无证书数字签名方案的研究
|
摘要
在2003年的亚洲密码学会议上,Al-Riyami和Paterson提出了无证书公钥密码学,在无证书公钥系统中,用户的公钥不再需要证书来提供认证,从而克服了基于证书公钥系统中存在的证书管理问题。此外,在无证书公钥系统中,用户的私钥不再是只由KGC(Key Generation Center)产生,而是由KGC和用户共同来产生,这使得用户的私钥只有用户自己知道,从而克服了基于身份公钥系统中存在的密钥托管问题。
环签名可以被看做是简化了的群签名,它保护签名者的匿名性不被泄露,即环签名可以提供我们所需要的模糊性。因为环签名克服了群签名中群管理员权限过大的缺点,对签名者是无条件的完全匿名的,所以在匿名电子选举、电子政务、电子现金系统、密钥管理中的密钥分配以及多方安全计算中都有着广泛的应用,而成为当前研究的热点。
本文重点研究了无证书数字签名方案,主要工作如下:
针对Goya-Terada无证书签名方案的容易遭受替换公钥攻击的安全性缺陷,应用“绑定技术”,提出了一个改进的无证书签名方案。该方案吸收了原方案高效的优点,签名过程只需要群上的一个乘运算,验证过程只需要一个双线性对运算、群上的一个乘运算和两个指数运算。该方案在随机预言机模型、k-CAA (k-collision attack algorithm)问题和离散对数假设下,证明是安全的,能够抵抗无证书签名方案的两种类型攻击,弥补了原方案的安全性缺点。
基于离散对数问题,提出了一种无证书环签名方案,在签名和验证阶段,新方案都不需要对运算,从而减少了计算量,提高了执行效率。在随机预言模型及离散对数问题是困难的假设下,证明了方案在适应性选择消息攻击下是存在性不可伪造的,且是无条件匿名的。
Certificateless Public Key Cryptography was introduced by Al-Riyami and Paterson in Aisacrypt' 2003. Certificateless public key cryptosystem overcomes the problem of the certificate management in the certificate-based public key cryptosystem, for the reason that there is no need of certificate to authenticating the user's public key. In addition, the user's private key does not singly generate by the KGC (Key Generation Center) in the certificateless public key cryptosystem, but jointly generate by the user and the KGC which make the private key is only known to the user himself. Thus, it overcomes the inherent key escrow problem in the identity-based public key cryptosystem.
Ring signatures can be viewed as simplified group signatures and provide anonymity and thus concurrent signatures constructed from ring signature are ambiguous. Ring signatures can provide full anonymity for there is no group manager in a ring signature scheme. So ring signatures become the hot research area and have been widely used in anonymous election selection, e-government, electronic cash system, key distribution in key management and multiparty secure computation. This paper mainly contributes to certificateless digital signatures schemes. The main works are as follows:
According to the security drawback of the Goya-Terada Certificateless Signature Scheme vulnerable to suffering from the public-key replacement attacks, by using" Binding technique", an improved certificateless signature scheme is proposed. The new scheme contains the merit of efficiency in the original scheme. The signing algorithm requires no pairing computations and one scalar multiplication on groups. The verification algorithm requires only one pairing operation, one scalar multiplication and two exponentiation operations. The security of the scheme is based on the intractability of the k-CAA (k-collision attack algorithm) Problem and the Discrete Logarithm Problem. The proposed scheme is existential unforgeable under adaptively chosen message attack for both types of adversaries in the random oracle model and makes up for the deficiency of security in the original scheme.
A certificateless ring signature based on the discrete logarithm problem is presented. The computation of pairings doesn't need in the process of signature and verification, consequently it reduce the cost of computation and increase the efficiency. The new scheme is also proved existentially unforgeable under adaptive chosen-message attacks and keeps unconditional anonymous in the random oracle model, assuming that the discrete logarithm problem is hard.
环签名可以被看做是简化了的群签名,它保护签名者的匿名性不被泄露,即环签名可以提供我们所需要的模糊性。因为环签名克服了群签名中群管理员权限过大的缺点,对签名者是无条件的完全匿名的,所以在匿名电子选举、电子政务、电子现金系统、密钥管理中的密钥分配以及多方安全计算中都有着广泛的应用,而成为当前研究的热点。
本文重点研究了无证书数字签名方案,主要工作如下:
针对Goya-Terada无证书签名方案的容易遭受替换公钥攻击的安全性缺陷,应用“绑定技术”,提出了一个改进的无证书签名方案。该方案吸收了原方案高效的优点,签名过程只需要群上的一个乘运算,验证过程只需要一个双线性对运算、群上的一个乘运算和两个指数运算。该方案在随机预言机模型、k-CAA (k-collision attack algorithm)问题和离散对数假设下,证明是安全的,能够抵抗无证书签名方案的两种类型攻击,弥补了原方案的安全性缺点。
基于离散对数问题,提出了一种无证书环签名方案,在签名和验证阶段,新方案都不需要对运算,从而减少了计算量,提高了执行效率。在随机预言模型及离散对数问题是困难的假设下,证明了方案在适应性选择消息攻击下是存在性不可伪造的,且是无条件匿名的。
Certificateless Public Key Cryptography was introduced by Al-Riyami and Paterson in Aisacrypt' 2003. Certificateless public key cryptosystem overcomes the problem of the certificate management in the certificate-based public key cryptosystem, for the reason that there is no need of certificate to authenticating the user's public key. In addition, the user's private key does not singly generate by the KGC (Key Generation Center) in the certificateless public key cryptosystem, but jointly generate by the user and the KGC which make the private key is only known to the user himself. Thus, it overcomes the inherent key escrow problem in the identity-based public key cryptosystem.
Ring signatures can be viewed as simplified group signatures and provide anonymity and thus concurrent signatures constructed from ring signature are ambiguous. Ring signatures can provide full anonymity for there is no group manager in a ring signature scheme. So ring signatures become the hot research area and have been widely used in anonymous election selection, e-government, electronic cash system, key distribution in key management and multiparty secure computation. This paper mainly contributes to certificateless digital signatures schemes. The main works are as follows:
According to the security drawback of the Goya-Terada Certificateless Signature Scheme vulnerable to suffering from the public-key replacement attacks, by using" Binding technique", an improved certificateless signature scheme is proposed. The new scheme contains the merit of efficiency in the original scheme. The signing algorithm requires no pairing computations and one scalar multiplication on groups. The verification algorithm requires only one pairing operation, one scalar multiplication and two exponentiation operations. The security of the scheme is based on the intractability of the k-CAA (k-collision attack algorithm) Problem and the Discrete Logarithm Problem. The proposed scheme is existential unforgeable under adaptively chosen message attack for both types of adversaries in the random oracle model and makes up for the deficiency of security in the original scheme.
A certificateless ring signature based on the discrete logarithm problem is presented. The computation of pairings doesn't need in the process of signature and verification, consequently it reduce the cost of computation and increase the efficiency. The new scheme is also proved existentially unforgeable under adaptive chosen-message attacks and keeps unconditional anonymous in the random oracle model, assuming that the discrete logarithm problem is hard.
引文
[1]ISO7498-2. Information processing systems--open systems interconnection--reference model--Part2: Security architecture[S]. ISO.1989.
[2]Wenbo Mao. Modern Cryptography:Theory and Practice [M]. Prentice Hall PTR Inc,2003: 293-373.
[3]R Stinson.密码学原理与实践[M](第二版).冯登国译.北京:电子工业出版社,2003:78-82,131-185.
[4]D. Chaum. Blind signatures for untraceable payments[C]. In:Crypto'82, New York:Plenum Press, 1983:199-203.
[5]M. Stadler, JM. Piveteau, J. Camenisch. Fair blind signatures[C]. Lecture Notes in Computer Science, Berlin:Springer-Verlag,1995.
[6]M. Mambo, K. Usuda, E. Okamoto. Proxy signature for delegating signing operation[C]. In: Proceedings of the 3.th ACM Conference on Computer and Communications Security, NewDehli, India, ACM Press, New York,1996:48-57.
[7]D. Chaum, E. van Heyst. Group signatures[C]. In:Eurocypt'91, LNCS 547. Berlin:Springer-Verlag, 1991:257-265.
[8]R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret[C]. Advances in Cryptoloty-Asiacrypt'01, LNCS 2248, Berlin:Springer-Verlag,2001:552-565.
[9]D. Chaum, H. van Antwerpen. Undeniable Signatures[C]. Proc. of Crypto'89, LNCS 435, Berlin: Springer-Verlag,1989:212-216.
[10]Y. Desmedt, Y. Frankel. Threshold cryptosystems[C]. In:Crypto'89, LNCS 435, Springer-Verlag, Berlin,1990:307-315.
[11]Dan Boneh, Ben Lynn, and Hovav Shacham. Short Signatures from the Weil Pairing[C]. Adv in Cryptology-Asiacrypt 2001, LNCS 2248,2001:514-532.
[12]M. Jakobsson, R. Impagliazzo, R Impagliazzo. Designated verfier proofs and their applications [C]. Berlin:Springer-Verlag,1991:205-220.
[13]D. Chaum. Designated confirmer signatures[C]. In:Eurocypt'94, LNCS 950, Berlin: Springer-Verlag,1995:86-91.
[14]B. Pfitzmann, M. Waidner. Formal aspects of fail-stop signatures[R]. Fakultat for Informatik, University Karlsruhe,1990:22-90.
[15]M. Bellare, S. Miner. A forward-secure digital signaturescheme[C]. In:CRYPTO'99, LNCS 1666, Springer-Verlag,1999:431-448.
[16]S. Araki, S. Uehara, K. lmamura. The limited verifier signature and its application [J].1CICE Transactions on Fundamentals,1999, E82-A(1):63-68.
[17]C. Shannon. Communication theory of secrecy systems. Bell System Technical Journal [J]. Bell System Technical Journal,1949,28 (10):656-715.
[18]W. Dime, M. Hellman. New direction in cryptography [J]. IEEE Transactions on Information Theory, 1976, IT-22(6):644-654.
[19]C. Adams, S. Lloyd. Understanding Public-key Infrastructure:Concepts, Standards, and Deployment Considerations [M]. Macmillan Technical Publishing,1999.
[20]P Gutmann. PKI:It's not dead, just resting [J]. IEEE Computer,2002,35(8):41-49.
[21]A. Shamir. Identity-base cryptosystems and signature schemes [A]. Advances in Cryptology proceeding of Crypto 1984, Lecture Notes in Computer Science:Vol 196[C]. Berlin:Springer-Verlag, 1984:47-53.
[22]S. Al-Riyami, K. Paterson. Certificateless public key cryptography [A]. Advances in proceeding of Asiacrypt 2003, Lecture Notes in Computer Science:Vol2894 [C]. Berlin:2003:452-473.
[23]W. Mao. Modern cryptography:theory and practice [M]. New Jersey. Prentice Hall 2003. p.129.
[24]X. Huang, W. Susilo, Y. Mu and F. Zhang. On the security of certificateleas signature schemes from Asiacrypt 2003[A]. Advances in CANS 2005, Lecture Notes in Computer Science. Vol 3810[C]. Berlin:Springer-Verlag,2005:13-25.
[25]D. Yum, P. Lee. Generic construction of certificateless signature [A]. Advances in ACISP 2004, Lecture Notes in Computer Science:Vol 3108[C]. Berlin:Springer-Verlag,2004:200-211.
[26]S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks [J]. SIAM Journal of Computing,1988,17(2):281-308.
[27]M. Bellare, C. Namprempre and G Neven. Security proofs for identity-based identification and signature schemes [A]. Advances in Cryptology proceeding of Eurocrypt 2004, Lecture Notes in Computer Science:Vol 3027[C]. Berlin:Springer-Verlag,2004:268-286.
[28]B. Hu, D. Wong, Z. Zhang and X. Deng. Key replacement attack against a generic construction of certificateless signature [A].Advances in Privacy ACISP 2006, Lecture Notes in Computer Science: Vol 4058[C]. Berlin:Springer-Verlag,2006:235-246.
[29]C. Ma, Ao F and He D. Certificateless group inside signature [A]. Advances in ISADS 2005, 194-200.
[30]L. Wang, Z. Cao, X. Li and H. Qian. Certificatelesa threshold signature schemes [A]. Advances in CIS 2005, Lecture Notes in Artificial Intelligence 3802[C]. Berlin:Springer-Verlag,2005:104-109.
[31]X. Li, K. Chen and L. Sun. Certificateless signature and proxy signature schemes from bilinear pairings [J]. Lietuvos Matematikos Rinkinys,2005,45(1):76-83.
[32]H. Ju, D. Kim and D. Lee et al. Efficient revocation of security capability in certificateless public key cryptography [A]. Knowledge-Based Intelligent Information and Engineering Systems, Lecture
Notes in Computer Science:Vol 3682[C]. Berlin:Springer-Verlag,2005:453-459.
[33]M. Gorantla, A. Saxena. An efficient certificateless signature scheme [A]. Advances in Computational Intelligence and Security (CIS) 2005, LNAI Vol.3802[C]. Berlin:Springer-Verlag, 2005:110-116.
[34]X. Cao, K. Peterson and W. Kou. An attack on a certificateless signature scheme [OL]. Http://eprint.iacr.org/2006/367.
[35]W. Yap, S. Heng and B. Goi et al. An efficient certificateless signature scheme [A]. Emerging Directions in Embedded and Ubiquitous Computing, EUCWorkshops 2006, Lecture Notes in Computer Science:Vol 4097[C]. Berlin:Springer-Verlag,2006:322-331.
[36]J. Cha, J. Cheon. An identity-based signature from gap diffie-hellman groups [A]. Advances in PKC 2003, Lecture Notes in Computer Science:Vol 2567[C]. Berlin:Springer-Verlag,2003:18-30.
[37]Z. Zhang, D. Feng. Key replacement attack on a certificateless signature scheme [OL]. Http://eprint.iacr.org/2006/453.
[38]Z. Zhang, J. Xu and D. Feng. Certificateless public-key signature:security model and efficient construction [A]. Advances in ACNS X06, Lecture Notes in Computer Science:Vol 3989[C]. Berlin: Springer-Verlag,2006:293-308.
[39]B. Libert, J. Quisquater. The exact security of an identity based signature and its applications [OL]. Http://eprint.iacx.org/2004/102.
[40]X. Huang, W. Susilo, Y. Mu and F. Zhang. Certificateless designated verifier signature schemes [A]. Advances in AINA 2006, Vol 2[C]. IEEE Computer,2006:15-19.
[41]M. Bellare, P. Rogaway. Random oracles are practical:a paradigm for designing efficient protocols [A]. First ACM Conference on Computer and Communications Security[C]. New York:ACM Press, 1993:62-73.
[42]徐倩,张福泰,刘志高,黄欣沂.无证书的环签名方案[[J].计算机工程与应用,2006(2):116-120.
[43]吴问娣,曾吉文.一种无证书的环签名方案和一个基于身份的多重签名方案[J].数学研究,2006,39(2):155-163.
[44]M. Au, J. Chen, J. Liu and Y. Mu et al. Malicious KGC attacks in certificateless cryptography [OL]. Http://eprint.iacr.org/2006/255.
[45]R.Rivest, A. Shamir, and Y. Tauman. How to leak a secret[C]. Advances in Cryptoloty-Asiacrypt'01, LNCS 2248, Berlin. Springer-Verlag,2001:552-565.
[46]P. Montgomery. Speeding the pollard and elliptic curve methods of facto rization. Mathematics of Computation,1987,48:243-264.
[47]WenBo Mao.现代密码学理论与实践(第一版)[M].北京:电子工业出版社,2004:261-262.
[48]Ran Canetti. The Decisional Diffie-Hellman assumption[R]. IBM Research, December 18,2002:5.
[49]S. Mitsunari, R. Sakai and M. Kasahara. A new traitor tracing. EICE Trans. Vol. E85-A, No.2, pp. 481-484,2002.
[50]A. Aho, J. Hopcroft, J. Ullman. The Design and Analysis of Computer AIgorithms[C]. Addison Wesley Reading Mass,1974.
[51]D. Knuth. The Art of Computer Programming.Seminumerical Algorithms. Addison-Wesley, Reading, Mass[C],1969,2:459-462.
[52]G H. Goya. Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de cha publica sem certificado. Master's thesis, USP (2006).
[53]Rafael Castro, Ricardo Dahab. Two Notes on the Security of Certificateless Signatures [A]. In:W. Susilo, J. K. Liu, and Y. Mu. (Eds):ProvSec 2007, LNCS 4784, pp.85-102,2007[C]. Springer-Verlag Berlin Heidelberg 2007.
[54]Yu Long, Kefei Chen. Certificateless threshold cryptosystem secure against chosen-ciphertext attack. Available online at:www.sciencedirect.com. Information Sciences 177 (2007) 5620-5637.
[55]Lei Zhang, Futai Zhang, and Fangguo Zhang. New Efficient Certificateless Signature Scheme [A]. M. Denko et al. (Eds.):EUC Workshops 2007, LNCS 4809, pp.692-703,2007. IFIP International Federation for Information Processing 2007.
[56]M. ABE, M. OHKUBO, K. SUZUKI.1-out-of-n signatures from avariety of keys [A]. Proc-ASIACRYPT02 [C]. Springer-Verlag,2002:415-432.
[57]F G ZHANG, K. KIM. ID-based blind signature and ring signature from pairings [A]. Proc-ASIACRYPT02[C]. Springer-Verlag 2002:533-547.
[58]E. BRESSON, J. STERN, M. SZYDLO. Threshold ring signatures and applications to ad-hoc groups [A]. Proc CRYPTO'02[C]. Springer-Verlag,2002:465-480.
[59]Fangguo Zhang and K.Kim. ID_based Bind Signature and Ring Singnature from Pairings [A]. Proc.ofAsiacrot.LNCS 2501.Snrineer VerlaQ.2002:533-547.
[60]LV. JiQiang, X M. WANG Verifiable ring signature [A]. DMS Proceedings[C]. USA,2003:663-665.
[61]F G ZHANG, S N. REIHANEH, C Y. LIN. New Proxy Signature, Proxy blind signature and proxy ring signature schemes from bilinear pairings [EB/OL]. http://eprint.iacr.org/2003/104.2003.
[62]伍前红,王继林,王育民.基于离散对数公钥的t-out-of-n环签名[A],密码学进展-ChinaCrypt'04[C].北京,2004:209-214.
[63]PP. TSANG, V K. WEI. Short linkable ring signatures for E-voting, E-cash and attestation [A]. ISPEC 2005 [C]. Springer-Verlag 2005:48-60.
[64]Q. LEI,Z T. JIANG, Y M. WANG Ring-based anonymous finger-printing scheme [A]. CIS 2005[C]. Springer-Verlag,2005:1080-1085.
[65]J. Herranz. Some digital signature schemes with collective signers [A]. PhD thesis, Universitat Politecnica de Catalunya, Barcelona, April 2005. Available at http:// www.tdx.cat/TDX-0518105-161043/.
[66]Yinxia Sun, Futai Zhang, Joonsang Baek. Strongly Secure Certificateless Public Key Encryption Without Pairing [A]. CANS 2007:194-208.
[67]J. Herrenz, G Saez. Forking lemmas for ring signature schemes [A]. Proceedings of Indocrypt 2003 LNCS 2904[C], Springer-Verlag,2003,266-279.
[2]Wenbo Mao. Modern Cryptography:Theory and Practice [M]. Prentice Hall PTR Inc,2003: 293-373.
[3]R Stinson.密码学原理与实践[M](第二版).冯登国译.北京:电子工业出版社,2003:78-82,131-185.
[4]D. Chaum. Blind signatures for untraceable payments[C]. In:Crypto'82, New York:Plenum Press, 1983:199-203.
[5]M. Stadler, JM. Piveteau, J. Camenisch. Fair blind signatures[C]. Lecture Notes in Computer Science, Berlin:Springer-Verlag,1995.
[6]M. Mambo, K. Usuda, E. Okamoto. Proxy signature for delegating signing operation[C]. In: Proceedings of the 3.th ACM Conference on Computer and Communications Security, NewDehli, India, ACM Press, New York,1996:48-57.
[7]D. Chaum, E. van Heyst. Group signatures[C]. In:Eurocypt'91, LNCS 547. Berlin:Springer-Verlag, 1991:257-265.
[8]R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret[C]. Advances in Cryptoloty-Asiacrypt'01, LNCS 2248, Berlin:Springer-Verlag,2001:552-565.
[9]D. Chaum, H. van Antwerpen. Undeniable Signatures[C]. Proc. of Crypto'89, LNCS 435, Berlin: Springer-Verlag,1989:212-216.
[10]Y. Desmedt, Y. Frankel. Threshold cryptosystems[C]. In:Crypto'89, LNCS 435, Springer-Verlag, Berlin,1990:307-315.
[11]Dan Boneh, Ben Lynn, and Hovav Shacham. Short Signatures from the Weil Pairing[C]. Adv in Cryptology-Asiacrypt 2001, LNCS 2248,2001:514-532.
[12]M. Jakobsson, R. Impagliazzo, R Impagliazzo. Designated verfier proofs and their applications [C]. Berlin:Springer-Verlag,1991:205-220.
[13]D. Chaum. Designated confirmer signatures[C]. In:Eurocypt'94, LNCS 950, Berlin: Springer-Verlag,1995:86-91.
[14]B. Pfitzmann, M. Waidner. Formal aspects of fail-stop signatures[R]. Fakultat for Informatik, University Karlsruhe,1990:22-90.
[15]M. Bellare, S. Miner. A forward-secure digital signaturescheme[C]. In:CRYPTO'99, LNCS 1666, Springer-Verlag,1999:431-448.
[16]S. Araki, S. Uehara, K. lmamura. The limited verifier signature and its application [J].1CICE Transactions on Fundamentals,1999, E82-A(1):63-68.
[17]C. Shannon. Communication theory of secrecy systems. Bell System Technical Journal [J]. Bell System Technical Journal,1949,28 (10):656-715.
[18]W. Dime, M. Hellman. New direction in cryptography [J]. IEEE Transactions on Information Theory, 1976, IT-22(6):644-654.
[19]C. Adams, S. Lloyd. Understanding Public-key Infrastructure:Concepts, Standards, and Deployment Considerations [M]. Macmillan Technical Publishing,1999.
[20]P Gutmann. PKI:It's not dead, just resting [J]. IEEE Computer,2002,35(8):41-49.
[21]A. Shamir. Identity-base cryptosystems and signature schemes [A]. Advances in Cryptology proceeding of Crypto 1984, Lecture Notes in Computer Science:Vol 196[C]. Berlin:Springer-Verlag, 1984:47-53.
[22]S. Al-Riyami, K. Paterson. Certificateless public key cryptography [A]. Advances in proceeding of Asiacrypt 2003, Lecture Notes in Computer Science:Vol2894 [C]. Berlin:2003:452-473.
[23]W. Mao. Modern cryptography:theory and practice [M]. New Jersey. Prentice Hall 2003. p.129.
[24]X. Huang, W. Susilo, Y. Mu and F. Zhang. On the security of certificateleas signature schemes from Asiacrypt 2003[A]. Advances in CANS 2005, Lecture Notes in Computer Science. Vol 3810[C]. Berlin:Springer-Verlag,2005:13-25.
[25]D. Yum, P. Lee. Generic construction of certificateless signature [A]. Advances in ACISP 2004, Lecture Notes in Computer Science:Vol 3108[C]. Berlin:Springer-Verlag,2004:200-211.
[26]S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks [J]. SIAM Journal of Computing,1988,17(2):281-308.
[27]M. Bellare, C. Namprempre and G Neven. Security proofs for identity-based identification and signature schemes [A]. Advances in Cryptology proceeding of Eurocrypt 2004, Lecture Notes in Computer Science:Vol 3027[C]. Berlin:Springer-Verlag,2004:268-286.
[28]B. Hu, D. Wong, Z. Zhang and X. Deng. Key replacement attack against a generic construction of certificateless signature [A].Advances in Privacy ACISP 2006, Lecture Notes in Computer Science: Vol 4058[C]. Berlin:Springer-Verlag,2006:235-246.
[29]C. Ma, Ao F and He D. Certificateless group inside signature [A]. Advances in ISADS 2005, 194-200.
[30]L. Wang, Z. Cao, X. Li and H. Qian. Certificatelesa threshold signature schemes [A]. Advances in CIS 2005, Lecture Notes in Artificial Intelligence 3802[C]. Berlin:Springer-Verlag,2005:104-109.
[31]X. Li, K. Chen and L. Sun. Certificateless signature and proxy signature schemes from bilinear pairings [J]. Lietuvos Matematikos Rinkinys,2005,45(1):76-83.
[32]H. Ju, D. Kim and D. Lee et al. Efficient revocation of security capability in certificateless public key cryptography [A]. Knowledge-Based Intelligent Information and Engineering Systems, Lecture
Notes in Computer Science:Vol 3682[C]. Berlin:Springer-Verlag,2005:453-459.
[33]M. Gorantla, A. Saxena. An efficient certificateless signature scheme [A]. Advances in Computational Intelligence and Security (CIS) 2005, LNAI Vol.3802[C]. Berlin:Springer-Verlag, 2005:110-116.
[34]X. Cao, K. Peterson and W. Kou. An attack on a certificateless signature scheme [OL]. Http://eprint.iacr.org/2006/367.
[35]W. Yap, S. Heng and B. Goi et al. An efficient certificateless signature scheme [A]. Emerging Directions in Embedded and Ubiquitous Computing, EUCWorkshops 2006, Lecture Notes in Computer Science:Vol 4097[C]. Berlin:Springer-Verlag,2006:322-331.
[36]J. Cha, J. Cheon. An identity-based signature from gap diffie-hellman groups [A]. Advances in PKC 2003, Lecture Notes in Computer Science:Vol 2567[C]. Berlin:Springer-Verlag,2003:18-30.
[37]Z. Zhang, D. Feng. Key replacement attack on a certificateless signature scheme [OL]. Http://eprint.iacr.org/2006/453.
[38]Z. Zhang, J. Xu and D. Feng. Certificateless public-key signature:security model and efficient construction [A]. Advances in ACNS X06, Lecture Notes in Computer Science:Vol 3989[C]. Berlin: Springer-Verlag,2006:293-308.
[39]B. Libert, J. Quisquater. The exact security of an identity based signature and its applications [OL]. Http://eprint.iacx.org/2004/102.
[40]X. Huang, W. Susilo, Y. Mu and F. Zhang. Certificateless designated verifier signature schemes [A]. Advances in AINA 2006, Vol 2[C]. IEEE Computer,2006:15-19.
[41]M. Bellare, P. Rogaway. Random oracles are practical:a paradigm for designing efficient protocols [A]. First ACM Conference on Computer and Communications Security[C]. New York:ACM Press, 1993:62-73.
[42]徐倩,张福泰,刘志高,黄欣沂.无证书的环签名方案[[J].计算机工程与应用,2006(2):116-120.
[43]吴问娣,曾吉文.一种无证书的环签名方案和一个基于身份的多重签名方案[J].数学研究,2006,39(2):155-163.
[44]M. Au, J. Chen, J. Liu and Y. Mu et al. Malicious KGC attacks in certificateless cryptography [OL]. Http://eprint.iacr.org/2006/255.
[45]R.Rivest, A. Shamir, and Y. Tauman. How to leak a secret[C]. Advances in Cryptoloty-Asiacrypt'01, LNCS 2248, Berlin. Springer-Verlag,2001:552-565.
[46]P. Montgomery. Speeding the pollard and elliptic curve methods of facto rization. Mathematics of Computation,1987,48:243-264.
[47]WenBo Mao.现代密码学理论与实践(第一版)[M].北京:电子工业出版社,2004:261-262.
[48]Ran Canetti. The Decisional Diffie-Hellman assumption[R]. IBM Research, December 18,2002:5.
[49]S. Mitsunari, R. Sakai and M. Kasahara. A new traitor tracing. EICE Trans. Vol. E85-A, No.2, pp. 481-484,2002.
[50]A. Aho, J. Hopcroft, J. Ullman. The Design and Analysis of Computer AIgorithms[C]. Addison Wesley Reading Mass,1974.
[51]D. Knuth. The Art of Computer Programming.Seminumerical Algorithms. Addison-Wesley, Reading, Mass[C],1969,2:459-462.
[52]G H. Goya. Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de cha publica sem certificado. Master's thesis, USP (2006).
[53]Rafael Castro, Ricardo Dahab. Two Notes on the Security of Certificateless Signatures [A]. In:W. Susilo, J. K. Liu, and Y. Mu. (Eds):ProvSec 2007, LNCS 4784, pp.85-102,2007[C]. Springer-Verlag Berlin Heidelberg 2007.
[54]Yu Long, Kefei Chen. Certificateless threshold cryptosystem secure against chosen-ciphertext attack. Available online at:www.sciencedirect.com. Information Sciences 177 (2007) 5620-5637.
[55]Lei Zhang, Futai Zhang, and Fangguo Zhang. New Efficient Certificateless Signature Scheme [A]. M. Denko et al. (Eds.):EUC Workshops 2007, LNCS 4809, pp.692-703,2007. IFIP International Federation for Information Processing 2007.
[56]M. ABE, M. OHKUBO, K. SUZUKI.1-out-of-n signatures from avariety of keys [A]. Proc-ASIACRYPT02 [C]. Springer-Verlag,2002:415-432.
[57]F G ZHANG, K. KIM. ID-based blind signature and ring signature from pairings [A]. Proc-ASIACRYPT02[C]. Springer-Verlag 2002:533-547.
[58]E. BRESSON, J. STERN, M. SZYDLO. Threshold ring signatures and applications to ad-hoc groups [A]. Proc CRYPTO'02[C]. Springer-Verlag,2002:465-480.
[59]Fangguo Zhang and K.Kim. ID_based Bind Signature and Ring Singnature from Pairings [A]. Proc.ofAsiacrot.LNCS 2501.Snrineer VerlaQ.2002:533-547.
[60]LV. JiQiang, X M. WANG Verifiable ring signature [A]. DMS Proceedings[C]. USA,2003:663-665.
[61]F G ZHANG, S N. REIHANEH, C Y. LIN. New Proxy Signature, Proxy blind signature and proxy ring signature schemes from bilinear pairings [EB/OL]. http://eprint.iacr.org/2003/104.2003.
[62]伍前红,王继林,王育民.基于离散对数公钥的t-out-of-n环签名[A],密码学进展-ChinaCrypt'04[C].北京,2004:209-214.
[63]PP. TSANG, V K. WEI. Short linkable ring signatures for E-voting, E-cash and attestation [A]. ISPEC 2005 [C]. Springer-Verlag 2005:48-60.
[64]Q. LEI,Z T. JIANG, Y M. WANG Ring-based anonymous finger-printing scheme [A]. CIS 2005[C]. Springer-Verlag,2005:1080-1085.
[65]J. Herranz. Some digital signature schemes with collective signers [A]. PhD thesis, Universitat Politecnica de Catalunya, Barcelona, April 2005. Available at http:// www.tdx.cat/TDX-0518105-161043/.
[66]Yinxia Sun, Futai Zhang, Joonsang Baek. Strongly Secure Certificateless Public Key Encryption Without Pairing [A]. CANS 2007:194-208.
[67]J. Herrenz, G Saez. Forking lemmas for ring signature schemes [A]. Proceedings of Indocrypt 2003 LNCS 2904[C], Springer-Verlag,2003,266-279.