无证书的公钥密码体制的若干问题的研究
|
摘要
公钥密码体制以其自身的特点在现代信息安全中起着越来越重要的作用。公钥密码体制中每个用户都有一对公私钥。公钥密码体制要想充分发挥作用,必须让用户的公钥以一种可验证的和可信任的方式与用户的身份联系起来,即要解决公钥认证问题。传统的基于PKI的公钥密码体制采用证书的方式,任何人可通过验证证书中心的签名来验证用户公钥的真实性。这样虽然保证了公钥的真实性,但对证书的管理和支持及结构上的配置是传统公钥密码体制的比较复杂的问题之一。1984年,Shamir首先提出了基于身份的公钥密码体制,它以不同于传统公钥密码体制的方式处理公钥的问题。在基于身份的公钥密码体制中,用户的公钥直接从用户身份信息的某一方面获取,用户的私钥是由一个可信的第三方称为私钥生成中心生成。基于身份的公钥密码体制虽然避免了证书的使用,有效实现了用户公钥与其身份的绑定,但无法克服用户密钥托管问题并且需要安全信道传输私钥,因此,正如一些文献所述”基于身份的公钥密码体制只能在封闭的小群体中使用,或者在安全性要求不是很高的情况下使用”。2003年的亚密会议上,Al-Riyami和Perterson提出了一种新的公钥密码体制称为无证书的公钥密码体制。在无证书的公钥密码体制中,可信第三方和用户联合为用户生成公私钥,且只有用户自己知道自己的私钥。无证书的公钥密码体制既无证书问题又无密钥托管问题。从而效率比传统的公钥密码体制高,安全性比基于身份的公钥密码体制强。
无证书的公钥密码体制因其既无证书管理问题又无密钥托管问题的显著特点,在实际网络中有着广泛的应用前景。在开放型的网络中,系统的信任和可靠运行是通过综合机密性、数据完整性、认证、授权这几个标准要素来建立的。因此涉及到的各主要关键技术包括密钥建立、加密技术、数字签名、身份认证等等。既要保证较高的计算和通信效率,又要保证安全性。本文在前人的研究基础上,主要做了以下几个方面的工作:
首先,构建无证书的密钥协商协议。重点是无证书的非交互的认证密钥协商协议,它们在通信量和计算量上有着明显的效率优势:第一种协议里,每方只需计算一个双线性对。我们还提出一种具有完善前向保密性的交互的认证密钥协商协议。我们构造的无证书的密钥协商协议属于动态的密钥建立方案,并且后两种协议可以跨域(主密钥不同的域)实现,即不同密钥更新阶段加入系统(或不同系统)的成员之间可以协商会话密钥。
其次,利用秘密共享方案构造了无证书的多个可信中心(KGC)的密钥生成方案。门限密钥生成方案是一种特殊的多中心的密钥生成方案。但是,在实际应用中,用户(或服务器)的重要性并不完全相同:不同的权利,计算资源或被攻击的概率等等。因此,我们主要研究一般存取结构下的密钥生成方案。引入多个子KGC来分担单个KGC的工作。只要有一定数量的子KGC可访问,用户就可以进行注册,获取部分私钥,有利于网络的扩展且避免了单点失效问题。
最后,我们将Herranz和S(?)ez的分布环签名方案应用到无证书的环境下,利用两种不同的数学工具,基于两种不同的密码本原,分别构造了两种无证书的分布环签名方案。分布环签名将一般环签名中的单个成员(签名者和非签名者)全部放大为一个组织。即签名者是一个组织中的所有成员,环是由组织构成。其目的是增加消息的可信度和说服力!我们的无证书的分布环签名方案既保留了Herranz和S(?)ez的方案的优点,又达到了真正的不可伪造性。可应用于需要长期提供匿名性的场所。
上述方案的安全性都是基于Diffie-Hellman问题(经典的Diffie-Hellman问题或双线性Diffie-Hellman问题)的多项式时间内的求解困难性。
Public key authentication is a main component of public key cryptography. Themain difficulty today in developing secure systems based on public-key cryptographyis not the problem of choosing appropriately secure algorithms or implementingthose algorithms. Rather, it is the deployment and management of infrastructuresto support the authenticity of cryptographic keys: it is necessary toprovide an assurance to the user about the relationship between a public key andthe identity (or authority) of the holder, together with the corresponding privatekey. In a traditional Public Key Infrastructure (PKI), this assurance is deliveredin the form of certificate, essentially a signature by a Certification Authority(CA) on a public key. PKI is commonly considered to be expensive because ofthe issues associated with certificate management, including revocation、storageand distribution and the computational cost of certificate verification. Identitybasedpublic key cryptography (ID-PKC), first proposed by Shamir, tackles theproblem of authenticity of keys in a different way to traditional PKI. In ID-PKC,an entity's public key is derived directly from certain aspects of its identity. Privatekeys are generated for entities by a trusted third party called a Private KeyGenerator (PKG). The direct derivation of public keys in ID-PKC eliminates theneed for certificates and some of the problems associated with them. However,the dependence on a PKG introduces key escrow to such a cryptosystem. Moreover,ID-PKC requires secure channels between users and PKG to deliver privatekeys. For these reasons, it seems that the use of ID-PKC may be restricted tosmall, closed groups or to applications with limited security and much efficiencyrequirements. Certificateless public-key cryptography (CL-PKC), introduced byAl-Riyami and Paterson in 2003, is intended to solve the key escrow issue whichis inherent in ID-PKC, while at the same time, eliminate the use of certificatesas in the conventional PKI. In CL-PKC, a user's private key is comprised of twoparts: one generated by a Key Generation Center (KGC) and associated withher identity; another generated by the user herself, and unknown to any other parities (include the KGC). Knowing only one of them should not be able to impersonatethe user and carry out any of the cryptographic operations as the user.CL-PKC alleviates the key escrow problem as we have in ID-PKC, at the sametime, reduces the cost and simplifies the use of the technology when comparedwith conventional PKI.
Some of the purpose for which public-key cryptography has been appliedare: key establishment, confidential message transmission, identification systems,authentications and non-repudiation. So we study these topics in certificatelesspublic-key cryptography. The main contributions of our paper are:
Firstly, key agreement protocols are one of the fundamental primitives ofcryptography. We propose some new certificateless authenticated key agreementprotocols. The first two protocols are non-interactive, which have obvious advantagesin the amount of computation and communication. Another interactivekey agreement protocol with perfect forward secrecy is also proposed. The lasttwo protocols can be used to establish keys between members of distinct domains(with different master keys).
Secondly, certificateless key issuing schemes, with multi-key generation centerare proposed, by using secret sharing schemes. Threshold key issuing schemesare very particular. However, in the real life, players (or serves) are usually havedifferent levels of importance: they can have different privileges or computationalre- sources, and enjoy different levels of protection against possible attacks, forexample. For this reason, it is important to design key issuing schemes withmulti-KGC that work properly in the case of general access structures, not onlyin the threshold case. Our schemes effectively solve the problem of single offailure and efficiency bottleneck, enhance the system's robustness and security.
Finally, we propose two certificateless distributed ring signature schemes.The first one can be used for general families of possible signing subsets, andthe second one is more efficient for threshold families of subsets. Our schemesretain the desirable properties of identity-based cryptography without key escrow,therefore actually possess the alleged unconditional unforgeability.
The security of our schemes above rely on the Diffie-Hellman Problems (the Classic Diffie-Hellman Problems or the Belinear Diffie-Hellman Problems).
无证书的公钥密码体制因其既无证书管理问题又无密钥托管问题的显著特点,在实际网络中有着广泛的应用前景。在开放型的网络中,系统的信任和可靠运行是通过综合机密性、数据完整性、认证、授权这几个标准要素来建立的。因此涉及到的各主要关键技术包括密钥建立、加密技术、数字签名、身份认证等等。既要保证较高的计算和通信效率,又要保证安全性。本文在前人的研究基础上,主要做了以下几个方面的工作:
首先,构建无证书的密钥协商协议。重点是无证书的非交互的认证密钥协商协议,它们在通信量和计算量上有着明显的效率优势:第一种协议里,每方只需计算一个双线性对。我们还提出一种具有完善前向保密性的交互的认证密钥协商协议。我们构造的无证书的密钥协商协议属于动态的密钥建立方案,并且后两种协议可以跨域(主密钥不同的域)实现,即不同密钥更新阶段加入系统(或不同系统)的成员之间可以协商会话密钥。
其次,利用秘密共享方案构造了无证书的多个可信中心(KGC)的密钥生成方案。门限密钥生成方案是一种特殊的多中心的密钥生成方案。但是,在实际应用中,用户(或服务器)的重要性并不完全相同:不同的权利,计算资源或被攻击的概率等等。因此,我们主要研究一般存取结构下的密钥生成方案。引入多个子KGC来分担单个KGC的工作。只要有一定数量的子KGC可访问,用户就可以进行注册,获取部分私钥,有利于网络的扩展且避免了单点失效问题。
最后,我们将Herranz和S(?)ez的分布环签名方案应用到无证书的环境下,利用两种不同的数学工具,基于两种不同的密码本原,分别构造了两种无证书的分布环签名方案。分布环签名将一般环签名中的单个成员(签名者和非签名者)全部放大为一个组织。即签名者是一个组织中的所有成员,环是由组织构成。其目的是增加消息的可信度和说服力!我们的无证书的分布环签名方案既保留了Herranz和S(?)ez的方案的优点,又达到了真正的不可伪造性。可应用于需要长期提供匿名性的场所。
上述方案的安全性都是基于Diffie-Hellman问题(经典的Diffie-Hellman问题或双线性Diffie-Hellman问题)的多项式时间内的求解困难性。
Public key authentication is a main component of public key cryptography. Themain difficulty today in developing secure systems based on public-key cryptographyis not the problem of choosing appropriately secure algorithms or implementingthose algorithms. Rather, it is the deployment and management of infrastructuresto support the authenticity of cryptographic keys: it is necessary toprovide an assurance to the user about the relationship between a public key andthe identity (or authority) of the holder, together with the corresponding privatekey. In a traditional Public Key Infrastructure (PKI), this assurance is deliveredin the form of certificate, essentially a signature by a Certification Authority(CA) on a public key. PKI is commonly considered to be expensive because ofthe issues associated with certificate management, including revocation、storageand distribution and the computational cost of certificate verification. Identitybasedpublic key cryptography (ID-PKC), first proposed by Shamir, tackles theproblem of authenticity of keys in a different way to traditional PKI. In ID-PKC,an entity's public key is derived directly from certain aspects of its identity. Privatekeys are generated for entities by a trusted third party called a Private KeyGenerator (PKG). The direct derivation of public keys in ID-PKC eliminates theneed for certificates and some of the problems associated with them. However,the dependence on a PKG introduces key escrow to such a cryptosystem. Moreover,ID-PKC requires secure channels between users and PKG to deliver privatekeys. For these reasons, it seems that the use of ID-PKC may be restricted tosmall, closed groups or to applications with limited security and much efficiencyrequirements. Certificateless public-key cryptography (CL-PKC), introduced byAl-Riyami and Paterson in 2003, is intended to solve the key escrow issue whichis inherent in ID-PKC, while at the same time, eliminate the use of certificatesas in the conventional PKI. In CL-PKC, a user's private key is comprised of twoparts: one generated by a Key Generation Center (KGC) and associated withher identity; another generated by the user herself, and unknown to any other parities (include the KGC). Knowing only one of them should not be able to impersonatethe user and carry out any of the cryptographic operations as the user.CL-PKC alleviates the key escrow problem as we have in ID-PKC, at the sametime, reduces the cost and simplifies the use of the technology when comparedwith conventional PKI.
Some of the purpose for which public-key cryptography has been appliedare: key establishment, confidential message transmission, identification systems,authentications and non-repudiation. So we study these topics in certificatelesspublic-key cryptography. The main contributions of our paper are:
Firstly, key agreement protocols are one of the fundamental primitives ofcryptography. We propose some new certificateless authenticated key agreementprotocols. The first two protocols are non-interactive, which have obvious advantagesin the amount of computation and communication. Another interactivekey agreement protocol with perfect forward secrecy is also proposed. The lasttwo protocols can be used to establish keys between members of distinct domains(with different master keys).
Secondly, certificateless key issuing schemes, with multi-key generation centerare proposed, by using secret sharing schemes. Threshold key issuing schemesare very particular. However, in the real life, players (or serves) are usually havedifferent levels of importance: they can have different privileges or computationalre- sources, and enjoy different levels of protection against possible attacks, forexample. For this reason, it is important to design key issuing schemes withmulti-KGC that work properly in the case of general access structures, not onlyin the threshold case. Our schemes effectively solve the problem of single offailure and efficiency bottleneck, enhance the system's robustness and security.
Finally, we propose two certificateless distributed ring signature schemes.The first one can be used for general families of possible signing subsets, andthe second one is more efficient for threshold families of subsets. Our schemesretain the desirable properties of identity-based cryptography without key escrow,therefore actually possess the alleged unconditional unforgeability.
The security of our schemes above rely on the Diffie-Hellman Problems (the Classic Diffie-Hellman Problems or the Belinear Diffie-Hellman Problems).
引文
[1] L.Kohnfelder. Toward a Practical Public-Key Crytosystem [M]. Bachelor's thesis,EECS Dept., Massachusetts Insititute of Technology, 1978.
[2] M.V.Wilkes. Time-Sharing Computer System (3rd edition) [M]. American Elsevier Pub.CO., New York, 1975.
[3] C.Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues [A].Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001, 2260: 360-363.
[4] A.Shamir. Identity-based Cryptosystems and Signature Schemes [A]. In Proc. Crypto 1984, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1984, 196: 47-53.
[5] D.Boneh, M.Franklin. Identity-based Encryption from the Weil Pairing [A]. In Proc.Crypto 2001, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001,2139: 213-229.
[6] M.Scott. Authenticated ID-based Key Exchange and Remote Log-in with Insecure Token and PIN Number [EB/OL]. Cryptology ePrint Archive, Report 2002/164.
[7] N.P.Smart. An Identity Based Authenticated Key Agreement Protocol Based on The Weil Pairing [J]. Electronics Letters, 2002, 38: 630-632.
[8] L.Chen, C.Kudla. Identity Based Authenticated Key Agreement Protocols from Pairings [A]. In Proc. 16th IEEE Security Foundations Workshop [C], IEEE Computer Society Press, 2003, 219-233.
[9] G.Xie. An ID-based Key Agreement Scheme from Pairing [EB/OL]. Cryptology ePrint Archive, Report 2005/093.
[10] N.McCullagh, P.Barreto. Cryptographers' Track at RSA Conference2005 [A]. In Proc. RSA 2005, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag,2005, 3376: 262-274.
[11] E.Ryu, E.Yoon and K.Yoo. An Efficient ID-Based Authenticated Key Agreement Protocol [A]. In Proc. Networking 2004, Lecture Notes in Computer Science [C],Berlin: Springer-Verlag, 2004, 3042: 1458-1463.
[12] D.Boneh, B.Lynn and H.Shacham. Short Signatures from the Well Pairing [A]. In Pro. Asiacrypt 2001, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001, 2248: 514-532.
[13] F.Zhang, K.Kim. ID-based Blind Signature and Ring Signature from Pairings [A]. In Pro. Asiacrypt 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2501: 533-547.
[14] F.Hess. Eifficient Identity Based Signature Scheme Based on Pairings [A]. In Pro. SAC 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2595: 310-324.
[15] S.S.Al-Piyami, K.G.Peterson. Certificateless Public Key Cryptography [A]. In Proc. Asiacrypt 2003, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2003, 2894: 452-474.
[16] S.Goldwasser, S.Micali. Probabilistic Encryption [J]. Journal of Computer and System Sciences, 1984, 28: 270-299.
[17] T.Phan, L.Huan, C.Dulan. Challenge: Integrating Mobile Wireless Devices into the Computational Grid [A]. In Proc. Mobi Com [C], 2002, 271-278.
[18] P.Gutmann. PKI: It's Not Dead, Just Resting [J]. IEEE Computer, 2002, 35(8): 41-49.
[19] C.Adams, S.Lloyd. Understanding PKI: Concepts, Standards and Deployment Considerations (Second Edition) [M]. Addison Wesley, 2003.
[20] K.Schmeh. Cryptography and Publik Key Infrastructure on the Internet [M]. Jphn Wiley and Sons, 2001.
[21] C.Kaufman, H.Meijer and M.Speciner Network Security, Private Communication in a Public World (Second Edition) [M]. Prentice Hall, 2002.
[22] C.Ellison, B.Schneier. Ten Risk of PKI: What You're not Being Told about Public Key Infrastructure [J]. Computer Security Journal, 2000, 16(1): 1-7.
[23] X.Y.Huang, W.Susilo et al.. On the Security of Certificateless Signature Scheme from Asiacrypt 2003' [A]. In Proc. 4th International Conference, CANS 2005, Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2005, 3810: 13-25.
[24] W.D.Wu, J.W.Zeng. A Certificateless Ring Signature Scheme and an ID-Based Multisignature Scheme from Multilinear Forms [J]. Journal of Mathematical Study, 2004,39(2): 44-52(Chinese Source).
[25] S.Sherman, M.Chow et al.. Identity Based Threshold Ring Signature[A]. In Proc.ICISC 2004, Lecture Notes in Computer Science[C], Berlin: Springer, 2005, 3506:218-232.
[26] M.Girault. Self-certified Public Keys [A]. In Proc. Eurocrypt 1991, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1991, 547: 490-497.
[27] A.Joux. A One Round Protocol for Tripartite Diffie-Hellman [A]. In Proc. 4th Algorithmic Number Theory Symposium, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2000, 1838: 385-394.
[28] X.Du, Y.Wang, J.Ge and Y.Wang. An Improved ID-based Authenticated Group Key Agreement Scheme [EB/OL]. Cryptology ePrint Archive, Report 2003/260.
[29] Y.Shi, G.Chen and J.Li. ID-Based One Round Authenticated Group Key Agreement Protocol with Bilinear Pairings [J]. ITCC, 2005, 1: 757-761.
[30] W.Diffie, M.Hellman. New Directions in Cryptography [J]. IEEE TIT, 1976. 22:644-654.
[31] K.Shim. Efficient ID-based authenticated key agreement protocol based on the Weil pairing [J]. Electronics Letters, 2003, 39(8): 653-654.
[32] Q.Yuan, S.Li. A New Efficient ID-Based Authenticated Key Agreement Protocol [EB/OL]. Cryptology ePrint Archive, Report 2005/309.
[33] L.Chen, Z.Cheng, N.P.Smart. Identity-based Key Agreement Protocols from Pairings [EB/OL]. Cryptology ePrint Archive, Report 2006/199.
[34] Y.Choie, E.Jeong and E.Lee. Efficient Identity-based Authenticated Key Agreement Protocol from Pairings [J]. Applied Mathematics and Computation, 2005, 162: 179-188.
[35] T.K.Mandt. Certiicateless Authenticated Two-Party Key Agreement Protocols [M].Master's Thesis, Master of Science in Information Security 30 ECTS, Department of Computer Science and Media Technology Gj(?)vik University College, 2006.
[36] A.Shamir. How to Share a Secret [J]. Communications of the ACM, 1979, 22 (11): 612-613.
[37] G.Blakley. Safeguarding Cryptographic Key [A]. In Proc. AFIPS 1979 National Computer Conference [C], New York, USA: 1979, 313-317.
[38] R.J.McEliece, D.V.Sarwate. On Sharing Secretrs and Reed-solomon Sodes [J]. Communications of the ACM, 1981, 24: 583-584.
[39] M.Tompa, H.Woll. How to Share a Secret with Cheaters [J]. Journal of Cryptology, 1989, 1(3): 133-138.
[40] M.Carpentieri. A perfect Threshold Secret Sharing Scheme to Identify Cheaters [J]. Design, Codes and Cryptography, 1995, 5(3): 183-187.
[41] K.Okada, K.Kurosawa. MDS Secret Sharing Scheme Secure Against Cheaters [A]. In Proc. IEEE Transaction on Information Theory [C], 2000, 46(3): 1078-1081.
[42] T.Rabin, M.Ben-Or. Verifiable Secrets Sharing and Mulitiparty Protocols with Honest Majority [A]. In Proc. 21st Annual ACM Symposium on Theory of Comuting [C], New York: ACM press, 1989, 73-85.
[43] C.C.Chang, R.J.Hweng. Efficient Cheater Identification Method for Threshold for Threshold Schemes[A]. IEEE Proc Digit Thec[C], 1997, 144(1): 23-27.
[44] 王贵林,卿斯汉.对两个防欺诈秘密共享方案的安全性注记[J].计算机研究与发展,2005,42(11):1924-1927.
[45] O.Satoshi, A.Toshinori. Almost Optimum Secret Sharing Schemes Secure Against Cheating for Arbitrary Secret Distribution [A]. In Pro. Asiacrypt 2005, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4284: 364-379.
[46] L.Harn. Efficient Sharing (Broadcasting) of Multiple Secret [A]. IEEE Proc Digit Thee [C], 1995, 143(3): 237-240.
[47] L.Y.Lin, T.C.Wu. (t, n) Threshold Verifiable Multisecret Sharing Scheme based on Factorization Intractability and Discrete Logarithm Modulo a Composite Problems [A]. IEEE Proc Digit Thee[C], 1999, 146(5): 264-268.
[48] H.W.He, T.S.Wu. Comment on Lin-wu (t, n) Threshold Verifiable Multisecret Sharing Scheme [A]. IEEE Proc Digit Thee [C], 2001, 148(3): 139-141.
[49] C.C.Chang, R.J.Hweng and W.P.Yang. An Improvement on the Lin-wu (t, n) Threshold Verifiable Multisecret Sharing Scheme [J]. Applied Mathematics and Computation, 2005, 163(1): 169-178.
[50] J.Y.Gan, S.Y.Xie and D.Y.Fu. Cheat-proof Dynamic (t,n) Threshold Multi-secret Sharing Scheme [J]. Journal of Sichuan University: Engineering Science Edition, 2006, 38(6): 131-134.
[51] 蔡玉梅.秘密共享中基于签密的骗子识别方法[M].硕士学位论文,厦门大学数学学院,2008.
[52] R.Rivest, A.Shamir and Y.Tauman. How to Leak a Secret [A]. In Proc. Asiacrypt 2001, Lecture Notes in Computer Science [C], Berlin: Springer, 2001, 2248: 552-565.
[53] E.Bresson, J.Stem and M.Szydlo. Threshold Ring Signatures for Ad-hoc Groups[A]. In Proc. Crypt 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2442: 465-480.
[54] J.Pointcheval, J.Stern. Security Arguments for Digital Signatures and Blind Signatures [J]. Journal of Cryptology, 2000, 13(3): 361-396.
[55] J.Herrenz, G.S(?)ez. Forking Lemmas for Ring Signatures Schemes [A]. In Proc. Indocrypt 2003, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2003, 2904: 266-279.
[56] J.Herrenz, G.S(?)ez. A Provably Secure ID-based Ring Signature Scheme [EB/OL]. Cryptology aprint Archive, Report, 2003/261.
[57] M.Abe, M.Ohkobu and K.Suzuki. Efficient Threshold Signer-ambiguous Signatures from Variety of Keys [J]. IEICE Trans Fundamental, 2004, E87-A(2): 471-479.
[58] J.K.Sui Liu, V.K.Wei and D.S.Wong. A Separable Threshold Ring Signature Scheme [A]. In Proc. ICISC 2003, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2004, 2971: 12-26.
[59] S.Chow, L.Hui and SM.Yiu. Identity based Threshold Ring Signatures [A]. In Proc. ICISC 2005, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2005, 35061: 218-232.
[60] J.Herranz, G.S(?)ez. Ring Signature Schemes for General Access Structures [A]. In Proc. EASA 2004, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2004.
[61] J.Herranz, G.S(?)ez. Distributed Ring Signatures for Identity-based Scenarios [EB/OL]. Technical report, http://eprint.iacr.org/2004/190.
[62] P.P.Tsang, K.V.Wei. Short Linking Ring signatures for E-voting, E-cash and Attesration [A]. In Proc. ISPEC 2005 [C], Berlin: Springer-Verlag, 2005, 48-60.
[63] Q.Lei, T.Z.Jiang and M.Y.Wang. Ring-based Anonymous Fingerprinting Scheme [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2005, 3802: 1080-1085.
[64] B.C.Hu, D.S.Wong, Z.Zhang, X.Deng. Key Replacement Attack Against a Generic Construction of Certificateless Signature [A]. In Proc. ASISP 2006 (Information Security and Privacy: 11th Australasian Conference), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4058: 235-246.
[65] D.H.Yum, P.J.Lee. Generic Construction of Certificateless Signature [A]. In Proc. ACISP 2004 (Information Security and Privacy: 9th Australasian Conference), Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2004, 3108: 200-211.
[66] D.H.Yum, P.J.Lee. Generic Construction of Certificateless Encryption [A]. In Proc. ICCSA 2004, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2004, 3043: 802-811.
[67] S.S.Al-Riyami, K.G.Paterson. CBE from CL-PKE: A generic Construction and Efficient schemes [A]. In Proc. PKC 2005 (8th International Workshop on Theory and Practice in Public Key Cryptography), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2005, 3386: 398-415.
[68] K.Bentahar, P.Farshim et al.. Generic Construction of Identity-based and Certificateless KEMs [EB/OL]. Cryptology ePrint Archive, Report 2005/058, 2005. http://eprint.iacr.org/2005/058.
[69] J.Baek, R.Safavi-Naini and W.Susilo. Certificateless Public Key Encryption without Pairing [A]. In Proc. ISC 2005 (8th Information Security Conference), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2005, 3650: 134-148.
[70] Z.H.Cheng, R.Comley. Effcient certificateless public key encryption [EB/OL]. Cryptology ePrint Archive, Report 2005/012, 2005. http://eprint.iacr.org/2005/012.
[71] Z.Zhang, D.Wong, J.Xu and D.Feng. Certificateless Public-key Signature: Security Model and Efficient Construction [A]. In Proc. ACAN 2006 (4th International Conference on Applied Cryptography and Network Security), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 3898: 293-308.
[72] D.Galindo, P.Morillo and C.R(?)fols. Breaking Yum and Lee Generic Constructions of Certificateless and Certificate-based Encryption schemes [A]. In Proc. Euro PKI 2006 (3rd European PKI Workshop: Theory and Practice), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4043: 81-91.
[73] B.Libert, J.J.Quisquater. On Constructing Certificateless Cryptosystems from Identity based Encryption [A]. In Proc. PKC 2006 (9th International Conference on Theory and Practice in Public Key Cryptography), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 3958: 474-490.
[74] A.W.Dent. A Survey of Certificateless Encryption Schemes and Security Models [EB/OL]. Cryptology ePrint Archive, Report 2006/211, 2006. http://eprint.iacr.org/2006/211.
[75] M.H.Au, J.Chen, J.K.Liu et.al.. Malicious KGC Attacks in Certificateless Cryptography [A]. In Proc. AsiaCCS 2007 (2nd ACM Symposium on Information, Computer and Communications Security)[C], ACM Press, 2007, 302-311.
[76] 梅尼斯(A.J.Menezes)等著;胡磊,王鹏等译.应用密码学手册[M].北京:电子工业出版社,2005年.
[77] 肖攸安.应用密码学手册[M].武汉:华中电子科技大学出版社,2006年.
[78] S.L.Paulo, M.Barreto et al.. Effiient Algorithms for Pairing-based Cryptosystems [A]. In Proc. Crypto 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2442: 354-368.
[79] D.Boneh, M.Franklin. Identity-based Encryption from the Weil pairing [J]. SIAMJ. Computing, 2003, 32(3): 586-615.
[80] S.D.Galbraith, K. Harrisons and D.S.Oldera. Implementing the Tare pairing [A]. In Proc. Algorithmic Number Theory 5th International Symposium, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2369: 324-337.
[81] The pairing-based Crypto Lounge [EB/OL]. http://planeta.terra.com.br/informatical/paulobarreto/pblounge.htm
[82] L.Rudolf. Introduction to Finite Field and their Applications (Revised Edition) [M]. Cambridge university press, 1994.
[83] B.C.Hu, D.S.Wong et al.. Certificateless Signature: a new Security Model and an Improved Generic Construction [J]. Des Codes Crypt. 2007, 42: 109-126.
[84] R.Sakai, M.Kasahara. ID based Cryptosystems with Pairing on Elliptic Curve [A]. In Proc. SCIS (Symposium on Cryptography and Information Security) 2003, Hamamatsu, Japan, 2003. http://eprint.incr.org/2003/054.
[85] L.C.Wang, Z.F.Cao et al.. Certificateless Threshold Signature Schemes [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Artificial Intelligence [C], Berlin: Springer-Verlag, 2005, 3802: 104-109.
[86] M.C.Gorantla, A.Saxena. An Efficient Certificateless Signature Scheme [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Artificial Intelligence [C], Berlin: Springer-Verlag, 2005, 3802: 110-112.
[871 W.S.Yap, S.H.Heng and B.M.Goi. An Efficient Certificateless Signature Scheme [A]. In Proc. EUC Workshops 2006, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4097: 322-331.
[88] F.Li, M.Shirase and T.Takagi. Key Management Using Certificateless Public Key Cryptography in Ad Hoc Networks [A]. In Proc. IFIP (International Federation for Information Processing) 2008, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2008, 5245: 116-126.
[89] N.Koblitz. Elliptic Curves Cryptosystems [J]. Mathematics of Computation, 1987, 48: 203-209.
[90] V.Miller. Uses of Elliptic Curves in Cryptography [A]. In Proc. Crypto 1985, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1886, 218: 417-426.
[91] A.Menezes, S.Vanstone. Elliptic Curve Cryptosystems and their Implementation [J]. Journal of Cryptology, 1993, 6: 209-224.
[92] C.Paar. A new Architecture for a Parallel Finite Field Multiplier with Low Complexity based on Composite Fields [J]. IEEE Transactions on Computers, 1996, 45(7): 856-861.
[93] P.Paillier. Trapdooring Discrete Logarithms on Elliptic Curves over Rings [A]. In Proc. Asiacrypt 2000, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag,2000, 1976: 573-584.
[94] J.Silverman The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem [J]. Designs, Codes and Cryptography, 2000. 20: 5-40.
[95] L.Washington. Elliptic Curves: Number Theory and Cryptography [M]. CRC Press,2003.
[96] H.Cohen, G.Frey. Handbook of Elliptic and Hyperelliptic Curve Cryptography [M].2006.
[97] R.K.Nichols. ICSA Guide to Cryptography. Computing McGraw-Hill (first edition)[M]. 1999.
[98] S.M.Chow, W.S.Yap. Certificateless Ring Signatures [EB/OL].http://eprint.iacr.org/2007/236.pdf.
[99] L.Zhang, F.Zhang, W.Wu. A Provably Secure Ring Signature Scheme in Certificate-less Cryptography [A]. In Proc. ProvSec 2007, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2007, 4784: 103-121.
[100] L.J.Zhu, F.T.Zhang. An Efficient Certificateless Ring Signature Scheme [J]. Wuhan University Journal of Natural Sciences. 2008, 13(5): 567-571.
[101] Y.X.Sang, J.W.Zeng. Two Certificateless Distributed Ring Signature Schemes [J].Acta Electronica Sinica, 2008, 36(7): 1468-1472 (Chinese Source).
[102] A.Masayuki, O.Miyako and S.Koutarou. 1-out-of-n Signatures from a Veriety of Keys [A]. In Proc. Asiacrypt 2002, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2002, 2501: 415-432.
[103] C.K.Chu, W.G.Tzeng. Identity-Committable Signatures and Their Extension to Group-Oriented Ring Signatures [A]. In Proc. ACISP (The 12th Australasian Conference on Information Security and Privacy) 2007, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2007, 4586: 323-337.
[104] J.Herranz. On the Transferability of Private Signature [J]. Information Sciences,2009, 179: 1647-1656.
[105] A.Menezes. Cryptography Using Bilinear Maps [M]. University of Waterloo, 2003.
[2] M.V.Wilkes. Time-Sharing Computer System (3rd edition) [M]. American Elsevier Pub.CO., New York, 1975.
[3] C.Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues [A].Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001, 2260: 360-363.
[4] A.Shamir. Identity-based Cryptosystems and Signature Schemes [A]. In Proc. Crypto 1984, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1984, 196: 47-53.
[5] D.Boneh, M.Franklin. Identity-based Encryption from the Weil Pairing [A]. In Proc.Crypto 2001, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001,2139: 213-229.
[6] M.Scott. Authenticated ID-based Key Exchange and Remote Log-in with Insecure Token and PIN Number [EB/OL]. Cryptology ePrint Archive, Report 2002/164.
[7] N.P.Smart. An Identity Based Authenticated Key Agreement Protocol Based on The Weil Pairing [J]. Electronics Letters, 2002, 38: 630-632.
[8] L.Chen, C.Kudla. Identity Based Authenticated Key Agreement Protocols from Pairings [A]. In Proc. 16th IEEE Security Foundations Workshop [C], IEEE Computer Society Press, 2003, 219-233.
[9] G.Xie. An ID-based Key Agreement Scheme from Pairing [EB/OL]. Cryptology ePrint Archive, Report 2005/093.
[10] N.McCullagh, P.Barreto. Cryptographers' Track at RSA Conference2005 [A]. In Proc. RSA 2005, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag,2005, 3376: 262-274.
[11] E.Ryu, E.Yoon and K.Yoo. An Efficient ID-Based Authenticated Key Agreement Protocol [A]. In Proc. Networking 2004, Lecture Notes in Computer Science [C],Berlin: Springer-Verlag, 2004, 3042: 1458-1463.
[12] D.Boneh, B.Lynn and H.Shacham. Short Signatures from the Well Pairing [A]. In Pro. Asiacrypt 2001, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2001, 2248: 514-532.
[13] F.Zhang, K.Kim. ID-based Blind Signature and Ring Signature from Pairings [A]. In Pro. Asiacrypt 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2501: 533-547.
[14] F.Hess. Eifficient Identity Based Signature Scheme Based on Pairings [A]. In Pro. SAC 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2595: 310-324.
[15] S.S.Al-Piyami, K.G.Peterson. Certificateless Public Key Cryptography [A]. In Proc. Asiacrypt 2003, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2003, 2894: 452-474.
[16] S.Goldwasser, S.Micali. Probabilistic Encryption [J]. Journal of Computer and System Sciences, 1984, 28: 270-299.
[17] T.Phan, L.Huan, C.Dulan. Challenge: Integrating Mobile Wireless Devices into the Computational Grid [A]. In Proc. Mobi Com [C], 2002, 271-278.
[18] P.Gutmann. PKI: It's Not Dead, Just Resting [J]. IEEE Computer, 2002, 35(8): 41-49.
[19] C.Adams, S.Lloyd. Understanding PKI: Concepts, Standards and Deployment Considerations (Second Edition) [M]. Addison Wesley, 2003.
[20] K.Schmeh. Cryptography and Publik Key Infrastructure on the Internet [M]. Jphn Wiley and Sons, 2001.
[21] C.Kaufman, H.Meijer and M.Speciner Network Security, Private Communication in a Public World (Second Edition) [M]. Prentice Hall, 2002.
[22] C.Ellison, B.Schneier. Ten Risk of PKI: What You're not Being Told about Public Key Infrastructure [J]. Computer Security Journal, 2000, 16(1): 1-7.
[23] X.Y.Huang, W.Susilo et al.. On the Security of Certificateless Signature Scheme from Asiacrypt 2003' [A]. In Proc. 4th International Conference, CANS 2005, Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2005, 3810: 13-25.
[24] W.D.Wu, J.W.Zeng. A Certificateless Ring Signature Scheme and an ID-Based Multisignature Scheme from Multilinear Forms [J]. Journal of Mathematical Study, 2004,39(2): 44-52(Chinese Source).
[25] S.Sherman, M.Chow et al.. Identity Based Threshold Ring Signature[A]. In Proc.ICISC 2004, Lecture Notes in Computer Science[C], Berlin: Springer, 2005, 3506:218-232.
[26] M.Girault. Self-certified Public Keys [A]. In Proc. Eurocrypt 1991, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1991, 547: 490-497.
[27] A.Joux. A One Round Protocol for Tripartite Diffie-Hellman [A]. In Proc. 4th Algorithmic Number Theory Symposium, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2000, 1838: 385-394.
[28] X.Du, Y.Wang, J.Ge and Y.Wang. An Improved ID-based Authenticated Group Key Agreement Scheme [EB/OL]. Cryptology ePrint Archive, Report 2003/260.
[29] Y.Shi, G.Chen and J.Li. ID-Based One Round Authenticated Group Key Agreement Protocol with Bilinear Pairings [J]. ITCC, 2005, 1: 757-761.
[30] W.Diffie, M.Hellman. New Directions in Cryptography [J]. IEEE TIT, 1976. 22:644-654.
[31] K.Shim. Efficient ID-based authenticated key agreement protocol based on the Weil pairing [J]. Electronics Letters, 2003, 39(8): 653-654.
[32] Q.Yuan, S.Li. A New Efficient ID-Based Authenticated Key Agreement Protocol [EB/OL]. Cryptology ePrint Archive, Report 2005/309.
[33] L.Chen, Z.Cheng, N.P.Smart. Identity-based Key Agreement Protocols from Pairings [EB/OL]. Cryptology ePrint Archive, Report 2006/199.
[34] Y.Choie, E.Jeong and E.Lee. Efficient Identity-based Authenticated Key Agreement Protocol from Pairings [J]. Applied Mathematics and Computation, 2005, 162: 179-188.
[35] T.K.Mandt. Certiicateless Authenticated Two-Party Key Agreement Protocols [M].Master's Thesis, Master of Science in Information Security 30 ECTS, Department of Computer Science and Media Technology Gj(?)vik University College, 2006.
[36] A.Shamir. How to Share a Secret [J]. Communications of the ACM, 1979, 22 (11): 612-613.
[37] G.Blakley. Safeguarding Cryptographic Key [A]. In Proc. AFIPS 1979 National Computer Conference [C], New York, USA: 1979, 313-317.
[38] R.J.McEliece, D.V.Sarwate. On Sharing Secretrs and Reed-solomon Sodes [J]. Communications of the ACM, 1981, 24: 583-584.
[39] M.Tompa, H.Woll. How to Share a Secret with Cheaters [J]. Journal of Cryptology, 1989, 1(3): 133-138.
[40] M.Carpentieri. A perfect Threshold Secret Sharing Scheme to Identify Cheaters [J]. Design, Codes and Cryptography, 1995, 5(3): 183-187.
[41] K.Okada, K.Kurosawa. MDS Secret Sharing Scheme Secure Against Cheaters [A]. In Proc. IEEE Transaction on Information Theory [C], 2000, 46(3): 1078-1081.
[42] T.Rabin, M.Ben-Or. Verifiable Secrets Sharing and Mulitiparty Protocols with Honest Majority [A]. In Proc. 21st Annual ACM Symposium on Theory of Comuting [C], New York: ACM press, 1989, 73-85.
[43] C.C.Chang, R.J.Hweng. Efficient Cheater Identification Method for Threshold for Threshold Schemes[A]. IEEE Proc Digit Thec[C], 1997, 144(1): 23-27.
[44] 王贵林,卿斯汉.对两个防欺诈秘密共享方案的安全性注记[J].计算机研究与发展,2005,42(11):1924-1927.
[45] O.Satoshi, A.Toshinori. Almost Optimum Secret Sharing Schemes Secure Against Cheating for Arbitrary Secret Distribution [A]. In Pro. Asiacrypt 2005, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4284: 364-379.
[46] L.Harn. Efficient Sharing (Broadcasting) of Multiple Secret [A]. IEEE Proc Digit Thee [C], 1995, 143(3): 237-240.
[47] L.Y.Lin, T.C.Wu. (t, n) Threshold Verifiable Multisecret Sharing Scheme based on Factorization Intractability and Discrete Logarithm Modulo a Composite Problems [A]. IEEE Proc Digit Thee[C], 1999, 146(5): 264-268.
[48] H.W.He, T.S.Wu. Comment on Lin-wu (t, n) Threshold Verifiable Multisecret Sharing Scheme [A]. IEEE Proc Digit Thee [C], 2001, 148(3): 139-141.
[49] C.C.Chang, R.J.Hweng and W.P.Yang. An Improvement on the Lin-wu (t, n) Threshold Verifiable Multisecret Sharing Scheme [J]. Applied Mathematics and Computation, 2005, 163(1): 169-178.
[50] J.Y.Gan, S.Y.Xie and D.Y.Fu. Cheat-proof Dynamic (t,n) Threshold Multi-secret Sharing Scheme [J]. Journal of Sichuan University: Engineering Science Edition, 2006, 38(6): 131-134.
[51] 蔡玉梅.秘密共享中基于签密的骗子识别方法[M].硕士学位论文,厦门大学数学学院,2008.
[52] R.Rivest, A.Shamir and Y.Tauman. How to Leak a Secret [A]. In Proc. Asiacrypt 2001, Lecture Notes in Computer Science [C], Berlin: Springer, 2001, 2248: 552-565.
[53] E.Bresson, J.Stem and M.Szydlo. Threshold Ring Signatures for Ad-hoc Groups[A]. In Proc. Crypt 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2442: 465-480.
[54] J.Pointcheval, J.Stern. Security Arguments for Digital Signatures and Blind Signatures [J]. Journal of Cryptology, 2000, 13(3): 361-396.
[55] J.Herrenz, G.S(?)ez. Forking Lemmas for Ring Signatures Schemes [A]. In Proc. Indocrypt 2003, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2003, 2904: 266-279.
[56] J.Herrenz, G.S(?)ez. A Provably Secure ID-based Ring Signature Scheme [EB/OL]. Cryptology aprint Archive, Report, 2003/261.
[57] M.Abe, M.Ohkobu and K.Suzuki. Efficient Threshold Signer-ambiguous Signatures from Variety of Keys [J]. IEICE Trans Fundamental, 2004, E87-A(2): 471-479.
[58] J.K.Sui Liu, V.K.Wei and D.S.Wong. A Separable Threshold Ring Signature Scheme [A]. In Proc. ICISC 2003, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2004, 2971: 12-26.
[59] S.Chow, L.Hui and SM.Yiu. Identity based Threshold Ring Signatures [A]. In Proc. ICISC 2005, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2005, 35061: 218-232.
[60] J.Herranz, G.S(?)ez. Ring Signature Schemes for General Access Structures [A]. In Proc. EASA 2004, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2004.
[61] J.Herranz, G.S(?)ez. Distributed Ring Signatures for Identity-based Scenarios [EB/OL]. Technical report, http://eprint.iacr.org/2004/190.
[62] P.P.Tsang, K.V.Wei. Short Linking Ring signatures for E-voting, E-cash and Attesration [A]. In Proc. ISPEC 2005 [C], Berlin: Springer-Verlag, 2005, 48-60.
[63] Q.Lei, T.Z.Jiang and M.Y.Wang. Ring-based Anonymous Fingerprinting Scheme [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2005, 3802: 1080-1085.
[64] B.C.Hu, D.S.Wong, Z.Zhang, X.Deng. Key Replacement Attack Against a Generic Construction of Certificateless Signature [A]. In Proc. ASISP 2006 (Information Security and Privacy: 11th Australasian Conference), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4058: 235-246.
[65] D.H.Yum, P.J.Lee. Generic Construction of Certificateless Signature [A]. In Proc. ACISP 2004 (Information Security and Privacy: 9th Australasian Conference), Lecture Notes in Computer Science[C], Berlin: Springer-Verlag, 2004, 3108: 200-211.
[66] D.H.Yum, P.J.Lee. Generic Construction of Certificateless Encryption [A]. In Proc. ICCSA 2004, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2004, 3043: 802-811.
[67] S.S.Al-Riyami, K.G.Paterson. CBE from CL-PKE: A generic Construction and Efficient schemes [A]. In Proc. PKC 2005 (8th International Workshop on Theory and Practice in Public Key Cryptography), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2005, 3386: 398-415.
[68] K.Bentahar, P.Farshim et al.. Generic Construction of Identity-based and Certificateless KEMs [EB/OL]. Cryptology ePrint Archive, Report 2005/058, 2005. http://eprint.iacr.org/2005/058.
[69] J.Baek, R.Safavi-Naini and W.Susilo. Certificateless Public Key Encryption without Pairing [A]. In Proc. ISC 2005 (8th Information Security Conference), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2005, 3650: 134-148.
[70] Z.H.Cheng, R.Comley. Effcient certificateless public key encryption [EB/OL]. Cryptology ePrint Archive, Report 2005/012, 2005. http://eprint.iacr.org/2005/012.
[71] Z.Zhang, D.Wong, J.Xu and D.Feng. Certificateless Public-key Signature: Security Model and Efficient Construction [A]. In Proc. ACAN 2006 (4th International Conference on Applied Cryptography and Network Security), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 3898: 293-308.
[72] D.Galindo, P.Morillo and C.R(?)fols. Breaking Yum and Lee Generic Constructions of Certificateless and Certificate-based Encryption schemes [A]. In Proc. Euro PKI 2006 (3rd European PKI Workshop: Theory and Practice), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4043: 81-91.
[73] B.Libert, J.J.Quisquater. On Constructing Certificateless Cryptosystems from Identity based Encryption [A]. In Proc. PKC 2006 (9th International Conference on Theory and Practice in Public Key Cryptography), Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 3958: 474-490.
[74] A.W.Dent. A Survey of Certificateless Encryption Schemes and Security Models [EB/OL]. Cryptology ePrint Archive, Report 2006/211, 2006. http://eprint.iacr.org/2006/211.
[75] M.H.Au, J.Chen, J.K.Liu et.al.. Malicious KGC Attacks in Certificateless Cryptography [A]. In Proc. AsiaCCS 2007 (2nd ACM Symposium on Information, Computer and Communications Security)[C], ACM Press, 2007, 302-311.
[76] 梅尼斯(A.J.Menezes)等著;胡磊,王鹏等译.应用密码学手册[M].北京:电子工业出版社,2005年.
[77] 肖攸安.应用密码学手册[M].武汉:华中电子科技大学出版社,2006年.
[78] S.L.Paulo, M.Barreto et al.. Effiient Algorithms for Pairing-based Cryptosystems [A]. In Proc. Crypto 2002, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2442: 354-368.
[79] D.Boneh, M.Franklin. Identity-based Encryption from the Weil pairing [J]. SIAMJ. Computing, 2003, 32(3): 586-615.
[80] S.D.Galbraith, K. Harrisons and D.S.Oldera. Implementing the Tare pairing [A]. In Proc. Algorithmic Number Theory 5th International Symposium, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2002, 2369: 324-337.
[81] The pairing-based Crypto Lounge [EB/OL]. http://planeta.terra.com.br/informatical/paulobarreto/pblounge.htm
[82] L.Rudolf. Introduction to Finite Field and their Applications (Revised Edition) [M]. Cambridge university press, 1994.
[83] B.C.Hu, D.S.Wong et al.. Certificateless Signature: a new Security Model and an Improved Generic Construction [J]. Des Codes Crypt. 2007, 42: 109-126.
[84] R.Sakai, M.Kasahara. ID based Cryptosystems with Pairing on Elliptic Curve [A]. In Proc. SCIS (Symposium on Cryptography and Information Security) 2003, Hamamatsu, Japan, 2003. http://eprint.incr.org/2003/054.
[85] L.C.Wang, Z.F.Cao et al.. Certificateless Threshold Signature Schemes [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Artificial Intelligence [C], Berlin: Springer-Verlag, 2005, 3802: 104-109.
[86] M.C.Gorantla, A.Saxena. An Efficient Certificateless Signature Scheme [A]. In Proc. CIS (Computational Intelligence and Security) 2005, Lecture Notes in Artificial Intelligence [C], Berlin: Springer-Verlag, 2005, 3802: 110-112.
[871 W.S.Yap, S.H.Heng and B.M.Goi. An Efficient Certificateless Signature Scheme [A]. In Proc. EUC Workshops 2006, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2006, 4097: 322-331.
[88] F.Li, M.Shirase and T.Takagi. Key Management Using Certificateless Public Key Cryptography in Ad Hoc Networks [A]. In Proc. IFIP (International Federation for Information Processing) 2008, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2008, 5245: 116-126.
[89] N.Koblitz. Elliptic Curves Cryptosystems [J]. Mathematics of Computation, 1987, 48: 203-209.
[90] V.Miller. Uses of Elliptic Curves in Cryptography [A]. In Proc. Crypto 1985, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 1886, 218: 417-426.
[91] A.Menezes, S.Vanstone. Elliptic Curve Cryptosystems and their Implementation [J]. Journal of Cryptology, 1993, 6: 209-224.
[92] C.Paar. A new Architecture for a Parallel Finite Field Multiplier with Low Complexity based on Composite Fields [J]. IEEE Transactions on Computers, 1996, 45(7): 856-861.
[93] P.Paillier. Trapdooring Discrete Logarithms on Elliptic Curves over Rings [A]. In Proc. Asiacrypt 2000, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag,2000, 1976: 573-584.
[94] J.Silverman The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem [J]. Designs, Codes and Cryptography, 2000. 20: 5-40.
[95] L.Washington. Elliptic Curves: Number Theory and Cryptography [M]. CRC Press,2003.
[96] H.Cohen, G.Frey. Handbook of Elliptic and Hyperelliptic Curve Cryptography [M].2006.
[97] R.K.Nichols. ICSA Guide to Cryptography. Computing McGraw-Hill (first edition)[M]. 1999.
[98] S.M.Chow, W.S.Yap. Certificateless Ring Signatures [EB/OL].http://eprint.iacr.org/2007/236.pdf.
[99] L.Zhang, F.Zhang, W.Wu. A Provably Secure Ring Signature Scheme in Certificate-less Cryptography [A]. In Proc. ProvSec 2007, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2007, 4784: 103-121.
[100] L.J.Zhu, F.T.Zhang. An Efficient Certificateless Ring Signature Scheme [J]. Wuhan University Journal of Natural Sciences. 2008, 13(5): 567-571.
[101] Y.X.Sang, J.W.Zeng. Two Certificateless Distributed Ring Signature Schemes [J].Acta Electronica Sinica, 2008, 36(7): 1468-1472 (Chinese Source).
[102] A.Masayuki, O.Miyako and S.Koutarou. 1-out-of-n Signatures from a Veriety of Keys [A]. In Proc. Asiacrypt 2002, Lecture Notes in Computer Science [C], Berlin:Springer-Verlag, 2002, 2501: 415-432.
[103] C.K.Chu, W.G.Tzeng. Identity-Committable Signatures and Their Extension to Group-Oriented Ring Signatures [A]. In Proc. ACISP (The 12th Australasian Conference on Information Security and Privacy) 2007, Lecture Notes in Computer Science [C], Berlin: Springer-Verlag, 2007, 4586: 323-337.
[104] J.Herranz. On the Transferability of Private Signature [J]. Information Sciences,2009, 179: 1647-1656.
[105] A.Menezes. Cryptography Using Bilinear Maps [M]. University of Waterloo, 2003.