基于身份的签名和签密的研究
|
摘要
在传统的公钥密码体制中,利用CA证书来保证公钥和持有对应私钥的身份之间的联系,实现公钥的认证。这使得传统公钥密码体制中必须花费大量的时间和空间来计算和保存这些证书。
1984年Shamir首先提出了基于身份的密码系统概念,公钥可以直接从用户的唯一可标识的身份信息中获得,比如用户的名字或者email地址等,公钥的认证不再需要证书。这种方案的提出,大大改进了原来基于证书的密码机制的效率。
近年来,各种基于身份的签名和加密方案被相继提出,方案的安全性和效率被不断的提高。然而这些方案中都存在着一个共同问题,即模型都是建立在用户必须五条件信任于私钥产生中心(PKG)的基础上,由于PKG拥有用户的私钥,它可以任意伪造用户对消息进行签名和对消息进行解密,针对这个问题,本论文的主要工作如下:
1、利用CXF方案中用户私钥的产生方式,提出了一种新的基于身份的无需可信中心的数字签名方案Zhengl,该方案同时验证系统的主密钥和用户的秘密信息,与CXF方案相比,改进后算法的效率大大提高,同时在随机预言模型下证明其能抵抗适应性选择消息攻击者的存在性伪造攻击。
2、首次提出了一种无需可信中心的基于身份的数字签密方案Zheng2,解决了传统签密方案中用户必须无条件信任于私钥产生中心的弊端。在随机预言模型下证明了该方案的安全性等价于GDH群上的计算型Diffie-Heliman问题的难解性。
3、针对现实网络环境中存在多个私钥产生中心的问题,修改了我们提出的签密方案Zheng2,在保持了GDH群上计算型Diffie-Hellman问题的难解性的条件下,提出了一种无需可信中心的可跨PKG身份签密方案Zheng3,使其适应现实网络存在多PKG的条件下实现安全通信。
In the traditional public key cryptosystem, CA certificate is used to provide an assurance of the relationship between the identitity and public key, which is corresponding to its private key. This means that the traditional public key cryptosystem must spend a lot of time and space to calculate and preserve these certificates.
In 1984 Shamir first proposed the concept of ID-Based cryptographic system. Public key can be directly obtained from the user's identity information, for example, user's names or email addresses. So that there is no need for certificate in the authentication of public key any more. The proposal advances the traditional certificate PKI a lot.
In recent years, various identity-based signature and encryption schemes have been proposed. The safety and efficiency have been continuously improved. However, there is a common problem in these schemes, which is the model must be based on the unconditional trust to the PKG Because PKG has the private key of any user in its domain, it may forge user's signature and decrypt information. To this issue, the major work of this paper is as follows:
1、Adoping the formation of the private key generation of CXF scheme, we proposed a new ID-based signature scheme without rusted PKG (Zheng 1). The scheme verifies the system's master key and the user's secret information at the same time. Compared with CXF scheme, the algorithm efficiency has been greatly improved, what's more, we prove that the scheme can be against the existential forgery on adaptively chosen message attack under random oracle model.
2、We first proposed an ID-based signcryption without tusted PKG (Zheng2).It gets rid of the disadvantages that users must unconditionally trust the PKG in traditional signcryption. We proved that the scheme's security is equivalent to the GDH group calculation of the Diffie-Hellman problem under the random oracle model.
3、To the issues that there may be many PKGs in the real network environment, we improved our scheme(zheng2) and proposed an ID-based signcryption(Zheng3) which can cross the PKGs. It maintained the hard of CDHP in the GDH group, and it can realize safe communication in the real networks which have many PKGs.
1984年Shamir首先提出了基于身份的密码系统概念,公钥可以直接从用户的唯一可标识的身份信息中获得,比如用户的名字或者email地址等,公钥的认证不再需要证书。这种方案的提出,大大改进了原来基于证书的密码机制的效率。
近年来,各种基于身份的签名和加密方案被相继提出,方案的安全性和效率被不断的提高。然而这些方案中都存在着一个共同问题,即模型都是建立在用户必须五条件信任于私钥产生中心(PKG)的基础上,由于PKG拥有用户的私钥,它可以任意伪造用户对消息进行签名和对消息进行解密,针对这个问题,本论文的主要工作如下:
1、利用CXF方案中用户私钥的产生方式,提出了一种新的基于身份的无需可信中心的数字签名方案Zhengl,该方案同时验证系统的主密钥和用户的秘密信息,与CXF方案相比,改进后算法的效率大大提高,同时在随机预言模型下证明其能抵抗适应性选择消息攻击者的存在性伪造攻击。
2、首次提出了一种无需可信中心的基于身份的数字签密方案Zheng2,解决了传统签密方案中用户必须无条件信任于私钥产生中心的弊端。在随机预言模型下证明了该方案的安全性等价于GDH群上的计算型Diffie-Heliman问题的难解性。
3、针对现实网络环境中存在多个私钥产生中心的问题,修改了我们提出的签密方案Zheng2,在保持了GDH群上计算型Diffie-Hellman问题的难解性的条件下,提出了一种无需可信中心的可跨PKG身份签密方案Zheng3,使其适应现实网络存在多PKG的条件下实现安全通信。
In the traditional public key cryptosystem, CA certificate is used to provide an assurance of the relationship between the identitity and public key, which is corresponding to its private key. This means that the traditional public key cryptosystem must spend a lot of time and space to calculate and preserve these certificates.
In 1984 Shamir first proposed the concept of ID-Based cryptographic system. Public key can be directly obtained from the user's identity information, for example, user's names or email addresses. So that there is no need for certificate in the authentication of public key any more. The proposal advances the traditional certificate PKI a lot.
In recent years, various identity-based signature and encryption schemes have been proposed. The safety and efficiency have been continuously improved. However, there is a common problem in these schemes, which is the model must be based on the unconditional trust to the PKG Because PKG has the private key of any user in its domain, it may forge user's signature and decrypt information. To this issue, the major work of this paper is as follows:
1、Adoping the formation of the private key generation of CXF scheme, we proposed a new ID-based signature scheme without rusted PKG (Zheng 1). The scheme verifies the system's master key and the user's secret information at the same time. Compared with CXF scheme, the algorithm efficiency has been greatly improved, what's more, we prove that the scheme can be against the existential forgery on adaptively chosen message attack under random oracle model.
2、We first proposed an ID-based signcryption without tusted PKG (Zheng2).It gets rid of the disadvantages that users must unconditionally trust the PKG in traditional signcryption. We proved that the scheme's security is equivalent to the GDH group calculation of the Diffie-Hellman problem under the random oracle model.
3、To the issues that there may be many PKGs in the real network environment, we improved our scheme(zheng2) and proposed an ID-based signcryption(Zheng3) which can cross the PKGs. It maintained the hard of CDHP in the GDH group, and it can realize safe communication in the real networks which have many PKGs.
引文
[1]W.Diffie and M.E.Hellman,New Directions in Cryptography,IEEE Transaction on Information Theory,22(6),pp.644-654,Nov 1976.
[2].A.Shamir.Identity-based cryptosystems and signature schemes.in Advances in Cryptology-Crypto' 84,Lecture Notes in Computer Science,Vol.196,Springer-Verlag,pp.47-53,1984.
[3]A.Fiat,A.Shamir.How to prove yourself:Practical Solutions to identification and signature problems.Advances in Cryptology - Crypto' 86.LNCS 263,Heidelberg:Springer-Verlag,1987:186-194.
[4]L.C.Guillou,J.J.Quisquater.A "paradoxical" Identity-based signature scheme resulting from zero-knowledge.Advances in Cryptology - Crypto'88.LNCS 403,Berlin:Springer-Verlag,1990:216-231.
[5]U.Fiege,A.Fiat,A Shamir.Zero-knowledge proofs of identity.Journal of Cryptology.1998.(2):77-94.
[6]C.Cocks.An Identity Based Encryption Scheme Based on Quadratic Residues.In proc.of IMA International Conference on Cryptosystem and Coding.LNCS 2260,Berlin:Springer-Verlag,2001:360-363.
[7]D.Boneh,M.Franklin.Identity-based Eneryption from the Well pairing SIAM Journal of Computing.2003,32(3):586-615.
[8]C.Cocks.An Identity Based Eneryption Scheme Based on Quadratic Residues.In Proc.IMA International Conference on Cryptosystem and Coding.LNCS 2260,Berlin:SPringer-Verlag,2001:360-363.
[9]J.Horwitz,B.Lynn.Toward Hierarchiecal Identity-based EncryPtion.Advances in Cryptology-Eurocrypt' 02.LNCS 2332,Heidelberg:Springer-Verlag,2002:466-481.
[10]C.Gentry,A.Silverberg.Hierarchieal ID-based Crytosystem.Advances in Cryptology-Aisacrypt' 02.LNCS 2501,Berlin:Springer-Verlag,2002:548 -- 566.
[11]R.Canetti,S.Halevi,J.Katz.A forward-secure Public-key encryptionscheme.Advances in Cryptology-Eurocrypt' 03.LNCS 2656,Berlin:Springer-Verlag,2003:255-271.
[12]D.Boneh,X.Boyen.Efficient Selective ID Secure Identity Based Encryption without Random Oracles.Advances in Cryptology Eurocrypt 2004,LNCS3027,Berlin:Springer-Verlag,2004:223-238.
[13]D.Boneh,X.Boyen.Secure Identity Based Encryption Without Random Oraeles.Advances in Cryptology-Crypto' 04.LNCS 3152,Heidelberg:Springer-Verlag,2004:443-459.
[14]B.Waters.Efficient Identity-based Encryption Without Random Oracles.Advances in Cryptology-EurocryPt' 05.LNCS 3494,Heidelberg:Springer-Verlag,2005:114-127.
[15]A.Sahai,B.Waters.Fuzzy Identity-based Encryption.Advances in Cryptolog-Eurocrypt'05.LNCS 3494,Heidelberg:Springer-Verlag,2005:457-473.
[16]D.Naeeaehe.Secure and Practical Identity-based Encryption.CryPtology ePrint Archive,Report 2005.http://eprint.iaer.org/2005/369.pdf
[17]D.Boneh,X.Boyen,E.J.Goh.Hierarchieal Identity Based Encryption with Constant Size Ciphertext.Advances in Cryptology-Eurocrypt' 05.LNCS 3494,Berlin:Springer-Verlag,2005:440-456.
[18]M.Abdalla,D.Catalano,A.W.Dent,etc.Identity-based Encryption Gone Wild.In:Automata,Languages and Programming:33rd International Colloquim,ICALP 2006.LNCS 4052,Springer-Verlag,2006:300-311.
[19]MillerV.Use of elliptic curves in cryptography.Advances in Cryptology Proceedings of CRYPTO'85,LNCS 218.Berlin:Springer-Verlag,1985,410-424
[20]Koblitz N.Elliptic curve cryptosystems.Mathematics of Computation.1987.48(5):203-209
[21]雷雳.椭圆曲线密码算法及其应用:[硕士学位论文].西安:西安电子科技大学,2004.1
[22]Park S,Kim S,WonD.ID-Based Group Signature.Electronics Letters,1997,33(19),1616-1617
[23]Chaum D,van Heijst E.Group Signatures.In:Eurocrypt'91,LNCS 547.Berlin:Springer-Verlag,1991,257-265
[24]Mao W,Lim H.Cryptanalysis in prime order subgroup of Zn.In:Cryptology-Asiacrypt'98,LNCS 1541.Berlin:Springer-Verlag,1998,214-226
[25]Tseng Y,JanJ.A novel ID-based group signature.In:International computer symposium,workshop on cryptology and information security.Tainan,1998,159-164
[26]吴秋新、钟鸣、杨义先等.一个数字签名方案的安全性分析.通信学报,2001,22(11):72-76
[27]张键红,伍前红,邹建成等.一种高效的群签名.电子学报,2005,33(6):1110-1115
[28]Camenisch Jan,Stadler Markus.Efficient Group Signature Schemes for Large Groups.In:Crypto'97,LNCS 1294.Berlin:Springer-Verlag,1997,410-424
[29]Camenish J,Michels M.A Group Signature Scheme with Improved Efficency.In:Proceedings of AsiaCrypto'98,LNCS 1541.Berlin:Springer-Verlag,1998,410-424
[30]陈剀,祝世雄.一个新的群签名方案.计算机工程,2000,26(26):117-112
[31]邓冬花,赵一呜.一种基于GDH假设的高效群签名方案.计算机工程,2004,30(11):31-33
[32]Bellare M,Shi H,Zhang C.Foundations of Group Signatures:The Case of Dynamic Groups.http://eprint.iacr.org/2004/077/,2005-11-25
[33]Rivest R,Shamir A,Tauman Y.How to Leak a Secret.In:Cryptology-Asiacrypt'01,LNCS 2248.Berlin:Springer-Verlag,2001:552-565
[34]Zhang F,Kim K.Efficient ID-Based Blind Signature and Proxy Signature from Bilinear Pairings.In:The 8th Australasian Conference on Information Security and Privacy,LNCS 2727.Berlin:Springer-Verlag,2003,312-323
[35]Ibrahim,Kamat S,Salleh M,et al.Secure E-voting with Blind Signature.In:NCTT 2003Proceedings.Massachusetts:NCTT,2003,193-197
[36]Lucas C,Dahab,Ricardo.A Scheme for Analyzing Electronic Payment Systems.In:Proceedings of the Fourteenth Annual Computer Security Applications Conference.Scottsdale:AZ,USA,1998,137-146
[37]HyunJuLee,MunSukChoi,ChungSeiRhee.Trace ability of Double Spending in Secure Electronic Cash System.In:Computer Networks and Mobile Computing 2003.ShangHai:IEEE Computer Society,20-23
[38]AbeM,OkamotoT.Provably Secure Partially Blind Signatures.In:Cryptology-Crypto'00,LNCS 1880.Berlin:Springer-Verlag,2002,271-286
[39]ChaumD,VanH.Antwerpen.Undeniable Signatures.In:Cryptology-Crypto'89.Santa Barbara:Springer-Verlag,1990,212-217
[40]MamboM,UsudaK,Okamoto.E.Proxy Signatures:Delegation of the Power to Sign Messages.IEICE Transaction Fundaments.1996,E79-A(9):1338-1353
[41]ItakuraK,NakamuraK.APublic-Key Cryptosystem Suitable for Digital Muftisignature.NEC Research&Development,1983,(71):1-8
[42]张键红,韦永壮,王育民.基于RSA的多重数字签名.通信学报,2003,24(6):150-154
[43]伊丽江,白国强,肖国镇.代理多重签名.计算机研究与发展,2001,38(2):204-206
[44]Pfitzmann.Digital Signature Schenes General Framework and Fail-Stop Signature,In:LNCS 1100.Berlin:Springer-Verlag,1996
[45]曹珍富,李继国,李建中.一个新的具有指定接收者(t,n)门限签名加密方案.通信学报,2003,24(5):8-13
[46]Xia o feng Chen,Fang guo Zhang,Kwangjo Kim.A Ne w ID-based Group Signature Scheme from Bilinear Pairings.http://eprint.iacr.org/2003/116.pdf,2004.
[47]MALONE-LEE J.Identity-based signcryption[OL],http://eprint.iacr.org/2002/098.pdf,2006.
[48]B.Libert and J.Quisquater,"A new Identity Based SigncryPtion Scheme from Pairings," in 2003 IEEE Informatin Theory Workshop,pp.155-158,paris,France,2003
[49]F.Bao and R.H.Deng,A Signcryption scheme with signature directy verifiable by public key.In Public Key Cryptography-PKC'98,Lecture Notes in computer Science,Vol.1431,Springer-Verlag(1998)PP.55-59.
[50]D.Boneh and M.Franklin.Identity-Based Encryption from the Well Pairing.In Advances in Cryptology - CRYPTO 2001,volume 2139 of LNCS,pp 213-229,Springer-Verlag,2001.
[51]F.Hess,Efficient identity based signature schemes based on Pairings,in:Proceedings of the 9~(th) Workshop on Seleetive Areas on CryptograPhy(SAC2002),Lecture Notes in Computer Science,vol.2595,Springer,Berlin,2002.
[52]J-B.Shin,K.Lee,K.Shim,New DSA-verifiable signcryption schemes,to appear in proceedings of ICISC 2002,Springer Verlag,Lecture Notes in Computer Science series.
[53]Divya.Nalla and K.C.Reddy.Signcryption scheme for Identity-Based Cryptosystems.Cryptology ePring Archive,Report 2003/2006,2003.Available at http://eprint.iacr.org.
[54]S.S.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow,Efficient Forword and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity,Information Security and Cryptology(ICISC 2003),LNCS 2971,pp.353-369,Springer-Verlag,2004.
[55]X.Boyen,Multipurpose Identity-Based Signcryption:A Swiss army Knife for Identity-Based Cryptography,Crypto '03,LNCS 2729,pp.383-399,Springer-Verlag,2003.Alsoappeared as Cryptology ePrint Archive Report 2003/163
[56]Noel McCullagh and Paulo S.L.M.Barreto,Efficient and Forward-Secure Identity-Based Signcryption,Cryptology ePrint Archive Report 2004/117.
[57]L.Chen and J.Malone-Lee,Improved Identity-Based Signcryption,Cryptology ePrint Archive,Report 2004/114.
[58]Benoit Libert and Jean-Jacques Quisquater,The Exact Security of an Identity Based Signature and its Applications,In IEEE Information Theory Workshop,pp,155-158,2003.Full Version Available at http://eprint.iacr.org
[59]T.H.Yuen and V.K.Wei,Fast and Proven Secure Blind Identity-Based Signcryption from Pairings,In Topic in Cryptology -CT-RSA 2005,The cryptographers' Track at the RSA Conference 2005(CTRSA05),Lecture Notes in Computer Science,San Francisco,CA,USA,February 2005;Springer.To Appear.
[60]S.S.M.Chow,T.H.Yuen,L.C.K.Hui and S.M.Yiu,Signcryption in Hierachical Identity Based Cryptosystem,Cryptology ePrint Archive Report 2004/244.http://eprint.iacr.org/2004/244.pdf
[61]R.Sakai and M.Kasahara.Id based cryptosystems with pairing on elliptic curve.In 2004Symposium on Cryptography and Information Security - SCIS'2003,Hamamatsu,Japan,2003.See also http://eprint.iacr.org/2003/054
[62]E.Fujisaki and T.Okamoto.Secure Integration of Asymmetric andSymmetric Encryption Schemes.In Advances in Cryptology - CRYPTO'99,volume 1666 of LNCS,pp.537-554,Springer-Verlag,1999.
[63]X.Huang,W.Susilo,Y.Mu,and F.Zhang,"Identity-based ring signeryption schemes:cryptographic Primitives for Preserving Privacy and authenticity in the ubiquitous world," in l9th International Conference on Advanced Information Networking and Applications(AINA'05),PP.649-654,TaiPei,Taiwan,2005.
[64]郑垚,倪子伟.一种无需可信中心的跨信任域身份签密方案[J].计算机应用,2007(S2):121-122.
[65]CHEN L,MALONE-LEE J.Improved identity-based signcryption[A].Public Key Cryptography-PKC 2005[C],Lecture Notes in Computer Science 3386.Berlin,Springer-Verlag, 2005:362-379.
[66]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582.
[2].A.Shamir.Identity-based cryptosystems and signature schemes.in Advances in Cryptology-Crypto' 84,Lecture Notes in Computer Science,Vol.196,Springer-Verlag,pp.47-53,1984.
[3]A.Fiat,A.Shamir.How to prove yourself:Practical Solutions to identification and signature problems.Advances in Cryptology - Crypto' 86.LNCS 263,Heidelberg:Springer-Verlag,1987:186-194.
[4]L.C.Guillou,J.J.Quisquater.A "paradoxical" Identity-based signature scheme resulting from zero-knowledge.Advances in Cryptology - Crypto'88.LNCS 403,Berlin:Springer-Verlag,1990:216-231.
[5]U.Fiege,A.Fiat,A Shamir.Zero-knowledge proofs of identity.Journal of Cryptology.1998.(2):77-94.
[6]C.Cocks.An Identity Based Encryption Scheme Based on Quadratic Residues.In proc.of IMA International Conference on Cryptosystem and Coding.LNCS 2260,Berlin:Springer-Verlag,2001:360-363.
[7]D.Boneh,M.Franklin.Identity-based Eneryption from the Well pairing SIAM Journal of Computing.2003,32(3):586-615.
[8]C.Cocks.An Identity Based Eneryption Scheme Based on Quadratic Residues.In Proc.IMA International Conference on Cryptosystem and Coding.LNCS 2260,Berlin:SPringer-Verlag,2001:360-363.
[9]J.Horwitz,B.Lynn.Toward Hierarchiecal Identity-based EncryPtion.Advances in Cryptology-Eurocrypt' 02.LNCS 2332,Heidelberg:Springer-Verlag,2002:466-481.
[10]C.Gentry,A.Silverberg.Hierarchieal ID-based Crytosystem.Advances in Cryptology-Aisacrypt' 02.LNCS 2501,Berlin:Springer-Verlag,2002:548 -- 566.
[11]R.Canetti,S.Halevi,J.Katz.A forward-secure Public-key encryptionscheme.Advances in Cryptology-Eurocrypt' 03.LNCS 2656,Berlin:Springer-Verlag,2003:255-271.
[12]D.Boneh,X.Boyen.Efficient Selective ID Secure Identity Based Encryption without Random Oracles.Advances in Cryptology Eurocrypt 2004,LNCS3027,Berlin:Springer-Verlag,2004:223-238.
[13]D.Boneh,X.Boyen.Secure Identity Based Encryption Without Random Oraeles.Advances in Cryptology-Crypto' 04.LNCS 3152,Heidelberg:Springer-Verlag,2004:443-459.
[14]B.Waters.Efficient Identity-based Encryption Without Random Oracles.Advances in Cryptology-EurocryPt' 05.LNCS 3494,Heidelberg:Springer-Verlag,2005:114-127.
[15]A.Sahai,B.Waters.Fuzzy Identity-based Encryption.Advances in Cryptolog-Eurocrypt'05.LNCS 3494,Heidelberg:Springer-Verlag,2005:457-473.
[16]D.Naeeaehe.Secure and Practical Identity-based Encryption.CryPtology ePrint Archive,Report 2005.http://eprint.iaer.org/2005/369.pdf
[17]D.Boneh,X.Boyen,E.J.Goh.Hierarchieal Identity Based Encryption with Constant Size Ciphertext.Advances in Cryptology-Eurocrypt' 05.LNCS 3494,Berlin:Springer-Verlag,2005:440-456.
[18]M.Abdalla,D.Catalano,A.W.Dent,etc.Identity-based Encryption Gone Wild.In:Automata,Languages and Programming:33rd International Colloquim,ICALP 2006.LNCS 4052,Springer-Verlag,2006:300-311.
[19]MillerV.Use of elliptic curves in cryptography.Advances in Cryptology Proceedings of CRYPTO'85,LNCS 218.Berlin:Springer-Verlag,1985,410-424
[20]Koblitz N.Elliptic curve cryptosystems.Mathematics of Computation.1987.48(5):203-209
[21]雷雳.椭圆曲线密码算法及其应用:[硕士学位论文].西安:西安电子科技大学,2004.1
[22]Park S,Kim S,WonD.ID-Based Group Signature.Electronics Letters,1997,33(19),1616-1617
[23]Chaum D,van Heijst E.Group Signatures.In:Eurocrypt'91,LNCS 547.Berlin:Springer-Verlag,1991,257-265
[24]Mao W,Lim H.Cryptanalysis in prime order subgroup of Zn.In:Cryptology-Asiacrypt'98,LNCS 1541.Berlin:Springer-Verlag,1998,214-226
[25]Tseng Y,JanJ.A novel ID-based group signature.In:International computer symposium,workshop on cryptology and information security.Tainan,1998,159-164
[26]吴秋新、钟鸣、杨义先等.一个数字签名方案的安全性分析.通信学报,2001,22(11):72-76
[27]张键红,伍前红,邹建成等.一种高效的群签名.电子学报,2005,33(6):1110-1115
[28]Camenisch Jan,Stadler Markus.Efficient Group Signature Schemes for Large Groups.In:Crypto'97,LNCS 1294.Berlin:Springer-Verlag,1997,410-424
[29]Camenish J,Michels M.A Group Signature Scheme with Improved Efficency.In:Proceedings of AsiaCrypto'98,LNCS 1541.Berlin:Springer-Verlag,1998,410-424
[30]陈剀,祝世雄.一个新的群签名方案.计算机工程,2000,26(26):117-112
[31]邓冬花,赵一呜.一种基于GDH假设的高效群签名方案.计算机工程,2004,30(11):31-33
[32]Bellare M,Shi H,Zhang C.Foundations of Group Signatures:The Case of Dynamic Groups.http://eprint.iacr.org/2004/077/,2005-11-25
[33]Rivest R,Shamir A,Tauman Y.How to Leak a Secret.In:Cryptology-Asiacrypt'01,LNCS 2248.Berlin:Springer-Verlag,2001:552-565
[34]Zhang F,Kim K.Efficient ID-Based Blind Signature and Proxy Signature from Bilinear Pairings.In:The 8th Australasian Conference on Information Security and Privacy,LNCS 2727.Berlin:Springer-Verlag,2003,312-323
[35]Ibrahim,Kamat S,Salleh M,et al.Secure E-voting with Blind Signature.In:NCTT 2003Proceedings.Massachusetts:NCTT,2003,193-197
[36]Lucas C,Dahab,Ricardo.A Scheme for Analyzing Electronic Payment Systems.In:Proceedings of the Fourteenth Annual Computer Security Applications Conference.Scottsdale:AZ,USA,1998,137-146
[37]HyunJuLee,MunSukChoi,ChungSeiRhee.Trace ability of Double Spending in Secure Electronic Cash System.In:Computer Networks and Mobile Computing 2003.ShangHai:IEEE Computer Society,20-23
[38]AbeM,OkamotoT.Provably Secure Partially Blind Signatures.In:Cryptology-Crypto'00,LNCS 1880.Berlin:Springer-Verlag,2002,271-286
[39]ChaumD,VanH.Antwerpen.Undeniable Signatures.In:Cryptology-Crypto'89.Santa Barbara:Springer-Verlag,1990,212-217
[40]MamboM,UsudaK,Okamoto.E.Proxy Signatures:Delegation of the Power to Sign Messages.IEICE Transaction Fundaments.1996,E79-A(9):1338-1353
[41]ItakuraK,NakamuraK.APublic-Key Cryptosystem Suitable for Digital Muftisignature.NEC Research&Development,1983,(71):1-8
[42]张键红,韦永壮,王育民.基于RSA的多重数字签名.通信学报,2003,24(6):150-154
[43]伊丽江,白国强,肖国镇.代理多重签名.计算机研究与发展,2001,38(2):204-206
[44]Pfitzmann.Digital Signature Schenes General Framework and Fail-Stop Signature,In:LNCS 1100.Berlin:Springer-Verlag,1996
[45]曹珍富,李继国,李建中.一个新的具有指定接收者(t,n)门限签名加密方案.通信学报,2003,24(5):8-13
[46]Xia o feng Chen,Fang guo Zhang,Kwangjo Kim.A Ne w ID-based Group Signature Scheme from Bilinear Pairings.http://eprint.iacr.org/2003/116.pdf,2004.
[47]MALONE-LEE J.Identity-based signcryption[OL],http://eprint.iacr.org/2002/098.pdf,2006.
[48]B.Libert and J.Quisquater,"A new Identity Based SigncryPtion Scheme from Pairings," in 2003 IEEE Informatin Theory Workshop,pp.155-158,paris,France,2003
[49]F.Bao and R.H.Deng,A Signcryption scheme with signature directy verifiable by public key.In Public Key Cryptography-PKC'98,Lecture Notes in computer Science,Vol.1431,Springer-Verlag(1998)PP.55-59.
[50]D.Boneh and M.Franklin.Identity-Based Encryption from the Well Pairing.In Advances in Cryptology - CRYPTO 2001,volume 2139 of LNCS,pp 213-229,Springer-Verlag,2001.
[51]F.Hess,Efficient identity based signature schemes based on Pairings,in:Proceedings of the 9~(th) Workshop on Seleetive Areas on CryptograPhy(SAC2002),Lecture Notes in Computer Science,vol.2595,Springer,Berlin,2002.
[52]J-B.Shin,K.Lee,K.Shim,New DSA-verifiable signcryption schemes,to appear in proceedings of ICISC 2002,Springer Verlag,Lecture Notes in Computer Science series.
[53]Divya.Nalla and K.C.Reddy.Signcryption scheme for Identity-Based Cryptosystems.Cryptology ePring Archive,Report 2003/2006,2003.Available at http://eprint.iacr.org.
[54]S.S.M.Chow,S.M.Yiu,L.C.K.Hui,and K.P.Chow,Efficient Forword and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity,Information Security and Cryptology(ICISC 2003),LNCS 2971,pp.353-369,Springer-Verlag,2004.
[55]X.Boyen,Multipurpose Identity-Based Signcryption:A Swiss army Knife for Identity-Based Cryptography,Crypto '03,LNCS 2729,pp.383-399,Springer-Verlag,2003.Alsoappeared as Cryptology ePrint Archive Report 2003/163
[56]Noel McCullagh and Paulo S.L.M.Barreto,Efficient and Forward-Secure Identity-Based Signcryption,Cryptology ePrint Archive Report 2004/117.
[57]L.Chen and J.Malone-Lee,Improved Identity-Based Signcryption,Cryptology ePrint Archive,Report 2004/114.
[58]Benoit Libert and Jean-Jacques Quisquater,The Exact Security of an Identity Based Signature and its Applications,In IEEE Information Theory Workshop,pp,155-158,2003.Full Version Available at http://eprint.iacr.org
[59]T.H.Yuen and V.K.Wei,Fast and Proven Secure Blind Identity-Based Signcryption from Pairings,In Topic in Cryptology -CT-RSA 2005,The cryptographers' Track at the RSA Conference 2005(CTRSA05),Lecture Notes in Computer Science,San Francisco,CA,USA,February 2005;Springer.To Appear.
[60]S.S.M.Chow,T.H.Yuen,L.C.K.Hui and S.M.Yiu,Signcryption in Hierachical Identity Based Cryptosystem,Cryptology ePrint Archive Report 2004/244.http://eprint.iacr.org/2004/244.pdf
[61]R.Sakai and M.Kasahara.Id based cryptosystems with pairing on elliptic curve.In 2004Symposium on Cryptography and Information Security - SCIS'2003,Hamamatsu,Japan,2003.See also http://eprint.iacr.org/2003/054
[62]E.Fujisaki and T.Okamoto.Secure Integration of Asymmetric andSymmetric Encryption Schemes.In Advances in Cryptology - CRYPTO'99,volume 1666 of LNCS,pp.537-554,Springer-Verlag,1999.
[63]X.Huang,W.Susilo,Y.Mu,and F.Zhang,"Identity-based ring signeryption schemes:cryptographic Primitives for Preserving Privacy and authenticity in the ubiquitous world," in l9th International Conference on Advanced Information Networking and Applications(AINA'05),PP.649-654,TaiPei,Taiwan,2005.
[64]郑垚,倪子伟.一种无需可信中心的跨信任域身份签密方案[J].计算机应用,2007(S2):121-122.
[65]CHEN L,MALONE-LEE J.Improved identity-based signcryption[A].Public Key Cryptography-PKC 2005[C],Lecture Notes in Computer Science 3386.Berlin,Springer-Verlag, 2005:362-379.
[66]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582.