适用于低端计算设备的数字签名方案研究
|
摘要
随着计算机网络通信技术和软件技术的迅猛发展,如何保证及加强信息安全性和完整性已成为国际社会普遍关心的重大问题。数字签名应运而生。数字签名是公钥密码学领域最重要的发展方向之一。在公钥密码学中,密钥是由公开密钥和私有密钥组成的密钥对。签名者用私有密钥进行加密,接收方用公开密钥进行解密。由于从公开密钥不能推算出私有密钥,所以公开密钥不会损害私有密钥的安全。公开密钥无需保密可以公开的传播,而私有密钥必须保密。因此当某人用其私有密钥加密消息,能够用他的公开密钥正确解密,就可以肯定该消息是某人签的字,这就是数字签名的基本原理。
低端计算设备包括智能卡,无线传感器,RFID设备,电子钥匙等等。这些设备的使用正在全球方兴未,它们的共同特点是计算能力非常弱,能源供应有限(决定于电池的容量),或者反应时间极短。因此,应用于低端计算设备的签名方案必须优先考虑计算量。目前适用于低端计算设备的签名体制,有新型快速公钥密码体制中的多变量签名体制,辫群签名体制,基于格的签名体制等等,还有特殊属性签名体制中的在线/离线签名体制,服务器辅助验证签名体制等等。
本论文受国家973计划(No.2007CB31074)、国家自然科学基金项目(No.90718001,60821001)、111项目(No.B08004)和索尼(中国)研究院资助。
论文对研究过程中取得的主要创新成果进行了详细阐述。这些创新工作简要归纳如下:
1.设计了一个高效且安全的多变量签名方案。我们的构造利用了这样一个事实,即在F_2的扩域上进行平方运算很快,仅仅是线性运算。新设计的签名方案能够抵御目前针对多变量密码体制的四种攻击,即线性化方程攻击,秩攻击,XL/Grobner基攻击和差分攻击。
2.改进了概率化扰动方法,使其公钥长度大大减少。并依据概率化扰动方法的特点,重新设计了一个合适的中心映射。对新中心映射和改进的概率化方法组合成的概率多变量签名方案作了安全性分析。
3.研究了最优的在线离线签名。改进和设计了2个具体的方案。其特点是在线部分计算量为零,离线部分的计算效率也较高,适用于低端计算设备。我们对这两个方案都给出了安全性证明。
4.改进了服务器辅助验证签名的安全模型。在新安全模型下,分析了Wu等人提出的两个基于短签名的服务器辅助验证签名方案。基于Paillier签名构造了一个新的服务器辅助验证签名方案。新方案利用了Paillier原签名的验证函数的同态性。在我们的方案中,验证者通过与服务器共同执行服务器辅助验证协议,对签名的验证只需363次模乘,便可达到安全级别2~(80),而原Paillier签名的验证需要2049次模乘。计算量降低了约80%。此外,我们还提出了服务器辅助验证签名的一种通用构造。
5.设计了一个高效的代理签名方案,和其他已提出的代理签名方案相比,它的签名算法没有计算量较重的模指数运算和配对运算,比较适合计算能力较弱的低端计算设备。在随机预言模型下,我们证明了该方案是安全的。此外,我们还对代理签名作了一些扩展,提出了一种新型的特殊代理签名体制——极小代理签名。
6.研究了三次剩余的特殊性质,并利用其构造了一个高效的基于身份的签名方案。该方案的签名阶段仅需161次模乘运算,便可达到安全级别2~(80),与其他方案相比,计算效率比较高,更适用于低端计算设备。我们证明了该方案是抵抗选择消息和ID攻击安全的。
With the rapid development of computer network communication technology and software technology, how to ensure and strengthen information security and integrity has become the major issue in the international community. Digital signature came into being. Digital signature is one of the most important directions of public key cryptography. In public key cryptography, key is a key pair composed by a public key and a private key. Signer uses the private key for encryption, while receiver uses the public key for decryption. Because it is difficult to compute the private key from the public key, the public key would not jeopardize the security of the private key. The public key can be publicly disseminated without being kept secret, while the private key should be preserved confidentially. Thus, if some one uses his private key to encrypt a message, which can be corretly decrypted, it can be sure the message is a signature of that person. This is the basic principle of digital signatures.
The devices with limited computing capability includes smart card, wireless sensor, RFID, electronic key etc.. Now, using of these devices is very popular all over the world. However, they tend to have a feather in common: limited computational capability and equally limited power (at most operate on batteries), very limited response time. Thus, the designing of signature schemes applicable for these devices should mainly focus on the computational efficiency. Now, many kinds of signature systems been suitable for the devices with limited computing capability, includes multivariate signature systems, braid group based signature systems, and lattice based signature systems which belongs to the new fast public key cryptosystems; and online/offline signature systems, server-aided verification signature systems which belongs to the signature with special properties systems.
This thesis is jointly supported by National Basic Research Program of China(973 Program)(No. 2007CB310704), National Natrual Science Foundation of China (No. 90718001 and No. 60821001), the 111 Project(No. B08004) and Sony (China) research laboratory supported
The principal contributions of the work presented in this thesis are:
1. We designed an efficient and secure multivariate signature scheme. For our construction, we utilized this fact that squaring is a linear operation on an extension field of F_2. The newly designed multivariate signature scheme can resist the known attacks on multivariate public key cryptosystems, including linearization equation attack, Rank attack, XL/Grobner basis algorithm attack, and differential attack.
2. We improved the probabilistic perturbed method, and made the public key length of it be greatly reduced. We redesigned a proper central map according to the characteristics of the probabilistic perturbed method. We analysized the security of the signature scheme composed by the new central map and the improved probabilistic perturbed method.
3. We researched the optimal online/offline signature, and improved and designed two concrete schemes which have the feathers in common: no computational cost is needed in the online phase; the offline phase is also efficient. They are especially suitable for the devices with limited computing capability.
4. We improved the security model of server-aided verification signature, and analysis the two short signature based schemes proposed by Wu et al. under the new security model. We constructed a new server-aided verification signature scheme based on Paillier signature by using the homomorphic property. In our scheme, by executing the server-aided verification protocol with the server, the verifier only need perform 362 modular multiplications, while he should execute 2049 modular multiplications in the original scheme. The computational cost of verification is decreased by 80%. Furthermore, we proposed a generic construction of server-aided verification signature scheme.
5. We designed a highly efficient proxy signature scheme. Compared with other scheme, it needs no modular exponentiation and pairing in the signing algorithm. Thus, it is suitable for the low end devices. We proved that it is secure under the random oracles. Finally, we extended proxy signature scheme, and proposed a new kind of proxy signature scheme - Infinitesimal proxy signature.
6. We research some properties of cubic residues, and based on which, we constructed an efficient ID-based signature scheme. Compared with other scheme, it has a very efficient signing algorithm, which only needs 161 modular multiplications at security level of 2~(80). We proved that it is secure against the adaptively chosen messages and ID attack.
低端计算设备包括智能卡,无线传感器,RFID设备,电子钥匙等等。这些设备的使用正在全球方兴未,它们的共同特点是计算能力非常弱,能源供应有限(决定于电池的容量),或者反应时间极短。因此,应用于低端计算设备的签名方案必须优先考虑计算量。目前适用于低端计算设备的签名体制,有新型快速公钥密码体制中的多变量签名体制,辫群签名体制,基于格的签名体制等等,还有特殊属性签名体制中的在线/离线签名体制,服务器辅助验证签名体制等等。
本论文受国家973计划(No.2007CB31074)、国家自然科学基金项目(No.90718001,60821001)、111项目(No.B08004)和索尼(中国)研究院资助。
论文对研究过程中取得的主要创新成果进行了详细阐述。这些创新工作简要归纳如下:
1.设计了一个高效且安全的多变量签名方案。我们的构造利用了这样一个事实,即在F_2的扩域上进行平方运算很快,仅仅是线性运算。新设计的签名方案能够抵御目前针对多变量密码体制的四种攻击,即线性化方程攻击,秩攻击,XL/Grobner基攻击和差分攻击。
2.改进了概率化扰动方法,使其公钥长度大大减少。并依据概率化扰动方法的特点,重新设计了一个合适的中心映射。对新中心映射和改进的概率化方法组合成的概率多变量签名方案作了安全性分析。
3.研究了最优的在线离线签名。改进和设计了2个具体的方案。其特点是在线部分计算量为零,离线部分的计算效率也较高,适用于低端计算设备。我们对这两个方案都给出了安全性证明。
4.改进了服务器辅助验证签名的安全模型。在新安全模型下,分析了Wu等人提出的两个基于短签名的服务器辅助验证签名方案。基于Paillier签名构造了一个新的服务器辅助验证签名方案。新方案利用了Paillier原签名的验证函数的同态性。在我们的方案中,验证者通过与服务器共同执行服务器辅助验证协议,对签名的验证只需363次模乘,便可达到安全级别2~(80),而原Paillier签名的验证需要2049次模乘。计算量降低了约80%。此外,我们还提出了服务器辅助验证签名的一种通用构造。
5.设计了一个高效的代理签名方案,和其他已提出的代理签名方案相比,它的签名算法没有计算量较重的模指数运算和配对运算,比较适合计算能力较弱的低端计算设备。在随机预言模型下,我们证明了该方案是安全的。此外,我们还对代理签名作了一些扩展,提出了一种新型的特殊代理签名体制——极小代理签名。
6.研究了三次剩余的特殊性质,并利用其构造了一个高效的基于身份的签名方案。该方案的签名阶段仅需161次模乘运算,便可达到安全级别2~(80),与其他方案相比,计算效率比较高,更适用于低端计算设备。我们证明了该方案是抵抗选择消息和ID攻击安全的。
With the rapid development of computer network communication technology and software technology, how to ensure and strengthen information security and integrity has become the major issue in the international community. Digital signature came into being. Digital signature is one of the most important directions of public key cryptography. In public key cryptography, key is a key pair composed by a public key and a private key. Signer uses the private key for encryption, while receiver uses the public key for decryption. Because it is difficult to compute the private key from the public key, the public key would not jeopardize the security of the private key. The public key can be publicly disseminated without being kept secret, while the private key should be preserved confidentially. Thus, if some one uses his private key to encrypt a message, which can be corretly decrypted, it can be sure the message is a signature of that person. This is the basic principle of digital signatures.
The devices with limited computing capability includes smart card, wireless sensor, RFID, electronic key etc.. Now, using of these devices is very popular all over the world. However, they tend to have a feather in common: limited computational capability and equally limited power (at most operate on batteries), very limited response time. Thus, the designing of signature schemes applicable for these devices should mainly focus on the computational efficiency. Now, many kinds of signature systems been suitable for the devices with limited computing capability, includes multivariate signature systems, braid group based signature systems, and lattice based signature systems which belongs to the new fast public key cryptosystems; and online/offline signature systems, server-aided verification signature systems which belongs to the signature with special properties systems.
This thesis is jointly supported by National Basic Research Program of China(973 Program)(No. 2007CB310704), National Natrual Science Foundation of China (No. 90718001 and No. 60821001), the 111 Project(No. B08004) and Sony (China) research laboratory supported
The principal contributions of the work presented in this thesis are:
1. We designed an efficient and secure multivariate signature scheme. For our construction, we utilized this fact that squaring is a linear operation on an extension field of F_2. The newly designed multivariate signature scheme can resist the known attacks on multivariate public key cryptosystems, including linearization equation attack, Rank attack, XL/Grobner basis algorithm attack, and differential attack.
2. We improved the probabilistic perturbed method, and made the public key length of it be greatly reduced. We redesigned a proper central map according to the characteristics of the probabilistic perturbed method. We analysized the security of the signature scheme composed by the new central map and the improved probabilistic perturbed method.
3. We researched the optimal online/offline signature, and improved and designed two concrete schemes which have the feathers in common: no computational cost is needed in the online phase; the offline phase is also efficient. They are especially suitable for the devices with limited computing capability.
4. We improved the security model of server-aided verification signature, and analysis the two short signature based schemes proposed by Wu et al. under the new security model. We constructed a new server-aided verification signature scheme based on Paillier signature by using the homomorphic property. In our scheme, by executing the server-aided verification protocol with the server, the verifier only need perform 362 modular multiplications, while he should execute 2049 modular multiplications in the original scheme. The computational cost of verification is decreased by 80%. Furthermore, we proposed a generic construction of server-aided verification signature scheme.
5. We designed a highly efficient proxy signature scheme. Compared with other scheme, it needs no modular exponentiation and pairing in the signing algorithm. Thus, it is suitable for the low end devices. We proved that it is secure under the random oracles. Finally, we extended proxy signature scheme, and proposed a new kind of proxy signature scheme - Infinitesimal proxy signature.
6. We research some properties of cubic residues, and based on which, we constructed an efficient ID-based signature scheme. Compared with other scheme, it has a very efficient signing algorithm, which only needs 161 modular multiplications at security level of 2~(80). We proved that it is secure against the adaptively chosen messages and ID attack.
引文
[1] C. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal, Vol.28,1949, pp.656-715.
[2] W. Diffie, M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22(6), 1976, pp.644-654.
[3] S. Goldwasser, S. Micali, and R.Rivest.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing, 17(2), 1988, pp.281-308.
[4] P. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing, 26(5), 1988, pp.1484-1509.
[5] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystem.Communications of ACM, 21(2), 1988, pp. 120-126.
[6] M. Rabin. Digitalized signatures.Foundations of Secure Communication, Academic Press, UK, 1978, pp. 155-168.
[7] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4), 1985, pp.469-472.
[8] C. P. Schnorr. Efficient identification and signatures for smart cards. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990, pp.239-252.
[9] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S.Department of Commerce, 1994.
[10] A. Joux. A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385-394.
[11] F. Zhang, R. Safavi-Naini and W. Susilo. An efficient signature scheme from bilinear pairings and it's applications. PKC 2004, LNCS 2947, Berlin: Springer-Verlag, 2004, pp.277-290.
[12] F. Zhang, R. Safavi-Naini and W. Susilo. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. INDOCRYPT 2003, LNCS 2904, Berlin: Springer-Verlag, 2003, pp.191-204.
[13] R. Sakai, K. Ohgishi and M. Kasahara.Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, 2000, pp.26-28.
[14]F.Hess.Efficient identity based signature schemes based on pairings.SAC 2002,LNCS 2595,Springer-Verlag,Berlin,2003,pp.310-324.
[15]M.Mambo,K.Usuda and E.Okamoto.Proxy signature.Proceedings of the 1995Symposium on Cryptography and information security(SCIS'95),Inuyama,Japan,1995,pp.147-158.
[16]K.Itakura,K.Nakamura.A public key cryptosystem suitable for digital multi-signature.NEC Research and Development,vol 178,1983,pp.198.
[17]S.Micali,R.Rivest.Transitive signature schemes.Topics in Cryptology,CT-RSA'02,LNCS 2271,Berlin:Springer-Verlag,2002,pp.236-243.
[18]R.Rivest.Two new signature schemes.Presented at Cambridge seminar,see http://www.cl.cam.ac.uk/Research/Security/seminars/2000/rivest-tss.pdf,2001.
[19]D.Chaum.Blind signatures for untraceable payments.Advances in Cryptology-Proceedings of Crypto' 82,Prenum Publishing Corporation,1982.pp.199-204.
[20]B.Pfitzmann,M.Waidner.Fail-stop signature and their application.SECURCOM'91,1991,pp.145-160.
[21]S.Even,O.Goldreich and S.Micali.On-line/Off-line digital signatures.Advances in Cryptology--CRYPTO'89,LNCS 435,Berlin:Springer-Verlag,1990,pp.263-277.
[22]J-J.Quisquater,De Soete M.Speeding up smart card RSA computation with insecure coprosessors.Proceeding of Smart Cards 2000,1989,pp.191-197.
[23]D.Chaum and E.Heyst.Group signatures.Advances in Cryptology--EUROCRYPT'91,LNCS 547,Berlin:Springer-Verlag,1992,pp.257-265.
[24]R.Rivest,A.Shamir and Y.Tauman.How to leak a secret.Advances in Cryptology--ASIACRYPT'01,LNCS 2248,Berlin:Springer-Verlag,2001,pp.552-565.
[25]K.Paterson.G.ID-based signatures from pairings on elliptic curves.Electronic Letters,38(18),2002,pp.1025-1026.
[26]Z.Tan,Z.Liu and C.Tang.Digital proxy blind signature schemes based on DLP and ECDLP.MM Research Preprints,No.21,December 2002,MMRC,AMSS,Academia,Sinica,Beijing,pp.212-217.
[27]万哲先.代数与编码(修订版).北京:科学出版社.1981.
[28]林东岱.代数学基础与有限域.高等教育出版社.2006.
[29]I.Blake,G.Seroussi,N.Smart.Elliptic curves in cryptography.Cambridge Unversity Press,1999.
[30]P.Paillier.Public-key cryptosystem based on composite degree residuosity classes.Proceedings of Eurocrypt '99,LNCS 1592,Berlin:Springer-Verlag,1999,pp.223-238.
[31]W.Mao.Modern Cryptography:Theory and Practice.Prentice Hall,2003,pp.300-400.
[32]S.Goldwasser and S.Micali.Probabilitic encryption and how to play mental pokerkeeping secret all partial information.Proceedings of the 14th ACM Symposium on Theory of Computing,1982,pp.365-377.
[33]S.Goldwasser,S.Micali,and R.Rivest.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing,17(2),1988,pp.281-308.
[34]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文,2007.
[35]A.J.Menezes,P.C.van Oorschot,and S.A.Vanstone.Handbook of Applied Cryptography.CRC Press,1997,pp.1270-1340.
[36]M.Bellare and P.Rogaway.Random oracles are practical:a paradigm for designing efficient protocols.ACM Conference on Computer and Communications Security-ACMCCS'93,ACM Press,1993,pp.62-67.
[37]R.Canetti,O.Goldreich,and S.Halevi.The random oracle methodology,revisited.Journal of the ACM,51(4),2004,pp.557-594.
[38]A.Fiat and A.Shamir.How to prove yourself:Practical solutions to identification and signature problems,In Advances in Cryptology-Crypto'86,LNCS 263,Berlin:Springer-Verlag,1986,pp.186-194.
[39]A.C.Yao.Theory and applications of trapdoor functions.Proceedings of the 23th Symposium on the Foundation of Computer Science,IEEE Computer Society,1982,pp.80-91.
[40]M.Bellare and P.Rogaway.The exact security of digital signatures-how to sign with RSA and Rabin.In Advances in Cryptology-Eurocrypt'96,LNCS 1070,Berlin:Springer-Verlag,1996,pp.399-416.
[41]N.Courtois,L.Goubin,and J.Patrin.Sflash:Primitive specification(second revised version),https://www.cosic.east.kuleuven.be/nessie,Sflash,2002,pp.1-11.
[42]T.Matsumoto and H.Imai.Public quadratic polynomial-tuples for efficient signature verification and message encryption. Advance in Cryptology-EUROCRYPTO'88, LNCS 330, Berlin: Springer-Verlag,1988, pp. 419-453.
[43] J. Patarin. Hidden field equations (HFE) and isomorphism of polynomials (IP): Two new families of asymmetric algoritms. Advance in Cryptology-EUROCRYPTO'96, LNCS 1070, Berlin: Springer-Verlag, 1996, pp.33-48.
[44] Patarin, Jacques. The oil and vinegar signature scheme. Dagstuhl Workshop on Cryptography, 1997.
[45] K. Avaid, P. Jacques, and L. Goubin. Unbalanced oil and vinegar signature schemes. EUROCRYPT 1999, LNCS 1592, Berlin: Springer-Verlag, 1999, pp.206-222.
[46] J. Ding and D. Schmit. Rainbow, a new multivariable polynomial signature scheme. ACNS 2005, LNCS 3531, Berlin: Springer-Verlag, 2005, pp. 323-336.
[47] J. Patarin. Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt'88. Advance in Cryptology-CRYPTO'95, LNCS 963, 1995, pp. 248-261.
[48] A. Kipnis and Adi. Shamir. Cryptanalysis of the HFE public key cryptosystem by relinearization. Advance in Cryptology-CRYPTO'99, LNCS 1666, Berlin: Springer-Verlag, 1999, pp.19-30.
[49] N. Courtois. The security of hidden field equations (HFE) process in cryptology. CT-RSA'2001, LNCS 2020, Berlin: Springer-Verlag ,2001, pp.266-281.
[50] J. Faugere and A. Joux. Algebraic cryptoanalysis Hidden Field Equation (HFE) cryptosystems using Grober bases. Advance in Cryptology-CRYPTO'03, LNCS 2729,Berlin: Springer-Verlag, 2003, pp. 44-60.
[51] T. Moh. A fast public key system with signature and master key functions. Lecure notes at EE department of Standford University, 1999.
[52] L-C. Wang, B-Y. Yang, Y-H. Hu and F. Lai. A Medium-Field Multivariate Public Key Encryption Scheme. CT-RSA 2006, LNCS 3860, Berlin: Springer-Verlag, 2006,pp.132-149.
[53] L. Wang and F. Chang. Tractable rational map cryptosystems. Cryptology ePrint Archive, http://eprint.iacr.org/2004/046, revised on Dec 28,2006.
[54] L. Goubin and N. Courtois. Cryptotanalysis of the TTM cryptosystem.Advance in Cryptology-ASIACRYPT'00, LNCS 1976, Berlin: Springer-Verlag, 2000, pp.44-57.
[55]J.Ding and D.Schmidt.The new TTM implementation is not secure.Proceeding of Inernational Workshop on Coding,Cryptography and Combinatorics(CCC 2003),2003,pp.106-121.
[56]X.Nie,L.Hu,J.Li,C.Updegrove and J.Ding.Breaking a new instance of TTM cryptosystem.Advance in ACNS2006,LNCS 3989,Berlin:Springer-Verlag,2006,pp.210-225.
[57]A.Joux,S.Kunz-Jaquces,F.Muller,P-M.Ricordel.Cryptanalysis of the tractable rational map cryptosystem,PKC 2005,LNCS 3386,Berlin:Springer-Verlag,2005,pp.258-274.
[58]J.Ding,L.Hu,X.Nie,J.Li,J.Wagner.High order linearization Equation(HOLE) attack on multivariate public key cryptosystems.PKC 2007,LNCS 4450,Berlin:Springer-Verlag,2007,pp.233-248.
[59]王志伟,郑世慧,杨义先,张智辉.改进的Medium-Field多变量加密方案.电子科技大学学报,36(6),2007,pp.1152-1154.
[60]J.Ding.A new variant of the Matsumoto-Imai through perturbation.PKC 2004,LNCS 2947,Berlin:Springer-Verlag,2004,pp.305-318.
[61]B.Yang and J.Chen.Building secure tame-like multivariate public key cryptosystems-the new TTS.ACISP 2005,LNCS 3574,Berlin:Springer-Verlag,2005,pp.518-531.
[62]D.Coppersmith,J.Stern,S.Vaudeny.The security of the birational permutation signature scheme.J.Cryptology,10(3),1997,pp.207-221.
[63]Fouque,Pierre-Alain,Granboulan,Louis and Stern,Jacques.Differential cryptanalysis for multivariate schemes.EUROCRYPT 2005,LNCS 3494,Berlin:Springer-Verlag,2005,pp.341-353.
[64]J.Ding,J.Gower.Inoculating multivariate schemes against differential attacks.PKC 2006,LNCS 3958,Berlin:Springer-Verlag,2006,pp.290-301
[65]N.Courtois,A.Klimov,J.Patarin and A.Shamir.Efficient algorithms for solving overdefined systems of multivariate polynomial equations.Advance in Cryptology-EUROCRYPT'00,LNCS 1807,Berlin:Springer-Verlag,2000,pp.392-407.
[66]G.Ars,J.Faugere,H.Imai,M.Kawazoe and M.Sugita Comparision between XL and Grobner bases algorithms.Asiacrypt 2004,LNCS 3329,2004,pp.338-353.
[67]J Ding,J Gower,D Schmidt Multivariate public key cryptosystems.Springer press,2006.
[68] A. Gouget and J. Patarin. Probabilistic multivariate cryptography. VIETCRYPT 2006, LNCS 4341, Berlin: Springer-Verlag, 2006, pp.1-18.
[69] B. Yang, J. Chen and N. Courtois, On asymptotic security estimates in XL and bases-related algebraic cryptanalysis, Information and Communications Security - ICICS 2004, LNCS 3269, Berlin: Springer-Verlag, 2004, pp.401-413.
[70] A. Shamir, Y. Tauman. Improved online/offline signature schemes. In CRYPTO 2001.LNCS 2139, Berlin: Springer-Verlag, 2001, pp. 355-367.
[71] C. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology 4(3),1991, pp. 161-174.
[72] L. Lamport. Constructing digital signatures from one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory, 1979.
[73] G. Fuchun, M. Yi. Optimal Online/Offline signature: How to sign a message without online computation. ProvSec 2008, LNCS 5324, Berlin: Springer-Verlag, 2008, pp.98-111.
[74] R. Gennaro, S. Halevi, T. Rabin. Secure hash-and-sign signatures without the random oracle. In EUROCRYPT 1999. LNCS 1592, Berlin: Springer-Verlag, 1999, pp. 123-139.
[75] D. Boneh, G. Lynn, H. Shacham. Short signature from the weil pairing. ASIACRYPT 2001,LNCS 2248, Berlin: Springer-Verlag, 2001, pp.514-532.
[76] P. Yu, S. R.Tate. Online/Offline signature schemes for devices with limited computing capabilities. CT-RSA2008, LNCS 4964, Berlin: Springer-Verlag, 2008, pp.301-317.
[77] P. Waters. Efficient identity-based encryption without random oracles. EUROCRYPT 2005, LNCS 3494, Berlin: Springer-Verlag, 2005, pp.320-329.
[78] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. Advance in Cryptology - Crypto'86, LNCS 263, Berlin:Springer-Verlag, 1986, pp.186-194.
[79] L. C. Guilou and J. J. Quisquater. A practical zero-knownledge protocol fitted to security microprocessor minimizing both transmission and memory. Advance in Cryptology - Eurocrypt'88, LNCS 330, Berlin: Springer-Verlag, 1988, pp.123-128.
[80] C.P. Schnorr. Efficient identification and signatures for smart cards. Advance in Cryptology- Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1989, pp.239-252.
[81] J-J. Quisquater, De Soete M. Speeding up smart card RSA computation with insecure coprosessors. Proceeding of Smart Cards 2000,1999, pp.191-197.
[82] C-H. Lim, P-J. Lee. Security and Performance of Server-Aided RSA Computation Protocols. Crypto 1995, LNCS 963, Berlin: Springer-Verlag, 1995, pp.70-83.
[83] S. Hohenberger and A. Lysyanskaya. How to Securely Outsource Cryptographic Computations. In Joe Kilian, editor, Theory of Cryptography, Second Theory of Cryptography Conference, LNCS 3378, Berlin: Springer-Verlag, 2005, pp.264-282.
[84] M. Girault, D. Lefranc. Server-aided verification: Theory and Practice. Aisacrypt 2005, LNCS 3788, Berlin: Springer-Verlag, 2005, pp.605-623.
[85] W. Wei, M. Yi, S. Willy, H. Xinyi. Server-aided verification signatures: definitions and new constructions. ProvSec 2008, LNCS 5324, Berlin: Springer-Verlag, 2008, pp.141-155.
[86] D. Boneh and X. Boyen. Short Signatures without Random Oracles. In C. Cachin and J. Camenisch, editors, Advances in Cryptology - Eurocrypt '04, LNCS 3027, Berlin: Springer-Verlag, 2004, pp. 382-400.
[87] F. Zhang, R. Safavi-Naini, and W. Susilo. An Efficient Signature Scheme from Bilinear Pairing and its Applications. In Public Key Cryptography, LNCS 2947, Berlin: Springer-Verlag, 2004, pp.277-290.
[88] P Paillier. Public-key cryptosystem based on composite degree residuosity classes. Proceedings of Eurocrypt '99, LNCS 1592, Berlin: Springer-Verlag, 1999, pp.223-238.
[89] M. Mambo, K. Usuda, E. Okamoto. Proxy signatures: delegation of the power to sign message. IEICE Trans Funct, E79-A(9), 1996, pp. 1338-1354.
[90] M. Mambo, K. Usuda, E. Okamoto. Proxy signatures for delegation signing operation. In: Proc. Third ACM Conference on computer and Communications Security, New Delhi,India, 1996,pp.48-57.
[91] D. Pointcheval, J. Stern. Security proofs for signature schemes. In: Proc. of Eurocrypt'96, LNCS 1070. Berlin:Springer-Verlag, 1996,pp.387-398.
[92] D. Pointcheval, J. Stern. Security arguments fot digital signatures and blind signatures. J of Cryptology, 13, 2000, pp.361-396.
[93] A. Shamir. Identity based cryptosystems and signature schemes. Advance in Cryptology-Crypto'84. LNCS 196, Berlin: Springer-Verlag, 1984, pp.47-53.
[94] D. Boneh, M. Franklin. Identity-based encryption from Weil Pairing. Advance in Cryptology-CRYPTO 2001, LNCS 2193. Berlin: Springer-Verlag, 2001, pp.213-229.
[95] F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. Selected Areas in Cryptography 2002, LNCS 2567, Berlin: Springer-Verlag, 2002, pp.310-324.
[96] C. C. Jae, J. H. Cheon: An Identity-Based Signature from Gap Diffie-Hellman Groups. Public Key Cryptography 2003, LNCS 2346, Berlin: Springer-Verlag, 2003, pp.18-30.
[97] Kenneth G Paterson, Jacob C. N. Schuldt: Efficient Identity-Based Signatures Secure in the Standard Model. ACISP 2006, LNCS 3462, Berlin: Springer-Verlag, 2006, pp.207-222.
[98] W. B. Lee, K. C. Liao. Constructing identity-based cryptosystems for discrete logarithm based cryptosystems, Journal of Network and Computer Applications, 27, 2004, pp.191-199.
[99] W. D. Qiu, K. F. Chen. Identity oriented based on quadratic residues. Applied Mathematics and Computation, 168,2005, pp.235-242.
[100] Z. Chai, Z. Cao, X. Dong. Identity-based signature scheme based on quaratic residues. Science in China Series F: Information Sciences, 50(3), 2007, pp.373-380.
[101] Z. H. Sun. On the theory of cubic residues and nonresidues. ACTA ARITHMETIC, LXXXIV.4,1998, pp.291-335.
[102] S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2), 1988, pp.281-308.
[2] W. Diffie, M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22(6), 1976, pp.644-654.
[3] S. Goldwasser, S. Micali, and R.Rivest.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing, 17(2), 1988, pp.281-308.
[4] P. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing, 26(5), 1988, pp.1484-1509.
[5] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystem.Communications of ACM, 21(2), 1988, pp. 120-126.
[6] M. Rabin. Digitalized signatures.Foundations of Secure Communication, Academic Press, UK, 1978, pp. 155-168.
[7] T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4), 1985, pp.469-472.
[8] C. P. Schnorr. Efficient identification and signatures for smart cards. Advances in Cryptology-Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1990, pp.239-252.
[9] National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard, U.S.Department of Commerce, 1994.
[10] A. Joux. A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385-394.
[11] F. Zhang, R. Safavi-Naini and W. Susilo. An efficient signature scheme from bilinear pairings and it's applications. PKC 2004, LNCS 2947, Berlin: Springer-Verlag, 2004, pp.277-290.
[12] F. Zhang, R. Safavi-Naini and W. Susilo. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. INDOCRYPT 2003, LNCS 2904, Berlin: Springer-Verlag, 2003, pp.191-204.
[13] R. Sakai, K. Ohgishi and M. Kasahara.Cryptosystems based on pairing. 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, 2000, pp.26-28.
[14]F.Hess.Efficient identity based signature schemes based on pairings.SAC 2002,LNCS 2595,Springer-Verlag,Berlin,2003,pp.310-324.
[15]M.Mambo,K.Usuda and E.Okamoto.Proxy signature.Proceedings of the 1995Symposium on Cryptography and information security(SCIS'95),Inuyama,Japan,1995,pp.147-158.
[16]K.Itakura,K.Nakamura.A public key cryptosystem suitable for digital multi-signature.NEC Research and Development,vol 178,1983,pp.198.
[17]S.Micali,R.Rivest.Transitive signature schemes.Topics in Cryptology,CT-RSA'02,LNCS 2271,Berlin:Springer-Verlag,2002,pp.236-243.
[18]R.Rivest.Two new signature schemes.Presented at Cambridge seminar,see http://www.cl.cam.ac.uk/Research/Security/seminars/2000/rivest-tss.pdf,2001.
[19]D.Chaum.Blind signatures for untraceable payments.Advances in Cryptology-Proceedings of Crypto' 82,Prenum Publishing Corporation,1982.pp.199-204.
[20]B.Pfitzmann,M.Waidner.Fail-stop signature and their application.SECURCOM'91,1991,pp.145-160.
[21]S.Even,O.Goldreich and S.Micali.On-line/Off-line digital signatures.Advances in Cryptology--CRYPTO'89,LNCS 435,Berlin:Springer-Verlag,1990,pp.263-277.
[22]J-J.Quisquater,De Soete M.Speeding up smart card RSA computation with insecure coprosessors.Proceeding of Smart Cards 2000,1989,pp.191-197.
[23]D.Chaum and E.Heyst.Group signatures.Advances in Cryptology--EUROCRYPT'91,LNCS 547,Berlin:Springer-Verlag,1992,pp.257-265.
[24]R.Rivest,A.Shamir and Y.Tauman.How to leak a secret.Advances in Cryptology--ASIACRYPT'01,LNCS 2248,Berlin:Springer-Verlag,2001,pp.552-565.
[25]K.Paterson.G.ID-based signatures from pairings on elliptic curves.Electronic Letters,38(18),2002,pp.1025-1026.
[26]Z.Tan,Z.Liu and C.Tang.Digital proxy blind signature schemes based on DLP and ECDLP.MM Research Preprints,No.21,December 2002,MMRC,AMSS,Academia,Sinica,Beijing,pp.212-217.
[27]万哲先.代数与编码(修订版).北京:科学出版社.1981.
[28]林东岱.代数学基础与有限域.高等教育出版社.2006.
[29]I.Blake,G.Seroussi,N.Smart.Elliptic curves in cryptography.Cambridge Unversity Press,1999.
[30]P.Paillier.Public-key cryptosystem based on composite degree residuosity classes.Proceedings of Eurocrypt '99,LNCS 1592,Berlin:Springer-Verlag,1999,pp.223-238.
[31]W.Mao.Modern Cryptography:Theory and Practice.Prentice Hall,2003,pp.300-400.
[32]S.Goldwasser and S.Micali.Probabilitic encryption and how to play mental pokerkeeping secret all partial information.Proceedings of the 14th ACM Symposium on Theory of Computing,1982,pp.365-377.
[33]S.Goldwasser,S.Micali,and R.Rivest.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing,17(2),1988,pp.281-308.
[34]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文,2007.
[35]A.J.Menezes,P.C.van Oorschot,and S.A.Vanstone.Handbook of Applied Cryptography.CRC Press,1997,pp.1270-1340.
[36]M.Bellare and P.Rogaway.Random oracles are practical:a paradigm for designing efficient protocols.ACM Conference on Computer and Communications Security-ACMCCS'93,ACM Press,1993,pp.62-67.
[37]R.Canetti,O.Goldreich,and S.Halevi.The random oracle methodology,revisited.Journal of the ACM,51(4),2004,pp.557-594.
[38]A.Fiat and A.Shamir.How to prove yourself:Practical solutions to identification and signature problems,In Advances in Cryptology-Crypto'86,LNCS 263,Berlin:Springer-Verlag,1986,pp.186-194.
[39]A.C.Yao.Theory and applications of trapdoor functions.Proceedings of the 23th Symposium on the Foundation of Computer Science,IEEE Computer Society,1982,pp.80-91.
[40]M.Bellare and P.Rogaway.The exact security of digital signatures-how to sign with RSA and Rabin.In Advances in Cryptology-Eurocrypt'96,LNCS 1070,Berlin:Springer-Verlag,1996,pp.399-416.
[41]N.Courtois,L.Goubin,and J.Patrin.Sflash:Primitive specification(second revised version),https://www.cosic.east.kuleuven.be/nessie,Sflash,2002,pp.1-11.
[42]T.Matsumoto and H.Imai.Public quadratic polynomial-tuples for efficient signature verification and message encryption. Advance in Cryptology-EUROCRYPTO'88, LNCS 330, Berlin: Springer-Verlag,1988, pp. 419-453.
[43] J. Patarin. Hidden field equations (HFE) and isomorphism of polynomials (IP): Two new families of asymmetric algoritms. Advance in Cryptology-EUROCRYPTO'96, LNCS 1070, Berlin: Springer-Verlag, 1996, pp.33-48.
[44] Patarin, Jacques. The oil and vinegar signature scheme. Dagstuhl Workshop on Cryptography, 1997.
[45] K. Avaid, P. Jacques, and L. Goubin. Unbalanced oil and vinegar signature schemes. EUROCRYPT 1999, LNCS 1592, Berlin: Springer-Verlag, 1999, pp.206-222.
[46] J. Ding and D. Schmit. Rainbow, a new multivariable polynomial signature scheme. ACNS 2005, LNCS 3531, Berlin: Springer-Verlag, 2005, pp. 323-336.
[47] J. Patarin. Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt'88. Advance in Cryptology-CRYPTO'95, LNCS 963, 1995, pp. 248-261.
[48] A. Kipnis and Adi. Shamir. Cryptanalysis of the HFE public key cryptosystem by relinearization. Advance in Cryptology-CRYPTO'99, LNCS 1666, Berlin: Springer-Verlag, 1999, pp.19-30.
[49] N. Courtois. The security of hidden field equations (HFE) process in cryptology. CT-RSA'2001, LNCS 2020, Berlin: Springer-Verlag ,2001, pp.266-281.
[50] J. Faugere and A. Joux. Algebraic cryptoanalysis Hidden Field Equation (HFE) cryptosystems using Grober bases. Advance in Cryptology-CRYPTO'03, LNCS 2729,Berlin: Springer-Verlag, 2003, pp. 44-60.
[51] T. Moh. A fast public key system with signature and master key functions. Lecure notes at EE department of Standford University, 1999.
[52] L-C. Wang, B-Y. Yang, Y-H. Hu and F. Lai. A Medium-Field Multivariate Public Key Encryption Scheme. CT-RSA 2006, LNCS 3860, Berlin: Springer-Verlag, 2006,pp.132-149.
[53] L. Wang and F. Chang. Tractable rational map cryptosystems. Cryptology ePrint Archive, http://eprint.iacr.org/2004/046, revised on Dec 28,2006.
[54] L. Goubin and N. Courtois. Cryptotanalysis of the TTM cryptosystem.Advance in Cryptology-ASIACRYPT'00, LNCS 1976, Berlin: Springer-Verlag, 2000, pp.44-57.
[55]J.Ding and D.Schmidt.The new TTM implementation is not secure.Proceeding of Inernational Workshop on Coding,Cryptography and Combinatorics(CCC 2003),2003,pp.106-121.
[56]X.Nie,L.Hu,J.Li,C.Updegrove and J.Ding.Breaking a new instance of TTM cryptosystem.Advance in ACNS2006,LNCS 3989,Berlin:Springer-Verlag,2006,pp.210-225.
[57]A.Joux,S.Kunz-Jaquces,F.Muller,P-M.Ricordel.Cryptanalysis of the tractable rational map cryptosystem,PKC 2005,LNCS 3386,Berlin:Springer-Verlag,2005,pp.258-274.
[58]J.Ding,L.Hu,X.Nie,J.Li,J.Wagner.High order linearization Equation(HOLE) attack on multivariate public key cryptosystems.PKC 2007,LNCS 4450,Berlin:Springer-Verlag,2007,pp.233-248.
[59]王志伟,郑世慧,杨义先,张智辉.改进的Medium-Field多变量加密方案.电子科技大学学报,36(6),2007,pp.1152-1154.
[60]J.Ding.A new variant of the Matsumoto-Imai through perturbation.PKC 2004,LNCS 2947,Berlin:Springer-Verlag,2004,pp.305-318.
[61]B.Yang and J.Chen.Building secure tame-like multivariate public key cryptosystems-the new TTS.ACISP 2005,LNCS 3574,Berlin:Springer-Verlag,2005,pp.518-531.
[62]D.Coppersmith,J.Stern,S.Vaudeny.The security of the birational permutation signature scheme.J.Cryptology,10(3),1997,pp.207-221.
[63]Fouque,Pierre-Alain,Granboulan,Louis and Stern,Jacques.Differential cryptanalysis for multivariate schemes.EUROCRYPT 2005,LNCS 3494,Berlin:Springer-Verlag,2005,pp.341-353.
[64]J.Ding,J.Gower.Inoculating multivariate schemes against differential attacks.PKC 2006,LNCS 3958,Berlin:Springer-Verlag,2006,pp.290-301
[65]N.Courtois,A.Klimov,J.Patarin and A.Shamir.Efficient algorithms for solving overdefined systems of multivariate polynomial equations.Advance in Cryptology-EUROCRYPT'00,LNCS 1807,Berlin:Springer-Verlag,2000,pp.392-407.
[66]G.Ars,J.Faugere,H.Imai,M.Kawazoe and M.Sugita Comparision between XL and Grobner bases algorithms.Asiacrypt 2004,LNCS 3329,2004,pp.338-353.
[67]J Ding,J Gower,D Schmidt Multivariate public key cryptosystems.Springer press,2006.
[68] A. Gouget and J. Patarin. Probabilistic multivariate cryptography. VIETCRYPT 2006, LNCS 4341, Berlin: Springer-Verlag, 2006, pp.1-18.
[69] B. Yang, J. Chen and N. Courtois, On asymptotic security estimates in XL and bases-related algebraic cryptanalysis, Information and Communications Security - ICICS 2004, LNCS 3269, Berlin: Springer-Verlag, 2004, pp.401-413.
[70] A. Shamir, Y. Tauman. Improved online/offline signature schemes. In CRYPTO 2001.LNCS 2139, Berlin: Springer-Verlag, 2001, pp. 355-367.
[71] C. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology 4(3),1991, pp. 161-174.
[72] L. Lamport. Constructing digital signatures from one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory, 1979.
[73] G. Fuchun, M. Yi. Optimal Online/Offline signature: How to sign a message without online computation. ProvSec 2008, LNCS 5324, Berlin: Springer-Verlag, 2008, pp.98-111.
[74] R. Gennaro, S. Halevi, T. Rabin. Secure hash-and-sign signatures without the random oracle. In EUROCRYPT 1999. LNCS 1592, Berlin: Springer-Verlag, 1999, pp. 123-139.
[75] D. Boneh, G. Lynn, H. Shacham. Short signature from the weil pairing. ASIACRYPT 2001,LNCS 2248, Berlin: Springer-Verlag, 2001, pp.514-532.
[76] P. Yu, S. R.Tate. Online/Offline signature schemes for devices with limited computing capabilities. CT-RSA2008, LNCS 4964, Berlin: Springer-Verlag, 2008, pp.301-317.
[77] P. Waters. Efficient identity-based encryption without random oracles. EUROCRYPT 2005, LNCS 3494, Berlin: Springer-Verlag, 2005, pp.320-329.
[78] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. Advance in Cryptology - Crypto'86, LNCS 263, Berlin:Springer-Verlag, 1986, pp.186-194.
[79] L. C. Guilou and J. J. Quisquater. A practical zero-knownledge protocol fitted to security microprocessor minimizing both transmission and memory. Advance in Cryptology - Eurocrypt'88, LNCS 330, Berlin: Springer-Verlag, 1988, pp.123-128.
[80] C.P. Schnorr. Efficient identification and signatures for smart cards. Advance in Cryptology- Crypto'89, LNCS 435, Berlin: Springer-Verlag, 1989, pp.239-252.
[81] J-J. Quisquater, De Soete M. Speeding up smart card RSA computation with insecure coprosessors. Proceeding of Smart Cards 2000,1999, pp.191-197.
[82] C-H. Lim, P-J. Lee. Security and Performance of Server-Aided RSA Computation Protocols. Crypto 1995, LNCS 963, Berlin: Springer-Verlag, 1995, pp.70-83.
[83] S. Hohenberger and A. Lysyanskaya. How to Securely Outsource Cryptographic Computations. In Joe Kilian, editor, Theory of Cryptography, Second Theory of Cryptography Conference, LNCS 3378, Berlin: Springer-Verlag, 2005, pp.264-282.
[84] M. Girault, D. Lefranc. Server-aided verification: Theory and Practice. Aisacrypt 2005, LNCS 3788, Berlin: Springer-Verlag, 2005, pp.605-623.
[85] W. Wei, M. Yi, S. Willy, H. Xinyi. Server-aided verification signatures: definitions and new constructions. ProvSec 2008, LNCS 5324, Berlin: Springer-Verlag, 2008, pp.141-155.
[86] D. Boneh and X. Boyen. Short Signatures without Random Oracles. In C. Cachin and J. Camenisch, editors, Advances in Cryptology - Eurocrypt '04, LNCS 3027, Berlin: Springer-Verlag, 2004, pp. 382-400.
[87] F. Zhang, R. Safavi-Naini, and W. Susilo. An Efficient Signature Scheme from Bilinear Pairing and its Applications. In Public Key Cryptography, LNCS 2947, Berlin: Springer-Verlag, 2004, pp.277-290.
[88] P Paillier. Public-key cryptosystem based on composite degree residuosity classes. Proceedings of Eurocrypt '99, LNCS 1592, Berlin: Springer-Verlag, 1999, pp.223-238.
[89] M. Mambo, K. Usuda, E. Okamoto. Proxy signatures: delegation of the power to sign message. IEICE Trans Funct, E79-A(9), 1996, pp. 1338-1354.
[90] M. Mambo, K. Usuda, E. Okamoto. Proxy signatures for delegation signing operation. In: Proc. Third ACM Conference on computer and Communications Security, New Delhi,India, 1996,pp.48-57.
[91] D. Pointcheval, J. Stern. Security proofs for signature schemes. In: Proc. of Eurocrypt'96, LNCS 1070. Berlin:Springer-Verlag, 1996,pp.387-398.
[92] D. Pointcheval, J. Stern. Security arguments fot digital signatures and blind signatures. J of Cryptology, 13, 2000, pp.361-396.
[93] A. Shamir. Identity based cryptosystems and signature schemes. Advance in Cryptology-Crypto'84. LNCS 196, Berlin: Springer-Verlag, 1984, pp.47-53.
[94] D. Boneh, M. Franklin. Identity-based encryption from Weil Pairing. Advance in Cryptology-CRYPTO 2001, LNCS 2193. Berlin: Springer-Verlag, 2001, pp.213-229.
[95] F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. Selected Areas in Cryptography 2002, LNCS 2567, Berlin: Springer-Verlag, 2002, pp.310-324.
[96] C. C. Jae, J. H. Cheon: An Identity-Based Signature from Gap Diffie-Hellman Groups. Public Key Cryptography 2003, LNCS 2346, Berlin: Springer-Verlag, 2003, pp.18-30.
[97] Kenneth G Paterson, Jacob C. N. Schuldt: Efficient Identity-Based Signatures Secure in the Standard Model. ACISP 2006, LNCS 3462, Berlin: Springer-Verlag, 2006, pp.207-222.
[98] W. B. Lee, K. C. Liao. Constructing identity-based cryptosystems for discrete logarithm based cryptosystems, Journal of Network and Computer Applications, 27, 2004, pp.191-199.
[99] W. D. Qiu, K. F. Chen. Identity oriented based on quadratic residues. Applied Mathematics and Computation, 168,2005, pp.235-242.
[100] Z. Chai, Z. Cao, X. Dong. Identity-based signature scheme based on quaratic residues. Science in China Series F: Information Sciences, 50(3), 2007, pp.373-380.
[101] Z. H. Sun. On the theory of cubic residues and nonresidues. ACTA ARITHMETIC, LXXXIV.4,1998, pp.291-335.
[102] S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2), 1988, pp.281-308.