基于双线性对的数字签名体制研究和设计
|
摘要
随着计算机网络技术的飞速发展,各种网络服务已经渗透到人们生活的各个领域,一方面给人类活动带来了巨大的便利和好处,另一方面又带来了前所未有的威胁。数字签名技术是提供认证性、完整性和不可抵赖性的重要技术,是信息安全的核心技术,也是安全电子商务和安全电子政务的关键技术之一。随着对数字签名研究的不断深入和电子商务、电子政务的快速发展,简单模拟手写签名的普通签名已经不能满足实际应用的需求,研究具有特殊性质的数字签名成为数字签名的主要研究方向。
双线性对是近几年发展起来的用来构造数字签名方案的重要工具。利用双线性对构造的数字签名不仅具有高安全性、短密钥和快速实现等优点,还具有更多的用其它方法难以实现的功能。本文受国家重点基础研究发展计划(973计划)(No.2007CB310704)、国家自然科学基金(No.90718001)、高等学校学科创新引智计划项目(No.B08004)、高等学校博士学科点专项科研基金资助课题(No.20070013005)资助,从基于身份的盲签名、代理签名、广义指定验证者签名和基于身份的可验证加密签名等方面对基于双线性对的数字签名方案进行了深入的研究,主要研究成果有:
1.对基于身份的盲签名方案进行了研究。提出一个可证安全的基于身份的部分盲签名方案,其安全性是基于q-SDHP困难问题的,在随机预言模型下,证明了其在适应性选择消息及身份攻击下能抵抗存在性伪造,由于使用了较少的配对运算,效率明显高于其它方案。通过将门限签名和盲签名进行结合,提出了一种高效的基于身份的门限盲签名方案,并且对该方案的正确性、不可伪造性和鲁棒性进行了证明。然后,在已提出的部分盲签名方案的基础上给出了一种高效的基于身份的受限部分盲签名方案,证明了该方案具有正确性、部分盲性、限制性和不可伪造性。最后,在提出的基于身份的受限部分盲签名的基础上,构造了一种新的公平离线电子现金系统。通过嵌入与用户身份无关的公共信息,使得管理复杂度大为下降的同时也保护了用户的隐私。
2.对代理签名方案进行了研究。Huang等人提出了一种高效的已知签名者的门限代理签名方案(HC方案)。本文指出了HC方案不能够抵抗框架攻击和公钥替换攻击,并给出了一个高效的改进方案,该方案有效的弥补了原有方案的安全缺陷。然后,对Xu等提出的基于身份的门限代理签名方案(XZF方案)进行了安全性分析。在该方案中,攻击者通过公开信道获得合法原始签名人签名的授权证书以及代理签名人生成的有效代理签名后,能够伪造出新的对相同消息的代理签名,而原始签名人变为攻击者自己。为了避免这种攻击,提出了一个有效的新方案,提高了安全性和计算效率。最后,在标准模型下提出了一个新的基于双线性对的代理签名方案,证明了该方案在标准模型下能够抵抗适应性选择消息攻击下的存在性伪造。与已有的方案相比,提出的方案需要较少的系统参数,实现了紧凑的安全归约,并且在密钥生成、标准签名、授权生成、代理签名生成等阶段具有较高的效率。
3.对广义指定验证者签名方案进行研究。对Shailaja等学者和Huang等学者分别提出的两种广义指定验证者签名的代理性进行了分析,并给出了代理攻击的方法。基于ZSS短签名方案提出了一种新的抵抗代理攻击的广义指定验证者签名方案,证明了该方案在随机预言模型下能够抵抗伪造攻击和代理攻击并具有不可传递性。由于避免使用低效的MapToPoint函数,并且具有较少的双线性对运算,使得该方案具有较高的效率。
4.对基于身份的可验证加密签名方案进行研究。基于身份的可验证加密签名是一种扩展的签名方案,他在构造公平交换中起到非常重要的作用。现有的基于身份的可验证加密签名方案,其安全性都是在随机预言模型下可证安全的。我们基于Paterson的签名方案,利用双线性对首次提出标准模型中可证安全的基于身份的可验证加密签名方案,并在CDH困难问题下证明了该方案具有不可伪造性和模糊性。在这个方案中,通过引入可信第三方保证了用户之间进行公平交换,从而保障了用户的合法权益。
With the fast development of the technique of computer network, all kinds of network services have soaked into many aspects of the people's life. On the one hand, they bring much convenience and benefits to people's life. On the other hand, they bring an unparalleled threat. Digital signature, which can provide authentication, integrity and non-repudiation is one of the key techniques of information security and plays an important role in E-ecommerce and E-govemance. As the deepening of digital signature research and the rapid development of E-ecommerce and E-governance, the standard signature, which is a simple simulation of handwritten signature, can not meet the practical need any more. Thus, making research on the digital signatures with additional properties becomes a main research direction in digital signatures.
Bilinear pairings is a crucial tool for constructing the signatures in recent years. The bilinear Pairing-based signatures not only have the advantages of higher security, shorter key size and faster implementation, but also possess many benefits that can not be easily achieved by using other techniques. This dissertation is jointly supported by National Basic Research Program of China (973 Program) (2007CB310704), National Natural Science Foundation of China (No. 90718001), Programm of Introducing Talents of Discipline to Universities (No. B08004), Specialized Research Fund for the Doctoral Program of Higher Education (No. 20070013005). We focus on the research and design of the pairing-based signatures in following aspects: identity-based blind signature, proxy signature, universal designated verifier signature and identity-based verifiably encrypted signature. The main contributions of this dissertation are as follows:
1. We do research on identity based blind signature scheme. A provably secure identity-based partially blind signature scheme is proposed. Assuming the intractability of the q-Strong Diffie-Hellman problem, our scheme is existentially unforgeable against adaptive chosen message and ID attacks in the random oracle model. Because of using less pairing computation, our scheme is highly efficient compared with existing schemes. Combining threshold signature with blind signature, we give an efficient identity-based threshold blind signature and prove that our scheme is correct, non-forgeable and robust. And then, Based on the proposed partially blind signature scheme, we give a new efficient restrictive partially blind signature and prove that the scheme is correct, non-forgeable, restrictiveness and partially blind. At last, Based on the presented ID-based restrictive partially blind signature, a new fair off-line electronic cash system is proposed. By embedding the common information irrelevent to user's identity, the complexity of management is declined and at the same time, the user's privacy is protected.
2. We do research on proxy signature scheme. Huang et al. proposed an efficient threshold proxy signature with known signers (denoted as HC scheme). We show that the HC scheme is not secure against frame attack and public-key substitute attack and give a new efficient scheme which remedies the security flaws of the existing scheme. And then, the security of identity-based threshold proxy signature proposed by Xu et al. (denoted as XZF scheme) is analyzed. In XZF scheme, based on the proxy signature generated by proxy signers on a message on behalf of an original signer, an attacker can forge a valid threshold proxy signature on the same message which seemed generated by proxy signers on behalf of this attacker himself. To avoid this attack, a new identity-based threshold proxy signature is further proposed, which can resolve the security problem existing in XZF scheme and is more efficient than XZF scheme. At last, a new provably secure signature scheme in the standard model is proposed. The scheme is proved secure against existential forgery in adaptively chosen message attack in the standard model. Compared with existing schemes, the proposed scheme has a tight security reduction and needs less public parameters. It is very efficient in the stage of generating secret key, standard signing, proxy signing and generating delegation.
3. We do research on universal designated verifier signature scheme. The delegatability of two universal designated verifier signature schemes presented respectively by Shailaja and Huang is analyzed and delegation attack to the schemes is put forward. Based on the ZSS short signature, an efficient universal designated verifier signature against delegation attack is proposed and the scheme is unforgeable, non-delegatable and non-transferable in the random oracle model. Because of avoiding inefficient MapToPoint function and using less pairing computation, our scheme is highly efficient compared with existing scheme.
4. In the end, we do research on identity based verifiably encrypted signature scheme. ID-based verifiably encrypted signature is an extended signature type and plays an important role in constructing fair exchange. To our best knowledge, the security of the existing identity based verifiably encrypted signature schemes are based on the random oracle model. Based on the Paterson's ID-based signature and bilinear pairing, we propose the first identity based verifiably encrypted signature scheme whose security can be proven in the standard model and prove that our scheme is non-forgeable and opaque based on the difficulty of solving the CDH problem. In this scheme, by introducing a trusted third party, the fair exchange between users is ensured and the legitimate rights and interests of users are protected.
双线性对是近几年发展起来的用来构造数字签名方案的重要工具。利用双线性对构造的数字签名不仅具有高安全性、短密钥和快速实现等优点,还具有更多的用其它方法难以实现的功能。本文受国家重点基础研究发展计划(973计划)(No.2007CB310704)、国家自然科学基金(No.90718001)、高等学校学科创新引智计划项目(No.B08004)、高等学校博士学科点专项科研基金资助课题(No.20070013005)资助,从基于身份的盲签名、代理签名、广义指定验证者签名和基于身份的可验证加密签名等方面对基于双线性对的数字签名方案进行了深入的研究,主要研究成果有:
1.对基于身份的盲签名方案进行了研究。提出一个可证安全的基于身份的部分盲签名方案,其安全性是基于q-SDHP困难问题的,在随机预言模型下,证明了其在适应性选择消息及身份攻击下能抵抗存在性伪造,由于使用了较少的配对运算,效率明显高于其它方案。通过将门限签名和盲签名进行结合,提出了一种高效的基于身份的门限盲签名方案,并且对该方案的正确性、不可伪造性和鲁棒性进行了证明。然后,在已提出的部分盲签名方案的基础上给出了一种高效的基于身份的受限部分盲签名方案,证明了该方案具有正确性、部分盲性、限制性和不可伪造性。最后,在提出的基于身份的受限部分盲签名的基础上,构造了一种新的公平离线电子现金系统。通过嵌入与用户身份无关的公共信息,使得管理复杂度大为下降的同时也保护了用户的隐私。
2.对代理签名方案进行了研究。Huang等人提出了一种高效的已知签名者的门限代理签名方案(HC方案)。本文指出了HC方案不能够抵抗框架攻击和公钥替换攻击,并给出了一个高效的改进方案,该方案有效的弥补了原有方案的安全缺陷。然后,对Xu等提出的基于身份的门限代理签名方案(XZF方案)进行了安全性分析。在该方案中,攻击者通过公开信道获得合法原始签名人签名的授权证书以及代理签名人生成的有效代理签名后,能够伪造出新的对相同消息的代理签名,而原始签名人变为攻击者自己。为了避免这种攻击,提出了一个有效的新方案,提高了安全性和计算效率。最后,在标准模型下提出了一个新的基于双线性对的代理签名方案,证明了该方案在标准模型下能够抵抗适应性选择消息攻击下的存在性伪造。与已有的方案相比,提出的方案需要较少的系统参数,实现了紧凑的安全归约,并且在密钥生成、标准签名、授权生成、代理签名生成等阶段具有较高的效率。
3.对广义指定验证者签名方案进行研究。对Shailaja等学者和Huang等学者分别提出的两种广义指定验证者签名的代理性进行了分析,并给出了代理攻击的方法。基于ZSS短签名方案提出了一种新的抵抗代理攻击的广义指定验证者签名方案,证明了该方案在随机预言模型下能够抵抗伪造攻击和代理攻击并具有不可传递性。由于避免使用低效的MapToPoint函数,并且具有较少的双线性对运算,使得该方案具有较高的效率。
4.对基于身份的可验证加密签名方案进行研究。基于身份的可验证加密签名是一种扩展的签名方案,他在构造公平交换中起到非常重要的作用。现有的基于身份的可验证加密签名方案,其安全性都是在随机预言模型下可证安全的。我们基于Paterson的签名方案,利用双线性对首次提出标准模型中可证安全的基于身份的可验证加密签名方案,并在CDH困难问题下证明了该方案具有不可伪造性和模糊性。在这个方案中,通过引入可信第三方保证了用户之间进行公平交换,从而保障了用户的合法权益。
With the fast development of the technique of computer network, all kinds of network services have soaked into many aspects of the people's life. On the one hand, they bring much convenience and benefits to people's life. On the other hand, they bring an unparalleled threat. Digital signature, which can provide authentication, integrity and non-repudiation is one of the key techniques of information security and plays an important role in E-ecommerce and E-govemance. As the deepening of digital signature research and the rapid development of E-ecommerce and E-governance, the standard signature, which is a simple simulation of handwritten signature, can not meet the practical need any more. Thus, making research on the digital signatures with additional properties becomes a main research direction in digital signatures.
Bilinear pairings is a crucial tool for constructing the signatures in recent years. The bilinear Pairing-based signatures not only have the advantages of higher security, shorter key size and faster implementation, but also possess many benefits that can not be easily achieved by using other techniques. This dissertation is jointly supported by National Basic Research Program of China (973 Program) (2007CB310704), National Natural Science Foundation of China (No. 90718001), Programm of Introducing Talents of Discipline to Universities (No. B08004), Specialized Research Fund for the Doctoral Program of Higher Education (No. 20070013005). We focus on the research and design of the pairing-based signatures in following aspects: identity-based blind signature, proxy signature, universal designated verifier signature and identity-based verifiably encrypted signature. The main contributions of this dissertation are as follows:
1. We do research on identity based blind signature scheme. A provably secure identity-based partially blind signature scheme is proposed. Assuming the intractability of the q-Strong Diffie-Hellman problem, our scheme is existentially unforgeable against adaptive chosen message and ID attacks in the random oracle model. Because of using less pairing computation, our scheme is highly efficient compared with existing schemes. Combining threshold signature with blind signature, we give an efficient identity-based threshold blind signature and prove that our scheme is correct, non-forgeable and robust. And then, Based on the proposed partially blind signature scheme, we give a new efficient restrictive partially blind signature and prove that the scheme is correct, non-forgeable, restrictiveness and partially blind. At last, Based on the presented ID-based restrictive partially blind signature, a new fair off-line electronic cash system is proposed. By embedding the common information irrelevent to user's identity, the complexity of management is declined and at the same time, the user's privacy is protected.
2. We do research on proxy signature scheme. Huang et al. proposed an efficient threshold proxy signature with known signers (denoted as HC scheme). We show that the HC scheme is not secure against frame attack and public-key substitute attack and give a new efficient scheme which remedies the security flaws of the existing scheme. And then, the security of identity-based threshold proxy signature proposed by Xu et al. (denoted as XZF scheme) is analyzed. In XZF scheme, based on the proxy signature generated by proxy signers on a message on behalf of an original signer, an attacker can forge a valid threshold proxy signature on the same message which seemed generated by proxy signers on behalf of this attacker himself. To avoid this attack, a new identity-based threshold proxy signature is further proposed, which can resolve the security problem existing in XZF scheme and is more efficient than XZF scheme. At last, a new provably secure signature scheme in the standard model is proposed. The scheme is proved secure against existential forgery in adaptively chosen message attack in the standard model. Compared with existing schemes, the proposed scheme has a tight security reduction and needs less public parameters. It is very efficient in the stage of generating secret key, standard signing, proxy signing and generating delegation.
3. We do research on universal designated verifier signature scheme. The delegatability of two universal designated verifier signature schemes presented respectively by Shailaja and Huang is analyzed and delegation attack to the schemes is put forward. Based on the ZSS short signature, an efficient universal designated verifier signature against delegation attack is proposed and the scheme is unforgeable, non-delegatable and non-transferable in the random oracle model. Because of avoiding inefficient MapToPoint function and using less pairing computation, our scheme is highly efficient compared with existing scheme.
4. In the end, we do research on identity based verifiably encrypted signature scheme. ID-based verifiably encrypted signature is an extended signature type and plays an important role in constructing fair exchange. To our best knowledge, the security of the existing identity based verifiably encrypted signature schemes are based on the random oracle model. Based on the Paterson's ID-based signature and bilinear pairing, we propose the first identity based verifiably encrypted signature scheme whose security can be proven in the standard model and prove that our scheme is non-forgeable and opaque based on the difficulty of solving the CDH problem. In this scheme, by introducing a trusted third party, the fair exchange between users is ensured and the legitimate rights and interests of users are protected.
引文
[1] Rivest R L, Shamir A, Aldleman L. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM, 21(2), 1978, 120-126
[2] Rabin M O. Digital Signatures and Public-key Functions as Intractable as Factorization. Technical report LCS/TR-212, MIT Library for Computer Science, 1979
[3] ElGamal T. A Public-key Cryptosystem and A Signature Based on Discrete Logarithms. IEEE Tansactions on Information Theory, 31(4), 1985,469-472
[4] Menezes A J, vanOorschot P C, Vanstone S A. Handbook of Applied Cryptography. CRC Press, 1997
[5] Mao W. Modern Cryptography: Theory and Practice. Prentice Hall PTR, 2003
[6] ITU-T. Rec.X.509 the Directory-Authentication Framework. 1993. International Telecommunication Union, Geneva, Swithzerland
[7] Shamir A. Identity-based Cryptosystems and Signature Schemes. In Advances in Cryptology-CRYPTO 1984, LNCS 196, Berlin, Springer-Verlag, 1984, 47-53
[8] Cao Z. A Threshold Key Escrow Scheme Based on Public Key Cryptosystem. Science in China, 44(4), 2001,441-448
[9] Schnorr C P. Efficient Identification and Signature for Smart Cards. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 239-252
[10] NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186,1994
[11] Chaum D. Blind Signatures for Untraceable Payments. In Advances in Cryptology-CRYPTO 1982, Berlin, Springer-Verlag, 1982,199-203
[12] Chaum D, Van Antwerpen H. Undeniable Signatures. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 212-216
[13] Fiat A. Batch RSA. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin,Springer-Verlag, 1990,175-185
[14] De Soete M, Quisquater J J, Vedder K. A Signature with Shared Verification Scheme. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 253- 262
[15] Desmedt Y, Frankel Y. Shared Generation of Authentication and Signature. In Advances in Cryptology-CRYPTO 1991, LNCS 576, Berlin, Springer-Verlag, 1992,457-469
[16] Chaum D, Heyst E. Group Signatures. In Advances in Cryptology-Eurocrypt 1991, LNCS 547, Berlin, Springer-Verlag, 1992,257-265
[17] Chaum D. Designated Confirmer Signatures. In Advances in Cryptology-Eurocrypt 1994,LNCS 950, Berlin, Springer-Verlag, 1994, 86-91
[18] Kim S, Park S, Won D. Zero-knowledge Nominative Signatures. In: Proceedings of PragoCrypt 1996, International Conference on the Theory and Applications of Cryptology,Czech, Prague, 1996, 380-392
[19] Mambo M, Usuda K and Okamoto E. Proxy Signature. In: Proceedings of the 1995 Symposium on Cryptography and Information Security, Japan, Inuyama, 1995,147-158
[20] Zheng Y. Digital Signcryption or How to Achieve Cost (Signature & Encryption) << Cost (Signature) +Cost (Encryption). In Advances in Cryptology-CRYPTO 1997, LNCS 1294,Berlin, Springer-Verlag, 1997,165-179
[21] Rivest R, Shamir A, Tauman Y. How to Leak a Secret. In Advances in Cryptology-Asiacrypt 2001, LNCS 2248, Berlin, Springer-Verlag, 2001, 552-565
[22] Micali S, Rivest R. Transitive Signature Schemes. In: Proceedings of the Cryptographer's Track at the RSA Conference 2002, LNCS 2271, Berlin, Springer-Verlag, 2002, 236-243
[23] Lee B, Kim K. Self-certified Signatures. In: proceedings of the 3rd International Conference in Cryptology in India, LNCS 2551, Berlin, Springer-Verlag, 2002, 199-214
[24] Boneh D, Gentry C, Lynn B. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Advances in Cryptology-Eurocrypt 2003, LNCS 2656, Berlin, Springer-Verlag,2003,416-432
[25] Koblitz N. Elliptic Curve Cryptosystems. Mathematics of Computation, 48(177), 1987,203-209
[26] Miller V S. Use of Elliptic Curve in Cryptography. In Advances in Cryptology-CRYPTO 1985, LNCS 218, Berlin, Springer-Verlag, 1986,417-426
[27] Koblitz N. Hyperelliptic Cryptography. Journal of Cryptography, 1(3), 1989,139-150
[28] Johson D, Menezes A. The Elliptic Curve Digital Signature Algorithm. Technical Report, CORR99-31, Canada: Department of Combinatorics and Optimization, University of Waterloo, 1999
[29] Menezes A J, Okamoto T, Vanstone S. Reducing Elliptic Curve Logarithms to Logarithms in a Fiite Feld. In: Proceedings of the 23rd annual ACM symposium on Theory of computing, New York, ACM, 1991, 80-89
[30] Frey G, Ruck H G A Rmark Cncerning m-divisibility and the Dscrete Lgarithm in the Dvisor Cass Goup of Crves. Mathematics of Computation, 62(206), 1994, 865-874
[31] Joux A. A One Round Protocol for Tripartite Diffie-Hellman. In: Proceedings of the 4th International Symposium on Algorithmic Number Theory Algorithmic Number Theory,LNCS 1838, Berlin, Springer-Verlag, 2000, 385-394
[32] Boneh D, Boyen X. Hovav Shacham. Short Group Signatures. In Advances in Cryptology-CRYPTO 2004, LNCS 3152, Berlin, Springer-Verlag, 2004,41-59
[33] Zhang F, Safavi-Naini R, Lin C. New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairings. 2004, http://ePrint.iaer.org/2003/104/
[34] Schnorr C P. Security of Blind Discrete Log Signatures against Interactive Attacks. In:Proceedings of the 3rd International Conference on Information and Communications Security, LNCS 2229, Berlin, Springer-Verlag, 2001,1-12
[35] Zhang F, Kim K. Efficient ID-Based Blind Signature and Proxy Signature from Bilinear Pairings. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy, LNCS 2727, Berlin, Springer-Verlag, 2003, 312-323
[36] Zhang F, Kim K. ID-based Blind Signature and Ring Signature from Pairings. In:Proceedings of Asiacrypt 2002, LNCS2501, Berlin, Springer-Verlag, 2002, 533-547
[37] Lin C Y, Wu T C. An Identity-based Ring Signature Scheme from Bilinear Pairings.Cryptology ePrint Archive, Report 2003/117,2003, http://eprint.iacr.org/2003/117/
[38] Boldyreva A, Palacio A, Warinschi B. Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2567, Berlin, Springer-Verlag, 2003, 31-46
[39] Lin C Y, Wu T C, Zhang F. A Structured Multisignature Scheme from the Gap Diffie-Hellman Group. Cryptology ePrint Archive, Report 2003/090, 2003, Http://eprint. iacr.org/2003/090/
[40]Yao A C.Theory and Applications of Trapdoor Functions.In:Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science,Chicago,Illinois,1982,80-91.
[41]Goldwasser S,Micali S.Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information.In:Proceedings of the 14th Annual ACM Symposium on Theory of Computing,New York,ACM,1982,365-377
[42]冯登国.可证明安全性理论与方法研究.软件学报,16(10),2005,1743-1755
[43]Goldwasser S,Micali S.Probabilistic Encryption.Journal of Computer and System Science,28(2),1984,270-299
[44]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.In Advances in Cryptology-CRYPTO 1986,LNCS 263,Berlin,Springer-Verlag,1987,186-194
[45]Pointcheval D,Stern J.Security Arguments for Digital Signatures and Blind Signatures.Journal of Cryptology,13(3),2000,361-396
[46]Cramer R,Shoup V.A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack.In Advances in Cryptology-CRYPTO 1998,LNCS 1462,Berlin,Springer-Verlag,1998,13-25
[47]Gob E,Jarecki S.A Signature Scheme as Secure as the Diffie-Hellman Problem.In Advances in Cryptology-Eurocrypt 2003,LNCS 2656,Berlin,Springer-Verlag,2003,401-415
[48]Katz J,Wang N.Efficiency Improvements for Signature Schemes with Tight Security Reductions.In:Proceedings of the 10th ACM Conference on Computer and Communications Security,New York,ACM,2003,155-164
[49]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文,2007
[50]Bellare M,Rogaway P.Random Oracles Are Practical:A Paradigm for Designing Efficient Protocols.In:Proceedings of the 1st ACM Conference on Computer and Communication Security,New York,ACM,1993,62-73
[51]Cha J C,Cheon J H.An Identity-based Signature from Gap Diffie-hellman Groups.In:Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2567,2003,18-30
[52] Canetti R, Goldreich O, Halevi S. The Random Oracle Methodology, Revisited. Journal of the ACM, 51(4), 2004, 557-594
[53] Cramer R, Shoup V. Signature Schemes Based on the Strong RSA Assumption. In:Proceedings of the 7th ACM Conference on Computer and Communications Security,New York, ACM, 1999, 46-51
[54] Boneh D, Boyen X. Short Signatures without Random Oracles. In Advances in Cryptology-Eurocrypt 2004, LNCS 3027, Berlin, Springer-Verlag, 2004, 56-73
[55] Goldwasser S, Micali S, Racko C. The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing, 18(1), 1989, 186-208
[56] Ateniese G, Camenisch J, Joye M, Tsudik G A Practical and Provably Secure Coalition-resistant Group Signature Scheme. In Advances in Cryptology-CRYPTO 2000,LNCS 1880, Berlin, Springer-Verlag, 2000,255-270
[57] Chaum D, Evertse J H, Graaf J v d. An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations, In Advances in Cryptology-Eurocrypt 1987, LNCS 304, Berlin, Springer-Verlag, 1988,127-141
[58] Stern J. Why Provable Security Matters. In Advances in Cryptology-Eurocrypt 2003,LNCS 2656, Berlin, Springer-Verlag, 2003,449-461
[59] Goldwasser S, Micali S, Rivest R. A Digital Signature Scheme Secure against Adaptive Chosen-message Attacks. SIAM. Journal of Computing, 17(2), 1988, 281-308
[60] An J, Dodis Y, Rabin T. On the Security of Joint Signature and Encryption. In Advances in Cryptology-Eurocrypt 2002, LNCS 2332, Berlin, Springer-Verlag, 2002, 83-107
[61] Barreto P S L M. and Naehrig M. Pairing-friendly Elliptic Curves of Prime Order.Cryptology ePrint Archive, Report 2005/133,2005, http://eprint.iacr.org/2005/133
[62] Miller V. The Weil Pairing and Its Efficient Calculation. Journal of Cryptology, 17(4) ,2004,235-261
[63] Chaum D, Fiat A, Naor M. Untraceable Electronic Cash. In Advances in Cryptology-CRYPTO 1988, LNCS 403, Berlin, Springer-Verlag, 1990,319-327
[64] Juang W S, Lei C L. A Secure and Practical Electronic Voting Scheme for Real World Environments. IEICE Transactions on Fundamentals, 80(1), 1997, 64 -71
[65] Lenti J, Lovanyi I, Nagy A. Blind Signature Based Steganographic Protocol. In: Proceeding of the 2001 IEEE International Workshop on Intelligent Signal Processing,Budapest, Hungary, 2001, 24-25
[66] Okamoto T. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In Advances in Cryptology-CRYPTO 1992, LNCS 740, Berlin,Springer-Verlag, 1992,31-53
[67] Camenisch J, Piveteau J, Stadler M. Blind Signatures Based on the Discrete Logarithm Problem. In Advances in Cryptology-Eurocrypt 1994, LNCS 950, Berlin, Springer-Verlag,1994,428-432
[68] FAN C, LEI C L. User Efficient Blind Signatures. Electronic Letters, 34(6), 1996, 544-546
[69] Elsayed M, Emarah A E, KEI-Shennawy. A Blind Signature Scheme Based on ElGamal Signature. In: Proceedings of the 17th National Radio Science Conference, Piscataway,IEEE Press, 2000, 51-53
[70] Abe M, Fujisaki E. How to Date Blind Signatures. In Advances in Cryptology-Asiacrypt 1996, LNCS1163, Berlin, Springer-Verlag, 1996,244-251
[71] Abe M, Camenisch J. Partially Blind Signatures. In: Proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, SCIS97-33D, 1997
[72] Miyazaki S, Abe M, Sakurai K. Partially Blind Signature Schemes for the DSS and for a Discrete Log Based Message Recovery Signature. In: Proceedings of the 1997 Korea-Japan Joint Workshop on Information Security and Cryptology, Seoul, Korea, 1997,217-226
[73] Juang W, Lei C. Partially Blind Threshold Signatures Based on Discrete Logarithm.Computer Communications. 22(1), 1999, 73-86
[74] Brands S A. An Efficient Off-line Electronic Cash System Based on the Representation Problem. Technical Report: CS-R9323, Centrum voor Wiskunde en Informatica, 1993
[75] Maitland G, Boyd C. A Provably Secure Restrictive Partially Blind Signature Scheme. In:Proceeding of the 5th Public Key Cryptography International Workshop on Practice and Theory in Public Key Cryptosystems, LNCS 2274, Berlin, Springer-Verlag, 2002, 99-114
[76] Yang F Y, Jan J K. A Provably Secure Scheme for Restrictive Partially Blind Signatures.Cryptology ePrint Archive, Report 2004/037, 2004, Http://eprint.iacr.org/2004/037/
[77] Huang Z, Chen K F, Kou W D. Untraceable Partially Blind Signature Based on DLOG Problem. Journal of Zhejiang University SCIENCE, 5(1), 2004,40-44
[78] Wang C J, Xuan H N. A Simpler Restrictive Partially Blind Signature. In: Proceeding of the 1st International Symposium on Pervasive Computing and Applications, Piscataway,IEEE Press, 2006, 519-523
[79] Brickell E, Gemmel P, Kravitz D. Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change. In: Proceedings of the 6th Annual ACM-SIAM Symposium on Discrete Algorithms, Berlin, Association for Computing Machinery, 1995,457-466
[80] Stadler M, Piveteau J M, Camenisch J. Fair Blind Signatures. In Advances in Cryptology-Eurocrypt 1995, LNCS 921, Berilin, Springer-Verlag 1995, 209-219
[81] Camenisch J, Piveteau J M, Stadler M. An Efficient Fair Paymentsystem. In: Proceedings of the 3rd ACM conference on Computer and Communications Security, New York, ACM,1996, 88-94
[82] Camenisch J, Maurer U, Stadler M. Digital Payment Systems with Passive Anonymity-Revoking Trustees. In: Proceedings of the 4th European Symposium on Research in Computer Security, LNCS 1146, Berlin: Springer-Verlag, 1996, 33-43
[83] Frankel Y, Tsiounis Y, Yung M. Indirect Discourse Proofs: Achieving Efficient Fair off-line E-Cash. In Advances in Cryptology-Asiacrypt 1996, LNCS 1163, Berlin,Springer-Verlag, 1996,286-300
[84] Huang Z, Chen K, Wang Y. Efficient Identity-Based Signatures and Blind Signatures. In:Proceeding of the 4th International Conference on Cryptology and Network Security,LNCS 3810, Berlin, Springer-Verlag, 2005,120-133
[85] Okamoto T. Efficient Blind and Partially Blind Signatures without Random Oracles. In:Proceeding of the 3rd Theory of Cryptography Conference, LNCS 3876, Berlin,Springer-Verlag, 2006, 80-99
[86] Zhang F, Safavi-Naini R, Susilo W. Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings. In: Proceedings of the 4th International Conference on Cryptology in India, LNCS 2904,2003, 191-204
[87] Chow S S M, Hui L C K, Yiu S M. Two Improved Partially Blind Signature Schemes from Bilinear Pairings. In: Proceeding of the 10th Australasian Conference on Information Security and Privacy, LNCS3574, Berlin, Springer-Verlag, 2005, 316-328
[88]Hu X M,Huang S T.An Efficient ID-based Partially Blind Signature Scheme.In:Proceedings of the 8th ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,Washington,IEEE Computer Society,2007,291-296
[89]Paulo S L M,Barreto,Libert B,McCullagh N,Quisquater J J.Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps.In Advances in Cryptology-Asiacrypt 2005,LNCS 3788,Berlin,Springer-Verlag,2005,515-532
[90]Vo D L,Zhang F,Kim K.A New Threshold Blind Signature Scheme from Pairings.In:Proceeding of the 2003 Symposium on Cryptography and Information Security,Piscataway,IEEE,2003,233-238
[91]Cheng X G,Xu W D,Wang X M.A Threshold Blind Signature form Weil Pairing on Elliptic Curves.Journal of Electronics(CHINA),23(1),2006,76-80
[92]Cheng X G,Liu J M,Wang X M.An Identity-Based Signature and Its Threshold Version.In:Proceeding of the 19th International Conference on Advanced Information Networking and Applications,Piscataway,IEEE,2005,973-977
[93]李国文.门限签名体制的研究.山东大学,博士论文,2007
[94]Gennaro R,Jarecki S,Krawczyk H,Rabin T.Robust Threshold DDS Signatures.In Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Verlag,1996,354-371
[95]Feldman P.A Practical Scheme for Non-Interactive verifiable Secret Sharing.In:Proceeding of the 28th IEEE Symposium of Computer Science,New York,IEEE Press,1987,427-437
[96]Hu X M,Huang S T.An Efficient ID-based Restrictive Partially Blind Signature Scheme.In:Proceedings of the 8th ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,Washington,IEEE Computer Society,2007,205-209
[97]Chen X F,Zhang F G,Liu S L.ID-based restrictive Partially Blind Signatures and Applications.The Journal of Systems and Software,80(2),2007,164-171
[98]Hu X M,Huang S T.Analysis of ID-based Restrictive Partially Blind Signatures and Applications.The Journal of Systems and Software,81(11),2008,1951-1954
[99]Wang C J,Tang Y,Lin Q.ID-Based Fair Off-Line Electronic Cash System with Multiple Banks.Journal of Computer Science and Technology,22(3),2007,487-493
[100]Mambo M,Usuda K,Okamoto E.Proxy Signatures for Delegating Signing Operation.In:Proceedings of the 3rd ACM Conference on Computer and Communications Security,New York,ACM,1996,48-57
[101]Lee B,Kim H,Kim K.Strong Proxy Signature and Its Application.In:Proceedings of the 2001 Symposium on Cryptography and Information Security,Japan,Oiso,2001,603-608
[102]Hwang S J,Shi C H.A Simple Multi-proxy Signature Scheme.In:Proceedings of the 10th National Conference on Information Security,Taiwan,Hualien,2000,134-138
[103]Yi L,Bai G,Mao G.Proxy multi-signature scheme:a New Type of Proxy Signature Scheme.Electronic Letter,36(6),2000,527-528
[104]Tan Z,Liu Z,Tang C.Digital Proxy Blind Signature Schemes Based on DLP and ECDLP.MM Research Preprints,21(7),2002,212-217
[105]Tzeng S,Yang C,Hwang M.A Nonrepudiable Threshold Multi-proxy Multi-signature Scheme with Shared Verification.Future Generation Computer Systems,20(5),2004,887-893
[106]Bodyreva A,Palacio A,Warinschi B.Security Proxy Signature Schemes for Delegation of Signing Rights.Cryptology ePrint Archive,Report 2003/096,2003,http://eprint.iacr.org/2003/096
[107]Herranz J,Saez G.Revisiting Fully Distributed Proxy Signature Schemes.In:Proceedings of the 5th International Conference on Cryptology in India,LNCS 3348,Berlin,Springer-Verlag,2004,356-370
[108]Huang X Y,Mu Y,Susilo W,Zhang F,Chen X.A Short Proxy Signature Scheme:efficient authentication in the ubiquitous world.In:Proceedings of the 2nd International Symposium on Ubiquitous Intelligence and Smart Worlds,LNCS 3823,Berlin,Springer-Verlag,2005,pp.480-489
[109]Kim S,Park S,Won D.Proxy Signatures,Revisited.In:Proceedings of the 1st International Conference on Information and Communication Security,LNCS 1334,Berlin,Springer-Verlag,1997,223-232
[110]顾纯样,李景峰,祝跃飞.一类可证明安全的基于身份代理签名体制.计算机应用研 究,10(30),2005,156-163
[111]Gu C,Zhu Y.Provable Security of ID-based Proxy Signature Schemes.In:Proceedings of the 3rd International Conference on Computer Networks and Mobile Computing,LNCS 3619,Berlin,Springer-Verlag,2005,1277-1286
[112]Gu C,Zhu Y.An Efficient ID-based Proxy Signature Schemes from Parings.Cryptology ePrint Archive,Report 2006/158,2006,http://eprint.iacr.org/2006/158
[113]Zhang K.Threshold Proxy Signature Schemes.In:Proceedings of the 1st International Workshop on Information Security,LNCS 1396,Berlin,Springer-Verlag,1997,282-290
[114]Sun H M,Lee N Y,Hwang T.Threshold Proxy Signatures.IEEE Proc Computers &Digital Techniques,146(5),1999,259-263
[115]李继国,曹珍富,一个改进的门限代理签名方案.计算机研究与发展,39(11),2002,1513-1518
[116]Hsu C L,Wu T S.Efficient Non-repudiable Threshold Proxy Signature Scheme with Known Signers against the Collusion Attack.Applied Mathematics and Computation,168(1),2005,315-321
[117]Yang C H,Tzeng S F,Hwang M S.On the Efficiency of Nonrepudiable Threshold Proxy Signature Scheme with Known Signers.Journal of Systems and Software,73(3),2004,507-514
[118]Huang H F,Chang C C.A Novel Efficient(t,n) Threshold Proxy Signature Scheme.Information Sciences,176(10),2006,1338-1349
[119]Hu J H,Zhang J Z.Cryptanalysis and Improvement of a Threshold Proxy Signature Scheme.Computer Standards & Interfaces,30(5),2008,223-228
[120]钱海峰,曹珍富,薛庆水.基于双线性对的新型门限代理签名方案.中国科学E辑(信息科学),34(6),2004,711-720
[121]鲁荣波,何大可,王常吉.一种门限代理签名方案的分析与改进.电子学报,35(1),2007,145-149
[122]Bao H Y,Cao Z F,and W S B.Identity Based Threshold Proxy Signature Scheme with Known Signers.In:Proceedings of the 3nd Annual Conference in Theory and Applications of Models of Computation,LNCS 3959,Berlin,Springer-Verlag,2006,538-546
[123]鲁荣波,何大可,王常吉.对一种基于身份的已知签名人的门限代理签名方案的分析. 电子与信息学报,30(1),2008,100-103
[124]Bellare M,Namprempre C,Neven G.Security Proofs for Identity-Based Identification and Signature Schemes.In Advances in Cryptology-Eurocrypt 2004,LNCS 3027,Berlin,Springer-Vedag,2004,268-286
[125]Xu J,Zhang Z F.Identity Based Threshold Proxy Signature.Chinese of Journal Electronics,15(1),2006,183-186
[126]Waters B.Efficient Identity-based Encryption without Random Oracle.In Advances in Cryptology-Eurocrypt 2005,LNCS 3494,Berlin,Springer-Verlag,2005,114- 127
[127]Huang X Y,Susilo W,Mu Y,Wu W.Proxy Signature without Random Oracles.In:Proceedings of the 2nd International Conference on Mobile Ad-Hoc and Sensor Networks,LNCS 4325.Berlin,Springer-Verlag,2006,473-484
[128]Boneh D,Franklin M.Identity-based Encryption from the Weil Pairing.SIAM Journal on Computing,32(3),2003,586-615
[129]Gentry C.Practical Identity-Based Encryption without Random Oracles.In Advances in Cryptology-Eurocrypt 2006,LNCS 4004,Berlin,Springer-Verlag,2006,445-464
[130]Paterson K.G,Schuldt J C N.Efficient Identity-based Signatures Secure in the Standard Model.In:Proceeding of the 11th Australasian Conference on Information Security and Privacy,LNCS 4058,Berlin,Springer-Verlag,2006,207-222
[131]Jakobsson M,Sako K,Impagliazzo R.Designated Verifier Proofs and Their Applications.In Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Vedag,1996,143-154
[132]Saeednia S,Kramer S,Markovitch O.An Efficient Strong Designated Verifier Signature Scheme.In:Proceeding of the 6th International Conference on Information Security and Cryptology,LNCS 2971,Berlin,Springer-Verlag,2003,40-54
[133]Susilo W,Zhang F,Mu Y.Identity-based Strong Designated Verifier Signature Schemes.In:Proceeding of the 9th Australasian Conference on Information Security and Privacy,LNCS 3108,Berlin,Springer-Verlag,2004,313-324
[134]Steinfeld R,Bull L,Wang H,Pieprzyk J.Universal Designated-verifier Signatures.In Advances in Cryptology-Asiacrypt 2003,LNCS 2894,Berlin,Springer-Verlag,2003,523-542
[135]Steinfeld R,Wang H,Pieprzyk J.Efficient Extension of Standard Schnorr/RSA Signatures into universal designated-verifier signatures.In:Proceeding of the 7th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2947,Berlin,Springer-Verlag,2004,86-100
[136]Zhang F,Susilo W,Mu Y,Chen X.Identity-based Universal Designated Verifier Signatures.In:Proceeding of Emerging Directions in Embedded and Ubiquitous Computing 2005,LNCS 3823,Berlin,Springer-Verlag,2005,825-834
[137]Zhang R,Furukawa J,Imai H.Short Signature and Universal Designated Verifier Signature without Random Oracles.In:Proceeding of the 3rd International Conference Applied Cryptography and Network Security,LNCS 3531,Berlin,Springer-Verlag,2005,483-498
[138]Vergnaud D.New Extensions of Pairing-based Signatures into Universal Designated Verifier Signatures.In:Proceeding of the 33rd International Colloquium on Automata,Languages and Programming,LNCS 4052,Berlin,Springer-Verlag,2006,58-69
[139]Laguillaumie F,Libert B,Quisquater J J.Universal Designated Verifier Signatures without Random Oracles or Non-black Box Assumptions.In:Proceeding of the 5th Security and Cryptography for Networks,LNCS 4116,Berlin,Springer-Verlag,2006,63-77
[140]Huang X Y,Susilo W,Mu Y,Wu W.Secure Universal Designated Verifier Signature without Random Oracles.International Journal of Information Security,7(3),2008,171-183
[141]Back J,Safavi-Naini R,Susilo W.Universal Designated Verifier Signature Proof(or How to Efficiently Prove Knowledge of a Signature).In Advances in Cryptology-Asiacrypt 2005,LNCS 3788,Berlin,Springer-Verlag,2005,644-661
[142]Huang X,Susilo W,Mu Y,Zhang F.Restricted Universal Designated Verifier Signature.In:Proceeding of the 3rd International Conference on Ubiquitous Intelligence and Computing,LNCS 4159,Berlin:Springer-Verlag,2006,874-882
[143]明洋,沈晓芹,王育民.标准模型下的限制性广义指定验证者签名.吉林大学学报,37(6),2007,1359-1363
[144]Lagnillaumie F,Vergnaud D.Designated Verifier Signatures:Anonymity and Efficient Construction from Any Bilinear Map.In:Proceeding of the 4th Conference on Security in Communication Networks,LNCS 3352,Berlin,Springer-Verlag,2004,105-119
[145] Lipmaa H, Wang G, Bao F. Designated Verifier Signature Schemes: Attacks, New Security Notions and A New Construction. In: Proceeding of the 32nd International Colloquium on Automata, Languages and Programming, LNCS 3580, Berlin, Springer-Verlag, 2005,459-471
[146] Huang X Y, Susilo W, Mu Y, Wu W. Universal Designated Verifier Signature without Delegatability. In: Proceeding of the 8th International Conference on Information and Communications Security, LNCS 4307, Berlin, Springer-Verlag, 2006,479-498
[147] Shailaja G, Kumar K P. Universal Designated Multi Verifier Signature without Random Oracles. In: Proceeding of the 9th International Conference on Information Technology,New York, IEEE Press, 2006, 235-238
[148] Zhang F G, Safavi-Naini R, Susilo W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications. In: Proceeding of the 7th International Workshop on Theory and Practice in Public Key Cryptography, LNCS 2947, Berlin, Springer-Verlag, 2004,277-290
[149] Boneh D, Lynn B, Shacham H. Short Signatures from the Weil Pairing. In Advances in Cryptology-Asiacrypt 2001, LNCS 2248, Berlin, Springer-Verlag, 2001, 566-582
[150]Gorantla M C, Saxena A. Verifiably Encrypted Signature Scheme without Random Oracles. In: Proceeding of the 2nd International Conference on Distributed Computing and Internet Technology, LNCS 3816, Berlin, Springer-Verlag, 2005, 357-363
[151] Lu S, Ostrovsky R, Sahai A, Shacham H, Waters B. Sequential Aggregate Signatures and Multisignatures without Random Oracles. In Advances in Cryptology-Eurocrypt 2006,LNCS 4004, Berlin, Springer-Verlag, 2006,465-485
[152] Zhang J, Mao J. A Novel Verifiably Encrypted Signature Scheme without Random Oracle.In: Proceeding of the 2nd Information Security Practice and Experience 2007, LNCS 4464,Berlin, Springer-Verlag, 2007,65-78
[153] Zhang Z, Feng D, Xu J, Zhou Y. Efficient ID-based Optimistic Fair Exchange with Provable Security. In: Proceeding of the 7th Information and Communications Security,LNCS 3783, Berlin, Springer-Verlag, 2005, 14-26
[154] Gu C, Zhu Y. An ID-based Verifiably Encrypted Signature Scheme Based on Hess's Signature. In: Proceeding of the 1st SKLOIS Conference on Information Security and Cryptology, LNCS 3822, Berlin, Springer-Verlag, 2005,42-52
[155]Hess F.Efficient Identity Based Signature Schemes Based on Pairings.In:Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography,LNCS 2595,Berlin:Spdnger-Verlag,2003,310-324
[156]张振峰.基于身份的可验证加密签名协议的安全性分析.29(9),2006,1688-1693
[157]Gu C,Zhu Y,Zheng Y.Certified E-mail Protocol in the ID-based Setting.In:Proceeding of the 5th International Conference on Applied Cryptography and Network Security,LNCS 4521,Berlin,Springer-Verlag,2007,340-353
[158]Kwon S,Lee S H.An Efficient ID-based Verifiably Encrypted Signature Scheme Based on Hess Scheme.In:Proceeding of the 3rd Information Security Practice and Experience Conference,LNCS 4464,Berlin,Springer-Verlag,2007,93-104
[2] Rabin M O. Digital Signatures and Public-key Functions as Intractable as Factorization. Technical report LCS/TR-212, MIT Library for Computer Science, 1979
[3] ElGamal T. A Public-key Cryptosystem and A Signature Based on Discrete Logarithms. IEEE Tansactions on Information Theory, 31(4), 1985,469-472
[4] Menezes A J, vanOorschot P C, Vanstone S A. Handbook of Applied Cryptography. CRC Press, 1997
[5] Mao W. Modern Cryptography: Theory and Practice. Prentice Hall PTR, 2003
[6] ITU-T. Rec.X.509 the Directory-Authentication Framework. 1993. International Telecommunication Union, Geneva, Swithzerland
[7] Shamir A. Identity-based Cryptosystems and Signature Schemes. In Advances in Cryptology-CRYPTO 1984, LNCS 196, Berlin, Springer-Verlag, 1984, 47-53
[8] Cao Z. A Threshold Key Escrow Scheme Based on Public Key Cryptosystem. Science in China, 44(4), 2001,441-448
[9] Schnorr C P. Efficient Identification and Signature for Smart Cards. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 239-252
[10] NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186,1994
[11] Chaum D. Blind Signatures for Untraceable Payments. In Advances in Cryptology-CRYPTO 1982, Berlin, Springer-Verlag, 1982,199-203
[12] Chaum D, Van Antwerpen H. Undeniable Signatures. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 212-216
[13] Fiat A. Batch RSA. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin,Springer-Verlag, 1990,175-185
[14] De Soete M, Quisquater J J, Vedder K. A Signature with Shared Verification Scheme. In Advances in Cryptology-CRYPTO 1989, LNCS 435, Berlin, Springer-Verlag, 1990, 253- 262
[15] Desmedt Y, Frankel Y. Shared Generation of Authentication and Signature. In Advances in Cryptology-CRYPTO 1991, LNCS 576, Berlin, Springer-Verlag, 1992,457-469
[16] Chaum D, Heyst E. Group Signatures. In Advances in Cryptology-Eurocrypt 1991, LNCS 547, Berlin, Springer-Verlag, 1992,257-265
[17] Chaum D. Designated Confirmer Signatures. In Advances in Cryptology-Eurocrypt 1994,LNCS 950, Berlin, Springer-Verlag, 1994, 86-91
[18] Kim S, Park S, Won D. Zero-knowledge Nominative Signatures. In: Proceedings of PragoCrypt 1996, International Conference on the Theory and Applications of Cryptology,Czech, Prague, 1996, 380-392
[19] Mambo M, Usuda K and Okamoto E. Proxy Signature. In: Proceedings of the 1995 Symposium on Cryptography and Information Security, Japan, Inuyama, 1995,147-158
[20] Zheng Y. Digital Signcryption or How to Achieve Cost (Signature & Encryption) << Cost (Signature) +Cost (Encryption). In Advances in Cryptology-CRYPTO 1997, LNCS 1294,Berlin, Springer-Verlag, 1997,165-179
[21] Rivest R, Shamir A, Tauman Y. How to Leak a Secret. In Advances in Cryptology-Asiacrypt 2001, LNCS 2248, Berlin, Springer-Verlag, 2001, 552-565
[22] Micali S, Rivest R. Transitive Signature Schemes. In: Proceedings of the Cryptographer's Track at the RSA Conference 2002, LNCS 2271, Berlin, Springer-Verlag, 2002, 236-243
[23] Lee B, Kim K. Self-certified Signatures. In: proceedings of the 3rd International Conference in Cryptology in India, LNCS 2551, Berlin, Springer-Verlag, 2002, 199-214
[24] Boneh D, Gentry C, Lynn B. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Advances in Cryptology-Eurocrypt 2003, LNCS 2656, Berlin, Springer-Verlag,2003,416-432
[25] Koblitz N. Elliptic Curve Cryptosystems. Mathematics of Computation, 48(177), 1987,203-209
[26] Miller V S. Use of Elliptic Curve in Cryptography. In Advances in Cryptology-CRYPTO 1985, LNCS 218, Berlin, Springer-Verlag, 1986,417-426
[27] Koblitz N. Hyperelliptic Cryptography. Journal of Cryptography, 1(3), 1989,139-150
[28] Johson D, Menezes A. The Elliptic Curve Digital Signature Algorithm. Technical Report, CORR99-31, Canada: Department of Combinatorics and Optimization, University of Waterloo, 1999
[29] Menezes A J, Okamoto T, Vanstone S. Reducing Elliptic Curve Logarithms to Logarithms in a Fiite Feld. In: Proceedings of the 23rd annual ACM symposium on Theory of computing, New York, ACM, 1991, 80-89
[30] Frey G, Ruck H G A Rmark Cncerning m-divisibility and the Dscrete Lgarithm in the Dvisor Cass Goup of Crves. Mathematics of Computation, 62(206), 1994, 865-874
[31] Joux A. A One Round Protocol for Tripartite Diffie-Hellman. In: Proceedings of the 4th International Symposium on Algorithmic Number Theory Algorithmic Number Theory,LNCS 1838, Berlin, Springer-Verlag, 2000, 385-394
[32] Boneh D, Boyen X. Hovav Shacham. Short Group Signatures. In Advances in Cryptology-CRYPTO 2004, LNCS 3152, Berlin, Springer-Verlag, 2004,41-59
[33] Zhang F, Safavi-Naini R, Lin C. New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairings. 2004, http://ePrint.iaer.org/2003/104/
[34] Schnorr C P. Security of Blind Discrete Log Signatures against Interactive Attacks. In:Proceedings of the 3rd International Conference on Information and Communications Security, LNCS 2229, Berlin, Springer-Verlag, 2001,1-12
[35] Zhang F, Kim K. Efficient ID-Based Blind Signature and Proxy Signature from Bilinear Pairings. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy, LNCS 2727, Berlin, Springer-Verlag, 2003, 312-323
[36] Zhang F, Kim K. ID-based Blind Signature and Ring Signature from Pairings. In:Proceedings of Asiacrypt 2002, LNCS2501, Berlin, Springer-Verlag, 2002, 533-547
[37] Lin C Y, Wu T C. An Identity-based Ring Signature Scheme from Bilinear Pairings.Cryptology ePrint Archive, Report 2003/117,2003, http://eprint.iacr.org/2003/117/
[38] Boldyreva A, Palacio A, Warinschi B. Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2567, Berlin, Springer-Verlag, 2003, 31-46
[39] Lin C Y, Wu T C, Zhang F. A Structured Multisignature Scheme from the Gap Diffie-Hellman Group. Cryptology ePrint Archive, Report 2003/090, 2003, Http://eprint. iacr.org/2003/090/
[40]Yao A C.Theory and Applications of Trapdoor Functions.In:Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science,Chicago,Illinois,1982,80-91.
[41]Goldwasser S,Micali S.Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information.In:Proceedings of the 14th Annual ACM Symposium on Theory of Computing,New York,ACM,1982,365-377
[42]冯登国.可证明安全性理论与方法研究.软件学报,16(10),2005,1743-1755
[43]Goldwasser S,Micali S.Probabilistic Encryption.Journal of Computer and System Science,28(2),1984,270-299
[44]Fiat A,Shamir A.How to Prove Yourself:Practical Solutions to Identification and Signature Problems.In Advances in Cryptology-CRYPTO 1986,LNCS 263,Berlin,Springer-Verlag,1987,186-194
[45]Pointcheval D,Stern J.Security Arguments for Digital Signatures and Blind Signatures.Journal of Cryptology,13(3),2000,361-396
[46]Cramer R,Shoup V.A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack.In Advances in Cryptology-CRYPTO 1998,LNCS 1462,Berlin,Springer-Verlag,1998,13-25
[47]Gob E,Jarecki S.A Signature Scheme as Secure as the Diffie-Hellman Problem.In Advances in Cryptology-Eurocrypt 2003,LNCS 2656,Berlin,Springer-Verlag,2003,401-415
[48]Katz J,Wang N.Efficiency Improvements for Signature Schemes with Tight Security Reductions.In:Proceedings of the 10th ACM Conference on Computer and Communications Security,New York,ACM,2003,155-164
[49]柴震川.门限密码方案安全性和应用研究.上海交通大学博士学位论文,2007
[50]Bellare M,Rogaway P.Random Oracles Are Practical:A Paradigm for Designing Efficient Protocols.In:Proceedings of the 1st ACM Conference on Computer and Communication Security,New York,ACM,1993,62-73
[51]Cha J C,Cheon J H.An Identity-based Signature from Gap Diffie-hellman Groups.In:Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2567,2003,18-30
[52] Canetti R, Goldreich O, Halevi S. The Random Oracle Methodology, Revisited. Journal of the ACM, 51(4), 2004, 557-594
[53] Cramer R, Shoup V. Signature Schemes Based on the Strong RSA Assumption. In:Proceedings of the 7th ACM Conference on Computer and Communications Security,New York, ACM, 1999, 46-51
[54] Boneh D, Boyen X. Short Signatures without Random Oracles. In Advances in Cryptology-Eurocrypt 2004, LNCS 3027, Berlin, Springer-Verlag, 2004, 56-73
[55] Goldwasser S, Micali S, Racko C. The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing, 18(1), 1989, 186-208
[56] Ateniese G, Camenisch J, Joye M, Tsudik G A Practical and Provably Secure Coalition-resistant Group Signature Scheme. In Advances in Cryptology-CRYPTO 2000,LNCS 1880, Berlin, Springer-Verlag, 2000,255-270
[57] Chaum D, Evertse J H, Graaf J v d. An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations, In Advances in Cryptology-Eurocrypt 1987, LNCS 304, Berlin, Springer-Verlag, 1988,127-141
[58] Stern J. Why Provable Security Matters. In Advances in Cryptology-Eurocrypt 2003,LNCS 2656, Berlin, Springer-Verlag, 2003,449-461
[59] Goldwasser S, Micali S, Rivest R. A Digital Signature Scheme Secure against Adaptive Chosen-message Attacks. SIAM. Journal of Computing, 17(2), 1988, 281-308
[60] An J, Dodis Y, Rabin T. On the Security of Joint Signature and Encryption. In Advances in Cryptology-Eurocrypt 2002, LNCS 2332, Berlin, Springer-Verlag, 2002, 83-107
[61] Barreto P S L M. and Naehrig M. Pairing-friendly Elliptic Curves of Prime Order.Cryptology ePrint Archive, Report 2005/133,2005, http://eprint.iacr.org/2005/133
[62] Miller V. The Weil Pairing and Its Efficient Calculation. Journal of Cryptology, 17(4) ,2004,235-261
[63] Chaum D, Fiat A, Naor M. Untraceable Electronic Cash. In Advances in Cryptology-CRYPTO 1988, LNCS 403, Berlin, Springer-Verlag, 1990,319-327
[64] Juang W S, Lei C L. A Secure and Practical Electronic Voting Scheme for Real World Environments. IEICE Transactions on Fundamentals, 80(1), 1997, 64 -71
[65] Lenti J, Lovanyi I, Nagy A. Blind Signature Based Steganographic Protocol. In: Proceeding of the 2001 IEEE International Workshop on Intelligent Signal Processing,Budapest, Hungary, 2001, 24-25
[66] Okamoto T. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In Advances in Cryptology-CRYPTO 1992, LNCS 740, Berlin,Springer-Verlag, 1992,31-53
[67] Camenisch J, Piveteau J, Stadler M. Blind Signatures Based on the Discrete Logarithm Problem. In Advances in Cryptology-Eurocrypt 1994, LNCS 950, Berlin, Springer-Verlag,1994,428-432
[68] FAN C, LEI C L. User Efficient Blind Signatures. Electronic Letters, 34(6), 1996, 544-546
[69] Elsayed M, Emarah A E, KEI-Shennawy. A Blind Signature Scheme Based on ElGamal Signature. In: Proceedings of the 17th National Radio Science Conference, Piscataway,IEEE Press, 2000, 51-53
[70] Abe M, Fujisaki E. How to Date Blind Signatures. In Advances in Cryptology-Asiacrypt 1996, LNCS1163, Berlin, Springer-Verlag, 1996,244-251
[71] Abe M, Camenisch J. Partially Blind Signatures. In: Proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, SCIS97-33D, 1997
[72] Miyazaki S, Abe M, Sakurai K. Partially Blind Signature Schemes for the DSS and for a Discrete Log Based Message Recovery Signature. In: Proceedings of the 1997 Korea-Japan Joint Workshop on Information Security and Cryptology, Seoul, Korea, 1997,217-226
[73] Juang W, Lei C. Partially Blind Threshold Signatures Based on Discrete Logarithm.Computer Communications. 22(1), 1999, 73-86
[74] Brands S A. An Efficient Off-line Electronic Cash System Based on the Representation Problem. Technical Report: CS-R9323, Centrum voor Wiskunde en Informatica, 1993
[75] Maitland G, Boyd C. A Provably Secure Restrictive Partially Blind Signature Scheme. In:Proceeding of the 5th Public Key Cryptography International Workshop on Practice and Theory in Public Key Cryptosystems, LNCS 2274, Berlin, Springer-Verlag, 2002, 99-114
[76] Yang F Y, Jan J K. A Provably Secure Scheme for Restrictive Partially Blind Signatures.Cryptology ePrint Archive, Report 2004/037, 2004, Http://eprint.iacr.org/2004/037/
[77] Huang Z, Chen K F, Kou W D. Untraceable Partially Blind Signature Based on DLOG Problem. Journal of Zhejiang University SCIENCE, 5(1), 2004,40-44
[78] Wang C J, Xuan H N. A Simpler Restrictive Partially Blind Signature. In: Proceeding of the 1st International Symposium on Pervasive Computing and Applications, Piscataway,IEEE Press, 2006, 519-523
[79] Brickell E, Gemmel P, Kravitz D. Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change. In: Proceedings of the 6th Annual ACM-SIAM Symposium on Discrete Algorithms, Berlin, Association for Computing Machinery, 1995,457-466
[80] Stadler M, Piveteau J M, Camenisch J. Fair Blind Signatures. In Advances in Cryptology-Eurocrypt 1995, LNCS 921, Berilin, Springer-Verlag 1995, 209-219
[81] Camenisch J, Piveteau J M, Stadler M. An Efficient Fair Paymentsystem. In: Proceedings of the 3rd ACM conference on Computer and Communications Security, New York, ACM,1996, 88-94
[82] Camenisch J, Maurer U, Stadler M. Digital Payment Systems with Passive Anonymity-Revoking Trustees. In: Proceedings of the 4th European Symposium on Research in Computer Security, LNCS 1146, Berlin: Springer-Verlag, 1996, 33-43
[83] Frankel Y, Tsiounis Y, Yung M. Indirect Discourse Proofs: Achieving Efficient Fair off-line E-Cash. In Advances in Cryptology-Asiacrypt 1996, LNCS 1163, Berlin,Springer-Verlag, 1996,286-300
[84] Huang Z, Chen K, Wang Y. Efficient Identity-Based Signatures and Blind Signatures. In:Proceeding of the 4th International Conference on Cryptology and Network Security,LNCS 3810, Berlin, Springer-Verlag, 2005,120-133
[85] Okamoto T. Efficient Blind and Partially Blind Signatures without Random Oracles. In:Proceeding of the 3rd Theory of Cryptography Conference, LNCS 3876, Berlin,Springer-Verlag, 2006, 80-99
[86] Zhang F, Safavi-Naini R, Susilo W. Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings. In: Proceedings of the 4th International Conference on Cryptology in India, LNCS 2904,2003, 191-204
[87] Chow S S M, Hui L C K, Yiu S M. Two Improved Partially Blind Signature Schemes from Bilinear Pairings. In: Proceeding of the 10th Australasian Conference on Information Security and Privacy, LNCS3574, Berlin, Springer-Verlag, 2005, 316-328
[88]Hu X M,Huang S T.An Efficient ID-based Partially Blind Signature Scheme.In:Proceedings of the 8th ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,Washington,IEEE Computer Society,2007,291-296
[89]Paulo S L M,Barreto,Libert B,McCullagh N,Quisquater J J.Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps.In Advances in Cryptology-Asiacrypt 2005,LNCS 3788,Berlin,Springer-Verlag,2005,515-532
[90]Vo D L,Zhang F,Kim K.A New Threshold Blind Signature Scheme from Pairings.In:Proceeding of the 2003 Symposium on Cryptography and Information Security,Piscataway,IEEE,2003,233-238
[91]Cheng X G,Xu W D,Wang X M.A Threshold Blind Signature form Weil Pairing on Elliptic Curves.Journal of Electronics(CHINA),23(1),2006,76-80
[92]Cheng X G,Liu J M,Wang X M.An Identity-Based Signature and Its Threshold Version.In:Proceeding of the 19th International Conference on Advanced Information Networking and Applications,Piscataway,IEEE,2005,973-977
[93]李国文.门限签名体制的研究.山东大学,博士论文,2007
[94]Gennaro R,Jarecki S,Krawczyk H,Rabin T.Robust Threshold DDS Signatures.In Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Verlag,1996,354-371
[95]Feldman P.A Practical Scheme for Non-Interactive verifiable Secret Sharing.In:Proceeding of the 28th IEEE Symposium of Computer Science,New York,IEEE Press,1987,427-437
[96]Hu X M,Huang S T.An Efficient ID-based Restrictive Partially Blind Signature Scheme.In:Proceedings of the 8th ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,Washington,IEEE Computer Society,2007,205-209
[97]Chen X F,Zhang F G,Liu S L.ID-based restrictive Partially Blind Signatures and Applications.The Journal of Systems and Software,80(2),2007,164-171
[98]Hu X M,Huang S T.Analysis of ID-based Restrictive Partially Blind Signatures and Applications.The Journal of Systems and Software,81(11),2008,1951-1954
[99]Wang C J,Tang Y,Lin Q.ID-Based Fair Off-Line Electronic Cash System with Multiple Banks.Journal of Computer Science and Technology,22(3),2007,487-493
[100]Mambo M,Usuda K,Okamoto E.Proxy Signatures for Delegating Signing Operation.In:Proceedings of the 3rd ACM Conference on Computer and Communications Security,New York,ACM,1996,48-57
[101]Lee B,Kim H,Kim K.Strong Proxy Signature and Its Application.In:Proceedings of the 2001 Symposium on Cryptography and Information Security,Japan,Oiso,2001,603-608
[102]Hwang S J,Shi C H.A Simple Multi-proxy Signature Scheme.In:Proceedings of the 10th National Conference on Information Security,Taiwan,Hualien,2000,134-138
[103]Yi L,Bai G,Mao G.Proxy multi-signature scheme:a New Type of Proxy Signature Scheme.Electronic Letter,36(6),2000,527-528
[104]Tan Z,Liu Z,Tang C.Digital Proxy Blind Signature Schemes Based on DLP and ECDLP.MM Research Preprints,21(7),2002,212-217
[105]Tzeng S,Yang C,Hwang M.A Nonrepudiable Threshold Multi-proxy Multi-signature Scheme with Shared Verification.Future Generation Computer Systems,20(5),2004,887-893
[106]Bodyreva A,Palacio A,Warinschi B.Security Proxy Signature Schemes for Delegation of Signing Rights.Cryptology ePrint Archive,Report 2003/096,2003,http://eprint.iacr.org/2003/096
[107]Herranz J,Saez G.Revisiting Fully Distributed Proxy Signature Schemes.In:Proceedings of the 5th International Conference on Cryptology in India,LNCS 3348,Berlin,Springer-Verlag,2004,356-370
[108]Huang X Y,Mu Y,Susilo W,Zhang F,Chen X.A Short Proxy Signature Scheme:efficient authentication in the ubiquitous world.In:Proceedings of the 2nd International Symposium on Ubiquitous Intelligence and Smart Worlds,LNCS 3823,Berlin,Springer-Verlag,2005,pp.480-489
[109]Kim S,Park S,Won D.Proxy Signatures,Revisited.In:Proceedings of the 1st International Conference on Information and Communication Security,LNCS 1334,Berlin,Springer-Verlag,1997,223-232
[110]顾纯样,李景峰,祝跃飞.一类可证明安全的基于身份代理签名体制.计算机应用研 究,10(30),2005,156-163
[111]Gu C,Zhu Y.Provable Security of ID-based Proxy Signature Schemes.In:Proceedings of the 3rd International Conference on Computer Networks and Mobile Computing,LNCS 3619,Berlin,Springer-Verlag,2005,1277-1286
[112]Gu C,Zhu Y.An Efficient ID-based Proxy Signature Schemes from Parings.Cryptology ePrint Archive,Report 2006/158,2006,http://eprint.iacr.org/2006/158
[113]Zhang K.Threshold Proxy Signature Schemes.In:Proceedings of the 1st International Workshop on Information Security,LNCS 1396,Berlin,Springer-Verlag,1997,282-290
[114]Sun H M,Lee N Y,Hwang T.Threshold Proxy Signatures.IEEE Proc Computers &Digital Techniques,146(5),1999,259-263
[115]李继国,曹珍富,一个改进的门限代理签名方案.计算机研究与发展,39(11),2002,1513-1518
[116]Hsu C L,Wu T S.Efficient Non-repudiable Threshold Proxy Signature Scheme with Known Signers against the Collusion Attack.Applied Mathematics and Computation,168(1),2005,315-321
[117]Yang C H,Tzeng S F,Hwang M S.On the Efficiency of Nonrepudiable Threshold Proxy Signature Scheme with Known Signers.Journal of Systems and Software,73(3),2004,507-514
[118]Huang H F,Chang C C.A Novel Efficient(t,n) Threshold Proxy Signature Scheme.Information Sciences,176(10),2006,1338-1349
[119]Hu J H,Zhang J Z.Cryptanalysis and Improvement of a Threshold Proxy Signature Scheme.Computer Standards & Interfaces,30(5),2008,223-228
[120]钱海峰,曹珍富,薛庆水.基于双线性对的新型门限代理签名方案.中国科学E辑(信息科学),34(6),2004,711-720
[121]鲁荣波,何大可,王常吉.一种门限代理签名方案的分析与改进.电子学报,35(1),2007,145-149
[122]Bao H Y,Cao Z F,and W S B.Identity Based Threshold Proxy Signature Scheme with Known Signers.In:Proceedings of the 3nd Annual Conference in Theory and Applications of Models of Computation,LNCS 3959,Berlin,Springer-Verlag,2006,538-546
[123]鲁荣波,何大可,王常吉.对一种基于身份的已知签名人的门限代理签名方案的分析. 电子与信息学报,30(1),2008,100-103
[124]Bellare M,Namprempre C,Neven G.Security Proofs for Identity-Based Identification and Signature Schemes.In Advances in Cryptology-Eurocrypt 2004,LNCS 3027,Berlin,Springer-Vedag,2004,268-286
[125]Xu J,Zhang Z F.Identity Based Threshold Proxy Signature.Chinese of Journal Electronics,15(1),2006,183-186
[126]Waters B.Efficient Identity-based Encryption without Random Oracle.In Advances in Cryptology-Eurocrypt 2005,LNCS 3494,Berlin,Springer-Verlag,2005,114- 127
[127]Huang X Y,Susilo W,Mu Y,Wu W.Proxy Signature without Random Oracles.In:Proceedings of the 2nd International Conference on Mobile Ad-Hoc and Sensor Networks,LNCS 4325.Berlin,Springer-Verlag,2006,473-484
[128]Boneh D,Franklin M.Identity-based Encryption from the Weil Pairing.SIAM Journal on Computing,32(3),2003,586-615
[129]Gentry C.Practical Identity-Based Encryption without Random Oracles.In Advances in Cryptology-Eurocrypt 2006,LNCS 4004,Berlin,Springer-Verlag,2006,445-464
[130]Paterson K.G,Schuldt J C N.Efficient Identity-based Signatures Secure in the Standard Model.In:Proceeding of the 11th Australasian Conference on Information Security and Privacy,LNCS 4058,Berlin,Springer-Verlag,2006,207-222
[131]Jakobsson M,Sako K,Impagliazzo R.Designated Verifier Proofs and Their Applications.In Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Vedag,1996,143-154
[132]Saeednia S,Kramer S,Markovitch O.An Efficient Strong Designated Verifier Signature Scheme.In:Proceeding of the 6th International Conference on Information Security and Cryptology,LNCS 2971,Berlin,Springer-Verlag,2003,40-54
[133]Susilo W,Zhang F,Mu Y.Identity-based Strong Designated Verifier Signature Schemes.In:Proceeding of the 9th Australasian Conference on Information Security and Privacy,LNCS 3108,Berlin,Springer-Verlag,2004,313-324
[134]Steinfeld R,Bull L,Wang H,Pieprzyk J.Universal Designated-verifier Signatures.In Advances in Cryptology-Asiacrypt 2003,LNCS 2894,Berlin,Springer-Verlag,2003,523-542
[135]Steinfeld R,Wang H,Pieprzyk J.Efficient Extension of Standard Schnorr/RSA Signatures into universal designated-verifier signatures.In:Proceeding of the 7th International Workshop on Theory and Practice in Public Key Cryptography,LNCS 2947,Berlin,Springer-Verlag,2004,86-100
[136]Zhang F,Susilo W,Mu Y,Chen X.Identity-based Universal Designated Verifier Signatures.In:Proceeding of Emerging Directions in Embedded and Ubiquitous Computing 2005,LNCS 3823,Berlin,Springer-Verlag,2005,825-834
[137]Zhang R,Furukawa J,Imai H.Short Signature and Universal Designated Verifier Signature without Random Oracles.In:Proceeding of the 3rd International Conference Applied Cryptography and Network Security,LNCS 3531,Berlin,Springer-Verlag,2005,483-498
[138]Vergnaud D.New Extensions of Pairing-based Signatures into Universal Designated Verifier Signatures.In:Proceeding of the 33rd International Colloquium on Automata,Languages and Programming,LNCS 4052,Berlin,Springer-Verlag,2006,58-69
[139]Laguillaumie F,Libert B,Quisquater J J.Universal Designated Verifier Signatures without Random Oracles or Non-black Box Assumptions.In:Proceeding of the 5th Security and Cryptography for Networks,LNCS 4116,Berlin,Springer-Verlag,2006,63-77
[140]Huang X Y,Susilo W,Mu Y,Wu W.Secure Universal Designated Verifier Signature without Random Oracles.International Journal of Information Security,7(3),2008,171-183
[141]Back J,Safavi-Naini R,Susilo W.Universal Designated Verifier Signature Proof(or How to Efficiently Prove Knowledge of a Signature).In Advances in Cryptology-Asiacrypt 2005,LNCS 3788,Berlin,Springer-Verlag,2005,644-661
[142]Huang X,Susilo W,Mu Y,Zhang F.Restricted Universal Designated Verifier Signature.In:Proceeding of the 3rd International Conference on Ubiquitous Intelligence and Computing,LNCS 4159,Berlin:Springer-Verlag,2006,874-882
[143]明洋,沈晓芹,王育民.标准模型下的限制性广义指定验证者签名.吉林大学学报,37(6),2007,1359-1363
[144]Lagnillaumie F,Vergnaud D.Designated Verifier Signatures:Anonymity and Efficient Construction from Any Bilinear Map.In:Proceeding of the 4th Conference on Security in Communication Networks,LNCS 3352,Berlin,Springer-Verlag,2004,105-119
[145] Lipmaa H, Wang G, Bao F. Designated Verifier Signature Schemes: Attacks, New Security Notions and A New Construction. In: Proceeding of the 32nd International Colloquium on Automata, Languages and Programming, LNCS 3580, Berlin, Springer-Verlag, 2005,459-471
[146] Huang X Y, Susilo W, Mu Y, Wu W. Universal Designated Verifier Signature without Delegatability. In: Proceeding of the 8th International Conference on Information and Communications Security, LNCS 4307, Berlin, Springer-Verlag, 2006,479-498
[147] Shailaja G, Kumar K P. Universal Designated Multi Verifier Signature without Random Oracles. In: Proceeding of the 9th International Conference on Information Technology,New York, IEEE Press, 2006, 235-238
[148] Zhang F G, Safavi-Naini R, Susilo W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications. In: Proceeding of the 7th International Workshop on Theory and Practice in Public Key Cryptography, LNCS 2947, Berlin, Springer-Verlag, 2004,277-290
[149] Boneh D, Lynn B, Shacham H. Short Signatures from the Weil Pairing. In Advances in Cryptology-Asiacrypt 2001, LNCS 2248, Berlin, Springer-Verlag, 2001, 566-582
[150]Gorantla M C, Saxena A. Verifiably Encrypted Signature Scheme without Random Oracles. In: Proceeding of the 2nd International Conference on Distributed Computing and Internet Technology, LNCS 3816, Berlin, Springer-Verlag, 2005, 357-363
[151] Lu S, Ostrovsky R, Sahai A, Shacham H, Waters B. Sequential Aggregate Signatures and Multisignatures without Random Oracles. In Advances in Cryptology-Eurocrypt 2006,LNCS 4004, Berlin, Springer-Verlag, 2006,465-485
[152] Zhang J, Mao J. A Novel Verifiably Encrypted Signature Scheme without Random Oracle.In: Proceeding of the 2nd Information Security Practice and Experience 2007, LNCS 4464,Berlin, Springer-Verlag, 2007,65-78
[153] Zhang Z, Feng D, Xu J, Zhou Y. Efficient ID-based Optimistic Fair Exchange with Provable Security. In: Proceeding of the 7th Information and Communications Security,LNCS 3783, Berlin, Springer-Verlag, 2005, 14-26
[154] Gu C, Zhu Y. An ID-based Verifiably Encrypted Signature Scheme Based on Hess's Signature. In: Proceeding of the 1st SKLOIS Conference on Information Security and Cryptology, LNCS 3822, Berlin, Springer-Verlag, 2005,42-52
[155]Hess F.Efficient Identity Based Signature Schemes Based on Pairings.In:Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography,LNCS 2595,Berlin:Spdnger-Verlag,2003,310-324
[156]张振峰.基于身份的可验证加密签名协议的安全性分析.29(9),2006,1688-1693
[157]Gu C,Zhu Y,Zheng Y.Certified E-mail Protocol in the ID-based Setting.In:Proceeding of the 5th International Conference on Applied Cryptography and Network Security,LNCS 4521,Berlin,Springer-Verlag,2007,340-353
[158]Kwon S,Lee S H.An Efficient ID-based Verifiably Encrypted Signature Scheme Based on Hess Scheme.In:Proceeding of the 3rd Information Security Practice and Experience Conference,LNCS 4464,Berlin,Springer-Verlag,2007,93-104