基于双线性对的可证明安全公钥密码方案研究
|
摘要
双线性对是当前设计密码方案的重要工具,利用双线性对所构造的方案可以实现很多实际应用所要求的复杂功能。可证明安全理论是近年来密码方案安全性研究的热点,它改变了传统密码设计所遵循的“设计-攻击-改进”的模式,为方案的安全性提供了有效的度量依据。本文以可证明安全理论方法为线索,研究了若干公钥密码方案的设计与安全性证明,得到的主要成果如下。
1.设计了两个基于分级身份的签名方案:方案I基于selective-identity安全模型,该方案具有公钥长度短的优点,且安全性被规约到一个一般的困难问题假设——计算Dife-Hellman假设,在随机预言机模型下可证明安全。方案II基于安全性更强的full-identity模型,在标准模型下可证明安全,并且其私钥长度随着分级级数的增加而减小,密文长度为常数,验证过程只需3次双线性对运算。
2.设计了标准模型下的带通配符的基于身份加密方案,具体提出了三个方案。方案I基于BDHI假设,公开参数长度较短,然而私钥长度与密文长度都随着分级身份的级数线性增长。为此本文提出了改进方案II和III,它们的共同优点是私钥长度随着分级级数的增加而减小,密文长度为常数,且仅仅含有两个群元素。方案II和III分别基于L-wDBDHE假设和DBDH假设。
3.设计了两个基于生物特征身份的加密方案和一个签名方案。首先介绍了如何利用模糊提取技术从生物特征中提取出用户的公钥信息。本文方案结合了Shamir的门限秘密共享方案和纠错码原理,具有较强的容错性和灵活性。方案I、II均为基于标准模型的加密方案,且安全性规约至DBDH问题。方案II比I性能更优,其解密过程只需两次双线性对运算。方案III为基于生物特征身份的签名方案,该方案的效率较高,安全性基于随机预言机模型。
4.设计了标准模型下基于身份的广播加密方案,在标准模型下证明了该方案是抗选择密文攻击的。此方案的公开参数长度,私钥长度,密文长度均为常数,加密过程不需双线性对运算,解密过程只需两次对运算。该方案具有较高的传输效率和较低的用户存储代价,适合资源受限的动态ad hoc网络,当有成员退出或新成员加入时,只需在加密过程中删除或添加一个用户ID,即可实现群密钥的安全分发。避免了传统的ad hoc网络协议中复杂的交互过程。
Bilinear pairing is a significant tool for designing cryptographic schemes at present.The pairing-based schemes are able to attain complex functions required by diferentapplications. Provable security theory is a hot topic of research on cryptographic schemesin recent years. It alters the traditional way (design-attack-improve) of constructingcryptographic schemes and provides an efective approach of measuring the security ofcryptographic schemes. In this dissertation, taking provable security theory as clue, westudy the construction of public key cryptographic schemes and their security proofs. Themain results are specified as follows.
1. New hierarchical identity-based signature schemes are introduced. The first schemeis constructed in selective-identity model. It has short public parameter and itssecurity is reduced to the computational Dife-Hellman(CDH) assumption. Thesecond scheme is constructed in full-identity model and proved secure in standardmodel. It achieves constant-size ciphertexts and private keys in this scheme shrinkas the identity depth increases. Only three bilinear operations are required in theverification phase.
2. We construct three efcient identity-based encryption schemes with wildcards instandard model. The first scheme is constructed under the BDHI assumption andhas short public parameters. However, the size of private keys and ciphertexts in-creases as the depth of identity increases. So two modified schemes are proposed.Both schemes achieve constant-size ciphertexts and consist of only two group ele-ments. Furthermore, their private keys shrinks as the identity depth increases. Thelast two schemes base on L-wDBDHE assumption and DBDH assumption, respec-tively.
3. We construct two biometric identity based encryption schemes and one signaturescheme. First, the method to extract public key from user’s biometric characteristicswith fuzzy extractor is introduced. The schemes are error tolerant and flexible dueto the combining of Shamir’s threshold secret sharing and error correction code.Both scheme I and II are encryption schemes and base on standard model. Theirsecurities are reduced to DBDH assumption. Scheme II has higher efciency thanscheme I and requires only two bilinear operations in the decryption phase. SchemeIII is a biometric identity based signature scheme. It has good efciency and baseson random oracle model.
4. A novel identity based broadcast encryption scheme is presented. The scheme is constructed in standard model and proved secure against chosen ciphertext attack.This scheme achieves constant-size of public parameter, private key and ciphertext.No bilinear operation is required in the encryption phase and the decryption phasemerely needs two bilinear operations. This is one of the most efcient constructionsat present. This scheme has short transmissions and low cost of user storage. Thesecharacters are desirable for mobile ad hoc networks. When user joins or leaves thenetwork, the broadcaster only needs to add or delete user’s ID to securely distributethe group key. The complex information interchange process in traditional ad hocprotocols is avoided.
1.设计了两个基于分级身份的签名方案:方案I基于selective-identity安全模型,该方案具有公钥长度短的优点,且安全性被规约到一个一般的困难问题假设——计算Dife-Hellman假设,在随机预言机模型下可证明安全。方案II基于安全性更强的full-identity模型,在标准模型下可证明安全,并且其私钥长度随着分级级数的增加而减小,密文长度为常数,验证过程只需3次双线性对运算。
2.设计了标准模型下的带通配符的基于身份加密方案,具体提出了三个方案。方案I基于BDHI假设,公开参数长度较短,然而私钥长度与密文长度都随着分级身份的级数线性增长。为此本文提出了改进方案II和III,它们的共同优点是私钥长度随着分级级数的增加而减小,密文长度为常数,且仅仅含有两个群元素。方案II和III分别基于L-wDBDHE假设和DBDH假设。
3.设计了两个基于生物特征身份的加密方案和一个签名方案。首先介绍了如何利用模糊提取技术从生物特征中提取出用户的公钥信息。本文方案结合了Shamir的门限秘密共享方案和纠错码原理,具有较强的容错性和灵活性。方案I、II均为基于标准模型的加密方案,且安全性规约至DBDH问题。方案II比I性能更优,其解密过程只需两次双线性对运算。方案III为基于生物特征身份的签名方案,该方案的效率较高,安全性基于随机预言机模型。
4.设计了标准模型下基于身份的广播加密方案,在标准模型下证明了该方案是抗选择密文攻击的。此方案的公开参数长度,私钥长度,密文长度均为常数,加密过程不需双线性对运算,解密过程只需两次对运算。该方案具有较高的传输效率和较低的用户存储代价,适合资源受限的动态ad hoc网络,当有成员退出或新成员加入时,只需在加密过程中删除或添加一个用户ID,即可实现群密钥的安全分发。避免了传统的ad hoc网络协议中复杂的交互过程。
Bilinear pairing is a significant tool for designing cryptographic schemes at present.The pairing-based schemes are able to attain complex functions required by diferentapplications. Provable security theory is a hot topic of research on cryptographic schemesin recent years. It alters the traditional way (design-attack-improve) of constructingcryptographic schemes and provides an efective approach of measuring the security ofcryptographic schemes. In this dissertation, taking provable security theory as clue, westudy the construction of public key cryptographic schemes and their security proofs. Themain results are specified as follows.
1. New hierarchical identity-based signature schemes are introduced. The first schemeis constructed in selective-identity model. It has short public parameter and itssecurity is reduced to the computational Dife-Hellman(CDH) assumption. Thesecond scheme is constructed in full-identity model and proved secure in standardmodel. It achieves constant-size ciphertexts and private keys in this scheme shrinkas the identity depth increases. Only three bilinear operations are required in theverification phase.
2. We construct three efcient identity-based encryption schemes with wildcards instandard model. The first scheme is constructed under the BDHI assumption andhas short public parameters. However, the size of private keys and ciphertexts in-creases as the depth of identity increases. So two modified schemes are proposed.Both schemes achieve constant-size ciphertexts and consist of only two group ele-ments. Furthermore, their private keys shrinks as the identity depth increases. Thelast two schemes base on L-wDBDHE assumption and DBDH assumption, respec-tively.
3. We construct two biometric identity based encryption schemes and one signaturescheme. First, the method to extract public key from user’s biometric characteristicswith fuzzy extractor is introduced. The schemes are error tolerant and flexible dueto the combining of Shamir’s threshold secret sharing and error correction code.Both scheme I and II are encryption schemes and base on standard model. Theirsecurities are reduced to DBDH assumption. Scheme II has higher efciency thanscheme I and requires only two bilinear operations in the decryption phase. SchemeIII is a biometric identity based signature scheme. It has good efciency and baseson random oracle model.
4. A novel identity based broadcast encryption scheme is presented. The scheme is constructed in standard model and proved secure against chosen ciphertext attack.This scheme achieves constant-size of public parameter, private key and ciphertext.No bilinear operation is required in the encryption phase and the decryption phasemerely needs two bilinear operations. This is one of the most efcient constructionsat present. This scheme has short transmissions and low cost of user storage. Thesecharacters are desirable for mobile ad hoc networks. When user joins or leaves thenetwork, the broadcaster only needs to add or delete user’s ID to securely distributethe group key. The complex information interchange process in traditional ad hocprotocols is avoided.
引文
[1] Shannon C. Communication theory of secrecy systems. Journal of Bell System Technical,1949,28(4):656-715.
[2] Goldwasser S. and Micali S. Probabilistic encryption. Journal of Computer Systems Sci-ence,1984,28(2):270-299.
[3] Koblitz N. and Menezes A. Another look at’provable security’. Journal of Cryptology,2007,20(1):3-37.
[4] Micali S., Rackof C. and Sloan B. The notion of security for probabilistic cryptosystems.Advances in Cryptology-CRYPTO’86, LNCS263, Springer-Verlag, Berlin,1986, pp.381-392.
[5] Fiat A., Shamir A. How to prove yourself: practical solutions to identication and signatureproblems. Advances in Cryptology-CRYPTO’86, LNCS263, Springer-Verlag, Berlin,1986,pp.186-194.
[6] Bellare M., Rogaway P. Random oracles are practical: a paradigm for designing efcientprotocols.1st ACM Conference on Computer and Communications Security, New York:ACM Press,1993, pp.62-67.
[7] Canetti R., Goldreich O., and Halevi S. The random oracle methodology, revisited. Journalof the ACM,2004,51(4):557-594.
[8] Pointcheval D. Asymmetric cryptography and practical security.Journal of Telecommu-nications and Information Technology,2002,4:41-56.
[9] Okamoto T. Efcient blind and partially blind signatures without random oracles. TCC2006, LNCS3876, Springer-Verlag, Berlin,2006, pp.80-99.
[10] Bellare M. and Namprempre C. Authenticated encryption: relations among notions andanalysis of the generic composition paradigm. Asiacrypt’00, LNCS1976,2000:531-545.
[11] Krawczyk H. The order of encryption and authentication for protecting communications(or How secure Is SSL?). Crypto’01. LNCS2139,2001:310-331.
[12] Dife W., Hellman M. New directions in cryptography. IEEE Transactions on InformationTheory,1976,22(6):644-654.
[13] Gutman P. PKI: It’s not dead, just resting. Computer,2002,35(8), pp.41-49.
[14] Thompson M.R., Essiari A., Mudumbai S. Certificate-based authorization policy in a PKIenvironment. ACM Transactions on Information and System Security,2003,6(4):566-588.
[15] Lee Y., Lee J. and Song J.S. Design and implementation of wireless PKI technologysuitable for mobile phone in mobile-commerce. Computer Communications,2007,30(4):893-903.
[16] Boldyreva A., Fischlin M., Palacio A., etc. A closer look at PKI: security and efciency.PKC2007, LNCS4450,2007, PP.458-475.
[17] Huang J. and Nicol D. A calculus of trust and its application to PKI and identity man-agement.8th symposium on identity and trust on the internet, ACM Press,2009:23-37.
[18] Shamir A. Identity-based cryptosystems and signature schemes. CRYPTO’84, LNCS196,Springer-Verlag,1984, pp47-53.
[19] Tanaka H. A realization scheme for the identity-based cryptosystem. Crypto’87,1988,LNCS293, Springer-Verlag, pp.340-349.
[20] Tsuji S. and Itoh T. An ID-based cryptosystem based on the discrete logarithm problem.IEEE journal of Selected Areas in Communication,1989,7(4):467-473.
[21] Hu¨hnlein D., Jakobsson M., and Weber D. Towards practical non-interactive public keycryptsystems using non-maximal imaginary quadratic orders. Selected Area in Cryptogra-phy,2000, LNCS2012, Springer-Verlag, pp.275-287.
[22] Cocks C. An identity based encryption scheme based on quadratic residues. InternationalConference on Cryptosystem and Coding, LNCS2260, Berlin: Springer-Verlag,2001:360-363.
[23] Boneh D., Franklin M. Identity based encryption from the Weil pairing. CRYPTO’01,2001, LNCS2139, pp.213-229.
[24] Canetti R., Halevi S., Katz J. A forward-secure public-key encryption scheme. Advancesin Cryptology-Eurocrypt’03. LNCS2656, Berlin: Springer-Verlag,2003:255-271.
[25] Boneh D., Boyen X. Secure identity based encryption without random oracles. Advancesin Cryptology-Crypto’04, LNCS3152, Heidelberg: Springer-Verlag,2004:443-459.
[26] Waters B. Efcient identity-based encryption without random oracles. Eucryto’05, Berlin:Springer-Verlag,2005:114-127.
[27] Naccache D. Secure and practical identity-based encryption. IET Information Security.2007,1(2):59-64.
[28] Horwitz J., Lynn B. Toward hierarchical identity-based encryption. Advances inCryptology-Eurocrypt’02, LNCS2332, Heidelberg: Springer-Verlag,2002:466-481.
[29] Gentry C., Silverberg A. Hierarchical ID-based cryptosystem. Advances in Cryptology-Asiacrypt’02, LNCS2501, Berlin: Springer-Verlag,2002:548-566.
[30] Boneh D., Boyen X. and Goh E. Hierarchical identity-based encryption with constantciphertext. EuroCrypt’05, LNCS3494, Springer-Verlag,2005, pp.440-456.
[31] Abdalla M., Catalano D., Dent A.W., etc. Identity-based encryption gone wild.33rdInternational Colloquium on Automata, Languages and Programming, Berlin: Springer-Verlag (2006), pp.300-311.
[32] Birkett J., Dent A.W., Neven G., et al. Efcient chosen ciphertext secure identity-basedencryption with wildcards.12th Australasian Conference on Information Security andPrivacy, Springer-Verlag,(2007), pp.274-292.
[33] Ming Y., Shen X.Q. and Wang Y.M. Identity-based encryption with wildcards in thestandard model. Journal of China Universities of Posts and Telecommunications, vol.16,no.1, pp.64-68,80,(2009).
[34] Sahai A., Waters B. Fuzzy identity-based encryption. Proceedings of Eurocrypt’05,2005:457-473.
[35] Burnett A., Byrne F., Dowling T., Dufy A. A biometric identity based signature scheme.International Journal of Network Security,2007(5):317-326.
[36] Liu X., Miao Q., Li D. A new special biometric identity based signature scheme. Interna-tional Journal of Security and its Applications,2(1):13-18,2008.
[37] Sarier N.D. A New Biometric Identity based encryption scheme. ICYCS’08,2008:2061-2066.
[38] Fiat A. and Naor M. Broadcast encryption. CRYPTO’93,1993, LNCS773, pp.480-491.
[39] Wong C., Gouda M. Secure group communications using key graphs. IEEE/ACM Trans-actions on Networking.2008,8(1):16-30.
[40] Mihaljevic M. Key management schemes for stateless receivers based on time varyingof heterogeneous logical key hierarchy. Asiacrypt’03. Heideberg: Springer-Verlag,2003:137-154.
[41] Naor M. and Pinkas B. Efcient trace and revoke schemes. FC’00,2000, LNCS1962, pp.1-20
[42] Dodis Y. and Fazio N. Public key broadcast encryption for stateless receivers. DRM Work-shop’02, LNCS2696,2002:61-80.
[43] Du X., Wang Y., Ge J., and Wang Y. An id-based broadcast encryption scheme for keydistribution. IEEE Trans. Broadcasting,2005,51(2):264-266.
[44] Chien H.Y. Comments on an efcient id-based broadcast encryption scheme. IEEE Trans.Broadcasting,2007,53(4):809-810.
[45] Boneh D., Gentry C., Waters B. Collusion resistant broadcast encryption with short ci-phertexts and private keys, Advances in Cryptology-Crypto’05, Berlin: Springer-Verlag,LNCS3621,2005:258-275.
[46] Delerable′e C. Identity-based broadcast encryption with constant size ciphertexts and pri-vate keys, Advances in Cryptology-Asiacrypt’2007, Berlin: Springer-Verlag, LNCS4833.2007:200-215.
[47] Ghodosi H., Pieprzyk J. and Safavi R. Dynamic threshold cryptosystems: a new schemein group oriented cryptography. Pragocrypt’96,1996:370-379.
[48] Chai Z., Cao Z. and Zhou Y. Efcient ID-based broadcast threshold decryption in ad hocnetwork. IMSCCS’06, IEEE Computer Society,2006,2:148-154.
[49] Daza V., Herranz J., Morillo P., etc. CCA2-secure threshold broadcast encryption withshorter ciphertexts. ProvSec’07, LNCS4784, Berlin: Springer-Verlag,2007:35-50.
[50] Zhang L., Hu Y., Wu Q. Adaptively secure identity-based threshold broadcast encryptionwithout random oracles. Advanced Materials Research,2011:347-352.
[51] Popescu C. An efcient id-based group signature scheme. Informatica, Vol. XLVII, Novem-ber2,2002.
[52] Malone-Lee J. Identity based signcryption. Cryptology ePrint Archive, Report2002/098,2002. Available from: http://eprint.iacr.org/2002/098.
[53] Green M., Hohenberger S. blind identity-based encryption and simulatable oblivious trans-fer. ASIACRYPT’07, LNCS4833,2007, PP.265-282.
[54] Green M., Ateniese G. Identity based proxy re-encryption. ACNS’07, LNCS4521,2007:288-306.
[55] Qin L., Cao Z., Dong X. Multi-receiver identity-based encryption in multiple PKG envi-ronment. GLOBECOM’08. New Orleans, LA, NOV30-DEC04,2008:1-5.
[56] Xu Z., Ma R., Liu S., etc. EISM: An Efcient ID-based signcryption scheme for multi-PKGmultihop wireless networks of mobile hosts. Ad hoc and Sensor Wireless Networks.2011,11(1-2):93-110.
[57] Li F., Shirase M., Takag T. Efcient multi-PKG ID-based signcryption for ad hoc networks.Information Security and Cryptology. LNCS5487,2009:289-304.
[58] Goyal V. Reducing trust in the PKG in identity based cryptosystems. CRYPTO’07. LNCS4622,2007:430–448.
[59] Meneezes A., Okamoto T. and Vanstone S. Reducing elliptic curve algorithm to logarithmsin a finite field. IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[60] Frey G., Ruck H. A remark concerning m-divisibility and the discrete logarithm in thedivisor class group of curves. Mathematics of Computation,1994,62(206):865-674.
[61] Barreto P., Kim H. and Lynn B. Efcient algorithms for pairing-based cryptosystems.Advances in Cryptology-CRYPTO2002, LNCS2442, Springer-Verlag, Berlin,2002:354-368.
[62] Barreto P., Lynn B. and Scott M. On the selection of pairing-friendly groups. SAC’03,LNCS3006, Springer-Verlag, Berlin,2004:17-25.
[63] Lynn B. On the implementation of pairing-based cryptography. PHD thesis, StanfordUniversity,2006.
[64] Boneh D., Boyen X. Efcient selective-ID secure identity based encryption without randomoracles.EUROCRYPT’04, LNCS3027, Springer-Verlag,2004:223-238.
[65] Horwitz J. and Lynn B. Towards hierarchical identity-based encryption. EUROCRYPT’02,LNCS2332,2002:466-481.
[66] Chattterjee S. and Sarkar P. Generalization of the selectve-ID security model for HIBEprotocols. PKC’06, LNCS3958,2006:241-256.
[67] Chatterjee S. and Sarkar P. HIBE with short public parameters without random oracle.ASIACRYPT’06, LNCS4284, Springer-Verlag,2006:145-160.
[68] Chatterjee S. and Sarkar P. New constructions of constant size ciphertext HIBE withoutrandom oracle. ICISC’06, LNCS4296,2006:310-327.
[69] Li J., Zhang F.G., et al. A new hierarchical ID-based cryptosystem and CCA-secure PKE.EUC Workshops2006, LNCS4097, Springer-Verlag,2006:362-371.
[70] David P., Jacques S. Security arguments for digital signatures and blind signatures. Journalof Cryptology,2000,13(3):361-396.
[71] Chow S., Lucas C., Yiu S., et al. Secure hierarchical identity based signature and its ap-plication. International Conference on Information and Communications Security, Berlin,Germany: Springer-Verlag,2004:480-494.
[72] Yuen T.H., Wei V.K. Constant-size hierarchical identity-based signature/signcryptionwithout random oracles. Cryptology ePrint Archive, Report2005/412,2005. Availablefrom: http://eprint.iacr.org/2005/412.
[73] Au M.H., Liu J.K., Yuen T.H., et al. Practical hierarchical identity based encryption andsignature schemes without random oracles. Cryptology ePrint Archive, Report2006/368,2006. Available from: http://eprint.iacr.org/2006/368.
[74] Zhang L., Hu Y. A new construction of short hierarchical identity-based signature inthe standard model. International Journal of Computer Science and Network Secu-rity,2009,9(4):180-186.
[75] Zhang L., Hu Y., Wu Q. New construction of short hierarchical ID-based signature in thestandard model. Fundamenta Informaticae,2009,90(1):191-201.
[76] Li J., Chen X., Zhang F., et al. Generalization of the selective-ID security model for HIBSprotocols. International Conference on Computational Intelligence and Security, IEEE,Piscataway, NJ, USA,2006:1583-1586.
[77] Li J., Chen X., Zhang F., et al. Generalization of the selective-ID security model for HIBSprotocols. International Conference on Computational-Intelligence and Security, Berlin:Springer-Verlag,2007:894-902.
[78] Cui W., Xin Y., Yang Y.X., et al. Practical hierarchical identity based signature in thestandard model. IEEE International Conference Neural Networks and Signal, Zhenjiang,China, IEEE,2008:416-421.
[79] Maurer U.M., Wolf S. Relationship between breaking the Dife-Hellman protocol andcomputing discrete logarithms. SIAM Journal on Computing,1999,28(5):1689-1721.
[80] Chatterjee S., Sarkar P. Trading time for space: towards an efcient IBE schemewith short(er) public parameters in the standard model. ICISC’05, LNCS3935, Berlin:Springer-Verlag,2005:424-440.
[81] Maltoni D., Maio D., Jain A.K., Prabhakar S. Handbook of fingerprint recognition,Springer-Verlag, New York Inc,2009.
[82] Sanjay K., Dijana P., Bernadette D. Obtaining cryptographic keys using feature levelfusion of iris and face biometrics for secure user authentication, IEEE Computer SocietyConference on Computer Vision and Pattern Recognition Workshops,2010:138-145,.
[83] Rashid R.A., Mahalin N.H., Sarijari M.A., etc. Security system using biometric technol-ogy: design and implementation of voice recognition systems, International Conferenceon Computer and Communication Engineering,2008:898-902.
[84] Shamir A. How to share a secret. Communications of the ACM,1979,24(11):612-613.
[85] Dodis Y., Reyzin L., Smith A. Fuzzy extractors: how to generate strong keys from bio-metrics and other noisy data. Eurocrypt’04, LNCS3027, Berlin: Springer-Verlag,2004:523-540.
[86] Sarier N.D. A new biometric identity based encryption scheme secure against DoS attacks.Security and Communication Networks.2010,4(1):23-32.
[87] Cheon J. Security analysis of the strong Dife-Hellman problem. EUROCRYPT’06,2006:1-11.
[88] Baek J., Susilo W., Zhou J.. New constructions of fuzzy identity-based encryption.2ndACM symposium on information, computer and communications security.2007:368-370.
[89] Fang L., Wang J., Ren Y., Xia J., etc. Chosen ciphertext secure fuzzy identity basedencryption without ROM. Journal of Shanghai Jiaotong University (Science),2008(13):646-650.
[90] Li X.M., Yang B., Guo Y.B. Fuzzy identity based encryption scheme with some assignedattributes. Fifth international conference on information assurance and security,2009(1):133-136.
[91] Ren Y.L., Gu D.W., Wang S.Z., Zhang X.P. New fuzzy identity-based encryption in thestandard model. Informatica,2010,21(3):393-407.
[92] Liu X., Miao Q., Li D. A New Special biometric identity based signature scheme. Inter-national Journal of Security and its Applications,2008,2(1):13-18.
[93] Yang P., Cao Z., Dong X. Fuzzy identity based signature. Available in Cryptology ePrintArchive. http://eprint.iacr.org/2008/002.
[94] Wang C., Wei C., Yang L. A fuzzy identity based signature scheme. International Con-ference on E-Business and Information System Security, EBISS’09,2009:1-5.
[95] Naor D., Maor M., and Lotspiech J. Revocation and tracing schemes for stateless receivers.CRYPTO’01, LNCS2139,2001:41–62.
[96] Halevi D. and Shamir A. The LSD broadcast encryption scheme. CRYPTO’02, LNCS2442,2002:47–60.
[97] Goodrich M.T., Sun J.Z., and Tamassia R. Efcient tree-based revocation in groups oflow-state devices, CRYPTO’04, LNCS3152,2004:511–527.
[98] Jho N.S., Hwang J.Y., Cheon J.H., etc. One-way chain based broadcast encryptionschemes. Eurocrypt’05, LNCS3494,2005:559–574.
[99] Hwang J.Y., Lee D.H., and Lim J.I. Generic transformation for scalable broadcast encryp-tion. CRYPTO’05, LNCS3621,2005:276–292.
[100] Gentry C. and Silverberg A. Hierarchical ID-based cryptography.ASIACRYPT’02, LNCS2501,2002:548-566.
[101] Baek J., Safavi R., Susilo W.. Efcient multi-receiver identity-based encryption and itsapplication to broadcast encryption. PKC’05, LNCS3386,2005:380-397.
[102] Barbosa M., Farshim P. Efcient identity-based key encapsulation to multiple parties.Cryptography and Coding, LNCS3796,2005:428-441.
[103] Ng C.Y., Mu Y., and Susilo W. An identity-based broadcast encryption scheme for mobilead hoc networks. Journal of telecommunication and information technology.2006(1):24-29.
[104] Boyen X. General ad hoc encryption from exponent inversion IBE.EUROCRYPT’07,LNCS4515,2007:394-411.
[105] Delerabl′ee C. Identity-based broadcast encryption with constant size ciphertexts and pri-vate keys. Advances in Cryptology-ASIACRYPT, LNCS4833,2007:200-215.
[106] Camp T., Boleng J., Davies V. A survey of mobility models for ad hoc network research.Wireless Communications and Mobile Computing,2002,2(5), PP.483-502.
[107] Younis O., Fahmy S. HEED: a hybrid, energy-efcient, distributed clustering approach forad hoc sensor networks. IEEE Transactions on Mobile Computing,2004,3(4):366-379.
[108] Mauve M., Widmer J., Hartenstein H. A survey on position-based routing in mobile adhoc networks. IEEE Network,2001,15(6):30-39.
[109] Bruno R., Conti M., Gregori E. Mesh networks: commodity multihop ad hoc networks.IEEE Communications Magazine.2005,43(3):123-131.
[110] Frantti T., Koivula M. Fuzzy packet size control for delay sensitive trafc in ad hocnetworks. Expert Systems with Applications.2011,8:10188-10198.
[111] Dhurandher S.K., Obaidat M.S., Verma K., etc. FACES: friend-based ad hoc routing usingchallenges to establish security in MANETs systems. IEEE Systems Journal.2011,5(2):176-188.
[112] Zhang C., Song Y., Fang Y.G., etc. On the price of security in large-scale wireless ad hocnetworks. IEEE-ACM Transactions on Networking.2011,19(2):319-332.
[113] Bu S.R., Yu F.R., Liu X., etc. Distributed combined authentication and intrusion detectionwith data fusion in high-security mobile ad hoc networks. IEEE Transactions on VehicularTechnology.2011,60(3):1025-1036.
[114] Vaidya B., Makrakis D., Park J., etc. Resilient security mechanism for wireless ad hocnetwork. Wireless Personal Communications.2011,56(3):385-401.
[115] Hadjichristofi G.C., DaSilva L.A., Midkif S.F., etc. Routing, security, resource manage-ment, and monitoring in ad hoc networks: implementation and integration. ComputerNetworks.2011,55(1):282-299.
[116] Hwang R.J., Chang R.C. Key-agreement in ad hoc networks. Journal of ComputationalScience and Engineering,2006,2:37-45.
[117] Rhee K.H., Park Y., Tsudik G., Chang R. A group key management architecture formobile ad-hoc wireless networks. Journal of computational science and engineering,2005,21:415-428.
[118] Joux A. A one round protocol for tripartite Dife-Hellman. Journal of Cryptology,2004,17:263-276.
[119] Burmester M., Desmedt Y.G. A secure and efcient conference key distribution system.EUROCRYPT’94. LNCS950,1995:275–286.
[120] Steiner M., Tsudik G., Waidner M. Key agreement in dynamic peer groups. IEEE Trans-actinson Parallel and Distributed Systems,2000,11(8):769-780.
[121] Kim Y., Perrig A. and Tsudik G. Tree-based group key agreement. ACM Transactions onInformation and System Security,2004,7(1):60-96.
[122] Kim Y., Perrig A. and Tsudik G. Group key agreement efcient in communication. IEEETransactions on Computers,2004,53(7):905-921.
[123] Liao L., Manulis M. Tree-based group key agreement famework for mobile ad-hoc networks.Future Generation Computer Systems.2007(23):787-803.
[124] Canetti R., Goldreich O., Halevi S. The random oracle methodology. Journal of the ACM,2004,4(51):557-594.
[125] Bellare M., Boldyreva A. An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. Eurocrypt’04, LNCS3027,2004:171-188.
[126] Hwan P.J., Jean K.H., Sung M.H., etc. Public key broadcast encryption schemes withshorter transmissions. IEEE Transactions on broadcasting,2008,54(3):401-411.
[127] Gentry C., Waters B. Adaptive security in broadcast encryption systems with short ci-phertexts. Advances in Cryptology-Eurocypt’09, Berlin: Springer-Verlag, LNCS5479,2009:171-188.
[128] Boneh D., Waters B. A fully collusion resistant broadcast, trace and revoke system.13thACM conference on Computer and communications security,2006:211-220.
[129] Guo S., Zhang C. Identity-based broadcast encryption scheme with untrusted PKG.ICYCS’08,2008:1613-1618.
[130] Du X.J., Wang Y., Ge J.H., Wang Y.M. An ID-based broadcast encryption scheme forkey distribution. IEEE Transactions on Broadcasting,2005,51(2):264-266.
[2] Goldwasser S. and Micali S. Probabilistic encryption. Journal of Computer Systems Sci-ence,1984,28(2):270-299.
[3] Koblitz N. and Menezes A. Another look at’provable security’. Journal of Cryptology,2007,20(1):3-37.
[4] Micali S., Rackof C. and Sloan B. The notion of security for probabilistic cryptosystems.Advances in Cryptology-CRYPTO’86, LNCS263, Springer-Verlag, Berlin,1986, pp.381-392.
[5] Fiat A., Shamir A. How to prove yourself: practical solutions to identication and signatureproblems. Advances in Cryptology-CRYPTO’86, LNCS263, Springer-Verlag, Berlin,1986,pp.186-194.
[6] Bellare M., Rogaway P. Random oracles are practical: a paradigm for designing efcientprotocols.1st ACM Conference on Computer and Communications Security, New York:ACM Press,1993, pp.62-67.
[7] Canetti R., Goldreich O., and Halevi S. The random oracle methodology, revisited. Journalof the ACM,2004,51(4):557-594.
[8] Pointcheval D. Asymmetric cryptography and practical security.Journal of Telecommu-nications and Information Technology,2002,4:41-56.
[9] Okamoto T. Efcient blind and partially blind signatures without random oracles. TCC2006, LNCS3876, Springer-Verlag, Berlin,2006, pp.80-99.
[10] Bellare M. and Namprempre C. Authenticated encryption: relations among notions andanalysis of the generic composition paradigm. Asiacrypt’00, LNCS1976,2000:531-545.
[11] Krawczyk H. The order of encryption and authentication for protecting communications(or How secure Is SSL?). Crypto’01. LNCS2139,2001:310-331.
[12] Dife W., Hellman M. New directions in cryptography. IEEE Transactions on InformationTheory,1976,22(6):644-654.
[13] Gutman P. PKI: It’s not dead, just resting. Computer,2002,35(8), pp.41-49.
[14] Thompson M.R., Essiari A., Mudumbai S. Certificate-based authorization policy in a PKIenvironment. ACM Transactions on Information and System Security,2003,6(4):566-588.
[15] Lee Y., Lee J. and Song J.S. Design and implementation of wireless PKI technologysuitable for mobile phone in mobile-commerce. Computer Communications,2007,30(4):893-903.
[16] Boldyreva A., Fischlin M., Palacio A., etc. A closer look at PKI: security and efciency.PKC2007, LNCS4450,2007, PP.458-475.
[17] Huang J. and Nicol D. A calculus of trust and its application to PKI and identity man-agement.8th symposium on identity and trust on the internet, ACM Press,2009:23-37.
[18] Shamir A. Identity-based cryptosystems and signature schemes. CRYPTO’84, LNCS196,Springer-Verlag,1984, pp47-53.
[19] Tanaka H. A realization scheme for the identity-based cryptosystem. Crypto’87,1988,LNCS293, Springer-Verlag, pp.340-349.
[20] Tsuji S. and Itoh T. An ID-based cryptosystem based on the discrete logarithm problem.IEEE journal of Selected Areas in Communication,1989,7(4):467-473.
[21] Hu¨hnlein D., Jakobsson M., and Weber D. Towards practical non-interactive public keycryptsystems using non-maximal imaginary quadratic orders. Selected Area in Cryptogra-phy,2000, LNCS2012, Springer-Verlag, pp.275-287.
[22] Cocks C. An identity based encryption scheme based on quadratic residues. InternationalConference on Cryptosystem and Coding, LNCS2260, Berlin: Springer-Verlag,2001:360-363.
[23] Boneh D., Franklin M. Identity based encryption from the Weil pairing. CRYPTO’01,2001, LNCS2139, pp.213-229.
[24] Canetti R., Halevi S., Katz J. A forward-secure public-key encryption scheme. Advancesin Cryptology-Eurocrypt’03. LNCS2656, Berlin: Springer-Verlag,2003:255-271.
[25] Boneh D., Boyen X. Secure identity based encryption without random oracles. Advancesin Cryptology-Crypto’04, LNCS3152, Heidelberg: Springer-Verlag,2004:443-459.
[26] Waters B. Efcient identity-based encryption without random oracles. Eucryto’05, Berlin:Springer-Verlag,2005:114-127.
[27] Naccache D. Secure and practical identity-based encryption. IET Information Security.2007,1(2):59-64.
[28] Horwitz J., Lynn B. Toward hierarchical identity-based encryption. Advances inCryptology-Eurocrypt’02, LNCS2332, Heidelberg: Springer-Verlag,2002:466-481.
[29] Gentry C., Silverberg A. Hierarchical ID-based cryptosystem. Advances in Cryptology-Asiacrypt’02, LNCS2501, Berlin: Springer-Verlag,2002:548-566.
[30] Boneh D., Boyen X. and Goh E. Hierarchical identity-based encryption with constantciphertext. EuroCrypt’05, LNCS3494, Springer-Verlag,2005, pp.440-456.
[31] Abdalla M., Catalano D., Dent A.W., etc. Identity-based encryption gone wild.33rdInternational Colloquium on Automata, Languages and Programming, Berlin: Springer-Verlag (2006), pp.300-311.
[32] Birkett J., Dent A.W., Neven G., et al. Efcient chosen ciphertext secure identity-basedencryption with wildcards.12th Australasian Conference on Information Security andPrivacy, Springer-Verlag,(2007), pp.274-292.
[33] Ming Y., Shen X.Q. and Wang Y.M. Identity-based encryption with wildcards in thestandard model. Journal of China Universities of Posts and Telecommunications, vol.16,no.1, pp.64-68,80,(2009).
[34] Sahai A., Waters B. Fuzzy identity-based encryption. Proceedings of Eurocrypt’05,2005:457-473.
[35] Burnett A., Byrne F., Dowling T., Dufy A. A biometric identity based signature scheme.International Journal of Network Security,2007(5):317-326.
[36] Liu X., Miao Q., Li D. A new special biometric identity based signature scheme. Interna-tional Journal of Security and its Applications,2(1):13-18,2008.
[37] Sarier N.D. A New Biometric Identity based encryption scheme. ICYCS’08,2008:2061-2066.
[38] Fiat A. and Naor M. Broadcast encryption. CRYPTO’93,1993, LNCS773, pp.480-491.
[39] Wong C., Gouda M. Secure group communications using key graphs. IEEE/ACM Trans-actions on Networking.2008,8(1):16-30.
[40] Mihaljevic M. Key management schemes for stateless receivers based on time varyingof heterogeneous logical key hierarchy. Asiacrypt’03. Heideberg: Springer-Verlag,2003:137-154.
[41] Naor M. and Pinkas B. Efcient trace and revoke schemes. FC’00,2000, LNCS1962, pp.1-20
[42] Dodis Y. and Fazio N. Public key broadcast encryption for stateless receivers. DRM Work-shop’02, LNCS2696,2002:61-80.
[43] Du X., Wang Y., Ge J., and Wang Y. An id-based broadcast encryption scheme for keydistribution. IEEE Trans. Broadcasting,2005,51(2):264-266.
[44] Chien H.Y. Comments on an efcient id-based broadcast encryption scheme. IEEE Trans.Broadcasting,2007,53(4):809-810.
[45] Boneh D., Gentry C., Waters B. Collusion resistant broadcast encryption with short ci-phertexts and private keys, Advances in Cryptology-Crypto’05, Berlin: Springer-Verlag,LNCS3621,2005:258-275.
[46] Delerable′e C. Identity-based broadcast encryption with constant size ciphertexts and pri-vate keys, Advances in Cryptology-Asiacrypt’2007, Berlin: Springer-Verlag, LNCS4833.2007:200-215.
[47] Ghodosi H., Pieprzyk J. and Safavi R. Dynamic threshold cryptosystems: a new schemein group oriented cryptography. Pragocrypt’96,1996:370-379.
[48] Chai Z., Cao Z. and Zhou Y. Efcient ID-based broadcast threshold decryption in ad hocnetwork. IMSCCS’06, IEEE Computer Society,2006,2:148-154.
[49] Daza V., Herranz J., Morillo P., etc. CCA2-secure threshold broadcast encryption withshorter ciphertexts. ProvSec’07, LNCS4784, Berlin: Springer-Verlag,2007:35-50.
[50] Zhang L., Hu Y., Wu Q. Adaptively secure identity-based threshold broadcast encryptionwithout random oracles. Advanced Materials Research,2011:347-352.
[51] Popescu C. An efcient id-based group signature scheme. Informatica, Vol. XLVII, Novem-ber2,2002.
[52] Malone-Lee J. Identity based signcryption. Cryptology ePrint Archive, Report2002/098,2002. Available from: http://eprint.iacr.org/2002/098.
[53] Green M., Hohenberger S. blind identity-based encryption and simulatable oblivious trans-fer. ASIACRYPT’07, LNCS4833,2007, PP.265-282.
[54] Green M., Ateniese G. Identity based proxy re-encryption. ACNS’07, LNCS4521,2007:288-306.
[55] Qin L., Cao Z., Dong X. Multi-receiver identity-based encryption in multiple PKG envi-ronment. GLOBECOM’08. New Orleans, LA, NOV30-DEC04,2008:1-5.
[56] Xu Z., Ma R., Liu S., etc. EISM: An Efcient ID-based signcryption scheme for multi-PKGmultihop wireless networks of mobile hosts. Ad hoc and Sensor Wireless Networks.2011,11(1-2):93-110.
[57] Li F., Shirase M., Takag T. Efcient multi-PKG ID-based signcryption for ad hoc networks.Information Security and Cryptology. LNCS5487,2009:289-304.
[58] Goyal V. Reducing trust in the PKG in identity based cryptosystems. CRYPTO’07. LNCS4622,2007:430–448.
[59] Meneezes A., Okamoto T. and Vanstone S. Reducing elliptic curve algorithm to logarithmsin a finite field. IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[60] Frey G., Ruck H. A remark concerning m-divisibility and the discrete logarithm in thedivisor class group of curves. Mathematics of Computation,1994,62(206):865-674.
[61] Barreto P., Kim H. and Lynn B. Efcient algorithms for pairing-based cryptosystems.Advances in Cryptology-CRYPTO2002, LNCS2442, Springer-Verlag, Berlin,2002:354-368.
[62] Barreto P., Lynn B. and Scott M. On the selection of pairing-friendly groups. SAC’03,LNCS3006, Springer-Verlag, Berlin,2004:17-25.
[63] Lynn B. On the implementation of pairing-based cryptography. PHD thesis, StanfordUniversity,2006.
[64] Boneh D., Boyen X. Efcient selective-ID secure identity based encryption without randomoracles.EUROCRYPT’04, LNCS3027, Springer-Verlag,2004:223-238.
[65] Horwitz J. and Lynn B. Towards hierarchical identity-based encryption. EUROCRYPT’02,LNCS2332,2002:466-481.
[66] Chattterjee S. and Sarkar P. Generalization of the selectve-ID security model for HIBEprotocols. PKC’06, LNCS3958,2006:241-256.
[67] Chatterjee S. and Sarkar P. HIBE with short public parameters without random oracle.ASIACRYPT’06, LNCS4284, Springer-Verlag,2006:145-160.
[68] Chatterjee S. and Sarkar P. New constructions of constant size ciphertext HIBE withoutrandom oracle. ICISC’06, LNCS4296,2006:310-327.
[69] Li J., Zhang F.G., et al. A new hierarchical ID-based cryptosystem and CCA-secure PKE.EUC Workshops2006, LNCS4097, Springer-Verlag,2006:362-371.
[70] David P., Jacques S. Security arguments for digital signatures and blind signatures. Journalof Cryptology,2000,13(3):361-396.
[71] Chow S., Lucas C., Yiu S., et al. Secure hierarchical identity based signature and its ap-plication. International Conference on Information and Communications Security, Berlin,Germany: Springer-Verlag,2004:480-494.
[72] Yuen T.H., Wei V.K. Constant-size hierarchical identity-based signature/signcryptionwithout random oracles. Cryptology ePrint Archive, Report2005/412,2005. Availablefrom: http://eprint.iacr.org/2005/412.
[73] Au M.H., Liu J.K., Yuen T.H., et al. Practical hierarchical identity based encryption andsignature schemes without random oracles. Cryptology ePrint Archive, Report2006/368,2006. Available from: http://eprint.iacr.org/2006/368.
[74] Zhang L., Hu Y. A new construction of short hierarchical identity-based signature inthe standard model. International Journal of Computer Science and Network Secu-rity,2009,9(4):180-186.
[75] Zhang L., Hu Y., Wu Q. New construction of short hierarchical ID-based signature in thestandard model. Fundamenta Informaticae,2009,90(1):191-201.
[76] Li J., Chen X., Zhang F., et al. Generalization of the selective-ID security model for HIBSprotocols. International Conference on Computational Intelligence and Security, IEEE,Piscataway, NJ, USA,2006:1583-1586.
[77] Li J., Chen X., Zhang F., et al. Generalization of the selective-ID security model for HIBSprotocols. International Conference on Computational-Intelligence and Security, Berlin:Springer-Verlag,2007:894-902.
[78] Cui W., Xin Y., Yang Y.X., et al. Practical hierarchical identity based signature in thestandard model. IEEE International Conference Neural Networks and Signal, Zhenjiang,China, IEEE,2008:416-421.
[79] Maurer U.M., Wolf S. Relationship between breaking the Dife-Hellman protocol andcomputing discrete logarithms. SIAM Journal on Computing,1999,28(5):1689-1721.
[80] Chatterjee S., Sarkar P. Trading time for space: towards an efcient IBE schemewith short(er) public parameters in the standard model. ICISC’05, LNCS3935, Berlin:Springer-Verlag,2005:424-440.
[81] Maltoni D., Maio D., Jain A.K., Prabhakar S. Handbook of fingerprint recognition,Springer-Verlag, New York Inc,2009.
[82] Sanjay K., Dijana P., Bernadette D. Obtaining cryptographic keys using feature levelfusion of iris and face biometrics for secure user authentication, IEEE Computer SocietyConference on Computer Vision and Pattern Recognition Workshops,2010:138-145,.
[83] Rashid R.A., Mahalin N.H., Sarijari M.A., etc. Security system using biometric technol-ogy: design and implementation of voice recognition systems, International Conferenceon Computer and Communication Engineering,2008:898-902.
[84] Shamir A. How to share a secret. Communications of the ACM,1979,24(11):612-613.
[85] Dodis Y., Reyzin L., Smith A. Fuzzy extractors: how to generate strong keys from bio-metrics and other noisy data. Eurocrypt’04, LNCS3027, Berlin: Springer-Verlag,2004:523-540.
[86] Sarier N.D. A new biometric identity based encryption scheme secure against DoS attacks.Security and Communication Networks.2010,4(1):23-32.
[87] Cheon J. Security analysis of the strong Dife-Hellman problem. EUROCRYPT’06,2006:1-11.
[88] Baek J., Susilo W., Zhou J.. New constructions of fuzzy identity-based encryption.2ndACM symposium on information, computer and communications security.2007:368-370.
[89] Fang L., Wang J., Ren Y., Xia J., etc. Chosen ciphertext secure fuzzy identity basedencryption without ROM. Journal of Shanghai Jiaotong University (Science),2008(13):646-650.
[90] Li X.M., Yang B., Guo Y.B. Fuzzy identity based encryption scheme with some assignedattributes. Fifth international conference on information assurance and security,2009(1):133-136.
[91] Ren Y.L., Gu D.W., Wang S.Z., Zhang X.P. New fuzzy identity-based encryption in thestandard model. Informatica,2010,21(3):393-407.
[92] Liu X., Miao Q., Li D. A New Special biometric identity based signature scheme. Inter-national Journal of Security and its Applications,2008,2(1):13-18.
[93] Yang P., Cao Z., Dong X. Fuzzy identity based signature. Available in Cryptology ePrintArchive. http://eprint.iacr.org/2008/002.
[94] Wang C., Wei C., Yang L. A fuzzy identity based signature scheme. International Con-ference on E-Business and Information System Security, EBISS’09,2009:1-5.
[95] Naor D., Maor M., and Lotspiech J. Revocation and tracing schemes for stateless receivers.CRYPTO’01, LNCS2139,2001:41–62.
[96] Halevi D. and Shamir A. The LSD broadcast encryption scheme. CRYPTO’02, LNCS2442,2002:47–60.
[97] Goodrich M.T., Sun J.Z., and Tamassia R. Efcient tree-based revocation in groups oflow-state devices, CRYPTO’04, LNCS3152,2004:511–527.
[98] Jho N.S., Hwang J.Y., Cheon J.H., etc. One-way chain based broadcast encryptionschemes. Eurocrypt’05, LNCS3494,2005:559–574.
[99] Hwang J.Y., Lee D.H., and Lim J.I. Generic transformation for scalable broadcast encryp-tion. CRYPTO’05, LNCS3621,2005:276–292.
[100] Gentry C. and Silverberg A. Hierarchical ID-based cryptography.ASIACRYPT’02, LNCS2501,2002:548-566.
[101] Baek J., Safavi R., Susilo W.. Efcient multi-receiver identity-based encryption and itsapplication to broadcast encryption. PKC’05, LNCS3386,2005:380-397.
[102] Barbosa M., Farshim P. Efcient identity-based key encapsulation to multiple parties.Cryptography and Coding, LNCS3796,2005:428-441.
[103] Ng C.Y., Mu Y., and Susilo W. An identity-based broadcast encryption scheme for mobilead hoc networks. Journal of telecommunication and information technology.2006(1):24-29.
[104] Boyen X. General ad hoc encryption from exponent inversion IBE.EUROCRYPT’07,LNCS4515,2007:394-411.
[105] Delerabl′ee C. Identity-based broadcast encryption with constant size ciphertexts and pri-vate keys. Advances in Cryptology-ASIACRYPT, LNCS4833,2007:200-215.
[106] Camp T., Boleng J., Davies V. A survey of mobility models for ad hoc network research.Wireless Communications and Mobile Computing,2002,2(5), PP.483-502.
[107] Younis O., Fahmy S. HEED: a hybrid, energy-efcient, distributed clustering approach forad hoc sensor networks. IEEE Transactions on Mobile Computing,2004,3(4):366-379.
[108] Mauve M., Widmer J., Hartenstein H. A survey on position-based routing in mobile adhoc networks. IEEE Network,2001,15(6):30-39.
[109] Bruno R., Conti M., Gregori E. Mesh networks: commodity multihop ad hoc networks.IEEE Communications Magazine.2005,43(3):123-131.
[110] Frantti T., Koivula M. Fuzzy packet size control for delay sensitive trafc in ad hocnetworks. Expert Systems with Applications.2011,8:10188-10198.
[111] Dhurandher S.K., Obaidat M.S., Verma K., etc. FACES: friend-based ad hoc routing usingchallenges to establish security in MANETs systems. IEEE Systems Journal.2011,5(2):176-188.
[112] Zhang C., Song Y., Fang Y.G., etc. On the price of security in large-scale wireless ad hocnetworks. IEEE-ACM Transactions on Networking.2011,19(2):319-332.
[113] Bu S.R., Yu F.R., Liu X., etc. Distributed combined authentication and intrusion detectionwith data fusion in high-security mobile ad hoc networks. IEEE Transactions on VehicularTechnology.2011,60(3):1025-1036.
[114] Vaidya B., Makrakis D., Park J., etc. Resilient security mechanism for wireless ad hocnetwork. Wireless Personal Communications.2011,56(3):385-401.
[115] Hadjichristofi G.C., DaSilva L.A., Midkif S.F., etc. Routing, security, resource manage-ment, and monitoring in ad hoc networks: implementation and integration. ComputerNetworks.2011,55(1):282-299.
[116] Hwang R.J., Chang R.C. Key-agreement in ad hoc networks. Journal of ComputationalScience and Engineering,2006,2:37-45.
[117] Rhee K.H., Park Y., Tsudik G., Chang R. A group key management architecture formobile ad-hoc wireless networks. Journal of computational science and engineering,2005,21:415-428.
[118] Joux A. A one round protocol for tripartite Dife-Hellman. Journal of Cryptology,2004,17:263-276.
[119] Burmester M., Desmedt Y.G. A secure and efcient conference key distribution system.EUROCRYPT’94. LNCS950,1995:275–286.
[120] Steiner M., Tsudik G., Waidner M. Key agreement in dynamic peer groups. IEEE Trans-actinson Parallel and Distributed Systems,2000,11(8):769-780.
[121] Kim Y., Perrig A. and Tsudik G. Tree-based group key agreement. ACM Transactions onInformation and System Security,2004,7(1):60-96.
[122] Kim Y., Perrig A. and Tsudik G. Group key agreement efcient in communication. IEEETransactions on Computers,2004,53(7):905-921.
[123] Liao L., Manulis M. Tree-based group key agreement famework for mobile ad-hoc networks.Future Generation Computer Systems.2007(23):787-803.
[124] Canetti R., Goldreich O., Halevi S. The random oracle methodology. Journal of the ACM,2004,4(51):557-594.
[125] Bellare M., Boldyreva A. An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. Eurocrypt’04, LNCS3027,2004:171-188.
[126] Hwan P.J., Jean K.H., Sung M.H., etc. Public key broadcast encryption schemes withshorter transmissions. IEEE Transactions on broadcasting,2008,54(3):401-411.
[127] Gentry C., Waters B. Adaptive security in broadcast encryption systems with short ci-phertexts. Advances in Cryptology-Eurocypt’09, Berlin: Springer-Verlag, LNCS5479,2009:171-188.
[128] Boneh D., Waters B. A fully collusion resistant broadcast, trace and revoke system.13thACM conference on Computer and communications security,2006:211-220.
[129] Guo S., Zhang C. Identity-based broadcast encryption scheme with untrusted PKG.ICYCS’08,2008:1613-1618.
[130] Du X.J., Wang Y., Ge J.H., Wang Y.M. An ID-based broadcast encryption scheme forkey distribution. IEEE Transactions on Broadcasting,2005,51(2):264-266.