Identity-based threshold signature scheme from the bilinear pairings. Proc of ITCC 2004, IEEE computer society, 2004: 155-160.
[112] Cheng X, Liu J, Wang X. An identity-based signature and its threshold version. 19th International Conference on Advanced Information Networking and Applications-AINA'05, Taipei, Taiwan, 2005: 973-977.
[113] Lee B, Kim H, Kim K. Strong proxy signature and its applications. Proc of the 2001 Symposium on Cryptography and Information Security, 2001, Oiso, Japan. 2001: 603-608.
[114] Rivest R, Shamir A, Tauman Y. How to leak a secret. Proc of Asiacrypt 2001. Berlin: Springer-Verlag, 2001: 552-565.
[115] Zhang F, Naini R, Lin C Y. New proxy signature, proxy blind signature and proxy ring signature schemes from bilinear pairings[EB/OL]. Cryptology ePrint Archive, http://eprint.iacr.org/2003/.
[116] Amit K, Sunder L. ID-based ring signature and proxy ring signature schemes from bilinear pairings. Internal Journal of Network Security, 2007, 4(2):187-192.
[117] Chow S S M, Hui L C K, Yiu S M. Efficient identity based ring signature. Proc of ACNS 2005, Berlin: Springer-Verlag, 2005: 499-512.
[118] Herranz J, Saez G. Forking lemmas for ring signature schemes. Proc of INDOCRYPT 2003, Berlin: Springer-Verlag, 2003: 266-279.
[119] Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. Proc of the 30th Annual Symposium on the Theory of Computing (STOC'98), 1998: 209-218.
[120] Bellare M, Boldyreva A, Micali S. Public-key encryption in a multi-user setting: security proofs and improvements. Proc of Eurocrypt'00, LNCS 1807, Berlin: Springer-Verlag, 2000: 259-274.
[121] Kurosawa K. Multi-recipient public-key encryption with shortened ciphertext. Proc of PKC'02, Berlin: Springer-Verlag, 2002: 48-63.
[122] Baek J, Safavi-Naini R, Susilo W. Efficient multi-receiver identity-based encryption and its application to broadcast encryption. Public Key Cryptography-PKC 2005, LNCS 3386, Berlin: Springer-Verlag, 2005: 380-397.
[123] Zheng Y. Signcryption and its applications in efficient public key solutions. Information Security Workshop-ISW'97, LNCS 1396, Berlin: Springer-Verlag, 1997: 291-312.
[124] Duan S S, Cao Z F. Efficient and provably secure multi-receiver identity-based signcryption. Proc of ACISP 2006, LNCS 4058, Berlin: Springer-Verlag, 2006: 195-206.
[125] Li F G, Hu Y P, Liu S G. Efficient and provably secure multi-recipient signcryption from bilinear pairings. Wuhan University Journal of Natural Sciences, 2007, 12(1): 17-20.
[126] Boneh D, Boyen X. Secure identity based encryption without random oracles. Advances in Cryptology-CRYPTO 2004, LNCS 3152, Berlin: Springer-Verlag, 2004: 443-459.
[127] Li X, Chen K. Identity based proxy signcryption scheme from pairings. Proc of the 2004 IEEE International conference on services computing,Shanghai, 2004: 494-497.
[128] Wang Q, Cao Z F. Two proxy signcryption schemes from bilinear pairings. Proc of CANS 2005, LNCS 3810, Berlin: Springer-Verlag, 2005: 161-171.
[2] Shannon C E. Communication theory of secrecy systems. Bell System Technical Journal, 1949, 28: 656-715.
[3] Diffie W, Helllman M E. New directions in cryptography. IEEE transactions on information theorey, 1976, IT-31(4): 469-472.
[4] Rivest R L, Shamir A, Adleman L. A method for obtaining digital signatures and public key cryptosystem. Comm. ACM.,1978, 21: 120-126.
[5] Cao Z. A threshold key escrow scheme based on public key cryptosystem. Science in China, 2001, 44(4): 441-448.
[6] Rabin M O. Digital signature, foundations of secure communication. Academic press, UK, 1978, 155-168.
[7] ElGamal T. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE transactions on information theory. 1985, IT-31(4): 469-472.
[8] Koblitz N. Elliptic curve cryptosystems. Mathematics of computation, 1987, 48: 203-209.
[9] Goldwasser S, Micali S, Rivest R. A digital signature scheme secure against adaptive chosen message attack. SIAM J. Comput., 17(2), 1998: 281-308.
[10] Pointcheval D, Stern J. Security proofs for signature scheme. Advance in Cryptology-Proc of EUROCRYPT'96. Berlin: Springer-Verlag, 1996: 1-35.
[11] Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 2000: 361-396.
[12] Coron J. On the exact security of full domain Hash. Advances in Cryptology-Crypto'00, LNCS 1880, Berlin: Springer-Verlag, 2000: 229-235.
[34] Boneh D, Lynn B, Shacham H. Short signature from the Weil pairing. J. Cryptology, 2004: 1-23.
[14] Schnorr C P. Efficient identification and signatures for smart cards. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 239-252.
[15] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital signature standard, U.S. Department of Commerce, 1994.
[16] Chaum D. Blind signatures for untraceable payments. Advances in Cryptology-Crypto'82, Prenum Publishing Corporation, 1982: 199-204.
[17] Chaum D, Antwerpen H. Undeniable signatures. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 212-216.
[18] Even S, Goldreich O, Micali S. On-line/Off-line digital signatures. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990: 263-277.
[19]Desmedt Y,Frankel Y.Shared generation of authentication and signature.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1991:457-469.
[20]Chaum D,Heyst E.Group Signature.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1991:257-265.
[21]Lira C,Lee P.Modified Maurer-Yacobi's scheme and its applications.Advances in Cryptology-AUSCRYPT'92,LNCS 718,Berlin:Springer-Verlag,1992:308-323.
[22]Nyberg K,Rueppel R.Message recovery for signature schemes based on the discrete logarithm problem.Advances in Cryptology-Eurocrypt'94,LNCS 950,Berlin:Springer-Verlag,1995:182-193.
[23]Chaum D.Designated confirmer signature.Advances in Cryptology-Eurocrypt'94,LNCS 950,Berlin:Springer-Verlag,1995:86-91.
[24]Mambo M,Usuda K,Okamoto E.Proxy signature:delegation of the power to sign messages.IEICE Trans.Fundamentals,E79-A(5),1996:1338-1354.
[25]Rivest R,Shamir A,Tauman Y.How to leak a secret.Proc of Asiacrypt'01,Berlin:Springer-Verlag,2001:552-565.
[26]Micali S,Rivest R.Transitive signature scheme.Topics in Cryptology-CT-RSA'02,LNCS 2271,Berlin:Springer-Verlag,2002:236-243.
[27]Boneh D,Gentry C,Lynn B.Aggregate and verifiably encrypted signatures from bilinear maps.Advances in Cryptology-Eurocrypt'03,LNCS 2656,Berlin:Springer-Verlag,2003:416-432.
[28]Miller V S.Use of elliptic curve in cryptography.Advances in Cryptology-Crypto'85,LNCS 218,Berlin:Springer-Verlag,1986:417-426.
[29]Koblitz N.Hyperelliptic cryptography,Journal of Crypto.,1989,1(3):139-150.
[30]ANSI X9.62.Public key cryptography for the financial services industry:the elliptic curve digital signature algorithm(ECDSA),1999.
[31]Shamir A.Identity-based cryptosystems and signature schemes.Advances in Cryptology-Proceedings of CRYPTO'84.Berlin:Springer-Verlag,1985:48-53.
[32]Sakai R,Ohgishi K,Kasahara M.Cryptosystems based on pairing,Proceedings of Symposium on Cryptography and Information Security,Japan,Okinawa,2000:26-28.
[33]Boneh D,Franklin M.Identity-based encryption from the weil pairing.Advances in Cryptology-CRYPTO'01,LNCS 2139,Berlin:Springer-Verlag,2001:213-229.
[34]Boneh D,Lynn B,Shacham H.Short signatures from the weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Berlin:Springer-Verlag,2001:514-532.
[35]Zhang F,Kim K.Efficient ID-Based blind signature and proxy signature from bilinear pairings.Proc of ACISP 2003,Berlin:Springer-Verlag,2003:312-323.
[36]Chen X,Zhang F,Kim K.ID-based multi-proxy signature and blind multi-signature from bilinear pairings.KIISC conference 2003,Korea,August 17,2003:11-19.
[37]Zhang F,Kim K.ID-Based blind signature and ring signature rrom pairings.Proc of Asiacrypt'02,Berlin:Springer-Verlag,2002:533-547.
[38]Boneh D,Boyen X.Short signatures without random oracles.Advances in Cryptology-EUROCRYPT 2004,LNCS 3027,Berlin:Springer-Verlag,2004:56-73.
[39]Waters B.Efficient identity-based encryption without random oracles.Advances in Cryptology-EUROCRYPT 2005,LNCS 3494,Berlin:Springer-Verlag,2005:114-127.
[40]Zheng Y.Digital signcryption or how to achieve cost(signature & encryption) << cost (signature) + cost(encryption).Advances in Cryptology-CRYPTO'97,LNCS 1294,Berlin:Springer-Verlag,1997:165-179.
[41]Hanaoka G,Zheng Y,Imai H.LITESET:A light-weight secure electronic transaction protocol.Information Security and Privacy-ACISP'98,LNCS 1438,Berlin:Springer-Verlag,1998:215-226.
[42]Wang Y,Li T.LITESET/A++:A new agent-assisted secure payment protocol.IEEE International Conference on E-Commerce Technology,San Diego,CA,USA,2004:244-251.
[43]Seo S H,Cho T N,Lee S H.A secure mobile agent protocol for AMR systems in home network environments.Information Networking,Convergence in Broadband and Mobile Networking-ICOIN 2005,LNCS 3391,Berlin:Springer-Verlag,2005:814-823.
[44]Li G,Han W.A new scheme for key management in ad hoc networks.International Conference on Networking-ICN 2005,LNCS 3421,Berlin:Springer-Verlag,2005:242-249.
[45]Deng H,Agrawal D P.TIDS:Threshold and identity-based security scheme for wireless ad hoc networks.Ad Hoc Networks,2004,2(3):291-307.
[46]Park B N,Myung J,Lee W.ISSRP:A secure routing protocol using identity-based signcryption scheme in ad-hoc networks.Parallel and Distributed Computing:Applications and Technologies-PDCAT 2004,LNCS 3320,Berlin:Springer-Verlag,2004:711-714.
[47]Park B N,Lee W.ISMANET:A secure routing protocol using identity-based signcryption scheme for mobile ad-hoc networks.IEICE Transactions on Communications,2005,E88-B(6):2548-2556.
[48]Gamage C,Leiwo J,Zheng Y.Encrypted message authentication by firewalls.Public Key Cryptography-PKC'99,LNCS 1560,Berlin:Springer-Verlag,1999:69-81.
[49]Chow S S M,Yiu S M,Hui L C K,Chow K P.Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity.Information Security and Cryptology-ICISC 2003,LNCS 2971,Berlin:Springer-Verlag,2004:352-369.
[50]Bao F,Deng R H.A signcryption scheme with signature directly verifiable by public key.Public Key Cryptography-PKC'98,LNCS 1431,Berlin:Springer-Verlag,1998:55-59.
[51]Steinfeld R,Zheng Y.A signcryption scheme based on integer factorization.Information Security Workshop-ISW 2000,LNCS 1975,Berlin:Springer-Verlag,2000:308-322.
[52]Yum D H,Lee P J.New signcryption schemes based on KCDSA.Information Security and Cryptology-ICISC 2001,LNCS 2288,Berlin:Springer-Verlag,2002:305-317.
[53]Jung H Y,Lee D H,Lim J I,Chang K S.Signcryption schemes with forward secrecy.Information Security Application-WISA 2001,Seoul,Korea,2001:463-475.
[54]Shin J B,Lee K,Shim K.New DSA-verifiable signcryption schemes.Information Security and Cryptology-ICISC 2002,LNCS 2587,Berlin:Springer-Verlag,2003:35-47.
[55]Malone-Lee J,Mao W.Two birds one stone:signcryption using RSA.Topics in Cryptology-CT-RSA 2003,LNCS 2612,Berlin:Springer-Verlag,2003:211-226.
[56]Gamage C,Leiwo J,Zheng Y.An efficient scheme for secure message transmission using proxy-signcryption.The 22nd Australasian Computer Science Conference,Auckland,New Zealand,1999:420-431.
[57]Koo J H,Kim H J,Jeong I R.Jointly unsigncryptable signcryption schemes.Information Security Application-WISA 2001,Seoul,Korea,2001:397-407.
[58]Zhang Z,Mian C,Jin Q.Signcryption scheme with threshold shared unsigncryption preventing malicious receivers.2002 IEEE Region 10 Conference on Computers,Communications,Control and Power Engineering,Vol.1,Beijing,China,2002:196-199.
[59]Peng C,Li X.Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing.2005 International Conference on Wireless Communications,Networking and Mobile Computing,Vol.2,Wuhan,China,2005:1136-1139.
[60]Mitomi S,Miyaji A.A general model of multisignature schemes with message flexibility,order flexibility,and order verifiability.IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2001,84(10):2488-2499.
[61]Pang X,Catania B,Tan k L.Securing your data in agent-based P2P systems.Eighth International Conference on Database Systems for Advanced Applications,Kyoto,Japan,2003:422-433.
[62]Malone-Lee J.Identity based signcryption.Cryptology ePrint Archive,Report 2002/098,2002.Available from:http://eprint.iacr.org/2002/098.
[63]Libert B,Quisquater J J.A new identity based signcryption schemes from pairings.2003IEEE Information Theory Workshop,Paris,France,2003:155-158.
[64]Boyen X.Multipurpose identity-based signcryption:a swiss army knife for identity-based cryptography.Advances in Cryptology-CRYPTO 2003,LNCS 2729,Berlin:Springer-Verlag,2003:383-399.
[65]Chen L,Malone-Lee J.Improved identity-based signcryption.Public Key CryptographyPKC 2005,LNCS 3386,Berlin:Springer-Verlag,2005:362-379.
[66]Barreto P S L M,Libert B,McCullagh N,Quisquater J J.Efficient and provably-secure identity-based signatures and signcryption from bilinear maps.Advances in Cryptology-ASIACRYPT 2005,LNCS 3788,Berlin:Springer-Verlag,2005:515-532.
[67]李发根,胡予濮,李刚.一个高效的基于身份的签密方案.计算机学报,2006,29(9):1641-1647.
[68]柴震川.门限密码方案安全性和应用研究.上海:上海交通大学博士毕业论文,2007.
[69]Douglas R.Stinson,Cryptography Theory and Practice,CRC press.
[70]Bellare M,Rogaway P.Random oracles are practical:a paradiam for designing efficient protocols.The first ACM Conference on Computer and Communications Security,ACM,1993:62-73.
[71]傅晓彤.具附加性质的数字签名技术及应用研究.西安:西安电子科技大学博士毕业论文,2005.
[72]伊丽江.代理签名体制研究.西安:西安电子科技大学博士毕业论文,2001.
[73]陆荣幸.若干代理密码体制的研究与设计.上海:上海交通大学博士毕业论文,2006.
[74]辛向军.几种具有附加性质的数字签名体制的研究.西安:西安电子科技大学博士毕业论文,2007.
[75]Zhang K.Threshold proxy signature schemes.1997 Information Security Workshop,Sep.,Japan,1997:191-197.
[76]Sun H M,Lee N Y,Hwang T.Threshold proxy signatures.IEE Proc.-Computers and Digital Techniques,146(5),1999:259-263.
[77]Sun H M,Chen B J.Time-stamped proxy signatures with traceable receivers.Proceedings of the Ninth National Conference on Information Security,1999:247-253.
[78]Yi L,Bai G,Xiao G.Proxy multi-signature scheme:a new type of proxy signature scheme.ELECTRONICS LETTERS,36(6),2000:527-528.
[79]Lee B,Kim H,Kim K.Secure mobile agent using strong non-designated proxy signature.Proc of ACISP 2001,Berlin:Springer-Verlag,2001:474-486.
[80]Kim H,Baek J,Lee B,et al.Secret computation with cecrets for mobile agent using onetime proxy signature.The Symposium on Cryptography and Information Security,Oiso,Japan,2001:23-26.
[81]Shum K,Wei V K.A strong proxy signature scheme with proxy signer privacy protection.Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises 2002(WETICE'02),2002,Pittsburgh,PA,2002:55-56.
[82]Qian H,Cao Z.A novel ID-based partial delegation with warrant proxy signature scheme.ISPA Workshops 2005.Berlin:Springer-Verlag,2005:323-331.
[83]Dai J Z,Yang X H,Dong J X.Designated-receiver proxy signature scheme for electronic commerce.In Proc.of IEEE International Conference on Systems,Man and Cybernetics,Vol.1,IEEE press,2003:384-389.
[84]Wang G.Designated-receiver proxy signatures for e-commerce.IEEE 2004 International Conference on Multimedia and Expo(ICME 2004),IEEE press,2004:1731-1734.
[85]Huang X Y,Mu Y,Susilo W,Zhang F.Short designated verifier proxy signature from pairings.EUC workshops 2005,Berlin:Springer-Verlag,LNCS 3823,2005:835-844.
[86]Lu R X,Cao Z F,Dong X L.Designated verifier proxy signature scheme from bilinear pairings.Proc of the First International Multi-Symposiums on Computer and Computational Sciences 2006,IEEE press,2006:40-47.
[87]Huang X Y,Mu Y,Susilo W,Wu W.Proxy signatue without random oracles.Proc of MSN 2006,LNCS 4325,Springer-Verlag,Berlin,2006:473-484.
[88]Jakobsson M,Sako K,Impagliazzo R.Designated verifier proofs and their applications.Advances in Cryptology-Eurocrypt'96,LNCS 1070,Springer-Verlag,Berlin,1996:143-154.
[89]Sacednia S,Kramer S,Markovitch O.An efficient strong designated verifier signature scheme.Proc of ICISC 2003,Springer-Verlag,Berlin,2003:40-54.
[90]Susilo W,Zhang F,Mu Y.Identity-based strong designated verifier signature schemes.Proc of ACISP 2004,LNCS 3108,2004:313-324.
[91]Sun H M,Chen B J.Time-stamped proxy signatures with traceable receivers.Proc of the ninth national conference on Information security,Taiwan:Chaoyan University of Technology,1999:247-253.
[92]Sun H M.Design of time-stamped proxy signatures with traceable receivers.IEE Proc.-Computers and Digital Techniques:147(6).London:IEE,2000:462-466.
[93]Lu E,Hwang M S,Huang C J.A new proxy signature scheme with revocation.Applied Mathematics and Computation,2005,161(3):799-806.
[94]Seo S H,Shim K A,Lee S H.A mediated proxy signature scheme with fast revocation for electronic transactions.Proc of TrustBus 2005:LNCS 3592,Berlin:Springer-Verlag,2005:216-225.
[95]Boneh D,Ding X,Tsudik G.A method for fast revocation of public key certificates and security capabilities.Proc of the 10th USENIX Security Symposium.Washington D C,2001:297-308.
[96]Shamir A.How to share a secret.Communications of the ACM,1979,22(11):612-613.
[97]Blakley G R.Safeguarding cryptographic keys.Proc of AFIPS 1979,National Computer Conference,1979:313-317.
[98]Chor B,Goldwasser S,Micali S.Verifiable secret sharing and achieving simultaneity in the presence of faults.Proc.of 26th IEEE Symposium on Fundations of Computer Science (FOCS'85).Los Angeles:IEEE Computer Society,1985:383-395.
[99]Feldman P.A practical scheme for non-interactive verifiable secret sharing.Proc of 28th Annual FOCS.IEEE Computer Society,1987:427-437.
[100]Pederson T P.Non-interactive and information-theoretic security verifiable secret sharing.Advances in Cryptology-Crypto'91,LNCS 576,Berlin:Springer-Verlag,1992:129-140.
[101]许春香.安全秘密共享及其应用研究.西安:西安电子科技大学博士论文,2003.
[102]庞辽军.秘密共享技术及其应用研究.西安:西安电子科技大学博士论文,2006.
[103]Desmedt Y.Society and group oriented cryptography:a new concept.Advances in Cryptology-Crypto'87, 1987: 120-127.
[104] Desmedt Y, Frankel Y. Threshold cryptosystems. Advances in Cryptology-Crypto'89, 1989: 307-315.
[105] Ham L. Group-oriented (t,n) threshold digital signature scheme and digital multisignature. IEE Proc- Comput. Digit. Tech, 1994, 141(5): 307-311.
[106] Gennaro R, Jarecki S, Krawczyk H, Rabin T. Robust threshold DSS. Advances in Cryptology-Eurocrypt'96, 1996: 354-371.
[107] Shoup V. Practical threshold signatures. Advances in Cryptology-Eurocrypt'00, Springer-Verlag, Berlin, 2000: 207-220.
[108] Hwang M S, Chang T Y. Threshold signatures: current status and key issues. International journal of network security: 3(1): 123-137.
[109] Baek J, Zheng Y. Identity-based threshold decryption. Public Key Cryptography-PKC 2004, LNCS 2947, Berlin: Springer-Verlag, 2004: 262-276.
[110] Hess F. Efficient identity based signature schemes based on pairings. Proc of SAC 2002, Berlin: Springer-Verlag, 2002: 310-324.
[111] Baek J, Zheng Y. Identity-based threshold signature scheme from the bilinear pairings. Proc of ITCC 2004, IEEE computer society, 2004: 155-160.
[112] Cheng X, Liu J, Wang X. An identity-based signature and its threshold version. 19th International Conference on Advanced Information Networking and Applications-AINA'05, Taipei, Taiwan, 2005: 973-977.
[113] Lee B, Kim H, Kim K. Strong proxy signature and its applications. Proc of the 2001 Symposium on Cryptography and Information Security, 2001, Oiso, Japan. 2001: 603-608.
[114] Rivest R, Shamir A, Tauman Y. How to leak a secret. Proc of Asiacrypt 2001. Berlin: Springer-Verlag, 2001: 552-565.
[115] Zhang F, Naini R, Lin C Y. New proxy signature, proxy blind signature and proxy ring signature schemes from bilinear pairings[EB/OL]. Cryptology ePrint Archive, http://eprint.iacr.org/2003/.
[116] Amit K, Sunder L. ID-based ring signature and proxy ring signature schemes from bilinear pairings. Internal Journal of Network Security, 2007, 4(2):187-192.
[117] Chow S S M, Hui L C K, Yiu S M. Efficient identity based ring signature. Proc of ACNS 2005, Berlin: Springer-Verlag, 2005: 499-512.
[118] Herranz J, Saez G. Forking lemmas for ring signature schemes. Proc of INDOCRYPT 2003, Berlin: Springer-Verlag, 2003: 266-279.
[119] Canetti R, Goldreich O, Halevi S. The random oracle methodology, revisited. Proc of the 30th Annual Symposium on the Theory of Computing (STOC'98), 1998: 209-218.
[120] Bellare M, Boldyreva A, Micali S. Public-key encryption in a multi-user setting: security proofs and improvements. Proc of Eurocrypt'00, LNCS 1807, Berlin: Springer-Verlag, 2000: 259-274.
[121] Kurosawa K. Multi-recipient public-key encryption with shortened ciphertext. Proc of PKC'02, Berlin: Springer-Verlag, 2002: 48-63.
[122] Baek J, Safavi-Naini R, Susilo W. Efficient multi-receiver identity-based encryption and its application to broadcast encryption. Public Key Cryptography-PKC 2005, LNCS 3386, Berlin: Springer-Verlag, 2005: 380-397.
[123] Zheng Y. Signcryption and its applications in efficient public key solutions. Information Security Workshop-ISW'97, LNCS 1396, Berlin: Springer-Verlag, 1997: 291-312.
[124] Duan S S, Cao Z F. Efficient and provably secure multi-receiver identity-based signcryption. Proc of ACISP 2006, LNCS 4058, Berlin: Springer-Verlag, 2006: 195-206.
[125] Li F G, Hu Y P, Liu S G. Efficient and provably secure multi-recipient signcryption from bilinear pairings. Wuhan University Journal of Natural Sciences, 2007, 12(1): 17-20.
[126] Boneh D, Boyen X. Secure identity based encryption without random oracles. Advances in Cryptology-CRYPTO 2004, LNCS 3152, Berlin: Springer-Verlag, 2004: 443-459.
[127] Li X, Chen K. Identity based proxy signcryption scheme from pairings. Proc of the 2004 IEEE International conference on services computing,Shanghai, 2004: 494-497.
[128] Wang Q, Cao Z F. Two proxy signcryption schemes from bilinear pairings. Proc of CANS 2005, LNCS 3810, Berlin: Springer-Verlag, 2005: 161-171.