基于身份密码学关键技术的研究及应用
|
摘要
在传统的公钥密码学中,公钥是与身份无关的随机字符串,公钥基础设施(PKI)通过签证中心颁发公钥证书来绑定公钥和身份。而在基于身份密码学(IBC)中,公钥是代表用户身份的任意字符串,可以直接从身份中提取,则证书和公钥目录是不必要的,因此简化了公钥的管理,并由此带来了不需要密钥信道的非交互式通信以及不需要证书校验,节约了计算和通信成本。尽管IBC简化了公钥和证书的管理,相比较传统的PKI有着天然的优势,但是具体的基于身份密码系统在实施中存在一些公开问题,例如缺乏有效的非交互式密钥吊销的完整解决方案,缺乏有效的可验证加密签名方案,这些问题不解决,基于身份密码系统在实践中的应用将受到很大限制。另一方面,双线性映射和基于标准模型的可证明安全是近几年密码学界的研究热点。本文围绕着基于身份密码系统存在的问题和研究热点在以下几个方面进行了研究,并取得了如下一些成果。
本文通过前向安全,简单而有效的解决了基于身份密码系统的密钥吊销的难题,分别构造了前向安全的基于身份的签名和加密方案,该签名和加密方案共享系统参数生成、密钥生成和密钥更新,组合起来,可以构建实践的非交互式密钥吊销的基于身份密码系统的完整解决方案。以此系统为基础,可以构建基于身份的PKI以替代传统的基于证书的PKI。和传统PKI相比,基于身份的PKI在密钥的分发和管理方面具有内在的轻便性,可广泛应用于安全的Email系统、Ad-Hoc网络系统等。
本文提出了构造可验证加密签名方案的通用方法,并基于Gentry短签名构造了一个有效的可验证加密签名方案,在标准模型下严格证明其安全性。和同类方案相比,该方案构造简单,有较短的公钥尺寸、较低的计算代价以及较紧的安全归约,是一个真正实践的无随机预言机的可验证加密签名方案,能够用于在线合同签署协议以保障公平交换。本文还基于Paterson等的基于身份签名方案,构造了第一个无随机预言机的基于身份的可验证加密签名方案。
本文首次对密钥信息部分的逐渐的泄漏过程进行了研究,建立了密钥信息泄漏过程模型,并根据模型较为准确的估计密钥寿命,从而可以设置合适的密钥更新周期,而合适的密钥更新周期将在密钥安全性和更新代价之间取得平衡。本文的密钥泄漏建模和密钥寿命预估的方法可以应用到任何密码系统的秘密密钥。
本文给出了适合于非交互式密钥吊销的基于身份密码系统的两个应用:网格用户代理签名和手机短信息加密。前者提高了制造网格的效率和可扩展性,后者集成了嵌入式计算机、移动电子商务以及基于身份密码学技术。两者都体现了它的优良特性和重大实践价值,对基于身份密码系统的实用化具有示范意义。
Traditional public key infrastructures (PKI) involve complex construction of certification authorities, consequently requiring expensive communication and computation costs for certificate verification. In 1984, Shamir introduced an innovative concept - identity-based cryptography (IBC), where public keys are straightly derived from users' identities. Identity-based cryptosystem can simplify certificate management in PKI. However, IBC still has some challenging open problems. One is to design an identity-based cryptosystem which features non-interactive key revocation. Another problem is to design a practical identity-based verifiably encrypted signature scheme without random oracles. It is important to research and solve these problems not only on theory but also on practice. This paper focuses on these problems, proposes some effective schemes, and gets some research results. The main researches in the paper are as follows:
The key revocation problem is simply and effectively solved by using the forward-security key-evolving paradigm. Effective forward-secure identity-based signature (FS-IBS) scheme and forward-secure identity-based encryption (FS-IBE) scheme are constructed respectively, and these schemes are provably secure in the random oracle model or in the standard model. FS-IBS and FS-IBE may share the same procedures of system parameters setup, key generation, and key update, since they both use the same key-evolving mechanism. By combining FS-IBS and FS-IBE, A practical complete solution of an identity-based cryptosystem with non-interactive key update property is given. Based on the cryptosystem, the identity-based PKI may be built, which may be considered as an alternative for certificate-based PKI. It offers advantages such as simple key management and key distribution. Applications may include secure email systems, ad-hoc network systems, and so on.
This previous work is generalized and a generic construction of verifiably encrypted signatures from short signatures is proposed. Then an efficient verifiably encrypted signature scheme without random oracles is proposed. The scheme is constructed from the recent Gentry signature and can be rigorously proven to be secure in the standard model. The proposed scheme has several advantages over previous such systems - namely, shorter public keys, lower computation overhead, and tighter security reduction, therefore, it is a truly practical verifiably encrypted signature without random oracles, which can be used in online contract signing protocols. Finally, based on the Paterson et al.'s identity-based signature scheme, the identity-based verifiably encrypted signature scheme without random oracles is first constructed by using the ElGamal encryption algorithm.
The partial and gradual leakage process of key information is first studied, and is modeled as a compound Poisson process. According to the model, an effective algorithm to estimate key life is proposed. So, the proper key renewal period can be set, which might control trade-off between security and renewal cost in key management. The method of modeling key exposure and estimating key life may be applied to secret keys of any cryptosystem.
Two of suitable applications of identity-based cryptosystem with non-interactive key revocation are given. One is a signature scheme for user proxy towards manufacturing grid, and the other is an encryption system for short message service of mobile phones. The former improves the efficiency and scalability of manufacturing grid, and the latter integrates embedded computers, mobile e-commerce, and recent cryptography technologies. Both applications show the excellent performance and practical importance, which give a good demonstration of moving IBC into practice.
本文通过前向安全,简单而有效的解决了基于身份密码系统的密钥吊销的难题,分别构造了前向安全的基于身份的签名和加密方案,该签名和加密方案共享系统参数生成、密钥生成和密钥更新,组合起来,可以构建实践的非交互式密钥吊销的基于身份密码系统的完整解决方案。以此系统为基础,可以构建基于身份的PKI以替代传统的基于证书的PKI。和传统PKI相比,基于身份的PKI在密钥的分发和管理方面具有内在的轻便性,可广泛应用于安全的Email系统、Ad-Hoc网络系统等。
本文提出了构造可验证加密签名方案的通用方法,并基于Gentry短签名构造了一个有效的可验证加密签名方案,在标准模型下严格证明其安全性。和同类方案相比,该方案构造简单,有较短的公钥尺寸、较低的计算代价以及较紧的安全归约,是一个真正实践的无随机预言机的可验证加密签名方案,能够用于在线合同签署协议以保障公平交换。本文还基于Paterson等的基于身份签名方案,构造了第一个无随机预言机的基于身份的可验证加密签名方案。
本文首次对密钥信息部分的逐渐的泄漏过程进行了研究,建立了密钥信息泄漏过程模型,并根据模型较为准确的估计密钥寿命,从而可以设置合适的密钥更新周期,而合适的密钥更新周期将在密钥安全性和更新代价之间取得平衡。本文的密钥泄漏建模和密钥寿命预估的方法可以应用到任何密码系统的秘密密钥。
本文给出了适合于非交互式密钥吊销的基于身份密码系统的两个应用:网格用户代理签名和手机短信息加密。前者提高了制造网格的效率和可扩展性,后者集成了嵌入式计算机、移动电子商务以及基于身份密码学技术。两者都体现了它的优良特性和重大实践价值,对基于身份密码系统的实用化具有示范意义。
Traditional public key infrastructures (PKI) involve complex construction of certification authorities, consequently requiring expensive communication and computation costs for certificate verification. In 1984, Shamir introduced an innovative concept - identity-based cryptography (IBC), where public keys are straightly derived from users' identities. Identity-based cryptosystem can simplify certificate management in PKI. However, IBC still has some challenging open problems. One is to design an identity-based cryptosystem which features non-interactive key revocation. Another problem is to design a practical identity-based verifiably encrypted signature scheme without random oracles. It is important to research and solve these problems not only on theory but also on practice. This paper focuses on these problems, proposes some effective schemes, and gets some research results. The main researches in the paper are as follows:
The key revocation problem is simply and effectively solved by using the forward-security key-evolving paradigm. Effective forward-secure identity-based signature (FS-IBS) scheme and forward-secure identity-based encryption (FS-IBE) scheme are constructed respectively, and these schemes are provably secure in the random oracle model or in the standard model. FS-IBS and FS-IBE may share the same procedures of system parameters setup, key generation, and key update, since they both use the same key-evolving mechanism. By combining FS-IBS and FS-IBE, A practical complete solution of an identity-based cryptosystem with non-interactive key update property is given. Based on the cryptosystem, the identity-based PKI may be built, which may be considered as an alternative for certificate-based PKI. It offers advantages such as simple key management and key distribution. Applications may include secure email systems, ad-hoc network systems, and so on.
This previous work is generalized and a generic construction of verifiably encrypted signatures from short signatures is proposed. Then an efficient verifiably encrypted signature scheme without random oracles is proposed. The scheme is constructed from the recent Gentry signature and can be rigorously proven to be secure in the standard model. The proposed scheme has several advantages over previous such systems - namely, shorter public keys, lower computation overhead, and tighter security reduction, therefore, it is a truly practical verifiably encrypted signature without random oracles, which can be used in online contract signing protocols. Finally, based on the Paterson et al.'s identity-based signature scheme, the identity-based verifiably encrypted signature scheme without random oracles is first constructed by using the ElGamal encryption algorithm.
The partial and gradual leakage process of key information is first studied, and is modeled as a compound Poisson process. According to the model, an effective algorithm to estimate key life is proposed. So, the proper key renewal period can be set, which might control trade-off between security and renewal cost in key management. The method of modeling key exposure and estimating key life may be applied to secret keys of any cryptosystem.
Two of suitable applications of identity-based cryptosystem with non-interactive key revocation are given. One is a signature scheme for user proxy towards manufacturing grid, and the other is an encryption system for short message service of mobile phones. The former improves the efficiency and scalability of manufacturing grid, and the latter integrates embedded computers, mobile e-commerce, and recent cryptography technologies. Both applications show the excellent performance and practical importance, which give a good demonstration of moving IBC into practice.
引文
[1]Shannon C E.Communication Theory of Secrecy Systems.Bell System Technical Journal,1949,Vol.28:656-715
[2]Diffie W,Hellman M E.New Directions in Cryptography.IEEE Transaction on Information Theory,1976,Vol.22(6):644-654
[3]Rivest R L,Shamir A,Adleman L.A Method for Obtaining Digital Signatures and Public Key Cryptosystem.Comm.of the ACM,1978,Vol.21:120-126
[4]ElGamal T.A Public-Key Cryptosystem and Signature Scheme Based on Discrete Logarithms.IEEE Transactions on Information Theory,1985,Vol.31(4):469-472
[5]Schnorr C.Efficient Signature Generation by Smart Cards.Journal of Cryptology,1991,Vol.4:161-174
[6]National Institute of Standards and Technology.Digital Signature Standard,2000.FIPS Publication 186-2
[7]Koblitz N.Elliptic Curve Cryptosystems.Mathematics of Computation,1987,Vol.48:203-209
[8]Miller V.Use of Elliptic Curves in Cryptography.Proceedings of CRYPTO 1985,LNCS 218.Berlin:Springer-Verlag,1986.417-426
[9]Shamir A.Identity-Based Cryptosystems and Signature Schemes.Proceedings of CRYPTO 1984,LNCS 196.Berlin:Springer-Verlag,1985.47-53
[10]Boneh D,Franklin M.Identity-Based Encryption From the Weil Pairing.Proceedings of CRYPTO 2001,LNCS 2139.Berlin:Springer-Verlag,2001.213-229
[11]Menezes A,Okamoto T,Vanstone S.Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field.IEEE Tran.on Info.Th.,1993.Vol.39:1639-1646
[12]Joux A.A One-Round Protocol for Tripartite Diffie-Hellman.Proceedings of Fourth Algorithraic Number Theory Symposium,LNCS 1838.Berlin:Springer-Verlag,2000.385-394
[13]Barreto P SLM,Naehrig M.Pairing-friendly elliptic curves of prime order.Cryptology ePrint Archive,2005/133.2005,http://eprint.iacr.org/
[14]Canetti R,Halevi S,Katz J.A Forward-Secure Public-Key Encryption Scheme.Proceedings of EUROCRYPT 2003,LNCS 2656.Berlin:Springer-Verlag,2003.255-271
[15]Canetti R,Goldreich O,Halevi S.The Random Oracle Methodology,Revisited.J.ACM,2004,Vol.51(4):557-594
[16]Boneh D,Boyen X.Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.223-238
[17]Waters B.Efficient Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.114-127
[18]Gentry C.Practical Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2006,LNCS 4004.Berlin:Springer-Verlag,2006.445-464
[19]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.Proceedings of CRYPTO 1986,LNCS 263.Berlin:Springer-Verlag,1986.186-194
[20]Guillou L C,Quisquater J.A "Paradoxical" Identity-Based Signature Scheme Resulting from Zero-Knowledge.Proceedings of CRYPTO 1988,LNCS 403.Berlin:Springer-Verlag,1989.216-231
[21]Paterson K G.ID-Based Signatures from Pairings on Elliptic Curves.Cryptology ePrint Archive,Report 2002/004,2002.http://eprint.iacr.org/
[22]Cha J C,Cheon J H.An Identity-Based Signature from Gap Diffie-Hellman Groups.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.18-30
[23]Sakai R,Kasahara M.1D Based Cryptosystems with Pairing on Elliptic Curve.Cryptology ePrint Archive,Report 2003/054,2003.http://eprint.iacr.org/
[24]Hess F.Efficient Identity Based Signature Schemes Based on Pairings.Proceedings of SAC 2002,LNCS 2595.Berlin:Springer-Verlag,2002.310-324
[25]Yi X.An Identity-Based Signature Scheme from the Weil Pairing.IEEE Communications Letters,2003,Vol.7(2):76-78
[26]Cheon JH,Kim Y,Yoon HJ.A New ID-based Signature with Batch Verification.Cryptology ePrint Archive,Report 2004/131,2004.http://eprint.iacr.org/
[27]Barreto PSLM,Libert B,McCullagh N,et al.Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps.Proceedings of ASIACRYPT 2005,LNCS 3788.Berlin:Springer-Verlag,2005.515-532
[28]Bellare M,Namprempre C,Neven G.Security Proof for Identity-Based Identification and Signature Schemes.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.268-286
[29]Paterson K G,Schuldt J C N.Efficient Identity-based Signatures Secure in the Standard Model.Proceedings of ACISP 2006,LNCS 4058.Berlin:Springer-Verlag,2006.207-222
[30]Dodis Y,Katz J,Xu S,et al.Strong Key-Insulated Signature Schemes.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.130-144
[31]Hously R,Ford W,Polk W.Internet X.509 Public Key Infrastructure Certificate and CRL Profile.RFC 2459,IETF,1999
[32]Myers M,Ankney R,Malpani A.Intemet X.509 Public Key Infrastructure Online Certificate Status Protocol - OCSP.RFC 2560,IETF,1999
[33]Micali S.Efficient Certificate Revocation.Technical Memory,TM-542b,MIT Laboratory for Computer Science,1996
[34]Kocher P.On Certificate Revocation and Validation.Proceedings of FC 1998,LNCS 1465.Berlin:Springer-Verlag,1998.171-177
[35]Gassko I,Gemmell P,MacKenzie P.Efficient and Fresh Certification.Proceedings of PKC 2000,LNCS 1751.Berlin:Springer-Verlag,2000.342-353
[36]McDaniel P,Jamin S.Windowed Certificate Revocation.Proceedings of IEEE 1NFOCOM.2000.1406-1414
[37]Malkin T,Obana S,Yung M.The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.306-322
[38]Brassard G,Crépeau C.25 Years of Quantum Cryptography.SIGACTNews,1996.Vol.27(3):13-24
[39]Shamir A,van Someren N.Playing Hide and Seek with Stored Keys.Proceedings of FC 1999,LNCS 1648.Berlin:Springer-Verlag,1999.118-124
[40]Hanaoka Y,Hanaoka G,Shikata J.Identity-Based Encryption with Non-Interactive Key-Update.Cryptology ePrint Archive,Report 2004/338,2004.http://eprint.iacr.org/
[41]Bao F,Deng R,Mao W.Efficient and Practical Fair Exchange Protocols with Offline TTP.Proceedings of IEEE Symposium on Security and Privacy.1998.77-85
[42]Asokan N,Shoup V,Waidner M.Optimistic Fair Exchange of Digital Signatures.IEEE J.Selected Areas in Comm.,2000.Vol.18(4):593-610
[43]周永彬,张振峰,卿斯汉,等.基于RSA签名的优化公平交换协议.软件学报,2004.15(7):1049-1055
[44]Poupard G,Stern J.Fair Eneryption of RSA Keys.Proceedings of EUROCRYPT 2000,LNCS 1807.Berlin:Spdnger-Verlag,2000.172-189
[45]Boneh D,Gentry C,Lynn B,et al.Aggregate and Verifiably Encrypted Signatures from Bilinear Maps.Proceedings of EUROCRYPT 2003,LNCS 2656.Berlin:Springer-Verlag,2003.416-432
[46]Zhang F,Safavi-Naini R,Susilo W.Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings.Proceedings of INDOCRYPT 2003,LNCS 2904.Berlin:Springer-Verlag,2003.191-204
[47]Gorantla MC,Saxena A.Verifiably Encrypted Signature Scheme Without Random Oracles.Proceedings of ICDCIT 2005,LNCS 3816.Berlin:Springer-Verlag,2005.357-363
[48]Li XX,Chen KF,Liu SL,et al.Verifiably Encrypted Signatures Without Random Oracles.Journal of Shanghai Jiaotong University(Science),2006.Vol.E-11(2):230-235
[49]Lu S,Ostrovsky R,Sahai A,et al.Sequential Aggregate Signatures and Multisignatures Without Random Oracles.Proceedings of EUROCRYPT 2006,LNCS 4004.Berlin:Springer-Verlag,2006.465-485
[50]Boneh D,Boyen X,Gob EJ.Hierarchical Identity Based Encryption with Constant Size Ciphertext.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.440-456
[51]Pointcheval P,Stem J.Security Arguments for Digital Signatures and Blind Signatures.J.Cryptology,2000.Vol.13(3):361-396
[52]Maurer UM,Wolf S.Diffie-Hellman Oracles.Proceedings of CRYPTO 1996,LNCS 1109.Berlin:Springer-Verlag,1996.268-282
[53]Barreto PLSM,Kim HY,Lynn B,et al.Efficient Algorithms for Pairing-based Cryptosystems.Proceedings of CRYPTO 2002,LNCS 2442.Berlin:Springer-Verlag,2002.354-368
[54]Scott M,Barreto PSLM.Compressed Pairings.Proceedings of CRYPTO 2004,LNCS 3152.Berlin:Springer-Verlag,2004.140-156
[55]Smart N,Vercauteren E On Computable Isomorphisms in Efficient Pairing Based Systems.Cryptology ePrint Archive,Report 2005/116,2005.http://eprint.iaer.org/
[56]Galbraith SD,Harrison K,Soldera D.Implementing the Tare Pairing.Proceedings of ANTS V,LNCS 2369.Berlin:Springer-Verlag,2002.324-337
[57]Scott M.Computing the Tate Pairing.Proceedings of CT-RSA 2005,LNCS 3376.Berlin:Springer-Verlag,2005.293-304
[58]Kwon S.Efficient Tare Pairing Computation for Elliptic Curves over Binary Fields.Proceedings of ACISP 2005,LNCS 3574.Berlin:Springer-Verlag,2005.134-145
[59]Goldwasser S,Micali S,Rivest R.A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks.SIAM J.Computing,1988.Vol.17(2):281-308
[60]Goldwasser S,Micali S.Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information.Proceedings of STOC 1982.New York:ACM Press,1982.365-377
[61]Naor M,Yung M.Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks.Proceedings of STOC 1990.New York:ACM Press,1990.427-437
[62]Rackoff C,Simon D.Non-interactive Zero-knowledge Proof of Knowledge and Chosen.Proceedings of CRYPTO 1991,LNCS 576.Berlin:Springer-Verlag,1991.433-444
[63]Dolev D,Dwork C,Naor M.Non-Malleable Cryptography.Proceedings of STOC 1991.New York:ACM Press,1991.542-552
[64]Bellare M,Rogaway P.Entity Authentication and Key Distribution.Proceedings of CRYPTO 1993,LNCS 773.Berlin:Springer-Verlag,1994.232-249
[65]Bellare M,Rogaway P.Provably Secure Session Key Distribution - the Three-Party Case.Proceedings of STOC 1995.New York:ACM Press,1995.57-66
[66]Wilson SB,Johnson D,Menezes A.Key Agreement Protocols and Their Security Analysis.Proceedings of the sixth IMA International Conference on Cryptography and Coding,LNCS 1355.Berlin:Springer-Verlag,1997.30-45
[67]Abadi M,Rogaway P.Reconciling Two Views of Cryptography(the Computational Soundness of Formal Encryption).J.Cryptology,2002.Vol.15(2):103-127
[68]Bellare M,Rogaway P.Random Oracles are Practical:A Paradigm for Designing Efficient Protocols.Proceedings of CCS 1993.New York:ACM Press,1993.62-73
[69]Bellare M,Boldyreva A,Palacio A.An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.171-188
[70]Bellare M.Practice-Oriented Provable Security.Proceedings of ISW 1997,LNCS 1396.Berlin:Springer-Verlag,1998.221-231
[71]Desmedt Y,Quisquater J.Public-Key Systems Based on the Difficulty of Tampering.Proceedings of CRYPTO 1986,LNCS 263.Berlin:Springer-Verlag,1986.111-117
[72]Shamir A.How to Share a Secret.Comm.oftheACM,1979.Vol.22(11):612-613
[73]Gennaro R,Jarecki S,Krawczyk H.Robust Threshold Dss Signatures.Proceedings of EUROCRYPT 1996,LNCS 1070.Berlin:Springer-Verlag,1996.354-371
[74]Herzberg A,Jakobson M,Jarecki S.Proactive Public Key and Signature Systems.Proceedings of CCS 1997.New York:ACM Press,1997.100-110
[75]Shinozaki S,Itoh T,Fujioka A,et al.Provably Secure Key-Updating Schemes in Identity-Based Systems.Proceedings of EUROCRYPT 1990,LNCS 473.Berlin:Springer-Verlag,1991.16-30
[76]Anderson R.Invited Lecture.Proceedings of CCS 1997.New York:ACM Press,1997
[77]Bellare M,Miner SK.A Forward-Secure Digital Signature Scheme.Proceedings of CRYPTO 1999,LNCS 1666.Berlin:Springer-Verlag,1999.431-448
[78]Dodis Y,Katz J,Xu S,et al.Key-Insulated Public Key Cryptosystems.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.65-82
[79]Dodis Y,Katz J,Xu S,et al.Strong Key-Insulated Signature Schemes.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.130-144
[80]Dodis Y,Franklin M,Katz J,et al.Intrusion-Resilient Public-key Encryption.Proceedings of CT-RSA 2003,LNCS 2612.Berlin:Springer-Verlag,2003.19-32
[81]Günther C G.An Identity-Based Key-Exchange Protocol.Proceedings of EUROCRYPT 1989,LNCS 434.Berlin:Springer-Verlag,1989.29-37
[82]Diffie W,Van-Oorschot P C,Weiner M J.Authentication and Authenticated Key Exchanges.Designs,Codes,and Cryptography,1992.Vol.2:107-125
[83]陈克非,黄征.信息安全技术导论.北京:电子工业出版社,2007.56-85
[84]胡向东,魏琴芳.应用密码学教程.北京:电子工业出版社,2004.203-217
[85]Bennett,CH,Brassard G,Robert JM.How to Reduce Your Enemy's Information.Proceedings of CRYPTO 1985,LNCS 218.Berlin:Springer-Verlag,1986.468-476
[86]Bennett CH,Brassard G,Crépeau C.Generalized Privacy Amplification.IEEE Tran.on Info.Th.,1995.Vol.41(6):1915-1923
[87]Berkovits S,Chokhani S,Furlong A,et al.Public Key Infrastructure Study:Final Report.ITRE Corporation for NIST,1994.72-82
[88]Krawczyk H.Simple Forward-Secure Signatures from any Signature Scheme.Proceedings of CCS 2000.New York:ACM Press,2000.108-115
[89]Malkin T,Micciancio D,Miner S.Efficient Genetic Forward-Secure Signatures with an Unbounded Number of Time Periods.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.400-417
[90]Abdalla M,Reyzin L.A New Forward-Secure Digital Signature Scheme.Proceedings of ASIACRYPT 2000,LNCS 1976.Berlin:Spdnger-Verlag,2000.116-129
[91]Itkis G,Reyzin L.Forward-Secure Signatures with Optimal Signing and Verifying.Proceedings of CRYPTO 2001,LNCS 2139.Berlin:Springer-Verlag,2001.332-354
[92]Hu F,Wu C,Irwin J D.A New Forward Secure Signature Scheme using Bilinear Maps.Cryptology ePrint Archive,Report 2003/188,2003.http://eprint.iacr.org/
[93]Vo DL,Kim K.Yet Another Forward Secure Signature from Bilinear Pairings.Proceedings of ICISC 2005,LNCS 3935.Berlin:Springer-Verlag,2006.441-455
[94]Song D X.Practical Forward Secure Group Signature Schemes.Proceedings of CCS 2001.New York:ACM Press,2001.225-234
[95]Tzeng W,Tzeng Z.Robust Forward-Secure Digital Signature with Proactive Security.Proceedings of PKC 2001,LNCS 1992.Berlin:Springer-Verlag,2001.264-276
[96]Kozlov A,Reyzin L.Forward-Secure Signatures with Fast Key Update.Proceedings of SCN 2002,LNCS 2576.Berlin:Springer-Verlag,2003.241-256
[97]Due D N,Cheon J H,Kim K.A Forward-Secure Blind Signature Scheme Based on the Strong RSA Assumption.Proceedings of ICICS 2003,LNCS 2836.Berlin:Springer-Verlag,2003.11-21
[98]Galindo D,Herranz J,Kiltz E.On the Genetic Construction of Identity-Based Signatures with Additional Properties.Proceedings of ASIACRYPT 2006,LNCS 4284.Berlin:Springer-Verlag,2006.178-193
[99]Chaum D,Van Antwerpen H.Undeniable Signatures.Proceedings of CRYPTO 1989,LNCS 435.Berlin:Springer-Verlag,1989.212-216
[100]Mambo M,Usuda K,Okamoto E.Proxy signatures:Delegation of the Power to Sign Messages.IEICE Trans.Fundamentals,1996.Vol.E79-A(9):1338-1353
[101]Okamoto T.Efficient Blind and Partially Blind Signatures Without Random Oracles.Proceedings of TCC 2006,LNCS 3876.Berlin:Springer-Verlag,2006.80-99
[102]Cheng X,Liu J,Wang X.An Identity-Based Signature and Its Threshold Version.Proceedings of AINA 2005.973-977
[103]Katz J.A Forward-Secure Public-Key Encryption Scheme.Cryptology ePrint Archive,Report 2002/060,2002.http://eprint.iacr.org/
[104)叶作亮,顾新建,钱亚东,等.制造网格-网格技术在制造业中的应用.中国机械工程,2004.19:1717-1719
[105]Foster I,Kesselman C,Tsudik G,et al.A Security Architecture for Computational Grids.Proceedings of CCS 1998.New York:ACM Press,1998.83-92
[106]Boneh D,Boyen X.Secure Identity Based Encryption Without Random Oracles.Proceedings of CRYPTO 2004,LNCS 3152.2004:Springer-Verlag,2004.443-459
[107]Cocks C.An Identity Based Encryption Scheme Based on Quadratic Residues.Proceedings of IMA International Conference on Cryptography and Coding,LNCS 2260.Berlin:Springer-Verlag,2001.360-363
[108]Gentry C,Silverberg A.Hierarchical ID-Based Cryptography.Proceedings of ASIACRYPT 2002,LNCS 2501.Berlin:Springer-Verlag,2002.548-566
[109]Yao D,Fazio N,Dodis Y,et al.ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption.Proceedings of CCS 2004.New York:ACM Press,2004.354-363
[110]Fujisaki E,Okamoto T.Secure Integration of Asymmetric and Symmetric Encryption Schemes.Proceedings of CRYPTO 1999,LNCS 1666.Berlin:Springer-Verlag,1999.537-554
[111]Cramer R.A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attacks.Proceedings of CRYPTO 1998,LNCS 1462.Berlin:Springer-Verlag,1998.13-25
[112]Canetti R,Halevi S,Katz J.Chosen-Ciphertext Security from Identity-Based Encryption.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.207-222
[113]Boneh D,Katz J.Improved Efficiency for CCA-Secure Cryptosystems Built using Identity Based Encryption.Proceedings of CT-RSA 2005,LNCS 3376.2005:Springer-Verlag,2005.157-175
[114]ETSI GSM 07.05.Digital cellular telecommunication system(Phase 2+);Use of Data Terminal Equipment - Data Circuit terminating;Equipment(DTE - DCE) interface for Short Message Service(SMS) and Cell Broadcast Service(CBS),version 5.5.0,1996
[115]ETSI GSM 03.40.Digital cellular telecommunication system(Phase 2+);Technical realization of the Short Message Service(SMS) Point- to- Point(PP),version 5.3.0,1996
[116]ISO/IEC10646:2003.Information technology - Universal Multiple-Octet Coded Character Set(UCS) - Architecture and Basic Multilingual Plane Supplementary Planes.2003
[117]Boneh D,Lynn B,Shacham H.Short Signatures from the Weil Pairing.Proceedings of ASIACRYPT 2001,LNCS 2248.Berlin:Springer-Verlag,2001.213-229
[118]Zhang F,Safavi-Naini R,Susilo W.An Efficient Signature Scheme from Bilinear Pairings and Its Applications.Proceedings of PKC 2004,LNCS 2947.Berlin:Springer-Verlag,2004.277-290
[119]Boneh D,Boyen X.Short Signatures Without Random Oracles.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.56-73
[120]Boldyreva A.Threshold Signatures,Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.31-46
[121]Micali S,Ohta K,Reyzin L.Accountable-Subgroup Multisignatures.Proceedings of CCS 2001.New York:ACM Press,2001.245-254
[122]Hess F.On the Security of the Verifiably-Encrypted Signature Scheme of Boneh,Gentry,Lynn and Shacham.Information Processing Letters.Vol.89(3):111-114
[123]An J H,Dodis Y,Rabin T.On the Security of Joint Signature and Encryption.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.56-73
[124]Cheng X,Liu J,Wang X.Identity-Based Aggregate and Verifiably Encrypted Signatures from Bilinear Pairing.Proceedings of ICCSA 2005,LNCS 3483.Berlin:Springer-Verlag,2005.1046-1054
[125]Gu C,Zhu Y,Zhang Y.An ID-Based Optimistic Fair Signature Exchange Protocol from Pairings.Proceedings of CIS 2005,Part Ⅱ,LNAI 3802.Berlin:Springer-Verlag,2005.9-16
[126]Gu C,Zhu Y.An ID-based Verifiable Encrypted Signature Scheme Based on Hess's Scheme.Proceedings of CISC 2005,LNCS 3822.Berlin:Springer-Verlag,2005.42-52
[127]Zhang J,Zou W.A Robust Verifiably Encrypted Signature Scheme.Proceedings of EUC Workshops 2006,LNCS 4097.Berlin:Springer-Verlag,2006.731-740
[128]Naccache D.Secure and Practical Identity-Based Encryption.Cryptology ePrint Archive,Report 2005/369,2005.http://eprint.iacr.org/
[129]Sahai A,Waters B.Fuzzy Identity-Based Encryption.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.457-473
[130]Horwitz J,Lynn B.Toward Hierarchical Identity-Based Encryption.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.466-481
[131]Boyen X.General Ad Hoc Encryption from Exponent Inversion IBE.Proceedings of EUROCRYPT 2007,LNCS 4515.Berlin:Springer-Verlag,2007.394-411
[132]Feige U,Fiat A,Shamir A.Zero Knowledge Proofs of Identity.J.Cryptology,1988.Vol.l(2):77-94
[133]Shacham H,Waters B.Efficient Ring Signatures Without Random Oracles.Proceedings of PKC 2007,LNCS 4450.Berlin:Springer-Verlag,2007.166-180
[134]Boyen X,Waters B.Anonymous Hierarchical Identity-Based Encryption(Without Random Oracles).Proceedings of CRYPTO 2006,LNCS 4117.Berlin:Springer-Verlag,2006.290-307
[135]Chatterjee S,Sarkar P.HIBE With Short Public Parameters Without Random Oracle.Proceedings of ASIACRYPT 2006,LNCS 4284.Berlin:Springer-Verlag,2006.145-160
[2]Diffie W,Hellman M E.New Directions in Cryptography.IEEE Transaction on Information Theory,1976,Vol.22(6):644-654
[3]Rivest R L,Shamir A,Adleman L.A Method for Obtaining Digital Signatures and Public Key Cryptosystem.Comm.of the ACM,1978,Vol.21:120-126
[4]ElGamal T.A Public-Key Cryptosystem and Signature Scheme Based on Discrete Logarithms.IEEE Transactions on Information Theory,1985,Vol.31(4):469-472
[5]Schnorr C.Efficient Signature Generation by Smart Cards.Journal of Cryptology,1991,Vol.4:161-174
[6]National Institute of Standards and Technology.Digital Signature Standard,2000.FIPS Publication 186-2
[7]Koblitz N.Elliptic Curve Cryptosystems.Mathematics of Computation,1987,Vol.48:203-209
[8]Miller V.Use of Elliptic Curves in Cryptography.Proceedings of CRYPTO 1985,LNCS 218.Berlin:Springer-Verlag,1986.417-426
[9]Shamir A.Identity-Based Cryptosystems and Signature Schemes.Proceedings of CRYPTO 1984,LNCS 196.Berlin:Springer-Verlag,1985.47-53
[10]Boneh D,Franklin M.Identity-Based Encryption From the Weil Pairing.Proceedings of CRYPTO 2001,LNCS 2139.Berlin:Springer-Verlag,2001.213-229
[11]Menezes A,Okamoto T,Vanstone S.Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field.IEEE Tran.on Info.Th.,1993.Vol.39:1639-1646
[12]Joux A.A One-Round Protocol for Tripartite Diffie-Hellman.Proceedings of Fourth Algorithraic Number Theory Symposium,LNCS 1838.Berlin:Springer-Verlag,2000.385-394
[13]Barreto P SLM,Naehrig M.Pairing-friendly elliptic curves of prime order.Cryptology ePrint Archive,2005/133.2005,http://eprint.iacr.org/
[14]Canetti R,Halevi S,Katz J.A Forward-Secure Public-Key Encryption Scheme.Proceedings of EUROCRYPT 2003,LNCS 2656.Berlin:Springer-Verlag,2003.255-271
[15]Canetti R,Goldreich O,Halevi S.The Random Oracle Methodology,Revisited.J.ACM,2004,Vol.51(4):557-594
[16]Boneh D,Boyen X.Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.223-238
[17]Waters B.Efficient Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.114-127
[18]Gentry C.Practical Identity-Based Encryption Without Random Oracles.Proceedings of EUROCRYPT 2006,LNCS 4004.Berlin:Springer-Verlag,2006.445-464
[19]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.Proceedings of CRYPTO 1986,LNCS 263.Berlin:Springer-Verlag,1986.186-194
[20]Guillou L C,Quisquater J.A "Paradoxical" Identity-Based Signature Scheme Resulting from Zero-Knowledge.Proceedings of CRYPTO 1988,LNCS 403.Berlin:Springer-Verlag,1989.216-231
[21]Paterson K G.ID-Based Signatures from Pairings on Elliptic Curves.Cryptology ePrint Archive,Report 2002/004,2002.http://eprint.iacr.org/
[22]Cha J C,Cheon J H.An Identity-Based Signature from Gap Diffie-Hellman Groups.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.18-30
[23]Sakai R,Kasahara M.1D Based Cryptosystems with Pairing on Elliptic Curve.Cryptology ePrint Archive,Report 2003/054,2003.http://eprint.iacr.org/
[24]Hess F.Efficient Identity Based Signature Schemes Based on Pairings.Proceedings of SAC 2002,LNCS 2595.Berlin:Springer-Verlag,2002.310-324
[25]Yi X.An Identity-Based Signature Scheme from the Weil Pairing.IEEE Communications Letters,2003,Vol.7(2):76-78
[26]Cheon JH,Kim Y,Yoon HJ.A New ID-based Signature with Batch Verification.Cryptology ePrint Archive,Report 2004/131,2004.http://eprint.iacr.org/
[27]Barreto PSLM,Libert B,McCullagh N,et al.Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps.Proceedings of ASIACRYPT 2005,LNCS 3788.Berlin:Springer-Verlag,2005.515-532
[28]Bellare M,Namprempre C,Neven G.Security Proof for Identity-Based Identification and Signature Schemes.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.268-286
[29]Paterson K G,Schuldt J C N.Efficient Identity-based Signatures Secure in the Standard Model.Proceedings of ACISP 2006,LNCS 4058.Berlin:Springer-Verlag,2006.207-222
[30]Dodis Y,Katz J,Xu S,et al.Strong Key-Insulated Signature Schemes.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.130-144
[31]Hously R,Ford W,Polk W.Internet X.509 Public Key Infrastructure Certificate and CRL Profile.RFC 2459,IETF,1999
[32]Myers M,Ankney R,Malpani A.Intemet X.509 Public Key Infrastructure Online Certificate Status Protocol - OCSP.RFC 2560,IETF,1999
[33]Micali S.Efficient Certificate Revocation.Technical Memory,TM-542b,MIT Laboratory for Computer Science,1996
[34]Kocher P.On Certificate Revocation and Validation.Proceedings of FC 1998,LNCS 1465.Berlin:Springer-Verlag,1998.171-177
[35]Gassko I,Gemmell P,MacKenzie P.Efficient and Fresh Certification.Proceedings of PKC 2000,LNCS 1751.Berlin:Springer-Verlag,2000.342-353
[36]McDaniel P,Jamin S.Windowed Certificate Revocation.Proceedings of IEEE 1NFOCOM.2000.1406-1414
[37]Malkin T,Obana S,Yung M.The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.306-322
[38]Brassard G,Crépeau C.25 Years of Quantum Cryptography.SIGACTNews,1996.Vol.27(3):13-24
[39]Shamir A,van Someren N.Playing Hide and Seek with Stored Keys.Proceedings of FC 1999,LNCS 1648.Berlin:Springer-Verlag,1999.118-124
[40]Hanaoka Y,Hanaoka G,Shikata J.Identity-Based Encryption with Non-Interactive Key-Update.Cryptology ePrint Archive,Report 2004/338,2004.http://eprint.iacr.org/
[41]Bao F,Deng R,Mao W.Efficient and Practical Fair Exchange Protocols with Offline TTP.Proceedings of IEEE Symposium on Security and Privacy.1998.77-85
[42]Asokan N,Shoup V,Waidner M.Optimistic Fair Exchange of Digital Signatures.IEEE J.Selected Areas in Comm.,2000.Vol.18(4):593-610
[43]周永彬,张振峰,卿斯汉,等.基于RSA签名的优化公平交换协议.软件学报,2004.15(7):1049-1055
[44]Poupard G,Stern J.Fair Eneryption of RSA Keys.Proceedings of EUROCRYPT 2000,LNCS 1807.Berlin:Spdnger-Verlag,2000.172-189
[45]Boneh D,Gentry C,Lynn B,et al.Aggregate and Verifiably Encrypted Signatures from Bilinear Maps.Proceedings of EUROCRYPT 2003,LNCS 2656.Berlin:Springer-Verlag,2003.416-432
[46]Zhang F,Safavi-Naini R,Susilo W.Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings.Proceedings of INDOCRYPT 2003,LNCS 2904.Berlin:Springer-Verlag,2003.191-204
[47]Gorantla MC,Saxena A.Verifiably Encrypted Signature Scheme Without Random Oracles.Proceedings of ICDCIT 2005,LNCS 3816.Berlin:Springer-Verlag,2005.357-363
[48]Li XX,Chen KF,Liu SL,et al.Verifiably Encrypted Signatures Without Random Oracles.Journal of Shanghai Jiaotong University(Science),2006.Vol.E-11(2):230-235
[49]Lu S,Ostrovsky R,Sahai A,et al.Sequential Aggregate Signatures and Multisignatures Without Random Oracles.Proceedings of EUROCRYPT 2006,LNCS 4004.Berlin:Springer-Verlag,2006.465-485
[50]Boneh D,Boyen X,Gob EJ.Hierarchical Identity Based Encryption with Constant Size Ciphertext.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.440-456
[51]Pointcheval P,Stem J.Security Arguments for Digital Signatures and Blind Signatures.J.Cryptology,2000.Vol.13(3):361-396
[52]Maurer UM,Wolf S.Diffie-Hellman Oracles.Proceedings of CRYPTO 1996,LNCS 1109.Berlin:Springer-Verlag,1996.268-282
[53]Barreto PLSM,Kim HY,Lynn B,et al.Efficient Algorithms for Pairing-based Cryptosystems.Proceedings of CRYPTO 2002,LNCS 2442.Berlin:Springer-Verlag,2002.354-368
[54]Scott M,Barreto PSLM.Compressed Pairings.Proceedings of CRYPTO 2004,LNCS 3152.Berlin:Springer-Verlag,2004.140-156
[55]Smart N,Vercauteren E On Computable Isomorphisms in Efficient Pairing Based Systems.Cryptology ePrint Archive,Report 2005/116,2005.http://eprint.iaer.org/
[56]Galbraith SD,Harrison K,Soldera D.Implementing the Tare Pairing.Proceedings of ANTS V,LNCS 2369.Berlin:Springer-Verlag,2002.324-337
[57]Scott M.Computing the Tate Pairing.Proceedings of CT-RSA 2005,LNCS 3376.Berlin:Springer-Verlag,2005.293-304
[58]Kwon S.Efficient Tare Pairing Computation for Elliptic Curves over Binary Fields.Proceedings of ACISP 2005,LNCS 3574.Berlin:Springer-Verlag,2005.134-145
[59]Goldwasser S,Micali S,Rivest R.A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks.SIAM J.Computing,1988.Vol.17(2):281-308
[60]Goldwasser S,Micali S.Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information.Proceedings of STOC 1982.New York:ACM Press,1982.365-377
[61]Naor M,Yung M.Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks.Proceedings of STOC 1990.New York:ACM Press,1990.427-437
[62]Rackoff C,Simon D.Non-interactive Zero-knowledge Proof of Knowledge and Chosen.Proceedings of CRYPTO 1991,LNCS 576.Berlin:Springer-Verlag,1991.433-444
[63]Dolev D,Dwork C,Naor M.Non-Malleable Cryptography.Proceedings of STOC 1991.New York:ACM Press,1991.542-552
[64]Bellare M,Rogaway P.Entity Authentication and Key Distribution.Proceedings of CRYPTO 1993,LNCS 773.Berlin:Springer-Verlag,1994.232-249
[65]Bellare M,Rogaway P.Provably Secure Session Key Distribution - the Three-Party Case.Proceedings of STOC 1995.New York:ACM Press,1995.57-66
[66]Wilson SB,Johnson D,Menezes A.Key Agreement Protocols and Their Security Analysis.Proceedings of the sixth IMA International Conference on Cryptography and Coding,LNCS 1355.Berlin:Springer-Verlag,1997.30-45
[67]Abadi M,Rogaway P.Reconciling Two Views of Cryptography(the Computational Soundness of Formal Encryption).J.Cryptology,2002.Vol.15(2):103-127
[68]Bellare M,Rogaway P.Random Oracles are Practical:A Paradigm for Designing Efficient Protocols.Proceedings of CCS 1993.New York:ACM Press,1993.62-73
[69]Bellare M,Boldyreva A,Palacio A.An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.171-188
[70]Bellare M.Practice-Oriented Provable Security.Proceedings of ISW 1997,LNCS 1396.Berlin:Springer-Verlag,1998.221-231
[71]Desmedt Y,Quisquater J.Public-Key Systems Based on the Difficulty of Tampering.Proceedings of CRYPTO 1986,LNCS 263.Berlin:Springer-Verlag,1986.111-117
[72]Shamir A.How to Share a Secret.Comm.oftheACM,1979.Vol.22(11):612-613
[73]Gennaro R,Jarecki S,Krawczyk H.Robust Threshold Dss Signatures.Proceedings of EUROCRYPT 1996,LNCS 1070.Berlin:Springer-Verlag,1996.354-371
[74]Herzberg A,Jakobson M,Jarecki S.Proactive Public Key and Signature Systems.Proceedings of CCS 1997.New York:ACM Press,1997.100-110
[75]Shinozaki S,Itoh T,Fujioka A,et al.Provably Secure Key-Updating Schemes in Identity-Based Systems.Proceedings of EUROCRYPT 1990,LNCS 473.Berlin:Springer-Verlag,1991.16-30
[76]Anderson R.Invited Lecture.Proceedings of CCS 1997.New York:ACM Press,1997
[77]Bellare M,Miner SK.A Forward-Secure Digital Signature Scheme.Proceedings of CRYPTO 1999,LNCS 1666.Berlin:Springer-Verlag,1999.431-448
[78]Dodis Y,Katz J,Xu S,et al.Key-Insulated Public Key Cryptosystems.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.65-82
[79]Dodis Y,Katz J,Xu S,et al.Strong Key-Insulated Signature Schemes.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.130-144
[80]Dodis Y,Franklin M,Katz J,et al.Intrusion-Resilient Public-key Encryption.Proceedings of CT-RSA 2003,LNCS 2612.Berlin:Springer-Verlag,2003.19-32
[81]Günther C G.An Identity-Based Key-Exchange Protocol.Proceedings of EUROCRYPT 1989,LNCS 434.Berlin:Springer-Verlag,1989.29-37
[82]Diffie W,Van-Oorschot P C,Weiner M J.Authentication and Authenticated Key Exchanges.Designs,Codes,and Cryptography,1992.Vol.2:107-125
[83]陈克非,黄征.信息安全技术导论.北京:电子工业出版社,2007.56-85
[84]胡向东,魏琴芳.应用密码学教程.北京:电子工业出版社,2004.203-217
[85]Bennett,CH,Brassard G,Robert JM.How to Reduce Your Enemy's Information.Proceedings of CRYPTO 1985,LNCS 218.Berlin:Springer-Verlag,1986.468-476
[86]Bennett CH,Brassard G,Crépeau C.Generalized Privacy Amplification.IEEE Tran.on Info.Th.,1995.Vol.41(6):1915-1923
[87]Berkovits S,Chokhani S,Furlong A,et al.Public Key Infrastructure Study:Final Report.ITRE Corporation for NIST,1994.72-82
[88]Krawczyk H.Simple Forward-Secure Signatures from any Signature Scheme.Proceedings of CCS 2000.New York:ACM Press,2000.108-115
[89]Malkin T,Micciancio D,Miner S.Efficient Genetic Forward-Secure Signatures with an Unbounded Number of Time Periods.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.400-417
[90]Abdalla M,Reyzin L.A New Forward-Secure Digital Signature Scheme.Proceedings of ASIACRYPT 2000,LNCS 1976.Berlin:Spdnger-Verlag,2000.116-129
[91]Itkis G,Reyzin L.Forward-Secure Signatures with Optimal Signing and Verifying.Proceedings of CRYPTO 2001,LNCS 2139.Berlin:Springer-Verlag,2001.332-354
[92]Hu F,Wu C,Irwin J D.A New Forward Secure Signature Scheme using Bilinear Maps.Cryptology ePrint Archive,Report 2003/188,2003.http://eprint.iacr.org/
[93]Vo DL,Kim K.Yet Another Forward Secure Signature from Bilinear Pairings.Proceedings of ICISC 2005,LNCS 3935.Berlin:Springer-Verlag,2006.441-455
[94]Song D X.Practical Forward Secure Group Signature Schemes.Proceedings of CCS 2001.New York:ACM Press,2001.225-234
[95]Tzeng W,Tzeng Z.Robust Forward-Secure Digital Signature with Proactive Security.Proceedings of PKC 2001,LNCS 1992.Berlin:Springer-Verlag,2001.264-276
[96]Kozlov A,Reyzin L.Forward-Secure Signatures with Fast Key Update.Proceedings of SCN 2002,LNCS 2576.Berlin:Springer-Verlag,2003.241-256
[97]Due D N,Cheon J H,Kim K.A Forward-Secure Blind Signature Scheme Based on the Strong RSA Assumption.Proceedings of ICICS 2003,LNCS 2836.Berlin:Springer-Verlag,2003.11-21
[98]Galindo D,Herranz J,Kiltz E.On the Genetic Construction of Identity-Based Signatures with Additional Properties.Proceedings of ASIACRYPT 2006,LNCS 4284.Berlin:Springer-Verlag,2006.178-193
[99]Chaum D,Van Antwerpen H.Undeniable Signatures.Proceedings of CRYPTO 1989,LNCS 435.Berlin:Springer-Verlag,1989.212-216
[100]Mambo M,Usuda K,Okamoto E.Proxy signatures:Delegation of the Power to Sign Messages.IEICE Trans.Fundamentals,1996.Vol.E79-A(9):1338-1353
[101]Okamoto T.Efficient Blind and Partially Blind Signatures Without Random Oracles.Proceedings of TCC 2006,LNCS 3876.Berlin:Springer-Verlag,2006.80-99
[102]Cheng X,Liu J,Wang X.An Identity-Based Signature and Its Threshold Version.Proceedings of AINA 2005.973-977
[103]Katz J.A Forward-Secure Public-Key Encryption Scheme.Cryptology ePrint Archive,Report 2002/060,2002.http://eprint.iacr.org/
[104)叶作亮,顾新建,钱亚东,等.制造网格-网格技术在制造业中的应用.中国机械工程,2004.19:1717-1719
[105]Foster I,Kesselman C,Tsudik G,et al.A Security Architecture for Computational Grids.Proceedings of CCS 1998.New York:ACM Press,1998.83-92
[106]Boneh D,Boyen X.Secure Identity Based Encryption Without Random Oracles.Proceedings of CRYPTO 2004,LNCS 3152.2004:Springer-Verlag,2004.443-459
[107]Cocks C.An Identity Based Encryption Scheme Based on Quadratic Residues.Proceedings of IMA International Conference on Cryptography and Coding,LNCS 2260.Berlin:Springer-Verlag,2001.360-363
[108]Gentry C,Silverberg A.Hierarchical ID-Based Cryptography.Proceedings of ASIACRYPT 2002,LNCS 2501.Berlin:Springer-Verlag,2002.548-566
[109]Yao D,Fazio N,Dodis Y,et al.ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption.Proceedings of CCS 2004.New York:ACM Press,2004.354-363
[110]Fujisaki E,Okamoto T.Secure Integration of Asymmetric and Symmetric Encryption Schemes.Proceedings of CRYPTO 1999,LNCS 1666.Berlin:Springer-Verlag,1999.537-554
[111]Cramer R.A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attacks.Proceedings of CRYPTO 1998,LNCS 1462.Berlin:Springer-Verlag,1998.13-25
[112]Canetti R,Halevi S,Katz J.Chosen-Ciphertext Security from Identity-Based Encryption.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.207-222
[113]Boneh D,Katz J.Improved Efficiency for CCA-Secure Cryptosystems Built using Identity Based Encryption.Proceedings of CT-RSA 2005,LNCS 3376.2005:Springer-Verlag,2005.157-175
[114]ETSI GSM 07.05.Digital cellular telecommunication system(Phase 2+);Use of Data Terminal Equipment - Data Circuit terminating;Equipment(DTE - DCE) interface for Short Message Service(SMS) and Cell Broadcast Service(CBS),version 5.5.0,1996
[115]ETSI GSM 03.40.Digital cellular telecommunication system(Phase 2+);Technical realization of the Short Message Service(SMS) Point- to- Point(PP),version 5.3.0,1996
[116]ISO/IEC10646:2003.Information technology - Universal Multiple-Octet Coded Character Set(UCS) - Architecture and Basic Multilingual Plane Supplementary Planes.2003
[117]Boneh D,Lynn B,Shacham H.Short Signatures from the Weil Pairing.Proceedings of ASIACRYPT 2001,LNCS 2248.Berlin:Springer-Verlag,2001.213-229
[118]Zhang F,Safavi-Naini R,Susilo W.An Efficient Signature Scheme from Bilinear Pairings and Its Applications.Proceedings of PKC 2004,LNCS 2947.Berlin:Springer-Verlag,2004.277-290
[119]Boneh D,Boyen X.Short Signatures Without Random Oracles.Proceedings of EUROCRYPT 2004,LNCS 3027.Berlin:Springer-Verlag,2004.56-73
[120]Boldyreva A.Threshold Signatures,Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme.Proceedings of PKC 2003,LNCS 2567.Berlin:Springer-Verlag,2003.31-46
[121]Micali S,Ohta K,Reyzin L.Accountable-Subgroup Multisignatures.Proceedings of CCS 2001.New York:ACM Press,2001.245-254
[122]Hess F.On the Security of the Verifiably-Encrypted Signature Scheme of Boneh,Gentry,Lynn and Shacham.Information Processing Letters.Vol.89(3):111-114
[123]An J H,Dodis Y,Rabin T.On the Security of Joint Signature and Encryption.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.56-73
[124]Cheng X,Liu J,Wang X.Identity-Based Aggregate and Verifiably Encrypted Signatures from Bilinear Pairing.Proceedings of ICCSA 2005,LNCS 3483.Berlin:Springer-Verlag,2005.1046-1054
[125]Gu C,Zhu Y,Zhang Y.An ID-Based Optimistic Fair Signature Exchange Protocol from Pairings.Proceedings of CIS 2005,Part Ⅱ,LNAI 3802.Berlin:Springer-Verlag,2005.9-16
[126]Gu C,Zhu Y.An ID-based Verifiable Encrypted Signature Scheme Based on Hess's Scheme.Proceedings of CISC 2005,LNCS 3822.Berlin:Springer-Verlag,2005.42-52
[127]Zhang J,Zou W.A Robust Verifiably Encrypted Signature Scheme.Proceedings of EUC Workshops 2006,LNCS 4097.Berlin:Springer-Verlag,2006.731-740
[128]Naccache D.Secure and Practical Identity-Based Encryption.Cryptology ePrint Archive,Report 2005/369,2005.http://eprint.iacr.org/
[129]Sahai A,Waters B.Fuzzy Identity-Based Encryption.Proceedings of EUROCRYPT 2005,LNCS 3494.Berlin:Springer-Verlag,2005.457-473
[130]Horwitz J,Lynn B.Toward Hierarchical Identity-Based Encryption.Proceedings of EUROCRYPT 2002,LNCS 2332.Berlin:Springer-Verlag,2002.466-481
[131]Boyen X.General Ad Hoc Encryption from Exponent Inversion IBE.Proceedings of EUROCRYPT 2007,LNCS 4515.Berlin:Springer-Verlag,2007.394-411
[132]Feige U,Fiat A,Shamir A.Zero Knowledge Proofs of Identity.J.Cryptology,1988.Vol.l(2):77-94
[133]Shacham H,Waters B.Efficient Ring Signatures Without Random Oracles.Proceedings of PKC 2007,LNCS 4450.Berlin:Springer-Verlag,2007.166-180
[134]Boyen X,Waters B.Anonymous Hierarchical Identity-Based Encryption(Without Random Oracles).Proceedings of CRYPTO 2006,LNCS 4117.Berlin:Springer-Verlag,2006.290-307
[135]Chatterjee S,Sarkar P.HIBE With Short Public Parameters Without Random Oracle.Proceedings of ASIACRYPT 2006,LNCS 4284.Berlin:Springer-Verlag,2006.145-160