复杂数字签名方案及其安全认证研究
|
摘要
数字签名是现代密码学中主要研究内容之一。数字签名在信息安全、身份认证、数据完整性、不可否认性及匿名性等方面有广泛的应用,尤其在大型网络安全和电子商务系统中占有重要的地位。数字签名已成为计算机网络中不可缺少的一项安全措施,它是保证数据完整性,实现认证的重要工具。
复杂数字签名是典型数字签名体制相结合的产物,是随着实际工作情况而提出的数字签名概念。研究复杂数字签名在信息安全和存取控制中有重大的意义。
本文重点研究多重签名、代理签名、群签名、认证加密签名等几类复杂签名体制及基于数字签名的安全认证存取控制方案。
本文的主要研究成果有:
1、分析了一般的基于离散对数有序多重签名方案,并提出了一种改进方案。然后提出了一种基于RSA的ElGamal型有序多重数字签名方案,构造出的签名方案的安全性同时基于大数分解和离散对数问题,方案具有更高的安全性和实用性。对具有相同签名授权的多重签名方案进行修改,提出一种具有不同签名授权的多重签名方案。
2、对代理多重签名方案进行研究,提出了一种基于Mambo型代理多重签名的改进方案。对LKK强代理多重签名方案进行了分析,提出了两种伪造攻击,利用这两种攻击,攻击者能够伪造出有效的代理签名。并对该方案进行了改进,提出了一种安全的强代理多重签名方案。在门限多重代理签名以及代理多重签名的基础上,设计了一种群代理多重签名方案。在这种方案中,多个原始签名人授权于多个代理签名人,只有多个代理人合作才可以代表多个原始签名人生成签名。在Guillou-Quisquater的数字签名的基础上,设计出能追踪接收者身份的时控代理签名方案。方案的安全性是基于大素数的因式分解难题,并且在该方案中不仅能确定代理者签名的准确时间,而且授权人还可以追踪接收代理签名消息者的身份。
3、提出了一种非交互式的群签名方案。该方案保留了已有方案的优点,并从根本上解决了群签名的“匿名”性问题。然后提出了一种在群签名中防止数字签名任意传播的新方案,即签名者不直接提供对信息m的签名,而是提供一个零知识证明,他或她拥有对该信息的数字签名。再提出一种(t,n)门限群签名方案,具有签名验证简单而且计算量少,并具有匿名性、可追踪性和系统稳定性等优点。设计出了一种新的(t,n)门限签名方案,该(t,n)门限群签名方案具用可证实性、安全性和验证的高效性,且在很多方面和一般个人签名的验证具有相同的运算复杂度。
4、拥有信息恢复功能的签名方案与Harn的(t,n)门限方案进行集成,基于离散对数提出了一种拥有(t,n)共享验证的签名方案。然后针对一般的认证加密方案存在着当签名者否认签名时,接收者不能使任何验证者证实签名者的诚实性等问题,提出了二种有效的解决方案。一种为可转换的认证加密方案;另一种为具有消息链接的可转换的认证加密方案。这两种方案在计算特性上与类似已有方案相比具有优越性。最后对一公开认证加密方案进行分析,指出了该方案的安全漏洞并提出了改进方案。
5、利用Harn数字签名方案,结合零知识证明的思想,提出了一种基于数字签名方案的安全认证存取控制方案。
Digital signature as one of the main research contents in modern cryptography, is applied in wide fields such as information security, identity authentication, data integrality, undeniableness and anonymity, especially plays a great role in large network security and electronic business system. Digital Signature has become a necessary safety precaution in computer network, and been an important tool to assure data integrality and implement authentication.
Complex signature is the result of combining typical signature schemes, and the conception is put forward with practical work condition. Complex signature plays an important role in information security and access control.
In this dissertation, some complex signature systems are discussed in detail, including multi-signature, proxy-signature, group-signature, authenticated encryption signature and a secure authentication access control scheme based on digital signature. The main contributions are as follows:
1. The security of common sequential multi-signature scheme based on discrete logarithm is analysed, and a new improved scheme is presented. And then Elgamal type sequential digital signature scheme based on RSA is presented, whose security are both based on large prime factorization and discrete logarithm,so as to is more secure and practical. Based on multi-signature scheme with distinguished signing authorities, a multi-signature scheme is introduced with undistinguished signing authorities.
2. The security of proxy multi-signature is analyzed, a new proxy multi-signature scheme based on original Membo proxy multi-signature is presented. The strong proxy Multi-Signature scheme based on LKK is analyzed, and two types of forge attacks are proposed, by taking advantage of which, the attackers can forge a valid a proxy multi-signature. A new modified and secure strong proxy multi-signature scheme is presented to solve the corresponding security proplem. A group proxy multi-signature scheme based on threshold multi-proxy and proxy multi-signature is presented. In this scheme, a group of original signers can authorize a group of proxy signers, and only the cooperation of all signers in a proxy group can generate group-proxy multi-signature. A time stamped proxy signatures scheme with traceable receiver based on the Guillou-Quisquater digital signature has been proposed, whose security is based on large prime factorization, not only can commit the exact time when the proxy signers signed, but also can trace the figure of receiver.
3. A irreciprocal group signature scheme is proposed, the scheme inherents in previously proposed schemes, and solves the anonymity problem. A scheme of group signature is proposed, which can prevent digital signatures from discretionarily spreading, the signers can be proved to own the signatures by zero-knowledge, not to show the signatures directly. A new threshold signature scheme is proposed, it can be validated simply, requires less computational cost, and has the virtues of anonymity, traceability, stability and so on. A new threshold signature scheme is presented, which is secure, validated efficiently, and as the same complexity of computing as the individual signature in many aspects.
4. Based on discrete logarithms, a secure (t,n) threshold shared verification signature scheme is proposed in this paper, which integrates signature scheme with message recovery and the (t,n) threshold scheme. Two valid schemes are presented, to solve the problem that the recipient can not prove the honesty to any verifier if the signer denies the signatures in common authenticated encryption scheme. The first is a new convertible authenticated encryption scheme, the other is a new convertible authenticated encryption scheme with message linkages. And the two schemes is prior to similar schemes in computing characteristic. Finally, after analysing an publicly authenticated encryption scheme and pointing out its leak, an improved publicly authenticated encryption scheme is proposed.
5. A secure authentication access control scheme based on digital signature is proposed, combining Harn digital signature scheme and the thought of zero-knowledge proof.
复杂数字签名是典型数字签名体制相结合的产物,是随着实际工作情况而提出的数字签名概念。研究复杂数字签名在信息安全和存取控制中有重大的意义。
本文重点研究多重签名、代理签名、群签名、认证加密签名等几类复杂签名体制及基于数字签名的安全认证存取控制方案。
本文的主要研究成果有:
1、分析了一般的基于离散对数有序多重签名方案,并提出了一种改进方案。然后提出了一种基于RSA的ElGamal型有序多重数字签名方案,构造出的签名方案的安全性同时基于大数分解和离散对数问题,方案具有更高的安全性和实用性。对具有相同签名授权的多重签名方案进行修改,提出一种具有不同签名授权的多重签名方案。
2、对代理多重签名方案进行研究,提出了一种基于Mambo型代理多重签名的改进方案。对LKK强代理多重签名方案进行了分析,提出了两种伪造攻击,利用这两种攻击,攻击者能够伪造出有效的代理签名。并对该方案进行了改进,提出了一种安全的强代理多重签名方案。在门限多重代理签名以及代理多重签名的基础上,设计了一种群代理多重签名方案。在这种方案中,多个原始签名人授权于多个代理签名人,只有多个代理人合作才可以代表多个原始签名人生成签名。在Guillou-Quisquater的数字签名的基础上,设计出能追踪接收者身份的时控代理签名方案。方案的安全性是基于大素数的因式分解难题,并且在该方案中不仅能确定代理者签名的准确时间,而且授权人还可以追踪接收代理签名消息者的身份。
3、提出了一种非交互式的群签名方案。该方案保留了已有方案的优点,并从根本上解决了群签名的“匿名”性问题。然后提出了一种在群签名中防止数字签名任意传播的新方案,即签名者不直接提供对信息m的签名,而是提供一个零知识证明,他或她拥有对该信息的数字签名。再提出一种(t,n)门限群签名方案,具有签名验证简单而且计算量少,并具有匿名性、可追踪性和系统稳定性等优点。设计出了一种新的(t,n)门限签名方案,该(t,n)门限群签名方案具用可证实性、安全性和验证的高效性,且在很多方面和一般个人签名的验证具有相同的运算复杂度。
4、拥有信息恢复功能的签名方案与Harn的(t,n)门限方案进行集成,基于离散对数提出了一种拥有(t,n)共享验证的签名方案。然后针对一般的认证加密方案存在着当签名者否认签名时,接收者不能使任何验证者证实签名者的诚实性等问题,提出了二种有效的解决方案。一种为可转换的认证加密方案;另一种为具有消息链接的可转换的认证加密方案。这两种方案在计算特性上与类似已有方案相比具有优越性。最后对一公开认证加密方案进行分析,指出了该方案的安全漏洞并提出了改进方案。
5、利用Harn数字签名方案,结合零知识证明的思想,提出了一种基于数字签名方案的安全认证存取控制方案。
Digital signature as one of the main research contents in modern cryptography, is applied in wide fields such as information security, identity authentication, data integrality, undeniableness and anonymity, especially plays a great role in large network security and electronic business system. Digital Signature has become a necessary safety precaution in computer network, and been an important tool to assure data integrality and implement authentication.
Complex signature is the result of combining typical signature schemes, and the conception is put forward with practical work condition. Complex signature plays an important role in information security and access control.
In this dissertation, some complex signature systems are discussed in detail, including multi-signature, proxy-signature, group-signature, authenticated encryption signature and a secure authentication access control scheme based on digital signature. The main contributions are as follows:
1. The security of common sequential multi-signature scheme based on discrete logarithm is analysed, and a new improved scheme is presented. And then Elgamal type sequential digital signature scheme based on RSA is presented, whose security are both based on large prime factorization and discrete logarithm,so as to is more secure and practical. Based on multi-signature scheme with distinguished signing authorities, a multi-signature scheme is introduced with undistinguished signing authorities.
2. The security of proxy multi-signature is analyzed, a new proxy multi-signature scheme based on original Membo proxy multi-signature is presented. The strong proxy Multi-Signature scheme based on LKK is analyzed, and two types of forge attacks are proposed, by taking advantage of which, the attackers can forge a valid a proxy multi-signature. A new modified and secure strong proxy multi-signature scheme is presented to solve the corresponding security proplem. A group proxy multi-signature scheme based on threshold multi-proxy and proxy multi-signature is presented. In this scheme, a group of original signers can authorize a group of proxy signers, and only the cooperation of all signers in a proxy group can generate group-proxy multi-signature. A time stamped proxy signatures scheme with traceable receiver based on the Guillou-Quisquater digital signature has been proposed, whose security is based on large prime factorization, not only can commit the exact time when the proxy signers signed, but also can trace the figure of receiver.
3. A irreciprocal group signature scheme is proposed, the scheme inherents in previously proposed schemes, and solves the anonymity problem. A scheme of group signature is proposed, which can prevent digital signatures from discretionarily spreading, the signers can be proved to own the signatures by zero-knowledge, not to show the signatures directly. A new threshold signature scheme is proposed, it can be validated simply, requires less computational cost, and has the virtues of anonymity, traceability, stability and so on. A new threshold signature scheme is presented, which is secure, validated efficiently, and as the same complexity of computing as the individual signature in many aspects.
4. Based on discrete logarithms, a secure (t,n) threshold shared verification signature scheme is proposed in this paper, which integrates signature scheme with message recovery and the (t,n) threshold scheme. Two valid schemes are presented, to solve the problem that the recipient can not prove the honesty to any verifier if the signer denies the signatures in common authenticated encryption scheme. The first is a new convertible authenticated encryption scheme, the other is a new convertible authenticated encryption scheme with message linkages. And the two schemes is prior to similar schemes in computing characteristic. Finally, after analysing an publicly authenticated encryption scheme and pointing out its leak, an improved publicly authenticated encryption scheme is proposed.
5. A secure authentication access control scheme based on digital signature is proposed, combining Harn digital signature scheme and the thought of zero-knowledge proof.
引文
[1]Diffie. W, Hellman M E. New directions in cryptography[J]. IEEE Transactions on Information Theory, 1976, IT-22(6):644-654
[2]Revist R L, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems[J]. Communications of the ACM, 1978, 21(2): 120-126
[3]T. ElGamal. A public key cryptosystem and a signature scheme base on discrete logarithms[J]. IEEE Trans. Inform Theroy, 1985, 31(4): 469-472.
[4]Proposed Federal Information Processing Standard for Digital Signature Standard(DDS). Federal Register, 56(169), 42980-42982,1991
[5] Chaum D. Blind signatures for untraceable payments[C]. Advances in Cryptology - Proceedings of Crypto' 82, Prenum Publishing Corporation, 1982. pp. 199-204.
[6] Itakura K, Nakamura K. A public key cryptosystem suitable for digital multi-signature [J]. NEC Research and Development, 1983, (71): 1-8.
[7] Chaum D. and van Antwerpen H. Undeniable signatures[C], Advances in Cryptology -CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 212-216.
[8] Even S, Goldreich O and Micali S. On-line/Off-line digital signatures[C]. Advances in Cryptology- CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 263-277
[9] Fiat A. Batch RSA[C]. Advances in Cryptology - CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 175-185.
[10] De Soete M, Quisquater J and Vedder K. A signature with shared verification scheme [C]. Advances in Cryptology -CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.253-262.
[11] Desmedt Y and Frankel Y. Shared generation of authentication and signature[C]. Advances in Cryptology-CRYPTO' 91, LNCS 576, Springer-Verlag, Berlin, 1991, pp 457-469
[12] Chaum D and Heyst E. Group signatures[C]. Advances in Cryptology- EUROCRYPT' 91 , LNCS 547, Springer-Verlag, Berlin, 1992. pp. 257-265.
[13] Pfitzmann B and Waidner M. Fail-stop signature and their application[J]. SECURCOM' 91,145-160.
[14] Goldwasser S, Ostrovsky R. Invariant signatures and non-interactive zero-knowledge proofs are equivalent[C]. Advances in Cryptology-CRYPTO' 92, LNCS 740, Springer-Verlag, Berlin, 1992,pp. 228-245.
[15] Lim C and Lee P. Modified Maurer-Yacobi' s scheme and its applications[C]. Advances in Cryptology - AUSCRYPT' 92, LNCS 718, Springer-Verlag, Berlin, 1992, pp.308-323.
[16] Nyberg K and Rueppel R. A new signature scheme based on the DSA giving message recovery[C].1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 58-61.
[17] Nyberg K and Rueppel R. Message recovery for signature schemes based on the discrete logarithm problem[C]. Advances in Cryptology-EUROCRYPT' 94, LNCS 950, Springer-Verlag, Berlin, 1995, pp. 182-193.
[18] Chaum D. Designated confirmer signatures[C]. Advances in Cryptology - EUROCYPT' 94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.86-91
[19] Kim S, Park S and Won D. Zero-knowledge nominative signatures[C]. Proc, of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, Czech, Prague, September 30 - October 3, 1996, pp.380-392.
[20] Mambo M, Usuda K and Okamoto E. Proxy signature. Proceedings of the 1995 Symposium on Cryptography and information security(SCIS' 95) [C], Inuyama, Japan, 147-158, Jan, 24-27, 1995.
[21] Zheng Y. Digital Signcryption or How to Achieve Cost (Signature&Encryption) << Cost (Signature) +Cost (Encryption) [C]. Advances in Cryptology-Crypto'97, LNCS 1294. Springer-Verlag, 1997. 165-179
[22] Jakobasson M, Yung M. Distributed 'Magic ink' signatures[C]. Advances in Cryptology - EUROCRYPT' 97, LNCS 1233, Springer-Verlag, Berlin, 1997, pp. 450-464.
[23] Rivest R. Two new signature schemes. Presented at Cambridge seminar [EB/OL]. http://www. cl. cam. ac. uk/Research/Security/seminars/2000/r ivest-tss.pdf, 2001.
[24] Krawczyk H and Rabin T. Chameleon signatures[M]. Proceedings of NDSS 2000, pp. 143-154.
[25] Rivest R, Shamir A and Tauman Y. How to leak a secret[C]. Advances in Cryptology-ASIACRYPT '01, LNCS 2248, Springer-Verlag, Berlin, 2001, pp. 552-565.
[26] Micali S, Rivest R. Transitive signature schemes[C]. Topics in Cryptology - CT-RSA' 02, LNCS2271, Springer-Verlag, Berlin, 2002, pp.236 - 243.
[27] Johnson R, Molnar D, Song D et al. Homomorphic Signature Schemes[C]. Topics in Cryptology CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 244-262.
[28] Lee B and Kim K. Self-certified signatures[J]. INDOCRYPT 2002, LNCS 2551, Springer-Verlag, Berlin, 2002, pp. 199-214
[29] Boneh D, Gentry C, Lynn B. et al. Aggregate and verifiably encrypted signatures from bilinear maps[C]. Advances in Cryptology - EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 416-432
[30] Lysyanskaya A. and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash[C]. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp. 184-197.
[31] Zhang K. Threshold proxy signature schemes[J]. Information Security Workshop, Japan, 1997.
[32] Tan Z, Liu Z and Tang C. Digital proxy blind signature schemes based on DLP and ECDLP[J]. MM Research Preprints, No. 21, December 2002, MMRC, AMSS, Academia, Sinica, Beijing, pp. 212 - 217.
[33] Yi L, Bai G, Xiao G. Proxy multisignature - a new type of proxy signature schemes[J]. Electronics Letters, 2000, 36(6): 527-528.
[34] Juang W and Lei C. Blind threshold signatures based on discrete logarithm[J]. Proc. of Second Asian Computing Science Conference on Programming, Concurrency and Parallelism, Networking and Security, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181
[35] Chaum D. Blind Signatures for Untraceable Payments[C]. Advances in Cryptology: Proceedings of CRYPTO'82. Plenum Press, 1983, 199-203
[36]Itakura K,Nakamura K.A public-key cryptosystem suitable for digital multisignature NEC Research&Development,(71):1-8,October 1983
[37]Mambo M,Usuda K,Okamoto E.Proxy signatures:Delegation of the power to signmessages[J].IEICE Trans.Fundaments.1996,V6I.E79-A,No.9:1338-1353
[38]Chaum D,Heyst E V.Group signatures.Advances in Cryptology-Eurocrypto'91,LNCS 547.Berlin:Springer-Verlag,1991:257-265
[39]Shi Ronghua(施荣华).A redundant binary algorithm for RSA[J].Journal of Computer Science and Technology,1996,11(4):416-420.
[40]王育民,刘建伟.通信网的安全—理论与技术[M].西安:西安电子科技大学出版社,1999.
[41]Menezes A,Oorschot P,V anstone S.Handbook of Applied Cryptography,CRC Press 1996.
[42]Mao W,Modern Cryptography.Theory&Practice.Prentice Hall,2003
[43]Schneier B著,吴世忠译.应用密码学—协议、算法、c源程序[M].机械工业出版社,2000.
[44]祁明,卓光辉.盲签名方案的分类及其应用[J].通信保密,1999,79(3):42-45.
[45]祁明,张凌.盲参数签名及其应用[J].计算机工程与应用,2001,14:33-34
[46]Okamoto T.A digital multi-signature scheme using bijective public-key cryptosystems[J].ACM Transaction on Computer Systems,1988,6(8):432-441
[47]杨义先,孙伟,钮心忻.现代密码新理论[M].北京:科学出版社,2002.
[48]王晓明.一种多重数字签名方案的安全性分析[J].南开大学学报(自然科学版),2003,36(1):33-38
[49]张青坡,陈彩云,陈鲁生等.有限域上多项式形式的ElGamal体制及数字签名方案[J].通信学报,2005,26(5):69-72
[50]李继国,曹珍富等.代理签名的现状与进展[J].通信学报,2003,24(10):114-123.
[51]王晓明,陈火炎等.前向安全的代理签名方案[J].通信学报,2005,26(11):38-42
[52]王晓明,付方伟.指定验证人的(t,n)门限代理签名方案[J].软件学报,2005,16(6),1190-1196
[53]张宁,傅晓彤,肖国镇.对基于椭圆曲线的代理签名的研究与改进[J].西安电子科技大学学报,2005,32(2):280-283
[54]Camenish J,Stadler M.Efficient group signatures for large group [A].Proceedings of CRYPTO'97,Lecture Notes in Computer Science[C].Springer-Verlag,1997.
[55]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-851
[56]伊丽江,白国强,肖国镇.代理多重签名[J].计算机研究与发展,2001,38(2):204-206
[57]谷利泽,高宏,杨义先.一种改进的代理多重签名方案[J].电子学报,2005,33(1):88-90
[58]祁明,许柏桐.代理签名技术的研究与发展[J].计算机应用研究,2001(9):29-31.
[59]Ma Chuan-gui,Gao Feng-xiu,WangYan.A Nominative Multi-Proxy Signature Scheme Based on ECC[J].武汉大学学报(自然科学英文版).2005,10(1):223-226
[60]王晓明,符方伟.可撤消匿名性的盲代理签名方案[J].计算机学报,2003,26(1):51-54.
[61]傅晓彤,杨礼珍,肖国镇.对可撤消匿名性的盲代理签名方案的注记[J].计算机学报,2005,28(8):1404-1406
[62]谭作文,刘卓军,唐春明.基于离散对数的代理盲签名[J].软件学报,2003,14(11):1931-1935.
[63]李萍,张建中等.一种基于身份的代理盲签名方案[J].微电子学与计算机,2006,23(2):52-54
[64]王蜀洪,王贵林,鲍丰等.对一个基于离散对数代理盲签名的密码分析[J].软件学报,2005,16(5):911-915
[65]Lysyanskaya A,Ramzan Z.Group blind signatures:A scalable solution to electronic cash[A].Proceedings of the 2nd Financial Cryptography Conference[C].Anguilla,BWI,February 98,Springer-Verlag,1998.
[66]黄正金,张其善.基于椭圆曲线的限制性群盲签名方案[J].计算机工程,2005,31(4):40-42
[67]吴克力,朱保平,刘凤玉.公平的群盲签名方案[J].南京理工大学学报(自然科学版),2004,28(1):90-94
[68]祁明,史国庆.多重盲签名方案及其应用[J].计算机工程与应用, 2001.3:91-92.
[69]罗敏,施荣华,李璇.一种改进的有序多重签名方案[J].计算机工程与应用,2004,40(25),129-130
[70]罗丽平,施荣华,刘宇.基于RSA的ElGamal型有序多重签名方案[J].计算机工程与应用,2006,42(1):120-121.
[71]卢建朱,陈火炎,林飞.ElGamal型多重数字签名算法及其安全性[J].计算机研究与发展,2000,37(11):1335-1339
[72]李子臣,杨义先.ElGamal1多重数字签名方案[J].北京邮电大学学报.1999,22(2):30-34
[73]韩小西,王贵林等.针对基于离散对数多重签名方案的一种攻击[J].计算机学报,2004,27(8):1147-1152
[74]施荣华,蔡立军.一种基于不同签名授权的组签名方案[J].型计算机系统,2003,3,24(3):612-613.
[75]李璇,施荣华,罗敏.一种基于Mambo型代理多重签名的改进方案[J].计算机工程与应用,2004,40(17):162-163.
[76]Wang X,Fu F.Ctyptanalysis of a proxy multisignature scheme[J].Journal of China Institute of Communications,2001,23(4):98-102
[77]刘宇,施荣华,罗丽平.一种基于LKK型强代理多重签名的改进方案[J].计算机工程与应用[J],2005,41(22):132-133.
[78]B Lee,H Kim,K Kim.Strong proxy signature and its applications[C].In:Proc of SCIS,2001:603-608
[79]杨政宇,施荣华.一种基于离散对数的群代理多重签名方案[J].铁道学报,2004,26(4):70-72.
[80]甘元驹,黎群辉,施荣华.一种可追踪接收者的代理签名方案[J].计算机工程与应用,2004,40(10):140-141.
[81]Byoungcheon L,Heesun K,Kwangjo K.Strong proxy signature and its applications[C].Symposium on cryptography and information security,2001.
[82]Zuhua S.Proxy signature schemes based on factoring[J].Information Processing Letters,2003,85(1):137-143
[83]Guillou L CC,Quisquater J J.A paradoxical identity-based signature scheme resulting from zero-knowledge[C].In:Feigenbaum J ed.Advances in Cryptology——Crypto'88 Proceedings. Berlin:Springer-Verlag,1990:216-231
[84]Preneel B.Cryptographic hash function[J].European Transactions on tele communications,1994,5(4):431-448
[85]施荣华,胡湘陵.一种安全组签字方案[J].国防科技大学学报,2000,6,22(3):65-68.
[86]施荣华.一种基于单向函数的双重认证存取控制方案[J].电子科学学刊,1997,19(2):278-281
[87]Harn L.New digital signature scheme based on discrete logarithm[J].Electron Lett.1994,30(5):396-398
[88]Harn L.Group-oriented(t,n)threshold digital signature and digital multsignature[J].IEEE Proc.Comp.Digit.rech.1994,141(5):307-313
[89]祁明,肖国镇.基于Harn签名方案的远距离通行字认证方案[J].通信学报,1996,17(1),114-119
[90]施荣华.一种能抵御重试攻击的远程用户认证方案[J].铁道学报,1997,19(6):82-85
[91]冯修玉,施荣华等.一种零知识证明的群签名方案[J].计算机工程与应用,2005,41(33):122-123.
[92]甘元驹,施荣华.一种高效的可验证的门限签名方案[J].电子科技大学学报,2003,32(2):200-202
[93]Pointcheval D,Stern J.Security proofs for signature schemes.In:Maurer U,ed.Proc.of the Advances in Cryptology—EUROCRYPT'96.LNCS 1070,Berlin,Heidelberg:Springer-Verlag,1996.387-398.
[94]Bellare M,Neven G.Transitive signatures based on factoring and RSA.In:Zheng Y,ed.Proc.of the Advances in Cryptology—ASIACRYPT 2002.LNCS 2501,Berlin,Heidelberg:Springer-Verlag,2002.397-414.
[95]Chaum D,Heyst E van.Group signatures.In:Davies D Wed.Advances in Cryptology—Eurocrypt' 91Proceedings.Berlin:Springer-Verlag,1992.257-265
[96]Desmedt Y,Frankel Y.Shared generation of authenticator sand signatures.In:Crypto'91,L NCS 576.Berlin:Springer
[97]Li C,Hwang T,Lee N.Remark on the threshold RSA signature scheme.In:Crypto'93,L NCS 773.Berlin:Springer-Verlag,1994.413-419
[98]Li C,Hwang T,Lee N.Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In:Eurocrypt'94,L NCS 950.Berlin:Springer Verlag,1995.194-204
[99]Michels M,Horster P.On the risk of disruption in several multiparty signature schemes.Advances in Cryptology—CRYPTO'96Proceedings.Berlin:Springer Verlag,1997.334-345
[100]Harn L.Group-oriented(t,n)threshold digital signature scheme and multisignature.IEE Proceedings,Computers andDigital Techniques,1994,141(5):307-313
[101]王贵林,卿斯汉.几个门限群签名方案的弱点[J].软件学报,2000,11(10):1326-1332
[102]Goh EJ,Jarecki S.A signature scheme as secure as the Diffie-Hellman problem.In:Biham E,ed.Proc.of the Advances in Cryptology—EUROCRYPT 2003.LNCS 2656,Berlin,Heidelberg:Springer-Verlag,2003.401-415.
[103]Koeune F.Careful design and integration of cryptographic primitives with contributions to timing attack,padding schemes and random number generators[Ph.D.Thesis].Louvain-la-Neuve:Universite Catholique de Louvain,2001.
[104]Gennaro R,Halevi S,Rabin T.Secure Hash-and-sign signatures without the random oracle.In:Stern J,ed.Proc.of the Advances in Cryptology—EUROCRYPT'99.LNCS 1592,Berlin,Heidelberg:Springer-Verlag,1999.123-139.
[105]Gennaro R,Jarecki S,Krawczyk H et al.Robust and efficient sharing of RSA functions.In:Koblitz N ed.Advances in Cryptology——CRYPTO'96 Proceedings.Lecture Notes in Computer Science 1109.Berlin:Springer Verlag,1996.157-172
[106]Desmedt Y,Frankel Y.Shared generation of authenticators and signatures.In:Feigenbaum J ed.Advances in Cryptology——Crypto'91 Proceedings.Berlin:Springer-gerlag,1992.457-469
[107]徐秋亮.改进门限RSA数字签名体制[J].计算机学报,2000,23(5):449-453
[108]Harn L.Digital signature with(t,n)shared verification based on discrete logarithms[J].Electron Letter,1993,29(24):2094-2098
[109]Cramer R,Shoup V.A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack.In:Krawczyk H, ed.Proc.of the Advances in Cryptology—Crypto'98.LNCS 1462,Berlin,Heidelberg:Springer-Verlag,1998.13-25.
[110]Needham R,Schroeder M.Using encryption for authentication in large networks of computers.Communications of the ACM,1978,21(12):993-999.
[111]Sacco G.Timestamps in key distribution protocols.Communications of the ACM,1981,24(8):523-536.
[112]Burrows M,Abadi M,Needham R.A logic for authentication.ACM Trans.on Computer Systems,1990,8(1):18-36.
[113]Bellare M,Rogaway P.Entity authentication and key exchange.In:Stinson D.R,ed.Proc.of the Advances in Cryptology—Crypto'93.LNCS 773,Berlin,Heidelberg:Springer-Verlag,1993.232-249.
[114]Harn L Reply.Digital signature with(t,n)shared verification based on discrete Logarithms[J].Electron.Letter,1995,31(3):177-185
[115]王贵林,王明生等.LHL门限群签名方案的安全缺陷[J].计算机学报,2001,24(9):897-902
[116]施荣华.基于离散对数的(t,n)门陷共享验证签名方案[J].计算机研究与发展,2000,37(3):319-323
[117]施荣华,胡湘陵.密钥共享方案中欺骗者的认定[J].电子科技大学学报.2000,2,29(1):38-40
[118]Horster P,MichelsM,Petersen H.Authenticated encryption schemes with low communication costs[J].Electron letters 1994,30(15):1212-1213.
[119]Lee WB.,Chang CC.,Yang WP..Authenticated encryption schemes without using a one way function[J].Electron Letter,1995,31(19):1656-1657.
[120]Chen K..Authenticated encryption schemes based on Quadratic residue[J].Electronics Letters,1998,34(22):2115-2116.
[121]Ma CS.,Chen KF..Publicly verifiable authenticated encryption[J].Electronics Letters,2003,39(3):281-282.
[122]Tseng YM.,Jan JM..An efficient authenticated encryption scheme with message linkages and low communication costs[J].Journal of Information Science and Engineering,2002,18(1):41-46.
[123] Bellovin SM, Merritt M. Encrypted key exchange: Password-Based protocols secure against dictionary attacks. In: Proc. of the IEEE Symp. on Research in Security and Privacy. 1992. 72-84. http://doi. ieeecomputersociety. org/10. 1109/RISP. 1992. 213269
[124] Tseng YM., Jan JM.. Digital signature with message recovery using self-certified public keys and its variants[J]. Applied Mathematics and Computation, 2003, 136(2): 203-214.
[125] Ateniese G, Tsudik G. Quasi-Efficient revocation of group signature. 2001. http://eprint. iacr. org/2001/101/
[126] Kim HJ, Lim JI, Lee DH. Efficient and secure member deletion in group signature schemes. In: Won D, ed. Proc, of the ICISC 2000. LNCS 2015, Heidelberg: Springer-Verlag, 2001. 150-161.
[127] Camenisch J, Lysyanskaya A. Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Advances in Cryptology-CRYPTO 02. LNCS 2442, Heidelberg: Springer-Verlag, 2002. 61-77.
[128] Camenisch J, Lysyanskaya A. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Advances in Cryptology-EUROCRYPT 01. LNCS 2045, Heidelberg: Springer-Verlag, 2001. 93-118.
[129] Schnorr CP. Efficient identification and signature for smart cards. In: Proc, of the Crypto' 89. LNCS 435, Heidelberg: Springer-Verlag, 1990. 239-252.
[130] Camenisch J, Michels M. A group signature scheme based on an RSA-variant. Technical Report, RS-98-27, BRICS, University of Aarhus, 1999
[131] Lee WB, Chang CC. Authenticated encryption schemes with linkage between message blocks[J]. Inform pross lett, 1997, 63(5):247-250.
[132] Araki S., Uehara S., Imamura K.. The limited verifier signature and its application[J]. ICICE Transactions on Fundamentals 1999, E82-A(1):63-68.
[133] Yang Yixian, Shen Wei, Niu Xinxin. New Theory of Modern Cryptography[M]. Beijing: Publishing House of Science, 2002. 106-128.
[134]Preneel,B.,Knudsen L..Construction of secure and fast hash functions using nonbinary error-correcting codes[J].IEEE Transactions on Information Theory,2002,48(9):2524-2539.
[135]李子臣,李中献等.具有消息恢复签名方案的伪造攻击[J].通信学报,2000,21(5):84-87.
[136]施荣华.基于数字签名的安全认证存取控制方案[J].软件学报.2002,8,13(5):1003-1008.
[137]Qi Ming,Xiao Guo-zhen.A remote password authentication scheme based upon Harn's signature scheme[J].Journal of China Insistute of Communications,1996,17(1):114-119
[138]Rompel J.One-way functions are necessary and sufficient for secure signatures.In Proc.22 STOC,pp.387-394,1990.
[139]ELGamal,T."A public key cryptosystem and a signature scheme based on discretelogarithms",IEEE Trans.Information Theory,July 1985.VoLIT-31.No.4,pp.469-72.
[140]Schnorr,C.P."Efficient identification and signatures for smart cards," Advances in Cryptology-CRYPTO'98,Springer-Verlag,1990,pp.239-252.
[141]National Institute of Standards and Technology,NIST FIPS PUB 186,"Digital Signature Standard",U.S.Department of Commerce,May 1994.
[142]Okamoto,T.,"A digital multi-signature scheme using bijective public-key cryptosystems",ACM Trans.On Computer Sciences,1988,Vol.6,No.8,pp.432-441.
[143]Fiat,A.and Shamir,A.,"How to prove yourself:Practical solutions to identification and signature problems".Advances in Cryptology-CRYPTO"86.1986.Springer-Verlag.pp.186-194.
[144]Nyberg,K.and Rueppel,R.,"Message recovery for signature schemes based on the discrete logarithm problem",Advances in Cryptology-EUROCRYPT'94,1995,Springer-Verlag,pp.182-193.
[145]K.Ohta,T.Okamoto,A digital multisignature scheme based on the Fiat-Shamir scheme,in Proceedings ASIACRYPT'91,1991,pp.139-148.
[146]S.Park,S.Park,K.Kim,D.Won,Two effcient RSA multisignature schemes,in Information and Communications Security First International Conference,1997,pp 217-222.
[147] E. Bresson and J. Stern. "Group signatures eifficient revocation. " In Proceedings of PKC2001 , LNCS1992, Springer-Verlag, 2001 , 190-206.
[148] D. Boneh and J. Shaw. "Collusion-secure fingerprinting for digital data, " IEEE Transactions on Information Theory, Vol IT 44, Sep. 1998, 1897-1905.
[149] Li Ji-hong, Xiao Guo-zhen. A convertible undeniable signature scheme with perfectly Zero-Knowledge feature[J]. Journal of China Institute of Communications, 1999, 20(1):71-74
[150] Bellare M. Provably secure session key distribution-The three party case. In: Proc. of the ACM Symp. on the Theory of Computing. New York: ACM Press, 1995. 57-66. http://doi. acm. org/10. 1145/225058. 225084
[151] Bellare M. The challenge of session-key distribution protocols. In: Proc. of the 7th Annual Workshop on Selected Areas in Cryptography (SAC 2000). Waterloo, 2000. http://www-cse.ucsd.edu/users/mihir/papers/kd-talk. pdf
[152] Halevi S, Krawczyk H. Public-Key cryptography and password protocols. In: Proc. of the 5th ACM Conf. on Computer and Communications Security. San Francisco: ACM, 1998. 122-131. http://doi. acm. org/10. 1145/288090. 288118
[153] Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. of the 30th Annual Symp. on the Theory of Computing. New York: ACM Preee, 1998. 419-428. http://doi.acm.org/10.1145/276698.276854
[154] Micali S, Rogaway P. Secure computation. In: Feigenbaum J, ed. Proc. of the Advances in Cryptology-Crypto'91. LNCS 576, Berlin, Heidelberg: Springer-Verlag, 1991. 392-404.
[155] 卢开澄.计算机密码学[M].清华大学出版社,1998
[156] Wu Ts., Hsu CL. Convertible authenticated encryption scheme[J]. Journal of System and Software, 2002, 62(6):205-209.
[157] Chang C C. On thedesign of a key-lock-pair mechanism in information protection systems[J]. Bit, 1986, 26(4):249-253.
[158] Chang C C. An information protection scheme based upon number theory[J].The computer Journal,1987,30(3):249-253.
[2]Revist R L, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems[J]. Communications of the ACM, 1978, 21(2): 120-126
[3]T. ElGamal. A public key cryptosystem and a signature scheme base on discrete logarithms[J]. IEEE Trans. Inform Theroy, 1985, 31(4): 469-472.
[4]Proposed Federal Information Processing Standard for Digital Signature Standard(DDS). Federal Register, 56(169), 42980-42982,1991
[5] Chaum D. Blind signatures for untraceable payments[C]. Advances in Cryptology - Proceedings of Crypto' 82, Prenum Publishing Corporation, 1982. pp. 199-204.
[6] Itakura K, Nakamura K. A public key cryptosystem suitable for digital multi-signature [J]. NEC Research and Development, 1983, (71): 1-8.
[7] Chaum D. and van Antwerpen H. Undeniable signatures[C], Advances in Cryptology -CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 212-216.
[8] Even S, Goldreich O and Micali S. On-line/Off-line digital signatures[C]. Advances in Cryptology- CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 263-277
[9] Fiat A. Batch RSA[C]. Advances in Cryptology - CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp. 175-185.
[10] De Soete M, Quisquater J and Vedder K. A signature with shared verification scheme [C]. Advances in Cryptology -CRYPTO' 89, LNCS 435, Springer-Verlag, Berlin, 1990, pp.253-262.
[11] Desmedt Y and Frankel Y. Shared generation of authentication and signature[C]. Advances in Cryptology-CRYPTO' 91, LNCS 576, Springer-Verlag, Berlin, 1991, pp 457-469
[12] Chaum D and Heyst E. Group signatures[C]. Advances in Cryptology- EUROCRYPT' 91 , LNCS 547, Springer-Verlag, Berlin, 1992. pp. 257-265.
[13] Pfitzmann B and Waidner M. Fail-stop signature and their application[J]. SECURCOM' 91,145-160.
[14] Goldwasser S, Ostrovsky R. Invariant signatures and non-interactive zero-knowledge proofs are equivalent[C]. Advances in Cryptology-CRYPTO' 92, LNCS 740, Springer-Verlag, Berlin, 1992,pp. 228-245.
[15] Lim C and Lee P. Modified Maurer-Yacobi' s scheme and its applications[C]. Advances in Cryptology - AUSCRYPT' 92, LNCS 718, Springer-Verlag, Berlin, 1992, pp.308-323.
[16] Nyberg K and Rueppel R. A new signature scheme based on the DSA giving message recovery[C].1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 58-61.
[17] Nyberg K and Rueppel R. Message recovery for signature schemes based on the discrete logarithm problem[C]. Advances in Cryptology-EUROCRYPT' 94, LNCS 950, Springer-Verlag, Berlin, 1995, pp. 182-193.
[18] Chaum D. Designated confirmer signatures[C]. Advances in Cryptology - EUROCYPT' 94, LNCS 950, Springer-Verlag, Berlin, 1994, pp.86-91
[19] Kim S, Park S and Won D. Zero-knowledge nominative signatures[C]. Proc, of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, Czech, Prague, September 30 - October 3, 1996, pp.380-392.
[20] Mambo M, Usuda K and Okamoto E. Proxy signature. Proceedings of the 1995 Symposium on Cryptography and information security(SCIS' 95) [C], Inuyama, Japan, 147-158, Jan, 24-27, 1995.
[21] Zheng Y. Digital Signcryption or How to Achieve Cost (Signature&Encryption) << Cost (Signature) +Cost (Encryption) [C]. Advances in Cryptology-Crypto'97, LNCS 1294. Springer-Verlag, 1997. 165-179
[22] Jakobasson M, Yung M. Distributed 'Magic ink' signatures[C]. Advances in Cryptology - EUROCRYPT' 97, LNCS 1233, Springer-Verlag, Berlin, 1997, pp. 450-464.
[23] Rivest R. Two new signature schemes. Presented at Cambridge seminar [EB/OL]. http://www. cl. cam. ac. uk/Research/Security/seminars/2000/r ivest-tss.pdf, 2001.
[24] Krawczyk H and Rabin T. Chameleon signatures[M]. Proceedings of NDSS 2000, pp. 143-154.
[25] Rivest R, Shamir A and Tauman Y. How to leak a secret[C]. Advances in Cryptology-ASIACRYPT '01, LNCS 2248, Springer-Verlag, Berlin, 2001, pp. 552-565.
[26] Micali S, Rivest R. Transitive signature schemes[C]. Topics in Cryptology - CT-RSA' 02, LNCS2271, Springer-Verlag, Berlin, 2002, pp.236 - 243.
[27] Johnson R, Molnar D, Song D et al. Homomorphic Signature Schemes[C]. Topics in Cryptology CT-RSA 2002, LNCS 2271, Springer-Verlag, Berlin, 2002, pp. 244-262.
[28] Lee B and Kim K. Self-certified signatures[J]. INDOCRYPT 2002, LNCS 2551, Springer-Verlag, Berlin, 2002, pp. 199-214
[29] Boneh D, Gentry C, Lynn B. et al. Aggregate and verifiably encrypted signatures from bilinear maps[C]. Advances in Cryptology - EUROCRYPT 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 416-432
[30] Lysyanskaya A. and Ramzan Z. Group blind digital signatures: A scalable solution to electronic cash[C]. Financial Cryptography (FC '98), LNCS 1465, Springer-Verlag, Berlin, 1998, pp. 184-197.
[31] Zhang K. Threshold proxy signature schemes[J]. Information Security Workshop, Japan, 1997.
[32] Tan Z, Liu Z and Tang C. Digital proxy blind signature schemes based on DLP and ECDLP[J]. MM Research Preprints, No. 21, December 2002, MMRC, AMSS, Academia, Sinica, Beijing, pp. 212 - 217.
[33] Yi L, Bai G, Xiao G. Proxy multisignature - a new type of proxy signature schemes[J]. Electronics Letters, 2000, 36(6): 527-528.
[34] Juang W and Lei C. Blind threshold signatures based on discrete logarithm[J]. Proc. of Second Asian Computing Science Conference on Programming, Concurrency and Parallelism, Networking and Security, LNCS 1179, Springer-Verlag, Berlin, 1996, pp.172-181
[35] Chaum D. Blind Signatures for Untraceable Payments[C]. Advances in Cryptology: Proceedings of CRYPTO'82. Plenum Press, 1983, 199-203
[36]Itakura K,Nakamura K.A public-key cryptosystem suitable for digital multisignature NEC Research&Development,(71):1-8,October 1983
[37]Mambo M,Usuda K,Okamoto E.Proxy signatures:Delegation of the power to signmessages[J].IEICE Trans.Fundaments.1996,V6I.E79-A,No.9:1338-1353
[38]Chaum D,Heyst E V.Group signatures.Advances in Cryptology-Eurocrypto'91,LNCS 547.Berlin:Springer-Verlag,1991:257-265
[39]Shi Ronghua(施荣华).A redundant binary algorithm for RSA[J].Journal of Computer Science and Technology,1996,11(4):416-420.
[40]王育民,刘建伟.通信网的安全—理论与技术[M].西安:西安电子科技大学出版社,1999.
[41]Menezes A,Oorschot P,V anstone S.Handbook of Applied Cryptography,CRC Press 1996.
[42]Mao W,Modern Cryptography.Theory&Practice.Prentice Hall,2003
[43]Schneier B著,吴世忠译.应用密码学—协议、算法、c源程序[M].机械工业出版社,2000.
[44]祁明,卓光辉.盲签名方案的分类及其应用[J].通信保密,1999,79(3):42-45.
[45]祁明,张凌.盲参数签名及其应用[J].计算机工程与应用,2001,14:33-34
[46]Okamoto T.A digital multi-signature scheme using bijective public-key cryptosystems[J].ACM Transaction on Computer Systems,1988,6(8):432-441
[47]杨义先,孙伟,钮心忻.现代密码新理论[M].北京:科学出版社,2002.
[48]王晓明.一种多重数字签名方案的安全性分析[J].南开大学学报(自然科学版),2003,36(1):33-38
[49]张青坡,陈彩云,陈鲁生等.有限域上多项式形式的ElGamal体制及数字签名方案[J].通信学报,2005,26(5):69-72
[50]李继国,曹珍富等.代理签名的现状与进展[J].通信学报,2003,24(10):114-123.
[51]王晓明,陈火炎等.前向安全的代理签名方案[J].通信学报,2005,26(11):38-42
[52]王晓明,付方伟.指定验证人的(t,n)门限代理签名方案[J].软件学报,2005,16(6),1190-1196
[53]张宁,傅晓彤,肖国镇.对基于椭圆曲线的代理签名的研究与改进[J].西安电子科技大学学报,2005,32(2):280-283
[54]Camenish J,Stadler M.Efficient group signatures for large group [A].Proceedings of CRYPTO'97,Lecture Notes in Computer Science[C].Springer-Verlag,1997.
[55]张福泰,张方国,王育民.群签名及其应用[J].通信学报,2001,22(1):77-851
[56]伊丽江,白国强,肖国镇.代理多重签名[J].计算机研究与发展,2001,38(2):204-206
[57]谷利泽,高宏,杨义先.一种改进的代理多重签名方案[J].电子学报,2005,33(1):88-90
[58]祁明,许柏桐.代理签名技术的研究与发展[J].计算机应用研究,2001(9):29-31.
[59]Ma Chuan-gui,Gao Feng-xiu,WangYan.A Nominative Multi-Proxy Signature Scheme Based on ECC[J].武汉大学学报(自然科学英文版).2005,10(1):223-226
[60]王晓明,符方伟.可撤消匿名性的盲代理签名方案[J].计算机学报,2003,26(1):51-54.
[61]傅晓彤,杨礼珍,肖国镇.对可撤消匿名性的盲代理签名方案的注记[J].计算机学报,2005,28(8):1404-1406
[62]谭作文,刘卓军,唐春明.基于离散对数的代理盲签名[J].软件学报,2003,14(11):1931-1935.
[63]李萍,张建中等.一种基于身份的代理盲签名方案[J].微电子学与计算机,2006,23(2):52-54
[64]王蜀洪,王贵林,鲍丰等.对一个基于离散对数代理盲签名的密码分析[J].软件学报,2005,16(5):911-915
[65]Lysyanskaya A,Ramzan Z.Group blind signatures:A scalable solution to electronic cash[A].Proceedings of the 2nd Financial Cryptography Conference[C].Anguilla,BWI,February 98,Springer-Verlag,1998.
[66]黄正金,张其善.基于椭圆曲线的限制性群盲签名方案[J].计算机工程,2005,31(4):40-42
[67]吴克力,朱保平,刘凤玉.公平的群盲签名方案[J].南京理工大学学报(自然科学版),2004,28(1):90-94
[68]祁明,史国庆.多重盲签名方案及其应用[J].计算机工程与应用, 2001.3:91-92.
[69]罗敏,施荣华,李璇.一种改进的有序多重签名方案[J].计算机工程与应用,2004,40(25),129-130
[70]罗丽平,施荣华,刘宇.基于RSA的ElGamal型有序多重签名方案[J].计算机工程与应用,2006,42(1):120-121.
[71]卢建朱,陈火炎,林飞.ElGamal型多重数字签名算法及其安全性[J].计算机研究与发展,2000,37(11):1335-1339
[72]李子臣,杨义先.ElGamal1多重数字签名方案[J].北京邮电大学学报.1999,22(2):30-34
[73]韩小西,王贵林等.针对基于离散对数多重签名方案的一种攻击[J].计算机学报,2004,27(8):1147-1152
[74]施荣华,蔡立军.一种基于不同签名授权的组签名方案[J].型计算机系统,2003,3,24(3):612-613.
[75]李璇,施荣华,罗敏.一种基于Mambo型代理多重签名的改进方案[J].计算机工程与应用,2004,40(17):162-163.
[76]Wang X,Fu F.Ctyptanalysis of a proxy multisignature scheme[J].Journal of China Institute of Communications,2001,23(4):98-102
[77]刘宇,施荣华,罗丽平.一种基于LKK型强代理多重签名的改进方案[J].计算机工程与应用[J],2005,41(22):132-133.
[78]B Lee,H Kim,K Kim.Strong proxy signature and its applications[C].In:Proc of SCIS,2001:603-608
[79]杨政宇,施荣华.一种基于离散对数的群代理多重签名方案[J].铁道学报,2004,26(4):70-72.
[80]甘元驹,黎群辉,施荣华.一种可追踪接收者的代理签名方案[J].计算机工程与应用,2004,40(10):140-141.
[81]Byoungcheon L,Heesun K,Kwangjo K.Strong proxy signature and its applications[C].Symposium on cryptography and information security,2001.
[82]Zuhua S.Proxy signature schemes based on factoring[J].Information Processing Letters,2003,85(1):137-143
[83]Guillou L CC,Quisquater J J.A paradoxical identity-based signature scheme resulting from zero-knowledge[C].In:Feigenbaum J ed.Advances in Cryptology——Crypto'88 Proceedings. Berlin:Springer-Verlag,1990:216-231
[84]Preneel B.Cryptographic hash function[J].European Transactions on tele communications,1994,5(4):431-448
[85]施荣华,胡湘陵.一种安全组签字方案[J].国防科技大学学报,2000,6,22(3):65-68.
[86]施荣华.一种基于单向函数的双重认证存取控制方案[J].电子科学学刊,1997,19(2):278-281
[87]Harn L.New digital signature scheme based on discrete logarithm[J].Electron Lett.1994,30(5):396-398
[88]Harn L.Group-oriented(t,n)threshold digital signature and digital multsignature[J].IEEE Proc.Comp.Digit.rech.1994,141(5):307-313
[89]祁明,肖国镇.基于Harn签名方案的远距离通行字认证方案[J].通信学报,1996,17(1),114-119
[90]施荣华.一种能抵御重试攻击的远程用户认证方案[J].铁道学报,1997,19(6):82-85
[91]冯修玉,施荣华等.一种零知识证明的群签名方案[J].计算机工程与应用,2005,41(33):122-123.
[92]甘元驹,施荣华.一种高效的可验证的门限签名方案[J].电子科技大学学报,2003,32(2):200-202
[93]Pointcheval D,Stern J.Security proofs for signature schemes.In:Maurer U,ed.Proc.of the Advances in Cryptology—EUROCRYPT'96.LNCS 1070,Berlin,Heidelberg:Springer-Verlag,1996.387-398.
[94]Bellare M,Neven G.Transitive signatures based on factoring and RSA.In:Zheng Y,ed.Proc.of the Advances in Cryptology—ASIACRYPT 2002.LNCS 2501,Berlin,Heidelberg:Springer-Verlag,2002.397-414.
[95]Chaum D,Heyst E van.Group signatures.In:Davies D Wed.Advances in Cryptology—Eurocrypt' 91Proceedings.Berlin:Springer-Verlag,1992.257-265
[96]Desmedt Y,Frankel Y.Shared generation of authenticator sand signatures.In:Crypto'91,L NCS 576.Berlin:Springer
[97]Li C,Hwang T,Lee N.Remark on the threshold RSA signature scheme.In:Crypto'93,L NCS 773.Berlin:Springer-Verlag,1994.413-419
[98]Li C,Hwang T,Lee N.Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In:Eurocrypt'94,L NCS 950.Berlin:Springer Verlag,1995.194-204
[99]Michels M,Horster P.On the risk of disruption in several multiparty signature schemes.Advances in Cryptology—CRYPTO'96Proceedings.Berlin:Springer Verlag,1997.334-345
[100]Harn L.Group-oriented(t,n)threshold digital signature scheme and multisignature.IEE Proceedings,Computers andDigital Techniques,1994,141(5):307-313
[101]王贵林,卿斯汉.几个门限群签名方案的弱点[J].软件学报,2000,11(10):1326-1332
[102]Goh EJ,Jarecki S.A signature scheme as secure as the Diffie-Hellman problem.In:Biham E,ed.Proc.of the Advances in Cryptology—EUROCRYPT 2003.LNCS 2656,Berlin,Heidelberg:Springer-Verlag,2003.401-415.
[103]Koeune F.Careful design and integration of cryptographic primitives with contributions to timing attack,padding schemes and random number generators[Ph.D.Thesis].Louvain-la-Neuve:Universite Catholique de Louvain,2001.
[104]Gennaro R,Halevi S,Rabin T.Secure Hash-and-sign signatures without the random oracle.In:Stern J,ed.Proc.of the Advances in Cryptology—EUROCRYPT'99.LNCS 1592,Berlin,Heidelberg:Springer-Verlag,1999.123-139.
[105]Gennaro R,Jarecki S,Krawczyk H et al.Robust and efficient sharing of RSA functions.In:Koblitz N ed.Advances in Cryptology——CRYPTO'96 Proceedings.Lecture Notes in Computer Science 1109.Berlin:Springer Verlag,1996.157-172
[106]Desmedt Y,Frankel Y.Shared generation of authenticators and signatures.In:Feigenbaum J ed.Advances in Cryptology——Crypto'91 Proceedings.Berlin:Springer-gerlag,1992.457-469
[107]徐秋亮.改进门限RSA数字签名体制[J].计算机学报,2000,23(5):449-453
[108]Harn L.Digital signature with(t,n)shared verification based on discrete logarithms[J].Electron Letter,1993,29(24):2094-2098
[109]Cramer R,Shoup V.A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack.In:Krawczyk H, ed.Proc.of the Advances in Cryptology—Crypto'98.LNCS 1462,Berlin,Heidelberg:Springer-Verlag,1998.13-25.
[110]Needham R,Schroeder M.Using encryption for authentication in large networks of computers.Communications of the ACM,1978,21(12):993-999.
[111]Sacco G.Timestamps in key distribution protocols.Communications of the ACM,1981,24(8):523-536.
[112]Burrows M,Abadi M,Needham R.A logic for authentication.ACM Trans.on Computer Systems,1990,8(1):18-36.
[113]Bellare M,Rogaway P.Entity authentication and key exchange.In:Stinson D.R,ed.Proc.of the Advances in Cryptology—Crypto'93.LNCS 773,Berlin,Heidelberg:Springer-Verlag,1993.232-249.
[114]Harn L Reply.Digital signature with(t,n)shared verification based on discrete Logarithms[J].Electron.Letter,1995,31(3):177-185
[115]王贵林,王明生等.LHL门限群签名方案的安全缺陷[J].计算机学报,2001,24(9):897-902
[116]施荣华.基于离散对数的(t,n)门陷共享验证签名方案[J].计算机研究与发展,2000,37(3):319-323
[117]施荣华,胡湘陵.密钥共享方案中欺骗者的认定[J].电子科技大学学报.2000,2,29(1):38-40
[118]Horster P,MichelsM,Petersen H.Authenticated encryption schemes with low communication costs[J].Electron letters 1994,30(15):1212-1213.
[119]Lee WB.,Chang CC.,Yang WP..Authenticated encryption schemes without using a one way function[J].Electron Letter,1995,31(19):1656-1657.
[120]Chen K..Authenticated encryption schemes based on Quadratic residue[J].Electronics Letters,1998,34(22):2115-2116.
[121]Ma CS.,Chen KF..Publicly verifiable authenticated encryption[J].Electronics Letters,2003,39(3):281-282.
[122]Tseng YM.,Jan JM..An efficient authenticated encryption scheme with message linkages and low communication costs[J].Journal of Information Science and Engineering,2002,18(1):41-46.
[123] Bellovin SM, Merritt M. Encrypted key exchange: Password-Based protocols secure against dictionary attacks. In: Proc. of the IEEE Symp. on Research in Security and Privacy. 1992. 72-84. http://doi. ieeecomputersociety. org/10. 1109/RISP. 1992. 213269
[124] Tseng YM., Jan JM.. Digital signature with message recovery using self-certified public keys and its variants[J]. Applied Mathematics and Computation, 2003, 136(2): 203-214.
[125] Ateniese G, Tsudik G. Quasi-Efficient revocation of group signature. 2001. http://eprint. iacr. org/2001/101/
[126] Kim HJ, Lim JI, Lee DH. Efficient and secure member deletion in group signature schemes. In: Won D, ed. Proc, of the ICISC 2000. LNCS 2015, Heidelberg: Springer-Verlag, 2001. 150-161.
[127] Camenisch J, Lysyanskaya A. Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Advances in Cryptology-CRYPTO 02. LNCS 2442, Heidelberg: Springer-Verlag, 2002. 61-77.
[128] Camenisch J, Lysyanskaya A. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Advances in Cryptology-EUROCRYPT 01. LNCS 2045, Heidelberg: Springer-Verlag, 2001. 93-118.
[129] Schnorr CP. Efficient identification and signature for smart cards. In: Proc, of the Crypto' 89. LNCS 435, Heidelberg: Springer-Verlag, 1990. 239-252.
[130] Camenisch J, Michels M. A group signature scheme based on an RSA-variant. Technical Report, RS-98-27, BRICS, University of Aarhus, 1999
[131] Lee WB, Chang CC. Authenticated encryption schemes with linkage between message blocks[J]. Inform pross lett, 1997, 63(5):247-250.
[132] Araki S., Uehara S., Imamura K.. The limited verifier signature and its application[J]. ICICE Transactions on Fundamentals 1999, E82-A(1):63-68.
[133] Yang Yixian, Shen Wei, Niu Xinxin. New Theory of Modern Cryptography[M]. Beijing: Publishing House of Science, 2002. 106-128.
[134]Preneel,B.,Knudsen L..Construction of secure and fast hash functions using nonbinary error-correcting codes[J].IEEE Transactions on Information Theory,2002,48(9):2524-2539.
[135]李子臣,李中献等.具有消息恢复签名方案的伪造攻击[J].通信学报,2000,21(5):84-87.
[136]施荣华.基于数字签名的安全认证存取控制方案[J].软件学报.2002,8,13(5):1003-1008.
[137]Qi Ming,Xiao Guo-zhen.A remote password authentication scheme based upon Harn's signature scheme[J].Journal of China Insistute of Communications,1996,17(1):114-119
[138]Rompel J.One-way functions are necessary and sufficient for secure signatures.In Proc.22 STOC,pp.387-394,1990.
[139]ELGamal,T."A public key cryptosystem and a signature scheme based on discretelogarithms",IEEE Trans.Information Theory,July 1985.VoLIT-31.No.4,pp.469-72.
[140]Schnorr,C.P."Efficient identification and signatures for smart cards," Advances in Cryptology-CRYPTO'98,Springer-Verlag,1990,pp.239-252.
[141]National Institute of Standards and Technology,NIST FIPS PUB 186,"Digital Signature Standard",U.S.Department of Commerce,May 1994.
[142]Okamoto,T.,"A digital multi-signature scheme using bijective public-key cryptosystems",ACM Trans.On Computer Sciences,1988,Vol.6,No.8,pp.432-441.
[143]Fiat,A.and Shamir,A.,"How to prove yourself:Practical solutions to identification and signature problems".Advances in Cryptology-CRYPTO"86.1986.Springer-Verlag.pp.186-194.
[144]Nyberg,K.and Rueppel,R.,"Message recovery for signature schemes based on the discrete logarithm problem",Advances in Cryptology-EUROCRYPT'94,1995,Springer-Verlag,pp.182-193.
[145]K.Ohta,T.Okamoto,A digital multisignature scheme based on the Fiat-Shamir scheme,in Proceedings ASIACRYPT'91,1991,pp.139-148.
[146]S.Park,S.Park,K.Kim,D.Won,Two effcient RSA multisignature schemes,in Information and Communications Security First International Conference,1997,pp 217-222.
[147] E. Bresson and J. Stern. "Group signatures eifficient revocation. " In Proceedings of PKC2001 , LNCS1992, Springer-Verlag, 2001 , 190-206.
[148] D. Boneh and J. Shaw. "Collusion-secure fingerprinting for digital data, " IEEE Transactions on Information Theory, Vol IT 44, Sep. 1998, 1897-1905.
[149] Li Ji-hong, Xiao Guo-zhen. A convertible undeniable signature scheme with perfectly Zero-Knowledge feature[J]. Journal of China Institute of Communications, 1999, 20(1):71-74
[150] Bellare M. Provably secure session key distribution-The three party case. In: Proc. of the ACM Symp. on the Theory of Computing. New York: ACM Press, 1995. 57-66. http://doi. acm. org/10. 1145/225058. 225084
[151] Bellare M. The challenge of session-key distribution protocols. In: Proc. of the 7th Annual Workshop on Selected Areas in Cryptography (SAC 2000). Waterloo, 2000. http://www-cse.ucsd.edu/users/mihir/papers/kd-talk. pdf
[152] Halevi S, Krawczyk H. Public-Key cryptography and password protocols. In: Proc. of the 5th ACM Conf. on Computer and Communications Security. San Francisco: ACM, 1998. 122-131. http://doi. acm. org/10. 1145/288090. 288118
[153] Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. of the 30th Annual Symp. on the Theory of Computing. New York: ACM Preee, 1998. 419-428. http://doi.acm.org/10.1145/276698.276854
[154] Micali S, Rogaway P. Secure computation. In: Feigenbaum J, ed. Proc. of the Advances in Cryptology-Crypto'91. LNCS 576, Berlin, Heidelberg: Springer-Verlag, 1991. 392-404.
[155] 卢开澄.计算机密码学[M].清华大学出版社,1998
[156] Wu Ts., Hsu CL. Convertible authenticated encryption scheme[J]. Journal of System and Software, 2002, 62(6):205-209.
[157] Chang C C. On thedesign of a key-lock-pair mechanism in information protection systems[J]. Bit, 1986, 26(4):249-253.
[158] Chang C C. An information protection scheme based upon number theory[J].The computer Journal,1987,30(3):249-253.