具有特殊性质的数字签名体制研究
|
摘要
信息安全是信息社会急需解决的最重要问题之一, 它已成为信息科学领域的一个重要的新兴学科. 数字签名技术是提供认证性、完整性和不可否认性的重要技术, 因而是信息安全的核心技术之一, 是安全电子商务和安全电子政务的关键技术之一. 随着对数字签名研究的不断深入, 随着电子商务、电子政务的快速发展, 简单模拟手写签名的一般数字签名已不能完全满足需要, 研究具有特殊性质的数字签名成为数字签名的主要研究方向.
本文主要讨论基于身份的签名、(部分)盲签名、不可传递签名、群签名等4种具有特殊性质的数字签名, 也涉及了多重签名.
本文的主要成果有:
1. 从验证方程入手较全面地讨论了基于双线性对的基于身份的数字签名方案的构造方法, 构造出14 个基于双线性对的基于身份的签名方案, 然后对它们进行效率上的优化, 得到在效率上和签名长度都有显著改进的7 个高效方案和7 个Schnorr 型方案. 讨论了这3 类方案的安全性, 证明了其中12 个方案在随机预言机模型下抗适应性选择消息存在伪造攻击和身份攻击.
2. 从盲化函数的代数形式入手给出盲化函数的构造方法, 完整地解决了基于离散对数数字签名的盲化问题, 对可盲化的情况给出统一的最一般的盲化方案, 对不可盲化的情况证明其不可盲化. 我们的一般盲化方案引入了3 个参数, 这3 个参数中只要有2 个是独立随机的就可以保证盲性, 现有的所有基于离散对数数字签名的盲化方案都只有2 个随机参数, 它们都可以由我们的盲化方法得到. 我们还证明ElGamal 签名和DSA 签名方案都是不可盲化的, 从而否定性地解决了长期没有解决的这两个方案的盲化问题.
3. 讨论基于身份数字签名的一般性盲化方法, 给出本文所提出的基于双线性对的基于身份签名方案的盲化方案, 得到70 多个基于身份的盲签名方案, 效率分析表明其中有40 多个方案都比目前仅有的2 个基于双线性对的基于身份的盲签名方案高效, 其中最优方案的计算量还不到已有方案的一半.
4. 提出一个基于双线性对的基于身份的部分盲签名方案, 并证明其在CDHP困难性假设下是不可伪造的(非并行攻击下).
5. 对一个指名签名方案和一个指名代理签名方案进行分析, 指出这两个方案都不具有指名性质. 将指名签名的概念扩展成可转换指名签名, 给出其正式定义, 并提出2 个可转换指名签名方案, 还基于本文的指名签名方案提出可转换指名代理签名方案.
6. 提出可转换不可传递部分盲签名的概念, 并给出一个(非并行攻击下)可证
Information security is one of the most important problems in modern information society and becomes a new important subject in the information science. Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-governance. As the deepening of digital signature research and the rapid development of E-commerce and E-governance, the standard signature, which is a simple simulacrum of handwritten signature, can not still meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature.
In this thesis, we discuss some digital signatures with additional properties, including identity-based (simply ID-based) signature, (partially) blind signature, untransferable signature, group signature and multi-signature. The main contributions are as follows.
We discuss the construct method of ID-based signatures from bilinear pairings by detailed analyzing their verification equations, thus propose fourteen ID-based signature schemes. After optimizing those schemes in efficiency, we present seven efficient ID-based signature schemes and seven Schnorr-type ID-based signature schemes with a distinct improvement both in computation efficiency and in the length of signatures. We also discuss the security of the proposed schemes and prove twelve schemes can against existential forgery on adaptively chosen message and ID attack under the random oracle model.
We present a general method to construct blinding functions of discrete-logarithm-based (simply DL-based ) blind signature schemes by analyzing the algebraic form of blinding function, thus solve the problem of blinding DL-based signature schemes completely. We give a general blinding technique for the blindable schemes to obtain their corresponding blind signature schemes while give a proof for the case of unblindable. All DL-based blind signature schemes available can be obtained by our general blinding technique.
We discuss the general blinding technique for ID-based signatures from bilinear pairings and propose more than seventy ID-based blind signature schemes. Efficiency analysis shows that more than forty of our schemes are more efficient than two available ID-based blind signature from bilinear pairings schemes. We also propose an ID-based partially blind signature from bilinear pairings scheme and prove it can against
existential forgery on adaptively chosen message and ID attack under the random oracle model (non parallel attack).
We show that a nominative signature and a nominative proxy signature are not nominative. Then we extend the concept of nominative signature to the convertible nominative signature, in which the nominee can convert given nominative signatures into universally verifiable signatures. We give a formal definition for it and propose two convertible nominative signature schemes and a convertible nominative proxy signature scheme based on our nominative signature scheme.
We introduce a new concept of convertible untransferable partially blind signature, in which only the designated verifier(s) can verify and confirm the validity of given signatures and convert given signatures into universally verifiable signatures, along with a formal definition for it and a provably secure scheme that implements it. The proposed scheme has an advantage that it can issue convertible undeniable partially blind signatures, convertible directed partially blind signatures, convertible designated confirmer partially blind signatures, convertible nominative partially blind signatures, and universally verifiable partially blind signatures using the same signature issuing protocol. We also propose a convertible user designating confirmer partially blind signature scheme, a convertible undeniable partially blind signature scheme, a convertible directed partially blind signature scheme, and a convertible nominative partially blind signature scheme.
We improve the Camenisch’s group signature scheme by improving the 1-out-of-n signature of knowledge used in the scheme. As a result, the lengths of the signatures of the improvement is about a half that of the original. Then we show that a member deletion scheme of group signature cannot delete any group member and propose a forward-secure member deletion scheme using the Public-Key State List and the Trusted Timestamp. Thus the improper view that Certificate Revocation List approach is unsuitable for group signatures is corrected. We also introduce a new concept of the authorized group signature and propose an authorized group signature scheme to implement it.
We propose a multi-signature scheme, which allows mixture use of DL and RSA-type keys. Based on the proposed multi-signature scheme, we propose an anonymous threshold subliminal channel scheme, in which the subliminal message sender is indistinguishable.
本文主要讨论基于身份的签名、(部分)盲签名、不可传递签名、群签名等4种具有特殊性质的数字签名, 也涉及了多重签名.
本文的主要成果有:
1. 从验证方程入手较全面地讨论了基于双线性对的基于身份的数字签名方案的构造方法, 构造出14 个基于双线性对的基于身份的签名方案, 然后对它们进行效率上的优化, 得到在效率上和签名长度都有显著改进的7 个高效方案和7 个Schnorr 型方案. 讨论了这3 类方案的安全性, 证明了其中12 个方案在随机预言机模型下抗适应性选择消息存在伪造攻击和身份攻击.
2. 从盲化函数的代数形式入手给出盲化函数的构造方法, 完整地解决了基于离散对数数字签名的盲化问题, 对可盲化的情况给出统一的最一般的盲化方案, 对不可盲化的情况证明其不可盲化. 我们的一般盲化方案引入了3 个参数, 这3 个参数中只要有2 个是独立随机的就可以保证盲性, 现有的所有基于离散对数数字签名的盲化方案都只有2 个随机参数, 它们都可以由我们的盲化方法得到. 我们还证明ElGamal 签名和DSA 签名方案都是不可盲化的, 从而否定性地解决了长期没有解决的这两个方案的盲化问题.
3. 讨论基于身份数字签名的一般性盲化方法, 给出本文所提出的基于双线性对的基于身份签名方案的盲化方案, 得到70 多个基于身份的盲签名方案, 效率分析表明其中有40 多个方案都比目前仅有的2 个基于双线性对的基于身份的盲签名方案高效, 其中最优方案的计算量还不到已有方案的一半.
4. 提出一个基于双线性对的基于身份的部分盲签名方案, 并证明其在CDHP困难性假设下是不可伪造的(非并行攻击下).
5. 对一个指名签名方案和一个指名代理签名方案进行分析, 指出这两个方案都不具有指名性质. 将指名签名的概念扩展成可转换指名签名, 给出其正式定义, 并提出2 个可转换指名签名方案, 还基于本文的指名签名方案提出可转换指名代理签名方案.
6. 提出可转换不可传递部分盲签名的概念, 并给出一个(非并行攻击下)可证
Information security is one of the most important problems in modern information society and becomes a new important subject in the information science. Digital signature, which can prove authentication, integrity and non-repudiation, is one of the key techniques of information security and plays a very important role in E-commerce and E-governance. As the deepening of digital signature research and the rapid development of E-commerce and E-governance, the standard signature, which is a simple simulacrum of handwritten signature, can not still meet the need in practice, thus making research on the digital signatures with additional properties becomes a main research direction in digital signature.
In this thesis, we discuss some digital signatures with additional properties, including identity-based (simply ID-based) signature, (partially) blind signature, untransferable signature, group signature and multi-signature. The main contributions are as follows.
We discuss the construct method of ID-based signatures from bilinear pairings by detailed analyzing their verification equations, thus propose fourteen ID-based signature schemes. After optimizing those schemes in efficiency, we present seven efficient ID-based signature schemes and seven Schnorr-type ID-based signature schemes with a distinct improvement both in computation efficiency and in the length of signatures. We also discuss the security of the proposed schemes and prove twelve schemes can against existential forgery on adaptively chosen message and ID attack under the random oracle model.
We present a general method to construct blinding functions of discrete-logarithm-based (simply DL-based ) blind signature schemes by analyzing the algebraic form of blinding function, thus solve the problem of blinding DL-based signature schemes completely. We give a general blinding technique for the blindable schemes to obtain their corresponding blind signature schemes while give a proof for the case of unblindable. All DL-based blind signature schemes available can be obtained by our general blinding technique.
We discuss the general blinding technique for ID-based signatures from bilinear pairings and propose more than seventy ID-based blind signature schemes. Efficiency analysis shows that more than forty of our schemes are more efficient than two available ID-based blind signature from bilinear pairings schemes. We also propose an ID-based partially blind signature from bilinear pairings scheme and prove it can against
existential forgery on adaptively chosen message and ID attack under the random oracle model (non parallel attack).
We show that a nominative signature and a nominative proxy signature are not nominative. Then we extend the concept of nominative signature to the convertible nominative signature, in which the nominee can convert given nominative signatures into universally verifiable signatures. We give a formal definition for it and propose two convertible nominative signature schemes and a convertible nominative proxy signature scheme based on our nominative signature scheme.
We introduce a new concept of convertible untransferable partially blind signature, in which only the designated verifier(s) can verify and confirm the validity of given signatures and convert given signatures into universally verifiable signatures, along with a formal definition for it and a provably secure scheme that implements it. The proposed scheme has an advantage that it can issue convertible undeniable partially blind signatures, convertible directed partially blind signatures, convertible designated confirmer partially blind signatures, convertible nominative partially blind signatures, and universally verifiable partially blind signatures using the same signature issuing protocol. We also propose a convertible user designating confirmer partially blind signature scheme, a convertible undeniable partially blind signature scheme, a convertible directed partially blind signature scheme, and a convertible nominative partially blind signature scheme.
We improve the Camenisch’s group signature scheme by improving the 1-out-of-n signature of knowledge used in the scheme. As a result, the lengths of the signatures of the improvement is about a half that of the original. Then we show that a member deletion scheme of group signature cannot delete any group member and propose a forward-secure member deletion scheme using the Public-Key State List and the Trusted Timestamp. Thus the improper view that Certificate Revocation List approach is unsuitable for group signatures is corrected. We also introduce a new concept of the authorized group signature and propose an authorized group signature scheme to implement it.
We propose a multi-signature scheme, which allows mixture use of DL and RSA-type keys. Based on the proposed multi-signature scheme, we propose an anonymous threshold subliminal channel scheme, in which the subliminal message sender is indistinguishable.
引文
[1] Shannon C E. A mathematical theory of communication. Bell System Technical Journal, 1948, 27(4): 397-423.
[2] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 11, 22(6): 644-654.
[3] Rivest R, Shamir A and Adleman L. A method for obtaining digital signatures and public key cryptosystems. Communications of ACM, 1978, 21(2): 120-126.
[4] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory, 1985, IT-31(4): 469-472.
[5] Schnorr C P. Efficient identification and signatures for smart cards. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.239-252.
[6] Rabin M. Digital signatures and public-key functions as intractable as factorization. MIT Lab of Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
[7] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S. Department of Commerce, May 1994.
[8] Okamoto T. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology —CRYPTO’92, LNCS 740, Springer-Verlag, Berlin, 1992, pp.31-53.
[9] Fiat A and Shamir A. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology—CRYPTO’86, LNCS 263, Springer-Verlag, Berlin, 1986, pp.186-194.
[10] Chaum D. Blind signatures for untraceable payments. Advances in Cryptology —Proceedings of Crypto’82, Prenum Publishing Corporation, 1982. pp. 199-204.
[11] Itakura K, Nakamura K. A public key cryptosystem suitable for digital multi-signature. NEC Research and Development, 1983, (71): 1-8.
[12] Chaum D. and van Antwerpen H. Undeniable signatures, Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.212-216.
[13] Even S, Goldreich O and Micali S. On-line/Off-line digital signatures. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 263-277
[14] Fiat A. Batch RSA. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 175-185.
[15] De Soete M, Quisquater J J and Vedder K. A signature with shared verification scheme. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 253-262.
[16] Desmedt Y and Frankel Y. Shared generation of authentication and signature. Advances in Cryptology-CRYPTO’91, LNCS 576, Springer-Verlag, Berlin, 1991, pp 457-469
[17] Chaum D and Heyst E. Group signatures. Advances in Cryptology —EUROCRYPT'91 , LNCS 547, Springer-Verlag, Berlin, 1992. pp. 257-265.
[18] Pfitzmann B. and Waidner M. Fail-stop signature and their application. SECURCOM’91, 145-160.
[19] Goldwasser S, Ostrovsky R. Invariant signatures and non-interactive zero-knowledge proofs are equivalent. Advances in Cryptology —CRYPTO’92, LNCS 740, Springer-Verlag, Berlin, 1992, pp. 228-245.
[20] Lim C and Lee P. Modified Maurer-Yacobi’s scheme and its applications. Advances in Cryptology —AUSCRYPT’92, LNCS 718, Springer-Verlag, Berlin, 1992, pp.308-323.
[21] Nyberg K and Rueppel R. A new signature scheme based on the DSA giving message recovery. 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp.58-61.
[22] Nyberg K and Rueppel R. Message recovery for signature schemes based on the discrete logarithm problem. Advances in Cryptology—EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1995, pp.182-193.
[23] Chaum D. Designated confirmer signatures. Advances in Cryptology —EUROCYPT’94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.86-91.
[24] Kim S, Park S and Won D. Zero-knowledge nominative signatures Proc. of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, Czech, Prague, September 30 -October 3, 1996, pp.380-392.
[25] Mambo M, Usuda K and Okamoto E. Proxy signature. Proceedings of the 1995 Symposium on Cryptography and information security(SCIS’95), Inuyama, Japan, 147-158, Jan, 24-27, 1995.
[26] Zheng Y. Digital signcryption or how to achieve Cost (signature & encryption) << Cost(signature) + Cost(encryption). Advances in Cryptology –CRYPTO '97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.165-179.
[27] Jakobasson M, Yung M. Distributed 'Magic ink' signatures. Advances in Cryptology –EUROCRYPT' 97, LNCS 1233, Springer-Verlag, Berlin, 1997, pp.450-464.
[28] Rivest R. Two new signature schemes. Presented at Cambridge seminar. see http://www.cl.cam. ac.uk/Research/Security/seminars/2000/rivest-tss.pdf, 2001.
[29] Krawczyk H and Rabin T. Chameleon signatures. Proceedings of NDSS 2000, pp.143-154.
[30] Rivest R, Shamir A and Tauman Y. How to leak a secret. Advances in Cryptology—ASIACRYPT '01, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.552-565.
[31] Micali S, Rivest R. Transitive signature schemes. Topics in Cryptology -CT-RSA’02, LNCS 2271, Springer-Verlag, Berlin, 2002, pp.236 –243.
[32] Johnson R, Molnar D, Song D et al. Homomorphic Signature Schemes. Topics in Cryptology -CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp.244–262.
[33] Lee B and Kim K. Self-certified signatures. INDOCRYPT 2002, LNCS 2551, Springer-Verlag, Berlin, 2002, pp. 199–214.
[34] Boneh D, Gentry C, Lynn B. et al. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology –EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 416–432.
[35] Lysyanskaya A. and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[36] Zhang K. Threshold proxy signature schemes. Information Security Workshop, Japan, 1997.
[37] Tan Z, Liu Z and Tang C. Digital proxy blind signature schemes based on DLP and ECDLP. MM Research Preprints, No. 21, December 2002, MMRC, AMSS, Academia, Sinica, Beijing, pp.212–217.
[38] Yi L, Bai G, Xiao G. Proxy multisignature -a new type of proxy signature schemes. Electronics Letters, 2000, 36(6): 527-528.
[39] Juang W and Lei C. Blind threshold signatures based on discrete logarithm. Proc. of Second Asian Computing Science Conference on Programming, Concurrency and Parallelism, Networking and Security, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181.
[40] Koblitz N. Elliptic curve cryptosystems. Mathematics of Computation, 1987, 48(177):203-209.
[41] Miller V S. Use of elliptic curve in cryptography. Advances in Cryptology—CRYPTO'85, LNCS 218, Springer-Verlag, Berlin, 1986, pp.417-426.
[42] Koblitz N. Hyperelliptic cryptography, J. of Crypto., 1989,1(3):139-150.
[43] Johson D, Menezes A. The elliptic curve digital signature algorithm. Technical Report, CORR99-31, Canada: Department of Combinatorics and Optimization, University of Waterloo, 1999.
[44] ANSI X9.62. Public Key Cryptography for the financial services industry: the elliptic curve digital signature algorthm (ECDSA), 1999.
[45] Shamir A. Identity-based cryptosystems and signature schemes. Advances in Cryptology -CRYPTO’84, LNCS 196, Springer-Verlag, Berlin, 1984, pp.47–53.
[46] Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385–394.
[47] Sakai R, Ohgishi K and Kasahara M. Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, 2000, pp.26-28.
[48] Paterson K G. ID-based signatures from pairings on elliptic curves. Electronic Letters, 2002, 38(18): 1025–1026.
[49] Yi X. An identity-based signature scheme from the Weil pairing. IEEE Communications Letters, 2003, 7(2): 76–78.
[50] Cha J and Cheon J. An identity-based signature from Gap Diffie-Hellman groups. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp.18–30.
[51] Hess F. Efficient identity based signature schemes based on pairings. SAC 2002, LNCS 2595, Springer-Verlag, Berlin, 2003, pp. 310–324.
[52] Zhang F, Kim K. ID-based blind signature and ring signature from pairings. Advances in Cryptology -ASIACRYPT 2002, LNCS 2501, Springer-Verlag, Berlin, 2002, pp.533-547.
[53] Zhang F, Safavi-Naini R and Susilo W. An efficient signature scheme from bilinear pairings and it’s applications. PKC 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp.277-290.
[54] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. INDOCRYPT 2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[55] Susilo W, Mu Y. Non-interactive deniable ring authentication, ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2003, pp.397 -412.
[56] Zhang F, Safavi-Naini R and Susilo W. ID-based chameleon hashes from bilinear pairings. http://www.iacr.org/2003/208.
[57] http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible.htm
[58] http://www.tcs.hut.fi/~helger/crypto/link/signature/
[59] Pointcheval D and Stern J. Security arguments for digital signatures and blind signatures, J. of Cryptology, 2000, 13, pp. 361–396.
[60] Pointcheval D and Stern J. Security proofs for signature schemes. Advances in Cryptology -Eurocrypt'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.387-398.
[61] Pointcheval D and Stern J. Provably secure blind signature schemes. Advances in Cryptology -Asiacrypt '96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.252-265.
[62] Coron J. On the exact security of full domain hash. Advances in Cryptology -Crypto'00, LNCS 1880, Springer-Verlag, Berlin, pp.229-235.
[63] Coron J. Optimal security proofs for PSS and other signature schemes. Advances in Cryptology -Eurocrypt'02, LNCS 2332, Springer-Verlag, Berlin, 2002, pp.272-287.
[64] Micali S and Reyzin L. Improving the exact security of digital signature schemes. Journal of Cryptology, 2002, 15(1): 1-18.
[65] Goh E and Jarecki S. A signature scheme as secure as the Diffie-Hellman problem. Advances in Cryptology -Eurocrypt'03, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 401-415.
[66] Katz J and Wang N. Efficiency improvements for signature schemes with tight security reductions, Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003, pp.155-164.
[67] 王育民, 刘建伟. 通信网的安全——理论与技术. 西安, 西安电子科技大学出版社, 1999.
[68] Menezes A, Oorschot P, Vanstone S. Handbook of Applied Cryptography, CRC Press, 1996.
[69] Mao W. Modern Cryptography: Theory & Practice, Prentice Hall, 2003.
[70] Schneier B 著, 吴世忠译. 应用密码学——协议、算法和C 源程序. 机械工业出版社, 2000.
[71] Dutta R, Barua R, Sarkar P. Pairing-based cryptographic protocols : a survey. http://eprint.iacr.org/2004/064.
[72] Fiat A and Shamir A. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology –CRYPTO’86, LNCS 263, Springer-Verlag, Berlin, 1986, pp. 186–194.
[73] Ohta K, Okamoto E. Practical extension of Fiat-Shamir scheme. Electr. Lett. 1988, 24 (15): 955-956.
[74] Guillou L and Quisquater J. A paradoxical identity-based signature scheme resulting from zero-knowledge. Advances in Cryptology –CRYPTO’88, LNCS 403, Springer-Verlag, Berlin, 1990, pp.216-231.
[75] Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature. INFOCOM '89. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies. Technology: Emerging or Converging-IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[76] Chang C and Lin C. An ID-based signature scheme based upon Rabin's public key cryptosystem. Proceedins 25th Annual IEEE International Carnahan Conference on Security Technology, October 1-3, 1991, pp. 139-141.
[77] Agnem G, Mullin R, and Vanstone S. Improved digital signature scheme based on discrete exponentitation. Electron. Lett., 1990, 26(14): 1024-1025.
[78] Harn L,Yang S. ID-based cryptographic schemes for user identificationd, digital signature, and key distribution. IEEE Journal on selected areas in communications, 1993, 11(5),757-760.
[79] Nishioka T, Hanaoka G, and Imai H. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop, ISW'99, LNCS 1729, Springer-Verlag, Berlin, 1999, pp. 259-270.
[80] Park S, Kim S, Won D. ID-based group signature. Electr. Lett. 1997, 33(19): 1616-1617.
[81] Mao W and Lim C. Cryptanalysis in prime order subgroup of Zn. Advances in Cryptology-ASIACRYPT’98, LNCS 1514, Springer-Verlag, Berlin, 1998, pp.214-226.
[82] Tseng Y, Jan J. A novel ID-based group signature. Information Sciences, 1999, 120: 131-141.
[83] Joye M, Kim S. and Lee N. Cryptanalysis of two group signature schemes. Information Security, 1999, LNCS 1729, Spinger-Verlag, Berlin, 1999, pp.271-275.
[84] Popescu S. An efficient ID-based group signature scheme. Studia Univ. Babes-Bolyai, Informatica, 2002, XLVII(2): 29-36. http://www.cs.ubbcluj.ro/~studia-i/2002-2/
[85] Chen X, Zhang F and Kim K. A new ID-based group signature scheme from bilinear pairings. http://eprin t.iacr.org/2003/116. 2003.
[86] Tan Z, Liu Z. A novel identity-based group signature scheme from bilinear maps, Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center (MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[87] Chen Z, Huang J, Huang D et al. Provably secure and ID-based group signature scheme. 18th International Conference on Advanced Information Networking and Applications (AINA'04), Vol. 2, 384-388, March 29 -31, 2004, Fukuoka, Japan.
[88] Wu T, Chou S, Wu T. Two ID-based multisignature protocols for sequential and broadcasting architectures. Comput. Comm. 1996, 19: 851–856.
[89] Lee N, Hwang T, Wang C. The security of two ID-based multisignature protocols for sequential and broadcasting architectures. Information Processing Letters, 1999, 70: 79-81.
[90] Lin C, Wu T, and Hwang J. ID-based structured multisignature schemes. Advances in Network and Distributed Systems Security, Kluwer Academic Publishers, Boston, 2001, pp.45–59.
[91] Mitchell C. An attack on an ID-based multisignature scheme. Royal Holloway, University of London, Mathematics Department Technical Report RHUL-MA-2001-9, December, 2001.
[92] Saeednia S. An identity-based society oriented signature scheme with anonymous signers. Information Processing Letters, 2002, 83: 295–299.
[93] Tseng Y and Jan J. ID-based cryptographic schemes using a non-interactive public-key distribution system. Proceedings of the 14 th Annual Computer Security Applications Conference, Phoenix, Arizona, Dec. 1998, pp.237-243.
[94] Herranz J. A formal proof of security of Zhang and Kim's ID-based ring signature scheme. Security In Information Systems, Proceedings of the 2nd International Workshop on Security In Information Systems, WOSIS 2004, 63-72.
[95] Lin C and Wu T. An identity-based ring signature scheme from bilinear pairings, http://eprint.iacr.org/2003/117.
[96] Tang C, Liu Z, Wang M. An improved identity-based ring signature scheme from bilinear pairings. Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center (MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, 231234, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[97] Herranz J and Sáez C. A provably secure ID-based ring signature scheme, http://eprint.iacr.org/2003/261
[98] Chow S, Hui L and Yiu S. Identity Based hreshold Ring Signature, http://eprint.iacr.org/ 2004/179.
[99] Han S, Yeung W and Wang J. Identity-based confirmer signatures from pairings over elliptic curves. Proceedings of the 4th ACM conference on Electronic commerce, ACM Press, 2003, pp.262–263.
[100] Zhang F, Safavi-Naini R and Susilo W. Attack on Han et al.’s ID-based confirmer (undeniable) signature at ACM-EC’03, 2003. http://eprint.iacr.org/2003/129.
[101] Chow S, Hui L, Yiu S et al. A secure modified id-based undeniable signature scheme based on Han et al.'s Scheme against Zhang et al.'s Attacks. http://eprint.iacr.org/2003/262.
[102] Libert B and Quisquater J. Identity based undeniable signatures, Topics in Cryptology CT-RSA'04, LNCS 2964, Springer-Verlag, Berlin, 2004, pp. 112-125.
[103] Susilo W, Zhang F and Mu Y. Identity-based strong designated verifier signature schemes. ACISP 2004, LNCS 3108, Springer Verlag, Berlin, 2004, pp.313-324.
[104] Zhang F, Kim K. Efficient ID-based blind signature and proxy signature from bilinear pairings. ACISP 2003, LNCS 2727, Springer Verlag, Berlin, 2003, 312-323.
[105] Xu J, Zhang Z, Feng D. ID-based proxy signature using bilinear pairings. http://eprint.iacr.org/ 2003/206.
[106] Barreto P, Kim H, Lynn B et al. Efficient algorithms for pairing-based cryptosystcms. Advances in Cryptology -Crypto 2002, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 354-368.
[107] Cheon J, Kim Y and Yoon H. A new ID-based signature with batch verification, http://eprint.iacr.org/2004/131.
[108] Burnett A, Duffy A, Dowling T. A biometric identity based signature scheme. http://eprint.iacr.org/2004/176.
[109] 祁明, 肖国镇. 口令认证方案的安全性改进及其相应的数字签名方案. 通信学报, 1998, 19(6): 61-64.
[110] 吕继强, 王新梅. 两个基于身份的数字签名方案的安全性改进. 通信学报, 2003, 24(9):128-131.
[111] 杨君辉, 戴宗铎, 杨栋毅等. 一种椭圆曲线签名方案与基于身份的签名协议. 软件学报, 2000, 11(10):1303-1306.
[112] 王泽成, 斯桃枝, 李志斌等. 基于身份的代理签名和盲签名. 计算机工程与应用, 2003, 23: 148-150.
[113] Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transaction on Information Theory, 1993, 39: 1639–1646.
[114] Frey G and Ruck H. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation, 1994, 62: 865–874.
[115] Boneh D and Franklin M. Identity-based encryption from the Weil pairing. Advances in Cryptology -CRYPTO 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp.213–229.
[116] Boneh D, Lynn B and Shacham H. Short signatures from the Weil pairing. Advances in Cryptology -ASIACRYPT 2001, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.514–532.
[117] Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp.31–46.
[118] Zhang F, Safavi-Naini R, Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. Progress in Cryptology -INDOCRYPT'2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[119] Bellare M, Namprempre C and Neven G. Security proofs for identity-based identification and signature schemes. Advances in Cryptology -EUROCRYPT 2004, LNCS 3027, Springer-Verlag, Berlin, 2004, pp. 268–286.
[120] Kurosawa K and Heng S. From digital signature to ID-based identification/signature. PKC'04, LNCS 2947, Springer-Verlag, Berlin, 2004, pp.248-261.
[121] Libert B, Quisquater J. The exact security of an identity based signature and its applications. http://www.iacr.org/2004/102.
[122] Camenisch J, Piveteau J and Stadler M. Blind signatures based on the discrete logarithm problem. Advances in Cryptology —EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.428-432.
[123] Pointcheval D, Stern J. Provably secure blind signature schemes. Advances in Cryptology —ASIACRYPT’96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.252–265.
[124] Srivanasont B, Otsuka A, Imai H. Blind signature based on one-way accumulators. International Symposium on Information Theory and Its Applications, Xi’an, PRC, 2002, pp.647-650.
[125] Fan C I, Lei C L. Efficient blind signature scheme based on quadratic residues. Electronics Letters, 1996, 32(9): 811-813.
[126] Pointcheval D, Stern J. New blind signatures equivalent to factorization, Proceedings of the 4th ACM Conference on Computer and Communication Security, ACM Press, 1997, pp.92-99.
[127] 钟鸣, 杨义先. 一种基于比特承诺的部分盲签名方案. 通信学报, 2001, 22(9): 1-6.
[128] 张方国, 王常杰, 王育民. 基于椭圆曲线的数字签名与盲签名. 通信学报, 2001, 22(8): 22-28.
[129] 姚亦峰, 朱华飞, 陈抗生. 基于二元仿射变换的广义ELGamal 型盲签名方案. 电子学报, 2000, 28(7): 128-130.
[130] Abe M, Ohkubo M. Provably secure fair blind signatures with tight revocation. Advances in Cryptology -ASIACRYPT2001, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.583–601.
[131] Stadler M, Piveteau J M, Camenish J. Fair blind signatures. Advances in Cryptology —EUROCRYPT’95, LNCS 921, Springer-Verlag, Berlin, 1995, 209–219.
[132] Juang W, Lei C. Fair blind threshold signatures based on discrete logarithm. Proceedings of National Computer Symposium 1997, Vol. 2, pp. C-95-C-100.
[133] Lee H, Kim T, Message recovery fair blind signature. PKC'99, LNCS 1560, Springer-Verlag, Berlin, 1999, pp.97-111.
[134] Juang W, Lei C. Blind threshold signatures based on discrete logarithm. Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181.
[135] Kim J, Kim K, Lee C. An efficient and provably secure threshold blind signature. Proc. of ICISC2001, LNCS 2288, Springer-Verlag, Berlin, 2001, pp.318-327.
[136] Lysyanskaya A, Ramzan Z. Group blind digital signatures: a scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[137] 汪保友, 胡运发, 袁时金. 群体盲数字签名协议. 计算机研究与发展, 2002, 39(10):1193-1198.
[138] Lal S, Awasthi A. Proxy blind signature scheme. http://www.iacr.org/2003/072.
[139] Chaum D, Fiat A, Naor M. Untraceable electronic cash. Advances in Cryptology —CRYPTO’88, LNCS 403, Springer-Verlag, Berlin, 1988, pp.319–327.
[140] Ferguson N. Single term off-line coins. Advances in Cryptology —EUROCRYPT’93, LNCS 765, Springer-Verlag, Berlin, 1993, pp.318-328.
[141] 王常吉, 蒋文保, 裴定一. 用限制性群盲签名构造电子现金系统. 通信学报, 2001, 22(12): 63-69.
[142] 王常吉, 裴定一, 蒋文保. 一个改进的基于限制性盲签名的电子现金系统. 电子学报, 2002, 30(7): 1083-1085.
[143] Juang W S, Lei C L. A secure and practical electronic voting scheme for real world environments. IEICE Trans. Fundamentals, 1997, E80-A(1): 64-71.
[144] Sako K, Electronic voting scheme allowing open objection to the tally. IEICE Trans. Fundamentals, 1994, E77-A(1):24-30.
[145] Pointcheval D. Strengthened security for blind signatures. Advances in Cryptology —EUROCRYPT’98, LNCS 1403, 391-405.
[146] Horster P, Peterson H, Michels M. Meta message recovery and meta blind signature schemes based on the discrete logarithem problem and their applications. Advances in Cryptology —ASIARYPT’94, LNCS 917, Springer-Verlag, Berlin, 1994, pp. 224-237.
[147] Harn L, Xu Y. Design of generalized ElGamal type digital signature schemes based on discrete logarithm. Electronics Letters, 1994, 30(24): 2025-2026.
[148] Abe M. A secure three-move blind signature scheme for polynomially many signatures. Advances in Cryptology —EUROCRYPT 2001, LNCS 2045, Springer-Verlag, Berlin, 2001, pp.136-151.
[149] Abe M and Okamoto T. Provably secure partially blind signatures. Advances in Cryptology -CRYPTO2000, LNCS 1880, Springer-Verlag, Berlin, 2000, pp.271-286.
[150] Schnorr C P. Security of blind discrete log signatures against interactive attacks. ICICS 2001, LNCS 2229, Springer-Verlag, Berlin, 2001, pp.1-12.
[151] Mohammed E, Emarah A, Shennawy K. A blind signature scheme based on ElGamal signature. IEEE2000, Proceedings of the Seventeenth National Radio Science Conference, 17th NRSC'2000, pp.51-53.
[152] Juels A, Luby M and Ostrovsky R. Security of blind digital signatures. Advances in Cryptology -CRYPTO’97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.150–164.
[153] Pointcheval D. Strengthened security for blind signatures. Advances in Cryptology -EUROCRYPT’98, LNCS 1403, Springer-Verlag, Berlin, 1998, pp.391–405.
[154] Bellare M, Namprempre C, Pointcheval D et al. The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. Financial Cryptography'01, LNCS 2339, Springer-Verlag, Berlin, 2001, pp.319-338.
[155] Bellare M, Namprempre C, Pointcheval D et al. The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme. J. Cryptology, 2003, 16(3): 185-215.
[156] Wagner D. A generalized birthday problem. Advances in Cryptology -CRYPTO'02, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 288-303.
[157] Abe M and Fujisaki E. How to date blind signatures. Advances in Cryptology -ASIACRYPT'96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.244-251.
[158] Abe M, Camenisch J. Partially blind signature schemes. Proceedings of Symposium on Cryptography and Information Security, SCIS97-33D, 1997.
[159] Miyazaki S, Abe M, Sakurai K. Partially blind signature schemes for the DSS and for a discrete log based message recovery signature. Proceedings of Korea-Japan Joint Workshop on Information Security and Cryptology, pp.217-226, 1997
[160] Fan C and Lei C. Low-computation partially blind signatures for electronic cash. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1998, E81-A(5):818-824.
[161] Chien H, Jan J and Tseng Y. RSA-based partially blind signature with low computation. Proceedings of Eighth International Conference on Parallel and Distributed Systems, ICPADS 2001, pp.385 -389.
[162] Juang W and Lei C. Partially blind threshold signatures based on discrete logarithm. Computer Communications, 1999, 22:73-86.
[163] Chien H, Jan J and Tseng Y. Partially blind threshold signature based on RSA. Informatica, 2003, 14(2):155-166.
[164] Maitland G and Boyd C. A provably secure restrictive partially blind signature scheme. Public Key Cryptography, PKC 2002, LNCS 2274, Springer-Verlag, Berlin, 2002, pp.99-114.
[165] Yang F and Jan J. A provably secure scheme for restrictive partially blind signatures. http://eprint.iacr.org/2004/037
[166] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. Proceedings of Indocrypt 2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[167] Chow S, Hui L, Yiu S et al. Two Improved partially blind signature schemes from bilinear pairings. http://eprint.iacr.org/2004/108.
[168] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings, revised version, 2004. http://www.uow.edu.au/ ~fangguo.
[169] Yang F, Jan J. A provable secure scheme for partially blind signatures. http://eprint.iacr.org/ 2004/230/.
[170] Yang F, Jan J. A provably secure scheme for restrictive partially blind signatures. http://eprint.iacr.org/2004/037/.
[171] Chen L and Pedersen T. New group signature schemes. Advances in Cryptology-EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1995, pp. 171-181.
[172] Chen L, Pedersen T. On the efficiency of group signature providing information-theoretic anonymity. Advances in Cryptology-EUROCRYPT’95, LNCS 921, Springer-Verlag, Berlin, 1995, pp 39-49.
[173] Park S, Lee I, Won D. A practical group signature. Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, 1995, pp.127 -1331
[174] Kim S, Park S, Won D. Convertible group signatures. Advances in Cryptology-ASIACRYPT’96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.311-321.
[175] Park S, Kim S, Won D. A practical identity-based group signature. Conference on Electronics, Information and Communications ( ICEIC’95), China,1995, pp.64 –67.
[176] Lim C and Lee P. On the security of convertible group signatures. Electronics Letters, 1996
[177] Michels C. Comments on some group signature schemes. Technical Report TR-96-3-D, Dept. of Comp. Sci., Univ. of Technology, Chemnitz-Zwickau, Nov. 1996.
[178] Camenisch J. Efficient and generalized group signatures. Advances in Cryptology —EUROCRYPT’97, LNCS 1233, Springer-verlag, Berlin, 1997, pp.465-479.
[179] Petersen H. How to convert any digital signature scheme into a group signature scheme. Security Protocols Workshop, Pairs, 1997, pp.177 –1901.
[180] Park S, Kim S and Won D. ID-based group signature. Electronics Letters, 1997, 33(15): 1616-1617
[181] Camenisch J, Stadler M. Efficient group signature schemes for large groups. Advances in Cryptology —CRYPTO '97, Lecture Notes in Computer Science,Vol. 1294, Springer-Verlag, Berlin, 1997, pp. 410-424.
[182] Ateniese G and Tsudik G. Some open issues and new directions in group signature schemes. Financial Cryptography (FC'99), Lecture Notes in Computer Science,Vol. 1648, Springer-Verlag, Berlin, 1999, pp.196-211.
[183] http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible/group-sign.htm
[184] Camenish J, Michels M. A group signature scheme with improved efficiency. Advances in Cryptology —ASIACRYPT’98, LNCS 1541, Springer-Verlag, Berlin, 1998, pp.160 –174.
[185] Lysyankaya A and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography 98, LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184 –197.
[186] Traore J. Group signatures and their relevance to privacy-protecting off-line electronic cash systems. Information Security and Privacy, ACISP’99, LNCS 1587, Springer-Verlag, Berlin, 1999, pp:228 –243.
[187] Tseng Y and Jan J. A group signature scheme using self-certified public keys. Ninth National Conference on Information Security, 1999, pp.165-172.
[188] Ateniese G, Joye M and Tsudik G. On the difficulty of coalition-resistant in group signature schemes. Second Workshop on Security in Communication Networks (SCN’99), 1999.
[189] Camenisch J, Michels M. Separability and efficiency for generic group signature schemes. Advances in Cryptology —CRYPTO'99, LNCS 1666, Springer-Verlag, Berlin, 1999, pp.413-430.
[190] Ateniese G, Camenisch J, Joye M et al. A practical and provably secure coalition-resistant group signature scheme. Advances in Cryptology —Crypto'2000, LNCS 1880, Springer-Verlag, Berlin, 2000, pp. 255-270.
[191] Bresson E and Stern J. Efficient revocation in group signatures, PKC 2001, LNCS 1992, Springer-Verlag, Berlin, 2001, pp. 190–206.
[192] Kim H, Lim J, and Lee D. Efficient and secure member deletion in group signature schemes. Information Security and Cryptology (ICISC 2000), LNCS 2015, Springer-Verlag, Berlin, 2001, pp.150-161.
[193] Wang G, Bao F, Zhou J et al. Security remarks on a group signature scheme with member deletion, ICICS 2003, LNCS 2836, Springer-Verlag, Berlin, 2003, pp.72–83.
[194] Ateniese G, Tsudik G, Song D. Quasi-efficient revocation of group signatures. Financial Cryptography 2002, Mar. 2002.
[195] Camenisch J and Lysyanskaya A. Dynamic accumulators and application to efficient revocation of anonymous credentials. Advances in Cryptology —CRYPTO 2002, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 61-76.
[196] Tsudik G and Xu S. Accumulating composites and improved group signing. Advances in Cryptology —Asiacrypt 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp.269-86.
[197] Ding X, Tsudik G, and Xu S. Leak-free group signatures with immediate revocation. Proceedings of ICDCS 2004, Mar. 2004, pp.608-615.
[198] Chen Z, Wang J, Wang Y et al. An efficient revocation algorithm in group signatures. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp.339-351.
[199] Nakanishi T, Sugiyama Y. A group signature scheme with efficient membership revocation for reasonable groups. Information Security and Privacy (ACISP 2004), LNCS 3108, Springer-Verlag, Berlin, 2004, pp. 336-347.
[200] Song D. Practical forward secure group signature schemes. Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 225-234. ACM, 2001.
[201] Lyuu Y and Wu M. Convertible group undeniable signatures. Information Security and Cryptology –ICISC 2002, LNCS 2587, Springer-Verlag, Berlin, 2003, pp. 48-61.
[202] Xia S and You J. A group signature scheme with strong separability. Journal of Systems and Software, 2002, 60(3): 177-182.
[203] Ateniese G and Medeiros B. Efficient group signatures without trapdoors. Advances in Cryptology —ASIACRYPT 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp. 246-268.
[204] Bellare M, Micciancio D, Warinschi B. Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. Advances in
Cryptology —EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 614-629.
[205] Bellare M, Shi H, Zhang C. Foundations of group signatures: the case of dynamic groups. http://eprint.iacr.org/2004/077.
[206] Boneh D, Boyen X, Shacham H, Short group signatures, Advances in Cryptology—CRYPTO 2004, LNCS 3152, Springer-Verlag, Berlin, 2004, pp.41–55.
[207] Kiayias A and Yung M. Group signatures: provable security, efficient constructions and anonymity from trapdoor-holders. http://eprint.iacr.org/2004/076/.
[208] Miyaji A and Umeda K. A fully-functional group signature scheme over only known-order group. Applied Cryptography and Network Security (ACNS 2004), LNCS 3089, Springer-Verlag, Berlin, 2004, pp. 164-179.
[209] Boyar J, Chaum D, Damgard I et al. Convertible undeniable signatures. Advances in Cryptology —CRYPTO'90, LNCS 537, Springer-Verlag, Berlin, 1991, pp.189-205.
[210] Chaum D. Zero-knowledge undeniable signatures. Advances in Cryptology —EUROCRYPT'90, LNCS 473, Springer-Verlag, Berlin, 1991, pp. 458-464.
[211] Chaum D, Heijst E, Pfitzmann B. Cryptographically strong undeniable signatures, unconditionally secure for the signer. Advances in Cryptology —CRYPTO'91, LNCS 576, Springer-Verlag, Berlin, 1992, pp.470–484.
[212] Desmedt Y, and Yung M. Weakness of undeniable signature schemes. Advances in Cryptology —EUROCRYPT'91, LNCS 547, Springer-Verlag, Berlin, 1991, pp.205-220.
[213] Damgard I, Pedersen T. New convertible undeniable signature schemes. Advances in Cryptology —EUROCRYPT'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.372-386..
[214] Gennaro R, Krawczyk H, Rabin T. RSA-based undeniable signatures. Advances in Cryptology —CRYPTO'97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.132–149. Also in Journal of Cryptology, 2000, 13: 397–416.
[215] Miyazaki T. An improved scheme of the Gennaro-Krawczyk-Rabin undeniable signature system based on RSA. Information Security and Cryptology -ICISC 2000, LNCS 2015, Springer-Verlag, Berlin, 2001, pp.135-149.
[216] Galbraith S, Mao W, Paterson K. RSA-based undeniable signatures for general moduli. Topics in Cryptology –CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 200–217.
[217] Galbraith S and Mao W. Invisibility and anonymity of undeniable and confirmer signatures. Topics in Cryptology –CT-RSA 2003, LNCS 2612, Springer-Verlag, Berlin, 2003, pp. 80–97.
[218] Libert B, Quisquater J. Identity based undeniable signatures. Topics in Cryptology -CT-RSA 2004, LNCS 2964, Springer-Verlag, Berlin, 2004, pp.112-125.
[219] Monnerat J, Vaudenay S. Undeniable signatures based on characters: how to sign with one bit. Public Key Cryptography 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp. 69-85.
[220] Harn L, Yang S. Group-oriented undeniable signature schemes without the assistance of a mutually trusted party. Auscrypt'92, LNCS 718, Springer-Verlag, Berlin, 1993, pp. 133-142.
[221] Lin C, Wang C, Chang C. A group-oriented (t, n) undeniable signature scheme without trusted center. Information Security and Privacy (ACISP'96), LNCS 1174, Springer-Verlag, Berlin, 1996, pp.266-274.
[222] Sakurai K and Yamane Y. Blind decoding, blind Undeniable signatures, and their applications to privacy protection. Information Hiding 1996, LNCS 1174, Springer-Verlag, Berlin, 1996, pp. 257-264.
[223] Galbraith S, Mao W, Paterson K. RSA-based undeniable signatures for general moduli. Topics in Cryptology –CT-RSA 2002, LNCS 1294, Springer-Verlag, Berlin, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 200–217.
[224] Lyuu Y, Wu M. Convertible group undeniable signatures. Information Security and Cryptology –ICISC 2002, LNCS 2587, Springer-Verlag, Berlin, 2003, pp.48-61.
[225] Susilo W and Mu Y. Non-interactive deniable ring authentication. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp. 386-401.
[226] Okamoto T. Designated confirmer signatures and public key encryption are equivalent. Advances in Cryptology —CRYPTO'94, LNCS 839, Springer-Verlag, Berlin, 1994, pp. 61–74.
[227] Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. Advances in Cryptology —EUROCRYPT'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.143-154.
[228] Michels M, Stadler M. Generic constructions for secure and efficient confirmer signature schemes. Advances in Cryptology —EUROCRYPT'98, LNCS 1403, Springer-Verlag, Berlin,
1998, pp.406–421.
[229] Camenisch J, Michels M. Confirmer signature schemes secure against adaptive adversaries. Advances in Cryptology —EUROCRYPT'00, LNCS 1870, Springer-Verlag, Berlin, 2000, pp. 243–258.
[230] Mu Y and Varadharajan V. Fail-stop confirmer signatures. Information Security and Privacy (ACISP'00), LNCS 1841, Springer-Verlag, Berlin, 2000, pp. 368-377.
[231] Kim S, Park S, Won D. Nominative signatures, Proc. of ICEIC'95, International Conference on Electronics, Information and Communications, Yanji, Jilin, China, August 1995, II-68 ~ II-71.
[232] Park H, Lee I, A digital nominative proxy signature scheme for mobile communication, Proc. of ICICS’01, LNCS 2229, Springer-Verlag, Berlin, 2001, pp.451-455.
[233] Seo S, Lee S. New nominative proxy signature scheme for mobile communications. Proceedings of SPI (Security and protection of Information), 2003, ISBN: 80-85960-50-8, pp.149-154 April, 2003.
[234] Zhang J, Wu Q, Wang J et al. An improved nominative proxy signature scheme for mobile communication. AINA2004, pp.234-239, 2004. [235] Araki S, Uehara S, Imamura K. The limited verifier signature and its application. IEICE Trans. Fundamentals, 1999, E82-A (1): 63-68.
[236] Wu T, Hsu C. Convertible authenticated encryption scheme. Journal of Systems and Software, 2002, 62(3): 205-209.
[237] Zhang F, Kim K. A universal forgery on Araki et al.’s convertible limited verifier signature scheme. IEICE Trans. Fundamentals, 2003, E86-A(2):515-516.
[238] Chen X, Zhang F, Kim K. Limited verifier signature from bilinear pairings. Applied Cryptography and Network Security (ACNS 2004), LNCS 3089, Springer-Verlag, Berlin, 2004, pp. 135-148.
[239] Steinfeld R, Bull L, Wang H et al. Universal designated-verifier signatures. Advances in Cryptology-ASIACRYPT 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp.523-542.
[240] Steinfeld R, Wang H, Pieprzyk J. Efficient extension of standard Schnorr/RSA signatures into universal designated-verifier signatures. PKC 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp. 86–100.
[241] Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. Advances in Cryptology -EUROCRYPT’96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.143-154.
[242] Saeednia S, Kremer S, Markowitch O. An efficient strong designated verifier signature scheme. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp.40-54.
[243] Susilo W, Zhang F, Mu Y. Identity-based strong designated verifier signature schemes. Information Security and Privacy (ACISP 2004), LNCS 3108, Springer-Verlag, Berlin, 2004, pp.313-324.
[244] Feige U, Fiat A, Shamir A. Zero-knowledge proofs of identity. Journal of Cryptology, 1988, 1:77–94.
[245] Michels M, Stadler M. Efficient convertible undeniable signature schemes, Proc.of 4th annual workshop on selected areas in cryptography (SAC'97), 1997, pp.231-244.
[246] Lee B, Kim H, Kim K. Strong proxy signature and its applications. SCIS’01, the 2001 Symposium on Cryptography and Information Security. Oiso, Japan. January, 2001, pp.603-608.
[247] Schnorr C. Efficient signature generation for smart cards. Journal of Cryptology, 1991(4): 239-252.
[248] 王尚平等. 群签名中成员删除问题的更新算子解决方案. 软件学报, 2003, 14(11): 1911-1917.
[249] Micali S, Ohta K, Reyzin L. Accountable-subgroup Multisignatures. ACM Conference on Computer and Communications Security, Nov. 2001, pp. 245-254.
[250] Pon S, Lu E, Lee J. Dynamic reblocking RSA-based multisignatures scheme for computer and communication networks. IEEE communications letters, 2002, 6(1): 43-44.
[251] Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the gap diffie-hellman group signature scheme. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp. 31–46.
[252] Galbraith S, Malone-Lee J, Smart N. Public key signatures in the multi-user setting. Information Processing Letters, 2002, 83(5): 263-266.
[253] Mitomi S, Miyaji A. A multisignature scheme with message flexibility, order flexibility and order verifiability. Australasian Conference on Information Security and Privacy -ACISP 2000, LNCS 1841, Springer-Verlag, Berlin, 2000, pp. 298-312.
[254] Burmester M, Desmedt Y, Doi H et al. A structured ElGamal-type multisignature scheme. PKC’2000, LNCS 1751, Springer-Verlag, Berlin, 2000, pp.466-483.
[255] Tada M. An order-specified multisignature scheme secure against active insider attacks. Australasian Conference on Information Security and Privacy -ACISP 2002, LNCS 2384, Springer-Verlag, Berlin, 2002, pp. 328–345.
[256] Shieh S, Lin C, Yang W et al. Digital multisignature schemes for authenticating delegates in mobile code systems. IEEE transactions on vehicular technology, 2000, 49(4):1464-1473.
[257] Wu T, Huang C, Guan D. Delegated multisignature scheme with document decomposition. Journal of Systems and Software, 2001, 55(3): 321-328.
[258] He W. Weaknesses in some multisignature schemes for specified group of verifiers. Information Processing Letters, 2002, 83(2): 95–99.
[259] Chang Y, Wu T, Huang S. ElGamal-like digital signature and multisignature schemes using self-certified public keys. Journal of Systems and Software, 2000, 50(2): 99-105.
[260] Simmons G. The prisoner’s channel and the subliminal channel. Advances in Cryptology —CRYPYO’83, Lecture Notes in Computer science, Springer-Verlag, Berlin, 1984, pp.51-67.
[261] Lee N, Ho P. Digital signature with a threshold subliminal channel. IEEE Transactions on Consumer Electronics, 2003, 49(4): 1240-1242.
[262] Lee N, Lin D. Robust digital signature scheme with subliminal channels. IEICE Trans. Fundamentals, 2003, E86-A(1): 187-188.
[263] Simmons G. Subliminal communication is easy using the DSA. Advances in Cryptology —EUROCRYPT’93, LNCS 765, Springer-Verlag, Berlin, 1994, pp.218-232.
[264] Harn L, Gong G. Digital signature with a subliminal channel. IEE. Proc. Comput. Digit. Tech., 1997, 144(6): 387-389.
[265] Jan J, Tseng Y. New digital signature with subliminal channels based on the discrete logarithm problem. Proceedings of the 1999 International Workshops on Parallel Processing, 1999, pp.198-203.
[266] Simmons G. Results concerning the bandwidth of subliminal channels. IEEE journal on selected areas in communications, 1998, 16(4): 463-473.
[267] Shamir A. How to Share a Secret. Commun. of ACM, 1979, 22(11): 612-613.
[268] Horster P, Michels M, Petersen H. Meta-multisignatures schemes based on the discrete logarithm problem. In Information Security: The Next Decade. Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, IFIP/Sec’95, Chapman & Hall, 1995, pp.128-141.
[269] Langford S. Weaknesses in some threshold cryptosystems. Advances in Cryptology—CRYPTO’96, LNCS 1109, Springer-verlag, Berlin, 1996, pp.74-82.
[270] Michels M, Horster P. On the risk of disruption in several multiparty signature schemes. Advances in Cryptology –ASIACRYPT’96, LNCS 1163, Springer-verlag, Berlin, 1996, pp.334–345.
[271] Harn L. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digit. Tech., 1994, 141(5), pp.307-313.
[272] Li C, Hwang T, Lee N. Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. Advances in Cryptology—EUROCRYPT 94, LNCS 950, Springer-verlag, Berlin, 1994, pp.194-204.
[273] Ohta K, Okamoto T. Multi-signature schemes secure against active insider attacks. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 1999, E82-A(1):21-31.
[2] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 11, 22(6): 644-654.
[3] Rivest R, Shamir A and Adleman L. A method for obtaining digital signatures and public key cryptosystems. Communications of ACM, 1978, 21(2): 120-126.
[4] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory, 1985, IT-31(4): 469-472.
[5] Schnorr C P. Efficient identification and signatures for smart cards. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.239-252.
[6] Rabin M. Digital signatures and public-key functions as intractable as factorization. MIT Lab of Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
[7] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S. Department of Commerce, May 1994.
[8] Okamoto T. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology —CRYPTO’92, LNCS 740, Springer-Verlag, Berlin, 1992, pp.31-53.
[9] Fiat A and Shamir A. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology—CRYPTO’86, LNCS 263, Springer-Verlag, Berlin, 1986, pp.186-194.
[10] Chaum D. Blind signatures for untraceable payments. Advances in Cryptology —Proceedings of Crypto’82, Prenum Publishing Corporation, 1982. pp. 199-204.
[11] Itakura K, Nakamura K. A public key cryptosystem suitable for digital multi-signature. NEC Research and Development, 1983, (71): 1-8.
[12] Chaum D. and van Antwerpen H. Undeniable signatures, Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.212-216.
[13] Even S, Goldreich O and Micali S. On-line/Off-line digital signatures. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 263-277
[14] Fiat A. Batch RSA. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 175-185.
[15] De Soete M, Quisquater J J and Vedder K. A signature with shared verification scheme. Advances in Cryptology —CRYPTO’89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 253-262.
[16] Desmedt Y and Frankel Y. Shared generation of authentication and signature. Advances in Cryptology-CRYPTO’91, LNCS 576, Springer-Verlag, Berlin, 1991, pp 457-469
[17] Chaum D and Heyst E. Group signatures. Advances in Cryptology —EUROCRYPT'91 , LNCS 547, Springer-Verlag, Berlin, 1992. pp. 257-265.
[18] Pfitzmann B. and Waidner M. Fail-stop signature and their application. SECURCOM’91, 145-160.
[19] Goldwasser S, Ostrovsky R. Invariant signatures and non-interactive zero-knowledge proofs are equivalent. Advances in Cryptology —CRYPTO’92, LNCS 740, Springer-Verlag, Berlin, 1992, pp. 228-245.
[20] Lim C and Lee P. Modified Maurer-Yacobi’s scheme and its applications. Advances in Cryptology —AUSCRYPT’92, LNCS 718, Springer-Verlag, Berlin, 1992, pp.308-323.
[21] Nyberg K and Rueppel R. A new signature scheme based on the DSA giving message recovery. 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp.58-61.
[22] Nyberg K and Rueppel R. Message recovery for signature schemes based on the discrete logarithm problem. Advances in Cryptology—EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1995, pp.182-193.
[23] Chaum D. Designated confirmer signatures. Advances in Cryptology —EUROCYPT’94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.86-91.
[24] Kim S, Park S and Won D. Zero-knowledge nominative signatures Proc. of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, Czech, Prague, September 30 -October 3, 1996, pp.380-392.
[25] Mambo M, Usuda K and Okamoto E. Proxy signature. Proceedings of the 1995 Symposium on Cryptography and information security(SCIS’95), Inuyama, Japan, 147-158, Jan, 24-27, 1995.
[26] Zheng Y. Digital signcryption or how to achieve Cost (signature & encryption) << Cost(signature) + Cost(encryption). Advances in Cryptology –CRYPTO '97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.165-179.
[27] Jakobasson M, Yung M. Distributed 'Magic ink' signatures. Advances in Cryptology –EUROCRYPT' 97, LNCS 1233, Springer-Verlag, Berlin, 1997, pp.450-464.
[28] Rivest R. Two new signature schemes. Presented at Cambridge seminar. see http://www.cl.cam. ac.uk/Research/Security/seminars/2000/rivest-tss.pdf, 2001.
[29] Krawczyk H and Rabin T. Chameleon signatures. Proceedings of NDSS 2000, pp.143-154.
[30] Rivest R, Shamir A and Tauman Y. How to leak a secret. Advances in Cryptology—ASIACRYPT '01, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.552-565.
[31] Micali S, Rivest R. Transitive signature schemes. Topics in Cryptology -CT-RSA’02, LNCS 2271, Springer-Verlag, Berlin, 2002, pp.236 –243.
[32] Johnson R, Molnar D, Song D et al. Homomorphic Signature Schemes. Topics in Cryptology -CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp.244–262.
[33] Lee B and Kim K. Self-certified signatures. INDOCRYPT 2002, LNCS 2551, Springer-Verlag, Berlin, 2002, pp. 199–214.
[34] Boneh D, Gentry C, Lynn B. et al. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology –EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 416–432.
[35] Lysyanskaya A. and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[36] Zhang K. Threshold proxy signature schemes. Information Security Workshop, Japan, 1997.
[37] Tan Z, Liu Z and Tang C. Digital proxy blind signature schemes based on DLP and ECDLP. MM Research Preprints, No. 21, December 2002, MMRC, AMSS, Academia, Sinica, Beijing, pp.212–217.
[38] Yi L, Bai G, Xiao G. Proxy multisignature -a new type of proxy signature schemes. Electronics Letters, 2000, 36(6): 527-528.
[39] Juang W and Lei C. Blind threshold signatures based on discrete logarithm. Proc. of Second Asian Computing Science Conference on Programming, Concurrency and Parallelism, Networking and Security, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181.
[40] Koblitz N. Elliptic curve cryptosystems. Mathematics of Computation, 1987, 48(177):203-209.
[41] Miller V S. Use of elliptic curve in cryptography. Advances in Cryptology—CRYPTO'85, LNCS 218, Springer-Verlag, Berlin, 1986, pp.417-426.
[42] Koblitz N. Hyperelliptic cryptography, J. of Crypto., 1989,1(3):139-150.
[43] Johson D, Menezes A. The elliptic curve digital signature algorithm. Technical Report, CORR99-31, Canada: Department of Combinatorics and Optimization, University of Waterloo, 1999.
[44] ANSI X9.62. Public Key Cryptography for the financial services industry: the elliptic curve digital signature algorthm (ECDSA), 1999.
[45] Shamir A. Identity-based cryptosystems and signature schemes. Advances in Cryptology -CRYPTO’84, LNCS 196, Springer-Verlag, Berlin, 1984, pp.47–53.
[46] Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385–394.
[47] Sakai R, Ohgishi K and Kasahara M. Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, 2000, pp.26-28.
[48] Paterson K G. ID-based signatures from pairings on elliptic curves. Electronic Letters, 2002, 38(18): 1025–1026.
[49] Yi X. An identity-based signature scheme from the Weil pairing. IEEE Communications Letters, 2003, 7(2): 76–78.
[50] Cha J and Cheon J. An identity-based signature from Gap Diffie-Hellman groups. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp.18–30.
[51] Hess F. Efficient identity based signature schemes based on pairings. SAC 2002, LNCS 2595, Springer-Verlag, Berlin, 2003, pp. 310–324.
[52] Zhang F, Kim K. ID-based blind signature and ring signature from pairings. Advances in Cryptology -ASIACRYPT 2002, LNCS 2501, Springer-Verlag, Berlin, 2002, pp.533-547.
[53] Zhang F, Safavi-Naini R and Susilo W. An efficient signature scheme from bilinear pairings and it’s applications. PKC 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp.277-290.
[54] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. INDOCRYPT 2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[55] Susilo W, Mu Y. Non-interactive deniable ring authentication, ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2003, pp.397 -412.
[56] Zhang F, Safavi-Naini R and Susilo W. ID-based chameleon hashes from bilinear pairings. http://www.iacr.org/2003/208.
[57] http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible.htm
[58] http://www.tcs.hut.fi/~helger/crypto/link/signature/
[59] Pointcheval D and Stern J. Security arguments for digital signatures and blind signatures, J. of Cryptology, 2000, 13, pp. 361–396.
[60] Pointcheval D and Stern J. Security proofs for signature schemes. Advances in Cryptology -Eurocrypt'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.387-398.
[61] Pointcheval D and Stern J. Provably secure blind signature schemes. Advances in Cryptology -Asiacrypt '96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.252-265.
[62] Coron J. On the exact security of full domain hash. Advances in Cryptology -Crypto'00, LNCS 1880, Springer-Verlag, Berlin, pp.229-235.
[63] Coron J. Optimal security proofs for PSS and other signature schemes. Advances in Cryptology -Eurocrypt'02, LNCS 2332, Springer-Verlag, Berlin, 2002, pp.272-287.
[64] Micali S and Reyzin L. Improving the exact security of digital signature schemes. Journal of Cryptology, 2002, 15(1): 1-18.
[65] Goh E and Jarecki S. A signature scheme as secure as the Diffie-Hellman problem. Advances in Cryptology -Eurocrypt'03, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 401-415.
[66] Katz J and Wang N. Efficiency improvements for signature schemes with tight security reductions, Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003, pp.155-164.
[67] 王育民, 刘建伟. 通信网的安全——理论与技术. 西安, 西安电子科技大学出版社, 1999.
[68] Menezes A, Oorschot P, Vanstone S. Handbook of Applied Cryptography, CRC Press, 1996.
[69] Mao W. Modern Cryptography: Theory & Practice, Prentice Hall, 2003.
[70] Schneier B 著, 吴世忠译. 应用密码学——协议、算法和C 源程序. 机械工业出版社, 2000.
[71] Dutta R, Barua R, Sarkar P. Pairing-based cryptographic protocols : a survey. http://eprint.iacr.org/2004/064.
[72] Fiat A and Shamir A. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology –CRYPTO’86, LNCS 263, Springer-Verlag, Berlin, 1986, pp. 186–194.
[73] Ohta K, Okamoto E. Practical extension of Fiat-Shamir scheme. Electr. Lett. 1988, 24 (15): 955-956.
[74] Guillou L and Quisquater J. A paradoxical identity-based signature scheme resulting from zero-knowledge. Advances in Cryptology –CRYPTO’88, LNCS 403, Springer-Verlag, Berlin, 1990, pp.216-231.
[75] Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature. INFOCOM '89. Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies. Technology: Emerging or Converging-IEEE. 23-27 Apr 1989, vol.3, 998-1002.
[76] Chang C and Lin C. An ID-based signature scheme based upon Rabin's public key cryptosystem. Proceedins 25th Annual IEEE International Carnahan Conference on Security Technology, October 1-3, 1991, pp. 139-141.
[77] Agnem G, Mullin R, and Vanstone S. Improved digital signature scheme based on discrete exponentitation. Electron. Lett., 1990, 26(14): 1024-1025.
[78] Harn L,Yang S. ID-based cryptographic schemes for user identificationd, digital signature, and key distribution. IEEE Journal on selected areas in communications, 1993, 11(5),757-760.
[79] Nishioka T, Hanaoka G, and Imai H. A new digital signature scheme on ID-based key-sharing infrastructures. Information Security: 2nd International Workshop, ISW'99, LNCS 1729, Springer-Verlag, Berlin, 1999, pp. 259-270.
[80] Park S, Kim S, Won D. ID-based group signature. Electr. Lett. 1997, 33(19): 1616-1617.
[81] Mao W and Lim C. Cryptanalysis in prime order subgroup of Zn. Advances in Cryptology-ASIACRYPT’98, LNCS 1514, Springer-Verlag, Berlin, 1998, pp.214-226.
[82] Tseng Y, Jan J. A novel ID-based group signature. Information Sciences, 1999, 120: 131-141.
[83] Joye M, Kim S. and Lee N. Cryptanalysis of two group signature schemes. Information Security, 1999, LNCS 1729, Spinger-Verlag, Berlin, 1999, pp.271-275.
[84] Popescu S. An efficient ID-based group signature scheme. Studia Univ. Babes-Bolyai, Informatica, 2002, XLVII(2): 29-36. http://www.cs.ubbcluj.ro/~studia-i/2002-2/
[85] Chen X, Zhang F and Kim K. A new ID-based group signature scheme from bilinear pairings. http://eprin t.iacr.org/2003/116. 2003.
[86] Tan Z, Liu Z. A novel identity-based group signature scheme from bilinear maps, Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center (MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[87] Chen Z, Huang J, Huang D et al. Provably secure and ID-based group signature scheme. 18th International Conference on Advanced Information Networking and Applications (AINA'04), Vol. 2, 384-388, March 29 -31, 2004, Fukuoka, Japan.
[88] Wu T, Chou S, Wu T. Two ID-based multisignature protocols for sequential and broadcasting architectures. Comput. Comm. 1996, 19: 851–856.
[89] Lee N, Hwang T, Wang C. The security of two ID-based multisignature protocols for sequential and broadcasting architectures. Information Processing Letters, 1999, 70: 79-81.
[90] Lin C, Wu T, and Hwang J. ID-based structured multisignature schemes. Advances in Network and Distributed Systems Security, Kluwer Academic Publishers, Boston, 2001, pp.45–59.
[91] Mitchell C. An attack on an ID-based multisignature scheme. Royal Holloway, University of London, Mathematics Department Technical Report RHUL-MA-2001-9, December, 2001.
[92] Saeednia S. An identity-based society oriented signature scheme with anonymous signers. Information Processing Letters, 2002, 83: 295–299.
[93] Tseng Y and Jan J. ID-based cryptographic schemes using a non-interactive public-key distribution system. Proceedings of the 14 th Annual Computer Security Applications Conference, Phoenix, Arizona, Dec. 1998, pp.237-243.
[94] Herranz J. A formal proof of security of Zhang and Kim's ID-based ring signature scheme. Security In Information Systems, Proceedings of the 2nd International Workshop on Security In Information Systems, WOSIS 2004, 63-72.
[95] Lin C and Wu T. An identity-based ring signature scheme from bilinear pairings, http://eprint.iacr.org/2003/117.
[96] Tang C, Liu Z, Wang M. An improved identity-based ring signature scheme from bilinear pairings. Mathematics-Mechanization Research Preprints, Mathematics-Mechanization Research Center (MMRC), Institute of Systems Sciences, AMSS, Academia Sinica. No. 22, 231234, December, 2003. http://www.mmrc.iss.ac.cn/pub/mm-pre.html
[97] Herranz J and Sáez C. A provably secure ID-based ring signature scheme, http://eprint.iacr.org/2003/261
[98] Chow S, Hui L and Yiu S. Identity Based hreshold Ring Signature, http://eprint.iacr.org/ 2004/179.
[99] Han S, Yeung W and Wang J. Identity-based confirmer signatures from pairings over elliptic curves. Proceedings of the 4th ACM conference on Electronic commerce, ACM Press, 2003, pp.262–263.
[100] Zhang F, Safavi-Naini R and Susilo W. Attack on Han et al.’s ID-based confirmer (undeniable) signature at ACM-EC’03, 2003. http://eprint.iacr.org/2003/129.
[101] Chow S, Hui L, Yiu S et al. A secure modified id-based undeniable signature scheme based on Han et al.'s Scheme against Zhang et al.'s Attacks. http://eprint.iacr.org/2003/262.
[102] Libert B and Quisquater J. Identity based undeniable signatures, Topics in Cryptology CT-RSA'04, LNCS 2964, Springer-Verlag, Berlin, 2004, pp. 112-125.
[103] Susilo W, Zhang F and Mu Y. Identity-based strong designated verifier signature schemes. ACISP 2004, LNCS 3108, Springer Verlag, Berlin, 2004, pp.313-324.
[104] Zhang F, Kim K. Efficient ID-based blind signature and proxy signature from bilinear pairings. ACISP 2003, LNCS 2727, Springer Verlag, Berlin, 2003, 312-323.
[105] Xu J, Zhang Z, Feng D. ID-based proxy signature using bilinear pairings. http://eprint.iacr.org/ 2003/206.
[106] Barreto P, Kim H, Lynn B et al. Efficient algorithms for pairing-based cryptosystcms. Advances in Cryptology -Crypto 2002, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 354-368.
[107] Cheon J, Kim Y and Yoon H. A new ID-based signature with batch verification, http://eprint.iacr.org/2004/131.
[108] Burnett A, Duffy A, Dowling T. A biometric identity based signature scheme. http://eprint.iacr.org/2004/176.
[109] 祁明, 肖国镇. 口令认证方案的安全性改进及其相应的数字签名方案. 通信学报, 1998, 19(6): 61-64.
[110] 吕继强, 王新梅. 两个基于身份的数字签名方案的安全性改进. 通信学报, 2003, 24(9):128-131.
[111] 杨君辉, 戴宗铎, 杨栋毅等. 一种椭圆曲线签名方案与基于身份的签名协议. 软件学报, 2000, 11(10):1303-1306.
[112] 王泽成, 斯桃枝, 李志斌等. 基于身份的代理签名和盲签名. 计算机工程与应用, 2003, 23: 148-150.
[113] Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transaction on Information Theory, 1993, 39: 1639–1646.
[114] Frey G and Ruck H. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation, 1994, 62: 865–874.
[115] Boneh D and Franklin M. Identity-based encryption from the Weil pairing. Advances in Cryptology -CRYPTO 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp.213–229.
[116] Boneh D, Lynn B and Shacham H. Short signatures from the Weil pairing. Advances in Cryptology -ASIACRYPT 2001, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.514–532.
[117] Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp.31–46.
[118] Zhang F, Safavi-Naini R, Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. Progress in Cryptology -INDOCRYPT'2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[119] Bellare M, Namprempre C and Neven G. Security proofs for identity-based identification and signature schemes. Advances in Cryptology -EUROCRYPT 2004, LNCS 3027, Springer-Verlag, Berlin, 2004, pp. 268–286.
[120] Kurosawa K and Heng S. From digital signature to ID-based identification/signature. PKC'04, LNCS 2947, Springer-Verlag, Berlin, 2004, pp.248-261.
[121] Libert B, Quisquater J. The exact security of an identity based signature and its applications. http://www.iacr.org/2004/102.
[122] Camenisch J, Piveteau J and Stadler M. Blind signatures based on the discrete logarithm problem. Advances in Cryptology —EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.428-432.
[123] Pointcheval D, Stern J. Provably secure blind signature schemes. Advances in Cryptology —ASIACRYPT’96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.252–265.
[124] Srivanasont B, Otsuka A, Imai H. Blind signature based on one-way accumulators. International Symposium on Information Theory and Its Applications, Xi’an, PRC, 2002, pp.647-650.
[125] Fan C I, Lei C L. Efficient blind signature scheme based on quadratic residues. Electronics Letters, 1996, 32(9): 811-813.
[126] Pointcheval D, Stern J. New blind signatures equivalent to factorization, Proceedings of the 4th ACM Conference on Computer and Communication Security, ACM Press, 1997, pp.92-99.
[127] 钟鸣, 杨义先. 一种基于比特承诺的部分盲签名方案. 通信学报, 2001, 22(9): 1-6.
[128] 张方国, 王常杰, 王育民. 基于椭圆曲线的数字签名与盲签名. 通信学报, 2001, 22(8): 22-28.
[129] 姚亦峰, 朱华飞, 陈抗生. 基于二元仿射变换的广义ELGamal 型盲签名方案. 电子学报, 2000, 28(7): 128-130.
[130] Abe M, Ohkubo M. Provably secure fair blind signatures with tight revocation. Advances in Cryptology -ASIACRYPT2001, LNCS 2248, Springer-Verlag, Berlin, 2001, pp.583–601.
[131] Stadler M, Piveteau J M, Camenish J. Fair blind signatures. Advances in Cryptology —EUROCRYPT’95, LNCS 921, Springer-Verlag, Berlin, 1995, 209–219.
[132] Juang W, Lei C. Fair blind threshold signatures based on discrete logarithm. Proceedings of National Computer Symposium 1997, Vol. 2, pp. C-95-C-100.
[133] Lee H, Kim T, Message recovery fair blind signature. PKC'99, LNCS 1560, Springer-Verlag, Berlin, 1999, pp.97-111.
[134] Juang W, Lei C. Blind threshold signatures based on discrete logarithm. Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181.
[135] Kim J, Kim K, Lee C. An efficient and provably secure threshold blind signature. Proc. of ICISC2001, LNCS 2288, Springer-Verlag, Berlin, 2001, pp.318-327.
[136] Lysyanskaya A, Ramzan Z. Group blind digital signatures: a scalable solution to electronic cash. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184-197.
[137] 汪保友, 胡运发, 袁时金. 群体盲数字签名协议. 计算机研究与发展, 2002, 39(10):1193-1198.
[138] Lal S, Awasthi A. Proxy blind signature scheme. http://www.iacr.org/2003/072.
[139] Chaum D, Fiat A, Naor M. Untraceable electronic cash. Advances in Cryptology —CRYPTO’88, LNCS 403, Springer-Verlag, Berlin, 1988, pp.319–327.
[140] Ferguson N. Single term off-line coins. Advances in Cryptology —EUROCRYPT’93, LNCS 765, Springer-Verlag, Berlin, 1993, pp.318-328.
[141] 王常吉, 蒋文保, 裴定一. 用限制性群盲签名构造电子现金系统. 通信学报, 2001, 22(12): 63-69.
[142] 王常吉, 裴定一, 蒋文保. 一个改进的基于限制性盲签名的电子现金系统. 电子学报, 2002, 30(7): 1083-1085.
[143] Juang W S, Lei C L. A secure and practical electronic voting scheme for real world environments. IEICE Trans. Fundamentals, 1997, E80-A(1): 64-71.
[144] Sako K, Electronic voting scheme allowing open objection to the tally. IEICE Trans. Fundamentals, 1994, E77-A(1):24-30.
[145] Pointcheval D. Strengthened security for blind signatures. Advances in Cryptology —EUROCRYPT’98, LNCS 1403, 391-405.
[146] Horster P, Peterson H, Michels M. Meta message recovery and meta blind signature schemes based on the discrete logarithem problem and their applications. Advances in Cryptology —ASIARYPT’94, LNCS 917, Springer-Verlag, Berlin, 1994, pp. 224-237.
[147] Harn L, Xu Y. Design of generalized ElGamal type digital signature schemes based on discrete logarithm. Electronics Letters, 1994, 30(24): 2025-2026.
[148] Abe M. A secure three-move blind signature scheme for polynomially many signatures. Advances in Cryptology —EUROCRYPT 2001, LNCS 2045, Springer-Verlag, Berlin, 2001, pp.136-151.
[149] Abe M and Okamoto T. Provably secure partially blind signatures. Advances in Cryptology -CRYPTO2000, LNCS 1880, Springer-Verlag, Berlin, 2000, pp.271-286.
[150] Schnorr C P. Security of blind discrete log signatures against interactive attacks. ICICS 2001, LNCS 2229, Springer-Verlag, Berlin, 2001, pp.1-12.
[151] Mohammed E, Emarah A, Shennawy K. A blind signature scheme based on ElGamal signature. IEEE2000, Proceedings of the Seventeenth National Radio Science Conference, 17th NRSC'2000, pp.51-53.
[152] Juels A, Luby M and Ostrovsky R. Security of blind digital signatures. Advances in Cryptology -CRYPTO’97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.150–164.
[153] Pointcheval D. Strengthened security for blind signatures. Advances in Cryptology -EUROCRYPT’98, LNCS 1403, Springer-Verlag, Berlin, 1998, pp.391–405.
[154] Bellare M, Namprempre C, Pointcheval D et al. The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. Financial Cryptography'01, LNCS 2339, Springer-Verlag, Berlin, 2001, pp.319-338.
[155] Bellare M, Namprempre C, Pointcheval D et al. The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme. J. Cryptology, 2003, 16(3): 185-215.
[156] Wagner D. A generalized birthday problem. Advances in Cryptology -CRYPTO'02, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 288-303.
[157] Abe M and Fujisaki E. How to date blind signatures. Advances in Cryptology -ASIACRYPT'96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.244-251.
[158] Abe M, Camenisch J. Partially blind signature schemes. Proceedings of Symposium on Cryptography and Information Security, SCIS97-33D, 1997.
[159] Miyazaki S, Abe M, Sakurai K. Partially blind signature schemes for the DSS and for a discrete log based message recovery signature. Proceedings of Korea-Japan Joint Workshop on Information Security and Cryptology, pp.217-226, 1997
[160] Fan C and Lei C. Low-computation partially blind signatures for electronic cash. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1998, E81-A(5):818-824.
[161] Chien H, Jan J and Tseng Y. RSA-based partially blind signature with low computation. Proceedings of Eighth International Conference on Parallel and Distributed Systems, ICPADS 2001, pp.385 -389.
[162] Juang W and Lei C. Partially blind threshold signatures based on discrete logarithm. Computer Communications, 1999, 22:73-86.
[163] Chien H, Jan J and Tseng Y. Partially blind threshold signature based on RSA. Informatica, 2003, 14(2):155-166.
[164] Maitland G and Boyd C. A provably secure restrictive partially blind signature scheme. Public Key Cryptography, PKC 2002, LNCS 2274, Springer-Verlag, Berlin, 2002, pp.99-114.
[165] Yang F and Jan J. A provably secure scheme for restrictive partially blind signatures. http://eprint.iacr.org/2004/037
[166] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. Proceedings of Indocrypt 2003, LNCS 2904, Springer-Verlag, Berlin, 2003, pp.191-204.
[167] Chow S, Hui L, Yiu S et al. Two Improved partially blind signature schemes from bilinear pairings. http://eprint.iacr.org/2004/108.
[168] Zhang F, Safavi-Naini R and Susilo W. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings, revised version, 2004. http://www.uow.edu.au/ ~fangguo.
[169] Yang F, Jan J. A provable secure scheme for partially blind signatures. http://eprint.iacr.org/ 2004/230/.
[170] Yang F, Jan J. A provably secure scheme for restrictive partially blind signatures. http://eprint.iacr.org/2004/037/.
[171] Chen L and Pedersen T. New group signature schemes. Advances in Cryptology-EUROCRYPT’94, LNCS 950, Springer-Verlag, Berlin, 1995, pp. 171-181.
[172] Chen L, Pedersen T. On the efficiency of group signature providing information-theoretic anonymity. Advances in Cryptology-EUROCRYPT’95, LNCS 921, Springer-Verlag, Berlin, 1995, pp 39-49.
[173] Park S, Lee I, Won D. A practical group signature. Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, 1995, pp.127 -1331
[174] Kim S, Park S, Won D. Convertible group signatures. Advances in Cryptology-ASIACRYPT’96, LNCS 1163, Springer-Verlag, Berlin, 1996, pp.311-321.
[175] Park S, Kim S, Won D. A practical identity-based group signature. Conference on Electronics, Information and Communications ( ICEIC’95), China,1995, pp.64 –67.
[176] Lim C and Lee P. On the security of convertible group signatures. Electronics Letters, 1996
[177] Michels C. Comments on some group signature schemes. Technical Report TR-96-3-D, Dept. of Comp. Sci., Univ. of Technology, Chemnitz-Zwickau, Nov. 1996.
[178] Camenisch J. Efficient and generalized group signatures. Advances in Cryptology —EUROCRYPT’97, LNCS 1233, Springer-verlag, Berlin, 1997, pp.465-479.
[179] Petersen H. How to convert any digital signature scheme into a group signature scheme. Security Protocols Workshop, Pairs, 1997, pp.177 –1901.
[180] Park S, Kim S and Won D. ID-based group signature. Electronics Letters, 1997, 33(15): 1616-1617
[181] Camenisch J, Stadler M. Efficient group signature schemes for large groups. Advances in Cryptology —CRYPTO '97, Lecture Notes in Computer Science,Vol. 1294, Springer-Verlag, Berlin, 1997, pp. 410-424.
[182] Ateniese G and Tsudik G. Some open issues and new directions in group signature schemes. Financial Cryptography (FC'99), Lecture Notes in Computer Science,Vol. 1648, Springer-Verlag, Berlin, 1999, pp.196-211.
[183] http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible/group-sign.htm
[184] Camenish J, Michels M. A group signature scheme with improved efficiency. Advances in Cryptology —ASIACRYPT’98, LNCS 1541, Springer-Verlag, Berlin, 1998, pp.160 –174.
[185] Lysyankaya A and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography 98, LNCS 1465, Springer-Verlag, Berlin, 1998, pp.184 –197.
[186] Traore J. Group signatures and their relevance to privacy-protecting off-line electronic cash systems. Information Security and Privacy, ACISP’99, LNCS 1587, Springer-Verlag, Berlin, 1999, pp:228 –243.
[187] Tseng Y and Jan J. A group signature scheme using self-certified public keys. Ninth National Conference on Information Security, 1999, pp.165-172.
[188] Ateniese G, Joye M and Tsudik G. On the difficulty of coalition-resistant in group signature schemes. Second Workshop on Security in Communication Networks (SCN’99), 1999.
[189] Camenisch J, Michels M. Separability and efficiency for generic group signature schemes. Advances in Cryptology —CRYPTO'99, LNCS 1666, Springer-Verlag, Berlin, 1999, pp.413-430.
[190] Ateniese G, Camenisch J, Joye M et al. A practical and provably secure coalition-resistant group signature scheme. Advances in Cryptology —Crypto'2000, LNCS 1880, Springer-Verlag, Berlin, 2000, pp. 255-270.
[191] Bresson E and Stern J. Efficient revocation in group signatures, PKC 2001, LNCS 1992, Springer-Verlag, Berlin, 2001, pp. 190–206.
[192] Kim H, Lim J, and Lee D. Efficient and secure member deletion in group signature schemes. Information Security and Cryptology (ICISC 2000), LNCS 2015, Springer-Verlag, Berlin, 2001, pp.150-161.
[193] Wang G, Bao F, Zhou J et al. Security remarks on a group signature scheme with member deletion, ICICS 2003, LNCS 2836, Springer-Verlag, Berlin, 2003, pp.72–83.
[194] Ateniese G, Tsudik G, Song D. Quasi-efficient revocation of group signatures. Financial Cryptography 2002, Mar. 2002.
[195] Camenisch J and Lysyanskaya A. Dynamic accumulators and application to efficient revocation of anonymous credentials. Advances in Cryptology —CRYPTO 2002, LNCS 2442, Springer-Verlag, Berlin, 2002, pp. 61-76.
[196] Tsudik G and Xu S. Accumulating composites and improved group signing. Advances in Cryptology —Asiacrypt 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp.269-86.
[197] Ding X, Tsudik G, and Xu S. Leak-free group signatures with immediate revocation. Proceedings of ICDCS 2004, Mar. 2004, pp.608-615.
[198] Chen Z, Wang J, Wang Y et al. An efficient revocation algorithm in group signatures. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp.339-351.
[199] Nakanishi T, Sugiyama Y. A group signature scheme with efficient membership revocation for reasonable groups. Information Security and Privacy (ACISP 2004), LNCS 3108, Springer-Verlag, Berlin, 2004, pp. 336-347.
[200] Song D. Practical forward secure group signature schemes. Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 225-234. ACM, 2001.
[201] Lyuu Y and Wu M. Convertible group undeniable signatures. Information Security and Cryptology –ICISC 2002, LNCS 2587, Springer-Verlag, Berlin, 2003, pp. 48-61.
[202] Xia S and You J. A group signature scheme with strong separability. Journal of Systems and Software, 2002, 60(3): 177-182.
[203] Ateniese G and Medeiros B. Efficient group signatures without trapdoors. Advances in Cryptology —ASIACRYPT 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp. 246-268.
[204] Bellare M, Micciancio D, Warinschi B. Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. Advances in
Cryptology —EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 614-629.
[205] Bellare M, Shi H, Zhang C. Foundations of group signatures: the case of dynamic groups. http://eprint.iacr.org/2004/077.
[206] Boneh D, Boyen X, Shacham H, Short group signatures, Advances in Cryptology—CRYPTO 2004, LNCS 3152, Springer-Verlag, Berlin, 2004, pp.41–55.
[207] Kiayias A and Yung M. Group signatures: provable security, efficient constructions and anonymity from trapdoor-holders. http://eprint.iacr.org/2004/076/.
[208] Miyaji A and Umeda K. A fully-functional group signature scheme over only known-order group. Applied Cryptography and Network Security (ACNS 2004), LNCS 3089, Springer-Verlag, Berlin, 2004, pp. 164-179.
[209] Boyar J, Chaum D, Damgard I et al. Convertible undeniable signatures. Advances in Cryptology —CRYPTO'90, LNCS 537, Springer-Verlag, Berlin, 1991, pp.189-205.
[210] Chaum D. Zero-knowledge undeniable signatures. Advances in Cryptology —EUROCRYPT'90, LNCS 473, Springer-Verlag, Berlin, 1991, pp. 458-464.
[211] Chaum D, Heijst E, Pfitzmann B. Cryptographically strong undeniable signatures, unconditionally secure for the signer. Advances in Cryptology —CRYPTO'91, LNCS 576, Springer-Verlag, Berlin, 1992, pp.470–484.
[212] Desmedt Y, and Yung M. Weakness of undeniable signature schemes. Advances in Cryptology —EUROCRYPT'91, LNCS 547, Springer-Verlag, Berlin, 1991, pp.205-220.
[213] Damgard I, Pedersen T. New convertible undeniable signature schemes. Advances in Cryptology —EUROCRYPT'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.372-386..
[214] Gennaro R, Krawczyk H, Rabin T. RSA-based undeniable signatures. Advances in Cryptology —CRYPTO'97, LNCS 1294, Springer-Verlag, Berlin, 1997, pp.132–149. Also in Journal of Cryptology, 2000, 13: 397–416.
[215] Miyazaki T. An improved scheme of the Gennaro-Krawczyk-Rabin undeniable signature system based on RSA. Information Security and Cryptology -ICISC 2000, LNCS 2015, Springer-Verlag, Berlin, 2001, pp.135-149.
[216] Galbraith S, Mao W, Paterson K. RSA-based undeniable signatures for general moduli. Topics in Cryptology –CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 200–217.
[217] Galbraith S and Mao W. Invisibility and anonymity of undeniable and confirmer signatures. Topics in Cryptology –CT-RSA 2003, LNCS 2612, Springer-Verlag, Berlin, 2003, pp. 80–97.
[218] Libert B, Quisquater J. Identity based undeniable signatures. Topics in Cryptology -CT-RSA 2004, LNCS 2964, Springer-Verlag, Berlin, 2004, pp.112-125.
[219] Monnerat J, Vaudenay S. Undeniable signatures based on characters: how to sign with one bit. Public Key Cryptography 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp. 69-85.
[220] Harn L, Yang S. Group-oriented undeniable signature schemes without the assistance of a mutually trusted party. Auscrypt'92, LNCS 718, Springer-Verlag, Berlin, 1993, pp. 133-142.
[221] Lin C, Wang C, Chang C. A group-oriented (t, n) undeniable signature scheme without trusted center. Information Security and Privacy (ACISP'96), LNCS 1174, Springer-Verlag, Berlin, 1996, pp.266-274.
[222] Sakurai K and Yamane Y. Blind decoding, blind Undeniable signatures, and their applications to privacy protection. Information Hiding 1996, LNCS 1174, Springer-Verlag, Berlin, 1996, pp. 257-264.
[223] Galbraith S, Mao W, Paterson K. RSA-based undeniable signatures for general moduli. Topics in Cryptology –CT-RSA 2002, LNCS 1294, Springer-Verlag, Berlin, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 200–217.
[224] Lyuu Y, Wu M. Convertible group undeniable signatures. Information Security and Cryptology –ICISC 2002, LNCS 2587, Springer-Verlag, Berlin, 2003, pp.48-61.
[225] Susilo W and Mu Y. Non-interactive deniable ring authentication. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp. 386-401.
[226] Okamoto T. Designated confirmer signatures and public key encryption are equivalent. Advances in Cryptology —CRYPTO'94, LNCS 839, Springer-Verlag, Berlin, 1994, pp. 61–74.
[227] Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. Advances in Cryptology —EUROCRYPT'96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.143-154.
[228] Michels M, Stadler M. Generic constructions for secure and efficient confirmer signature schemes. Advances in Cryptology —EUROCRYPT'98, LNCS 1403, Springer-Verlag, Berlin,
1998, pp.406–421.
[229] Camenisch J, Michels M. Confirmer signature schemes secure against adaptive adversaries. Advances in Cryptology —EUROCRYPT'00, LNCS 1870, Springer-Verlag, Berlin, 2000, pp. 243–258.
[230] Mu Y and Varadharajan V. Fail-stop confirmer signatures. Information Security and Privacy (ACISP'00), LNCS 1841, Springer-Verlag, Berlin, 2000, pp. 368-377.
[231] Kim S, Park S, Won D. Nominative signatures, Proc. of ICEIC'95, International Conference on Electronics, Information and Communications, Yanji, Jilin, China, August 1995, II-68 ~ II-71.
[232] Park H, Lee I, A digital nominative proxy signature scheme for mobile communication, Proc. of ICICS’01, LNCS 2229, Springer-Verlag, Berlin, 2001, pp.451-455.
[233] Seo S, Lee S. New nominative proxy signature scheme for mobile communications. Proceedings of SPI (Security and protection of Information), 2003, ISBN: 80-85960-50-8, pp.149-154 April, 2003.
[234] Zhang J, Wu Q, Wang J et al. An improved nominative proxy signature scheme for mobile communication. AINA2004, pp.234-239, 2004. [235] Araki S, Uehara S, Imamura K. The limited verifier signature and its application. IEICE Trans. Fundamentals, 1999, E82-A (1): 63-68.
[236] Wu T, Hsu C. Convertible authenticated encryption scheme. Journal of Systems and Software, 2002, 62(3): 205-209.
[237] Zhang F, Kim K. A universal forgery on Araki et al.’s convertible limited verifier signature scheme. IEICE Trans. Fundamentals, 2003, E86-A(2):515-516.
[238] Chen X, Zhang F, Kim K. Limited verifier signature from bilinear pairings. Applied Cryptography and Network Security (ACNS 2004), LNCS 3089, Springer-Verlag, Berlin, 2004, pp. 135-148.
[239] Steinfeld R, Bull L, Wang H et al. Universal designated-verifier signatures. Advances in Cryptology-ASIACRYPT 2003, LNCS 2894, Springer-Verlag, Berlin, 2003, pp.523-542.
[240] Steinfeld R, Wang H, Pieprzyk J. Efficient extension of standard Schnorr/RSA signatures into universal designated-verifier signatures. PKC 2004, LNCS 2947, Springer-Verlag, Berlin, 2004, pp. 86–100.
[241] Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. Advances in Cryptology -EUROCRYPT’96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp.143-154.
[242] Saeednia S, Kremer S, Markowitch O. An efficient strong designated verifier signature scheme. Information Security and Cryptology -ICISC 2003, LNCS 2971, Springer-Verlag, Berlin, 2004, pp.40-54.
[243] Susilo W, Zhang F, Mu Y. Identity-based strong designated verifier signature schemes. Information Security and Privacy (ACISP 2004), LNCS 3108, Springer-Verlag, Berlin, 2004, pp.313-324.
[244] Feige U, Fiat A, Shamir A. Zero-knowledge proofs of identity. Journal of Cryptology, 1988, 1:77–94.
[245] Michels M, Stadler M. Efficient convertible undeniable signature schemes, Proc.of 4th annual workshop on selected areas in cryptography (SAC'97), 1997, pp.231-244.
[246] Lee B, Kim H, Kim K. Strong proxy signature and its applications. SCIS’01, the 2001 Symposium on Cryptography and Information Security. Oiso, Japan. January, 2001, pp.603-608.
[247] Schnorr C. Efficient signature generation for smart cards. Journal of Cryptology, 1991(4): 239-252.
[248] 王尚平等. 群签名中成员删除问题的更新算子解决方案. 软件学报, 2003, 14(11): 1911-1917.
[249] Micali S, Ohta K, Reyzin L. Accountable-subgroup Multisignatures. ACM Conference on Computer and Communications Security, Nov. 2001, pp. 245-254.
[250] Pon S, Lu E, Lee J. Dynamic reblocking RSA-based multisignatures scheme for computer and communication networks. IEEE communications letters, 2002, 6(1): 43-44.
[251] Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the gap diffie-hellman group signature scheme. PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp. 31–46.
[252] Galbraith S, Malone-Lee J, Smart N. Public key signatures in the multi-user setting. Information Processing Letters, 2002, 83(5): 263-266.
[253] Mitomi S, Miyaji A. A multisignature scheme with message flexibility, order flexibility and order verifiability. Australasian Conference on Information Security and Privacy -ACISP 2000, LNCS 1841, Springer-Verlag, Berlin, 2000, pp. 298-312.
[254] Burmester M, Desmedt Y, Doi H et al. A structured ElGamal-type multisignature scheme. PKC’2000, LNCS 1751, Springer-Verlag, Berlin, 2000, pp.466-483.
[255] Tada M. An order-specified multisignature scheme secure against active insider attacks. Australasian Conference on Information Security and Privacy -ACISP 2002, LNCS 2384, Springer-Verlag, Berlin, 2002, pp. 328–345.
[256] Shieh S, Lin C, Yang W et al. Digital multisignature schemes for authenticating delegates in mobile code systems. IEEE transactions on vehicular technology, 2000, 49(4):1464-1473.
[257] Wu T, Huang C, Guan D. Delegated multisignature scheme with document decomposition. Journal of Systems and Software, 2001, 55(3): 321-328.
[258] He W. Weaknesses in some multisignature schemes for specified group of verifiers. Information Processing Letters, 2002, 83(2): 95–99.
[259] Chang Y, Wu T, Huang S. ElGamal-like digital signature and multisignature schemes using self-certified public keys. Journal of Systems and Software, 2000, 50(2): 99-105.
[260] Simmons G. The prisoner’s channel and the subliminal channel. Advances in Cryptology —CRYPYO’83, Lecture Notes in Computer science, Springer-Verlag, Berlin, 1984, pp.51-67.
[261] Lee N, Ho P. Digital signature with a threshold subliminal channel. IEEE Transactions on Consumer Electronics, 2003, 49(4): 1240-1242.
[262] Lee N, Lin D. Robust digital signature scheme with subliminal channels. IEICE Trans. Fundamentals, 2003, E86-A(1): 187-188.
[263] Simmons G. Subliminal communication is easy using the DSA. Advances in Cryptology —EUROCRYPT’93, LNCS 765, Springer-Verlag, Berlin, 1994, pp.218-232.
[264] Harn L, Gong G. Digital signature with a subliminal channel. IEE. Proc. Comput. Digit. Tech., 1997, 144(6): 387-389.
[265] Jan J, Tseng Y. New digital signature with subliminal channels based on the discrete logarithm problem. Proceedings of the 1999 International Workshops on Parallel Processing, 1999, pp.198-203.
[266] Simmons G. Results concerning the bandwidth of subliminal channels. IEEE journal on selected areas in communications, 1998, 16(4): 463-473.
[267] Shamir A. How to Share a Secret. Commun. of ACM, 1979, 22(11): 612-613.
[268] Horster P, Michels M, Petersen H. Meta-multisignatures schemes based on the discrete logarithm problem. In Information Security: The Next Decade. Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, IFIP/Sec’95, Chapman & Hall, 1995, pp.128-141.
[269] Langford S. Weaknesses in some threshold cryptosystems. Advances in Cryptology—CRYPTO’96, LNCS 1109, Springer-verlag, Berlin, 1996, pp.74-82.
[270] Michels M, Horster P. On the risk of disruption in several multiparty signature schemes. Advances in Cryptology –ASIACRYPT’96, LNCS 1163, Springer-verlag, Berlin, 1996, pp.334–345.
[271] Harn L. Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digit. Tech., 1994, 141(5), pp.307-313.
[272] Li C, Hwang T, Lee N. Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. Advances in Cryptology—EUROCRYPT 94, LNCS 950, Springer-verlag, Berlin, 1994, pp.194-204.
[273] Ohta K, Okamoto T. Multi-signature schemes secure against active insider attacks. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 1999, E82-A(1):21-31.