安全多方计算中的若干应用问题研究
|
摘要
安全多方计算是指在一个互不信任的多用户网络中,两个或多个用户能够在不泄漏各自输入信息时协同合作执行某项计算任务。自A.C.Yao于1982年首次提出安全两方计算的概念以来,安全多方计算已经成为国际密码学界的研究热点。实际上,如果我们能安全的计算任何函数,我们就掌握了一个强大的工具,因为任何一个密码协议都可以划归为一个特殊的安全多方计算协议。
传统的安全多方计算主要关注如何获得一般化的可计算任意函数的协议,而对安全多方计算在具体环境下的应用并没有做深入的研究。本文旨在针对具体的应用问题和安全性要求设计出适合的安全多方计算协议。主要的研究工作如下:
1.针对代理签名只能提供授权的认证而不能提供保密性这一问题,研究了安全多方计算的一个典型应用——代理签密。本文利用双线性配对,提出了一个基于身份的代理签密方案,并对方案的安全性和效率进行了分析讨论。
2.研究了有关原始签名者的隐私保护问题。代理盲签名是结合盲签名和代理签名的优点所形成的具有特殊用途的数字签名。针对现有大多数代理盲签名方案效率较低的问题,提出了一个高效的代理盲签名方案,方案的安全性基于离散对数困难问题。
3.针对现有大多数优化公平交换协议在交换阶段效率较低的问题,运用变色龙哈希函数的特殊性质,给出了一种构造优化公平交换协议的新方法。新的优化公平交换协议在交换阶段不需要复杂的零知识证明系统,在保证安全性及公平性的同时,有效的避免了大量的计算和通信过程。
4.对特殊安全多方计算中的保护私有信息的协作线性方程组求解问题和保护私有信息的多项式插值问题进行了研究。通过分析,我们发现,保护私有信息的多项式插值问题可以化归为一个安全两方保护私有信息的协作线性方程组求解问题。基于此,我们首先提出了一个高效的安全两方保护私有信息的协作线性方程组求解协议,并由此设计了一个保护私有信息的多项式插值协议,有效的解决了保护私有信息的多项式插值问题。
Secure multiparty computation refers to the problem where two or more parties want to jointly compute a task based on their private inputs, while no party is willing to disclose his privacy to any other one. Since the problem of secure two-party computation was firstly introduced by A. C. Yao in 1982, the research of secure multiparty computation has become one of the focuses in international cryptographic fields. It should be clear that we have a very powerful tool if we can compute any function securely, because virtually all cryptographic protocols are, or can be rephrased to be, special cases of the multiparty computation problems.
Though the traditional secure multiparty computation protocols mainly focus on how to acquire the general protocols which can calculate arbitrary functions, the applications of secure multiparty computation in concrete environments have not been deeply researched. In this paper, we will design suitable secure multiparty computation protocols facing concrete applications and security requirements.
To sum up, the works and innovations of this thesis could be summarized as follows:
1. Since a proxy signature only provides the delegated authenticity and doesn't provide the confidentiality, we propose a new identity-based proxy signcryption scheme from bilinear pairings and analyze its security and efficiency.
2. Research on the problem of proxy signer's privacy protection. Proxy blind signature, which combines the properties of both proxy signature and blind signature, is useful in many applications. We present a proxy blind signature scheme based on discrete logarithm problem. As compared with existing typical schemes, our scheme achieves higher efficiency.
3. Most protocols in current literature for optimistic fair exchange protocols are quite inefficient in the exchange phase. We present a novel method for constructing efficient and secure optimistic fair exchange protocols using a key-exposure-free chameleon hashing scheme. The proposed optimistic fair exchange protocol has no use for verifiably encrypted signature and requires no zero-knowledge proofs in the exchange phase, which will greatly reduce the communication overhead and managing cost.
4. Privacy-preserving cooperative linear system of equations problem and privacy-preserving polynomial interpolation problem are studied. We find that the privacy-preserving polynomial interpolation problem can be transformed into a cooperative linear system of equations problem. Therefore, we present a secure and efficient two-party privacy-preserving cooperative linear system of equations protocol and analyze its security. Then, we propose a privacy-preserving polynomial interpolation protocol based on the newly devised secure two-party privacy-preserving cooperative linear system of equations protocol. We also analyze the new protocol and prove its correctness and security.
传统的安全多方计算主要关注如何获得一般化的可计算任意函数的协议,而对安全多方计算在具体环境下的应用并没有做深入的研究。本文旨在针对具体的应用问题和安全性要求设计出适合的安全多方计算协议。主要的研究工作如下:
1.针对代理签名只能提供授权的认证而不能提供保密性这一问题,研究了安全多方计算的一个典型应用——代理签密。本文利用双线性配对,提出了一个基于身份的代理签密方案,并对方案的安全性和效率进行了分析讨论。
2.研究了有关原始签名者的隐私保护问题。代理盲签名是结合盲签名和代理签名的优点所形成的具有特殊用途的数字签名。针对现有大多数代理盲签名方案效率较低的问题,提出了一个高效的代理盲签名方案,方案的安全性基于离散对数困难问题。
3.针对现有大多数优化公平交换协议在交换阶段效率较低的问题,运用变色龙哈希函数的特殊性质,给出了一种构造优化公平交换协议的新方法。新的优化公平交换协议在交换阶段不需要复杂的零知识证明系统,在保证安全性及公平性的同时,有效的避免了大量的计算和通信过程。
4.对特殊安全多方计算中的保护私有信息的协作线性方程组求解问题和保护私有信息的多项式插值问题进行了研究。通过分析,我们发现,保护私有信息的多项式插值问题可以化归为一个安全两方保护私有信息的协作线性方程组求解问题。基于此,我们首先提出了一个高效的安全两方保护私有信息的协作线性方程组求解协议,并由此设计了一个保护私有信息的多项式插值协议,有效的解决了保护私有信息的多项式插值问题。
Secure multiparty computation refers to the problem where two or more parties want to jointly compute a task based on their private inputs, while no party is willing to disclose his privacy to any other one. Since the problem of secure two-party computation was firstly introduced by A. C. Yao in 1982, the research of secure multiparty computation has become one of the focuses in international cryptographic fields. It should be clear that we have a very powerful tool if we can compute any function securely, because virtually all cryptographic protocols are, or can be rephrased to be, special cases of the multiparty computation problems.
Though the traditional secure multiparty computation protocols mainly focus on how to acquire the general protocols which can calculate arbitrary functions, the applications of secure multiparty computation in concrete environments have not been deeply researched. In this paper, we will design suitable secure multiparty computation protocols facing concrete applications and security requirements.
To sum up, the works and innovations of this thesis could be summarized as follows:
1. Since a proxy signature only provides the delegated authenticity and doesn't provide the confidentiality, we propose a new identity-based proxy signcryption scheme from bilinear pairings and analyze its security and efficiency.
2. Research on the problem of proxy signer's privacy protection. Proxy blind signature, which combines the properties of both proxy signature and blind signature, is useful in many applications. We present a proxy blind signature scheme based on discrete logarithm problem. As compared with existing typical schemes, our scheme achieves higher efficiency.
3. Most protocols in current literature for optimistic fair exchange protocols are quite inefficient in the exchange phase. We present a novel method for constructing efficient and secure optimistic fair exchange protocols using a key-exposure-free chameleon hashing scheme. The proposed optimistic fair exchange protocol has no use for verifiably encrypted signature and requires no zero-knowledge proofs in the exchange phase, which will greatly reduce the communication overhead and managing cost.
4. Privacy-preserving cooperative linear system of equations problem and privacy-preserving polynomial interpolation problem are studied. We find that the privacy-preserving polynomial interpolation problem can be transformed into a cooperative linear system of equations problem. Therefore, we present a secure and efficient two-party privacy-preserving cooperative linear system of equations protocol and analyze its security. Then, we propose a privacy-preserving polynomial interpolation protocol based on the newly devised secure two-party privacy-preserving cooperative linear system of equations protocol. We also analyze the new protocol and prove its correctness and security.
引文
[1] C. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, Vol.28, 1949: 656-715.
[2] W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans.Info.Theory IT, 1976. 22 (11): 644-654.
[3] A. C. Yao. Protocols for secure computations. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, 1982: 160-164.
[4] R. Cramer and I. Damgard. Multiparty computation-An introduction. Lecture Notes, University of Aarhus, Department for Computer Science, 2002.
[5] S. Goldwasser. Multi-party computation: Past and Present. In Proceedings of the 16th Annual ACM Symposium on Principles of Distributed Computing, Santa Barbara, CA, USA, August 21-24, 1997:1-6.
[6] O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge, England, 2001.
[7] N. A. Lynch. Distributed Algorithms. Morgan Kaufmann Publishers, Inc. 1996.
[8] G. Tel. Introduction to Distributed Algorithms, Second Edition. Cambridge University Press, Cambridge, England, 2000.
[9] O. Goldreich, S. Micali, and A. Wigderson. How to paly any mental game. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York City, May, 1987:218-229.
[10] M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, 1988:1-10.
[11] D. Chaum, C. Crepeau, and I. Damgard. Multi-party Unconditionally Secure Protocols. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, 1988:11-19.
[12] O. Goldreich. Secure Multi-Party Computation. http://www.wisdorn.weizmann.ac.il/home/oded/public.html/fot.html. 1998.
[13] M. Franklin and M. Yung. Communication complexity of secure computation(extended abstract), 24th STOC, citeseer.nj.nec.com/franklin92communication.html, 1992:699-710.
[14] R. Gennaro, M. Rabin and T. Rabin. Simplified VSS and Fast-track Multipart Computations with Applications to Threshold Cryptography. In Proceedings of the 1998 ACM Symposium on Principles of Distributed Computing, 1998:101-111.
[15] R. Cramer, I. Damgard. Zero-Knowledge Proofs for Finite Field Arithmetic. Lecture Notes in Computer Science 1462. Berlin: Springer-Verlag, 1998:424-436.
[16] M. Hirt, U. Maurer and B. Przydatek. Efficient Secure Multi-party Computation. Lecture Notes in Computer Science 1976. Berlin: Springer-Verlag, 2000:143-153.
[17] R. Cramer, I. Damgard and S. Dziembowski. On the complexity of verifiable secret sharing and multi-party computation. 32nd STOC, 2000.
[18] M. Harkavy, J. Tygar and H. Kikuchi. Electronic Auctions with Private Bids. 3rd USENIX Workshop on Electronic Commerce, BostonMass, September, 1998:61-74.
[19] Kikuchi, Harkavy and Tygar. Multi-Round Anonymous Auction Protocols. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1999.
[20] S. Frank, R. Anderson. The Cocaine Auction Protocol: On the Power of Anonymous Broadcast. Information Hiding, 1999: 434-447.
[21] Nakanishi, Watanabe and Fujiwara. Anonymous auction protocol using undeniable signature. The 1995 Symposium on Cryptography and Information Security, 1995.
[22] M. Franklin, M. Reiter. The design and implementation of a secure auction service. IEEE Trans. on Software Engineering, volume 22, 1996:302-312.
[23] R. Gennaro, S. Jarecki, H. Krawczyk, H. Krawczyk and T. Rabin. Robust Threshold DSS Signatures. Theory and Application of Cryptographic Techniques, 1996: 354-371.
[24] R. Gennaro, T. Rabin, S. Jarecki and H. Krawczyk. Robust and Efficient Sharing of RSA Functions. Journal of Cryptology: the journal of the International Association for Cryptologic Research, volume 13, 2000: 273-300.
[25] Y. Frankel, P. Gemmell and M. Yung. Witness-based cryptographic program checking and robust function sharing. 28th STOC, 1996: 499-508.
[26] Milgrom. Auctions and bidding: a primer. Journal of Economic Perspectives, 1989:3-22.
[27] K.Sako. Universal verifiable auction protocol which hides losing bids. In Proceeding of SCIS'99, 1999:35-39.
[28] Aifredo De Santis, Yvo Desmedt, Yair Frankel and Moti Yung. How to share a function securely. In Proceedings of the 26th Annual Symposium on Theory of Computing, ACM Press, 1994:522-533.
[29] A. Shamir. How to share a secret. Communication of the ACM, 1979,22(11):612-613.
[30] T. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology CRYPTO'91, Springer-Verlag Berlin Heidelberg, 1991:129-140.
[31] R. Cramer, I. Damgard and U. Maurer. General secure multi-party computation from any linear secret-sharing scheme. LNCS 1807. Springer-Verlag Berlin Heidelberg, 2000:316-327
[32] M.O.Rabin. How to exchange secrets by oblivious transfer. Tech. Report TR-81, Harvard University, 1981.
[33] S. Even, O. Goldreich and A. Lempel. A randomized protocol for signing contracts. Communication of ACM, 1985(28):637-647.
[34] G. Brassard, C. Crepeau and M. Santha. Oblivious Transfer and Intersecting Codes. IEEE Transaction onInformation Theory, special issue on coding and complexity, 1996,42(6): 1769-1780.
[35] D. Beaver. Equivocable Oblivious Transfer. Advances in Cryptology-EUROCRYPT'96, Vol.1070. 1996: 119-130.
[36] Wen-Guey Tzeng. Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters. IEEE Transactions on Computers, 2004, 52(2): 232-240.
[37] T. Christian. Practical oblivious transfer protocols. In Proceedings of the 5th International Workshop on Information Hiding (IH 2002). Springer Verlag, LNCS2578, The Netherlands, 2002. 10: 415-426.
[38] N. H. Li, W. L. Du, D. Boneh. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing(PODC 2003), Boston, Massachusetts, ACM Press, New York, 2003.7: 182-189
[39] H. Petersen. How to Convert any Digital Signature Scheme into a Group Signature Scheme. Security Protocols Workshop, 1997:177-190.
[40] J. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. IBM Zurich Laboratory, 1998.
[41] M. Abe and K. Suzuki. Receipt-Free Sealed-bid Auction. In Proceedings of ISC 2002, LNCS2433, Springer-Verlag Berlin Heidelberg, 2002: 191-199.
[42] H. Kikuchi. (M+1)st-price auction protocol. In: FC2001. LNCS 2339, Springer-Verlag Berlin Heidelberg, 2002: 351-363.
[43] Y. Xie, F. G. Zhang, X. F. Chen, and K. Kim. ID-Based Distributed "Magic Ink" Signature from Pairings. In: ICICS 2003, LNCS 2836, Springer-Verlag Berlin Heidelberg, 2003:249-259.
[44] W. M. Lang, Z. K. Yang, W. Q. Cheng, and Y. M. Tan. An Improved Identity-Based Proxy Ring Signature Scheme. High Technology Letters, Vol. 11, No. 11, March, 2005:17-19.
[45] C. B. Ma, J. Ao, and J. H. Li. Chameleon-Based Deniable Authenticated Key Agreement Protocol Secure Against Forgery. In: HCII 2007, LNCS 4564, Springer-Verlag Berlin Heidelberg, 2007:124-133.
[46] M. Bellare, C. Namprempre, and G. Neven. Unrestricted Aggregate Signatures. In: ICALP 2007, LNCS 4596, Springer-Verlag Berlin Heidelberg, 2007:411-422.
[47] G. L. Wang, Joonsang Beak, Duncan S. Wong, and F. Bao. On the Generic and Efficient Constructions of Secure Designated Confirmer Signatures. In: PKC 2007, LNCS 4450, Springer-Verlag Berlin Heidelberg, 2007:43-60.
[48] Y. Lindell and B. Pinkas. Privacy Preserving Data Mining. In Advances in Cryptology-CRYPTO'00, LNCS 1880, Springer-Verlag Berlin Heidelberg, 2000:36-54.
[49] J. Vaidya and C. Clifton. Privacy Preserving Association Rule Mining in Vertically Partitioned Data. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002:639-644.
[50] A. Evfimievski, R. Srikant, et al. Privacy Preserving Mining of Association Rules. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002:217-228.
[51]M.Kantarcioglu and C.Clifton.Privacy-Preserving Distributed Mining of Association Rules on Horizontally Partitioned Data.IEEE Transactions on Knowledge and Data Engineering,16(9),2004:1026-1037.
[52]罗永龙,黄刘生,荆巍巍,姚亦飞,陈国良。一个保护私有信息的布尔关联规则挖掘算法。电子学报,33(5),2005:900-903.
[53]M.J.Atallah and W.Du.Secure Multi-Party Computational Geometry.In Proceedings of the 7~(th)International Workshop on Algorithms and Data Structures,LNCS 2125,Providence,Rhode Island,USA,2001:165-179.
[54]S.D.Li,Y.Q.Dai.Secure Two-Party Computational Geometry.Journal of Computer Science and Technology,Vol.20,No.2,2005:258-263.
[55]李顺东,司天歌,戴一奇.集合包含与几何包含的多方保密计算.计算机研究与发展,42(10),2005:1647-1653.
[56]Y.L.Luo,L.S.Huang,G.L.Chen,and H.Shen.Privacy-Preserving Distance Measurement and Its Applications.Chinese Journal of Electronics,Vol.15,No.2,2006:237-241.
[57]罗永龙,黄刘生,荆巍巍,徐维江.空间几何对象的相对位置判定中的私有信息保护.计算机研究与发展,43(3),2006:410-416.
[58]Y.L.Luo,L.S.Huang,H.Zhong,and G.L.Chen.A Secure Protocol for Determining Whether a Point is Inside a Convex Polygon.Chinese Journal of Electronics,Vol.15,No.4,2006:579-582.
[59]S.D.Li,Y.Q.Dai,D.S.Wang,and P.Luo.A Secure Multi-Party Computation Solution to Intersection Problems of Sets and Rectangles.Progress in Natural Science,Vol.16,No.5,2006:538-545.
[60]Y.L.Luo,L.S.Huang,and H.Zhong.Secure Two-Party Point-Circle Inclusion Problem.Journal of Computer Science and Technology,Vol.22,No.1,2007:88-91.
[61]罗永龙,黄刘生,徐维江,荆巍巍.一个保护私有信息的多边形相交判定算法.电子学报,35(4),2007:685-691.
[62]M.Naor and B.Pinkas.Oblivious Transfer and Polynomial Evaluation.In Proceeding of the 31~(st) ACM Symposium on the Theory of Computing,1999:245-254.
[63]M.Naor and B.Pinkas.Efficient Oblivious Transfer Protocols.In Proceedings of the 12~(th) Annual Symposium on Discrete Algorithms,2001:448-457.
[64]B.Goethals,S.Laur,H.Lipmaa,and T.Mielik(a|¨)inen.On Secure Scalar Product Computation for Privacy-Preserving Data Mining.In Proceeding of the 7~(th) Annual International Conference in Information Security and Cryptology,2004:104-120.
[65]W.J.Luo and X.Li.A Study of Secure Multi-party Elementary Function Computation Protocols.Journal of Communication and Computer,Vol.2,No.5,2005:32-40.
[66]罗文俊,李祥.多方安全矩阵乘积协议及应用.计算机学报,28(7),2005:1230-1235.
[67]李顺东,窦家维,贾晓林.集合相交问题的多方保密计算.西安交通大学学报,40(10),2006:1091-1102.
[68]M.J.Xiao,L.S.Huang,A.Liu,and K.Han.Multivariate Oblivious Polynomial Evaluation Protocol.Chinese Journal of Electronics,Vol.16,No.2,2007:217-222.
[69]罗永龙,黄刘生,荆巍巍,徐维江,陈国良.保护私有信息的叉积协议及其应用.计算机学报,30(2),2007:248-254.
[70]W.L.Du and M.J.Atallah.Privacy-Preserving Cooperative Statistical Analysis.In Proceedings of the 17th Annual Computer Security Application Conference,New Orleans,Louisiana,USA,December 10-14,2001:102-110.
[71]W.J.Luo and X.Li.A Study of Secure Multi-party Statistical Analysis.In Proceeding of IEEE International Conference on Computer Networks and Mobile Computing,Shanghai,2003:377-382.
[72]W.Du and M.J.Atallah.Privacy-Preserving Cooperative Scientific Computation.In Proceeding of the 14~(th) IEEE Computer Security Foundations Workshop,Nova Scotia,Canada,2001:273-282.
[73]罗永龙,徐致云,黄刘生.安全多方的统计分析问题及其应用.计算机工程与应用.41(24),2005:141-143.
[74]罗永龙,徐致云,黄刘生.多元线性回归分析中的隐私保护问题.计算机工程与应用.41(34),2005:111-113.
[75]G.Di-Crescenzo,Y.Ishai,and R.Ostrovsky.Universal Service-providers for database private information retrieval.In Proceedings of the 17~(th) Annual ACM Symposium on Principles of Distributed Computing,1998:91-100.
[76]C.Cachin,S.Micali and M.Stadler.Computationally Private Information Retrieval with Polylogarithmic Communication.Advances in Cryptology:EUROCRYPT'99,LNCS 1592,1999:402-414.
[77]Y.Ishai and E.Kushilevitz.Improved Upper Bounds on Information Theoretic Private Information Retrieval.In Proceedings of the 31th Annual ACM Symposium on the Theory of Computing,1999:79-88.
[78]T.Itoh.On Lower Bounds for the Communication Complexity of Private Information Retrieval.IEICE Transactions Fundamentals of Electronics,Communications and Computer Sciences,E84-A(1),2001:157-164.
[79]A.Beimel and Y.Stahl.Robust Information-theoretic Private Information Retrieval.In Proceedings of the 3~(rd) Conference on Security in Communications Networks,2002:326-341.
[80]R.Beigel,L.Fortnow,and W.Gasarch.A Nearly Tight Lower Bound for Private Information Retrieval Protocols.Technical Report TR03-087,Electronic Colloquim on Computational Complexity,2003.
[81]W.L.Du and M.J.Atallah.Multi-Party Computation Problems and their Applications:A Review and Open Problems.In New Security Paradigms Workshop 2001,Cloudcroft,New Mexico,USA,September 11-13,2001:11-20.
[82]W.L.Du,M.J.Atallah,and F.Kerschbaum.Protocols for Secure Remote Database Access with Approximate Matching.Technique report,2001.
[83]S.D.Li,Y.Q.Dai,Q.Y.You.Secure Multi-Party Computation Solution to Yao's Millionaires' Problem Based on Set-Inclusion.Progress in Natural Science,Vol.15,No.9,2005:851-856.
[84] L. Lamport, R. Shostak, and M. Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and System, 1982.3(4): 382-401.
[85] M. Ben-Or, R. Canetti, and O. Goldreich. Asynchronous secure computation. In Proceedings of the 25th ACM STOC, 1993:52-61.
[86] R. Canetti. Studies in Secure Multiparty Computation and Application. PHD Thesis, Weizmann Institute, Israel, 1995.
[87] R. Canetti, R. Gennaro, S. Jarecki, H. Krawczy, and T. Rabin. Adaptive security for threshold cryptosystems. In CRYPTO'99, LNCS.1166, 1999:98-115.
[88] O. Goldreich, S. Goldwasser, and N. Linial. Fault-Tolerant Computation in the Full Information Model. 32nd FOCS, 1991:447-457.
[89] A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Advances in Cryptology-Crypto'86, LNCS 263,1986:186-194.
[90] M. Bellare and P. Rogaway. Random Oracles are Pratical: A Paradigm for Designing Efficient Protocols. In Proc. of the 1st ACM Conference on Computer and Communication Security, ACM Press, New York, 1993:62-73.
[91] W. Mao. Modern Cryptography: Theory and Practice. Published by Prentice Hall PTR, 2003
[92] D. Pointcheval. Contemporary Cryptology Provable Security for Public Key Scheme. Advanced Course on Contemporary Cryptology, Advanced Courses CRM Bacelona, June, 2005:133-189.
[93] R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystem Comm. ACM, 1978:120-126.
[94] O. Rabin. Digital Signature and Public-Key Functions as Intractable as Factorization. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR212,1979.
[95] T. ElGamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Tran. Information Theory, 31(4), 1985:469-472.
[96] C. Schnorr. Efficient Identification and Signatures for Smart Cards. Advances in Cryptology-Eurocrypt'89, Springer- Verlag, 1990:239-252.
[97] D. Chaum. Blind signature for untraceable payments. Advances in Cryptology-Crypto'82, Prenum Publishing Corporation, 1982:199-204.
[98] K. Itakura, and K. Nakamura. A public key cryptosystem suitable for digital multisignature. NEC Research and Development, 1983, 71:1-8.
[99] D. Chaum, and van Antwerpen. Undeniable signatures. Advances in Cryptology-Crypto'89, LNCS 435, Springer-Verlag, 1990:212-216.
[100] S. Even, O. Goldreich, and S. Micali. On-line/Off-line digital signatures. Advances in Cryptology- Crypto'89, LNCS 435, Springer-Verlag, 1990:263-277.
[101] Y. Desmedt, and Y. Frankel. Shared generation of authentication and signature. Advances in Cryptology- Crypto'91, LNCS 576, Springer-Verlag, 1992:457-469.
[102] D. Chaum, and E. van Heyst. Group signatures. Advances in Cryptology-Eurocrypt'91, LNCS 547, Springer-Verlag, 1991:257-265.
[103] B. Pfitzmann, and M. Waidner. Fail-stop signatures and their applications. In Proceedings of 9th Worldwide Congress on Computer and Communications Security and Protection (Securicom'91), 1991: 145-160.
[104] S. Goldwasser, and R. Ostrovsky. Invariant signatures and non-interactive zero-knowledge proofs are equivalent. Advances in Cryptology-Crypto'92, LNCS 740, Springer-Verlag, 1992: 228-245.
[105] C. Lim, and P. Lee. Modified Maurer-Yacobi's scheme and its applications. Advances in Cryptology- Auscrypt'92, LNCS 718, Springer-Verlag, 1992:308-323.
[106] K. Nyberg, and R. Rueppel. A new signature scheme based on the DSA giving message recovery. 1st ACM Cofference on Computer and Communications Security, ACM press, 1993:58-61.
[107] K. Nyberg, and R. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:182-193.
[108] D. Chaum. Designated confirmer signatures. Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:86-91.
[109] S. Kim, S. Park, and D. Won. Zero-knowledge nominative signatures. In Proceedings of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, 1996:380-392.
[110] M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures: Delegation of the power to sign messages. IEICE Trans. Fundamentals, E79-A(9), 1996:1338-1353.
[111] Y. Zheng. Digital signcryption or how to achieve cost (signature & encryption) ? cost (signature) + cost (encryption). Advances in Cryptology-Crypto'97, LNCS 1294, Springer-Verlag, 1997:165-179.
[112] M. Jakobasson, and M. Yung. Distributed "Magic ink" signatures. Advances in Cryptology-Eurocrypt'97, LNCS 1233, Springer-Verlag, 1997:450-464.
[113] H. Krawczyk and T. Rabin. Chameleon signatures. In Proceedings of NDSS, 2000:143-154.
[114] R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. Advances in Cryptology-Asiacrypt'01, LNCS 2248, Springer-Verlag, 2001:552-565.
[115] R. Johnson, D. Molnar, D. Song ,and Wagner. Homomorphic signature schemes. Topics in Cryptology- CT-RSA 2002, LNCS 2271, Springer-Verlag, 2002:244-262.
[116] S. Micali and R. Rivest. Transitive signature schemes. Topics in Cryptology-CT-RSA 2002, LNCS 2271, Springer-Verlag, 2002:236-243.
[117] B. Lee and K. Kim. Self-certified signatures. Progress in Cryptology-Indocrypt 2002, LNCS 2551, Springer-Verlag, 2002:199-214.
[118] D. Boneh, C. Gentry, B. lynn and Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology-Eurocrypt'03, LNCS 2656, Springer-Verlag, 2003:416-432.
[119] W. S. Juang and C. L. Lei. Blind threshold signatures based on discrete logarithm. In Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, 1996:172-181.
[120] K. Zhang. Threshold proxy signature schemes. Information Security Workshop(ISW'97), LNCS 1396, Springer-Verlag, 1997:282-290.
[121] W. D. Lin, and J. K. Jan. A security personal learning tools using a proxy blind signature scheme. In Proc. of Int'l Conference on Chinese Language Computing, 2000:273-277.
[122] A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography (FC'98), LNCS 1465, Springer-Verlag, 1998:184-197.
[123] C Gamage, J Leiwo, and Y Zheng. An efficient scheme for secure message transmission using proxy- signcryption. In: Proceedings of the 22th Australasian Computer Science. Auckland: Springer-Verlag, 1999: 420-430.
[124] T. EIGamal. A Public Key Cryptosystem and signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, IT-31(4), 1985:469-472.
[125] B. Lee, H. Kim, and K. Kim. Strong Proxy Signature and its Applications. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS'01), Japan, Vol. 2/2, 2001:603-608.
[126] M. Mambo, K. Usuda, and E. Okamoto. Proxy Signatures for delegating signing operation. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996:48-57.
[127] B. Lee, H. Kim, and K. Kim. Secure Mobile Agent Using Strong Non-Desigated Proxy Signature. In: ACISP'01, LNCS 2119, Springer-Verlag, 2001:474-486.
[128] G. Wang, F. Bao, J. Zhou, and R. H. Deng. Comments on "A Practical (t,n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem". IEEE Transactions on Knowledge and Data Engineering(TKDE), 16(10), 2004:1309-1311.
[129] J. B. Shin, K. Lee, and K. Shim. New DSA-verifiable signcryption schemes. Information Security and Cryptology-ICISC 2002, LNCS 2587, Berlin: Springer-Verlag, 2003:35-47.
[130] C.Gamage, J. Leiwo, and Y. Zheng. Encrypted message authentication by firewalls. Public Key Cryptography-PKC'99, LNCS 1560, Berlin: Springer-Verlag, 1999: 69-81.
[131] S. S. M. Chow, S. M. Yiu, L.C.K. Hui, and K.P. Chow. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. Information Security and Cryptology-ICISC 2003, LNCS 2971, Berlin: Springer-Verlag, 2004: 352-369.
[132] S. Miyazaki, K. Sakurai. A More Efficient Untraceable E-Cash System With Partially Blind Signatures Based on the Discrete Logarithm Problem. FC'98, Berlin: Springer-Verlag, 1998:296-307.
[133] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. Advances in Cryptology-Eurocrypt, LNCS 1070, Springer-Verlag, 1996:143-154.
[134] G. Ateniese, D. B. Medeiros. On the key exposure problem in chameleon hashes. In: Proceedings of the Fourth Conference on Security in Communication Networks (SCN'04), LNCS 3352. Berlin: Springer-Verlag, 2004:165-179.
[135] F. Bao, R. H. Deng, and W. Mao. Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of the 1998 IEEE Sympium on Security and Privacy. IEEE Computer Press, Oakland, 1998:77-85.
[136] J. Zhou, and D. Gollmann. A fair non-repudiation protocol. In Proceedings of the 1996 IEEE Sympium on Security and Privacy, IEEE Computer Press, Oakland, 1996:55-61.
[137]. Y. Dodis, and L. Reyzin. Breaking and repairing optimistic fair exchange. In Proceedings of the 2003 ACM Workshop on Digital Rights Management, ACM Press, New York, 2003:47-54.
[138]. H. Pagnia, and F. C. Gartner. On the impossibility of fair exchange without a trusted third party. Technical Report TUD-BS-1999-02, Darmstadt University, 1999.
[139]. N. Asokan, M. Schunter, and M. Waidner. Optimistic protocols for fair exchange. The 4th ACM Conference on Computer and Communications Security, ACM Press, 1997:7-17.
[140] N. Asokan, V. Shoup, M. Waidner. Optimistic fair exchange of digital signatures. Advances in Cryptology-ASICRYPT'98, Helsinki: Springer-Verlag, 1998:591-606.
[141] A Shamir. Identity-based cryptosystems and signature schemes. In: Proceeding of CRYPTO 84. LNCS 196. Berlin: Springer-Verlag, 1984:47-53.
[142] F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. SAC 2002, Berlin: Springer-Verlag, 2003:310-324.
[143] C. J. Chan, J. H. Cheon. An Identity-Based Signature from Gap Diffie-Hellman Groups. PKC 2003, Berlin: Springer-Verlag, 2003:18-30.
[144] D Boneh, M Franklin. Identity-based encryption from the weil pairing. In: Proc. CRYPTO2001. LNCS 2139. Berlin: Springer-Verlag, 2001:213-229.
[145] X Li, K Chen. Identity based proxy-signcryption scheme from pairings. In: Proceedings of the IEEE International Conference on Services Computing (SCC2004). Los Alamitos, California, IEEE Computer Society Press, 2004:494-497.
[146] M Wang, H Li, Z Liu. Efficient identity based proxy-signcryption schemes with forward security and public verifiability. The third International Conference on Networking and Mobile Computing (ICCNMC2005). Springer-Verlag, 2005, 3619:982-991.
[147] S Duan, Z Cao, Y Zhou. Secure delegation-by-warrant ID-based proxy signcryption scheme. CIS2005, PartII, LNAI 3802. Springer-Verlag, 2005:445-450.
[148] J. Malone-Lee. Identity Based Signcryption. Cryptology ePrint Archive, Report 2002/098, 2002, http://eprint.iacr,org/2002/098.
[149] Z. W. Tan, Z. J. Liu, and C. M. Tang. A proxy blind signature scheme based on DLP. Journal of Software, Voll4, Noll, 2003:1931-1935.
[150] S. Lal, and A. K. Awasthi. Proxy blind signature scheme. http://eprint.iacr.org/2003/072.pdf.
[151]S.H.Wang,G.L.Wang,F.Bao,and J.Wang.Cryptanalysis of a proxy blind signature scheme based on DLP.Journal of Software,Vol.16,No.5,2005:911-915.
[152]Q.S.Xue,and Z.F.Cao.A new proxy blind signature scheme with warrant.IEEE Conference on Cybernetics and Intelligent Systems(CIS and RAM 2004),Singapore,2004:1385-1390.
[153]J.G.Li,Y.C.Zhang,and S.T.Yang.Cryptanalysis of new proxy blind signature scheme with warrant.ICCMSE'2005,Athens,Greece,2005.
[154]J.G.Li,and S.H.Wang.New Efficient Proxy Blind Signature Scheme Using Verifiable Self-certified Public Key.International Journal of Network Security,Vol.4,No.2,2007:193-200.
[155]X.Chen,F.Zhang,and K.Kim.Chameleon hashing without key exposure.In:ISC04 LNCS 3225.Berlin:Springer-Verlag,2004:87-98.
[156]杜欣军,王莹,葛建华,王育民。基于双线性对的Chameleon签名方案。软件学报,18(10),2007:2662-2668。
[157]W.Gao,X.L.Wang,and D.Q.Xie.Chameleon Hashes Without Key Exposure Based on Factoring.Journal of Computer Science and Technology,Vol.22,No.1,2007:109-113.
[158]G.Ateniese,B.D.Medeiros.Identity-based chameleon hash and applications.In:Proceedings of Financial Cryptography 2004(FC'04),LNCS 3110.Berlin:Springer-Verlog,2004:164-180.
[159]罗永龙.安全多方计算中的若干关键问题及其应用研究,中国科学技术大学博士学位论文,2005年10月.
[160]Y.Z.Ding,D.Harnik,and A.Rosen et.al.Oblivious Transfer in the Bounded Storage Model.Advances in Cryptology-CRYPTO 2001,LNCS 2139,2001:155-170.
[161]S.Even,O.Goldreich,and A.Lempel.A Randomized Protocol for Signing Contacts.ACM,28(6),1985:637-647.
[162]S.Wolf.Ruducing String Oblivious Transfer to Universal Oblivious Transfer.In Proc.of IEEE International Symp.on Information Theory,2000.
[163]G.Brassard,C.Crepeau,and J.Robert.Information Theoretic Reduction among Disclosure Problems.In Proc.of the 27~(th) IEEE Symp.Foundations of Computer Science,1986:168-173.
[164]Wen-Guay Tzeng.Efficient 1 out-of-n Oblivious Transfer Schemes.In Proc.of the Pulic-Key Cryptography(PKC'02),Springer-Verlog,2002:159-171.
[165]Y.Mu,J.Zhang,and V.Varadharajan.m out of n Oblivious Transfer.ACISP 2002,LNCS 2384,Springer-Verlog,2002:395-405.
[166]M.Naor,B.Pinkas.Oblivious Transfer with Adaptive Queries.In Proc.of Advances in Cryptology (Crypto'99),LNCS 1606,Springer-Verlog,1999:573-590.
[167]H.Lipmaa.An Oblivious Transfer Protocol with Log-squared Communication.Technical Report,Cryptography ePrint Archive:Report 2004/063,2004.
[168]I.Damgard,M.Jurik.A Generalisation,a Simplification and some Applications of Paillier's Probabilistic Public-Key System. PKC'01, LNCS 1992, Springer-Verlog, 2001:119-136.
[169] R. Majdodim, H. Farhadi. A new method for polynomial interpolation. In Proc. of World Academy of Science, Engineering and Technology, 2007:298-299.
[2] W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans.Info.Theory IT, 1976. 22 (11): 644-654.
[3] A. C. Yao. Protocols for secure computations. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, 1982: 160-164.
[4] R. Cramer and I. Damgard. Multiparty computation-An introduction. Lecture Notes, University of Aarhus, Department for Computer Science, 2002.
[5] S. Goldwasser. Multi-party computation: Past and Present. In Proceedings of the 16th Annual ACM Symposium on Principles of Distributed Computing, Santa Barbara, CA, USA, August 21-24, 1997:1-6.
[6] O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge, England, 2001.
[7] N. A. Lynch. Distributed Algorithms. Morgan Kaufmann Publishers, Inc. 1996.
[8] G. Tel. Introduction to Distributed Algorithms, Second Edition. Cambridge University Press, Cambridge, England, 2000.
[9] O. Goldreich, S. Micali, and A. Wigderson. How to paly any mental game. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York City, May, 1987:218-229.
[10] M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, 1988:1-10.
[11] D. Chaum, C. Crepeau, and I. Damgard. Multi-party Unconditionally Secure Protocols. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, 1988:11-19.
[12] O. Goldreich. Secure Multi-Party Computation. http://www.wisdorn.weizmann.ac.il/home/oded/public.html/fot.html. 1998.
[13] M. Franklin and M. Yung. Communication complexity of secure computation(extended abstract), 24th STOC, citeseer.nj.nec.com/franklin92communication.html, 1992:699-710.
[14] R. Gennaro, M. Rabin and T. Rabin. Simplified VSS and Fast-track Multipart Computations with Applications to Threshold Cryptography. In Proceedings of the 1998 ACM Symposium on Principles of Distributed Computing, 1998:101-111.
[15] R. Cramer, I. Damgard. Zero-Knowledge Proofs for Finite Field Arithmetic. Lecture Notes in Computer Science 1462. Berlin: Springer-Verlag, 1998:424-436.
[16] M. Hirt, U. Maurer and B. Przydatek. Efficient Secure Multi-party Computation. Lecture Notes in Computer Science 1976. Berlin: Springer-Verlag, 2000:143-153.
[17] R. Cramer, I. Damgard and S. Dziembowski. On the complexity of verifiable secret sharing and multi-party computation. 32nd STOC, 2000.
[18] M. Harkavy, J. Tygar and H. Kikuchi. Electronic Auctions with Private Bids. 3rd USENIX Workshop on Electronic Commerce, BostonMass, September, 1998:61-74.
[19] Kikuchi, Harkavy and Tygar. Multi-Round Anonymous Auction Protocols. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1999.
[20] S. Frank, R. Anderson. The Cocaine Auction Protocol: On the Power of Anonymous Broadcast. Information Hiding, 1999: 434-447.
[21] Nakanishi, Watanabe and Fujiwara. Anonymous auction protocol using undeniable signature. The 1995 Symposium on Cryptography and Information Security, 1995.
[22] M. Franklin, M. Reiter. The design and implementation of a secure auction service. IEEE Trans. on Software Engineering, volume 22, 1996:302-312.
[23] R. Gennaro, S. Jarecki, H. Krawczyk, H. Krawczyk and T. Rabin. Robust Threshold DSS Signatures. Theory and Application of Cryptographic Techniques, 1996: 354-371.
[24] R. Gennaro, T. Rabin, S. Jarecki and H. Krawczyk. Robust and Efficient Sharing of RSA Functions. Journal of Cryptology: the journal of the International Association for Cryptologic Research, volume 13, 2000: 273-300.
[25] Y. Frankel, P. Gemmell and M. Yung. Witness-based cryptographic program checking and robust function sharing. 28th STOC, 1996: 499-508.
[26] Milgrom. Auctions and bidding: a primer. Journal of Economic Perspectives, 1989:3-22.
[27] K.Sako. Universal verifiable auction protocol which hides losing bids. In Proceeding of SCIS'99, 1999:35-39.
[28] Aifredo De Santis, Yvo Desmedt, Yair Frankel and Moti Yung. How to share a function securely. In Proceedings of the 26th Annual Symposium on Theory of Computing, ACM Press, 1994:522-533.
[29] A. Shamir. How to share a secret. Communication of the ACM, 1979,22(11):612-613.
[30] T. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology CRYPTO'91, Springer-Verlag Berlin Heidelberg, 1991:129-140.
[31] R. Cramer, I. Damgard and U. Maurer. General secure multi-party computation from any linear secret-sharing scheme. LNCS 1807. Springer-Verlag Berlin Heidelberg, 2000:316-327
[32] M.O.Rabin. How to exchange secrets by oblivious transfer. Tech. Report TR-81, Harvard University, 1981.
[33] S. Even, O. Goldreich and A. Lempel. A randomized protocol for signing contracts. Communication of ACM, 1985(28):637-647.
[34] G. Brassard, C. Crepeau and M. Santha. Oblivious Transfer and Intersecting Codes. IEEE Transaction onInformation Theory, special issue on coding and complexity, 1996,42(6): 1769-1780.
[35] D. Beaver. Equivocable Oblivious Transfer. Advances in Cryptology-EUROCRYPT'96, Vol.1070. 1996: 119-130.
[36] Wen-Guey Tzeng. Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters. IEEE Transactions on Computers, 2004, 52(2): 232-240.
[37] T. Christian. Practical oblivious transfer protocols. In Proceedings of the 5th International Workshop on Information Hiding (IH 2002). Springer Verlag, LNCS2578, The Netherlands, 2002. 10: 415-426.
[38] N. H. Li, W. L. Du, D. Boneh. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing(PODC 2003), Boston, Massachusetts, ACM Press, New York, 2003.7: 182-189
[39] H. Petersen. How to Convert any Digital Signature Scheme into a Group Signature Scheme. Security Protocols Workshop, 1997:177-190.
[40] J. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. IBM Zurich Laboratory, 1998.
[41] M. Abe and K. Suzuki. Receipt-Free Sealed-bid Auction. In Proceedings of ISC 2002, LNCS2433, Springer-Verlag Berlin Heidelberg, 2002: 191-199.
[42] H. Kikuchi. (M+1)st-price auction protocol. In: FC2001. LNCS 2339, Springer-Verlag Berlin Heidelberg, 2002: 351-363.
[43] Y. Xie, F. G. Zhang, X. F. Chen, and K. Kim. ID-Based Distributed "Magic Ink" Signature from Pairings. In: ICICS 2003, LNCS 2836, Springer-Verlag Berlin Heidelberg, 2003:249-259.
[44] W. M. Lang, Z. K. Yang, W. Q. Cheng, and Y. M. Tan. An Improved Identity-Based Proxy Ring Signature Scheme. High Technology Letters, Vol. 11, No. 11, March, 2005:17-19.
[45] C. B. Ma, J. Ao, and J. H. Li. Chameleon-Based Deniable Authenticated Key Agreement Protocol Secure Against Forgery. In: HCII 2007, LNCS 4564, Springer-Verlag Berlin Heidelberg, 2007:124-133.
[46] M. Bellare, C. Namprempre, and G. Neven. Unrestricted Aggregate Signatures. In: ICALP 2007, LNCS 4596, Springer-Verlag Berlin Heidelberg, 2007:411-422.
[47] G. L. Wang, Joonsang Beak, Duncan S. Wong, and F. Bao. On the Generic and Efficient Constructions of Secure Designated Confirmer Signatures. In: PKC 2007, LNCS 4450, Springer-Verlag Berlin Heidelberg, 2007:43-60.
[48] Y. Lindell and B. Pinkas. Privacy Preserving Data Mining. In Advances in Cryptology-CRYPTO'00, LNCS 1880, Springer-Verlag Berlin Heidelberg, 2000:36-54.
[49] J. Vaidya and C. Clifton. Privacy Preserving Association Rule Mining in Vertically Partitioned Data. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002:639-644.
[50] A. Evfimievski, R. Srikant, et al. Privacy Preserving Mining of Association Rules. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002:217-228.
[51]M.Kantarcioglu and C.Clifton.Privacy-Preserving Distributed Mining of Association Rules on Horizontally Partitioned Data.IEEE Transactions on Knowledge and Data Engineering,16(9),2004:1026-1037.
[52]罗永龙,黄刘生,荆巍巍,姚亦飞,陈国良。一个保护私有信息的布尔关联规则挖掘算法。电子学报,33(5),2005:900-903.
[53]M.J.Atallah and W.Du.Secure Multi-Party Computational Geometry.In Proceedings of the 7~(th)International Workshop on Algorithms and Data Structures,LNCS 2125,Providence,Rhode Island,USA,2001:165-179.
[54]S.D.Li,Y.Q.Dai.Secure Two-Party Computational Geometry.Journal of Computer Science and Technology,Vol.20,No.2,2005:258-263.
[55]李顺东,司天歌,戴一奇.集合包含与几何包含的多方保密计算.计算机研究与发展,42(10),2005:1647-1653.
[56]Y.L.Luo,L.S.Huang,G.L.Chen,and H.Shen.Privacy-Preserving Distance Measurement and Its Applications.Chinese Journal of Electronics,Vol.15,No.2,2006:237-241.
[57]罗永龙,黄刘生,荆巍巍,徐维江.空间几何对象的相对位置判定中的私有信息保护.计算机研究与发展,43(3),2006:410-416.
[58]Y.L.Luo,L.S.Huang,H.Zhong,and G.L.Chen.A Secure Protocol for Determining Whether a Point is Inside a Convex Polygon.Chinese Journal of Electronics,Vol.15,No.4,2006:579-582.
[59]S.D.Li,Y.Q.Dai,D.S.Wang,and P.Luo.A Secure Multi-Party Computation Solution to Intersection Problems of Sets and Rectangles.Progress in Natural Science,Vol.16,No.5,2006:538-545.
[60]Y.L.Luo,L.S.Huang,and H.Zhong.Secure Two-Party Point-Circle Inclusion Problem.Journal of Computer Science and Technology,Vol.22,No.1,2007:88-91.
[61]罗永龙,黄刘生,徐维江,荆巍巍.一个保护私有信息的多边形相交判定算法.电子学报,35(4),2007:685-691.
[62]M.Naor and B.Pinkas.Oblivious Transfer and Polynomial Evaluation.In Proceeding of the 31~(st) ACM Symposium on the Theory of Computing,1999:245-254.
[63]M.Naor and B.Pinkas.Efficient Oblivious Transfer Protocols.In Proceedings of the 12~(th) Annual Symposium on Discrete Algorithms,2001:448-457.
[64]B.Goethals,S.Laur,H.Lipmaa,and T.Mielik(a|¨)inen.On Secure Scalar Product Computation for Privacy-Preserving Data Mining.In Proceeding of the 7~(th) Annual International Conference in Information Security and Cryptology,2004:104-120.
[65]W.J.Luo and X.Li.A Study of Secure Multi-party Elementary Function Computation Protocols.Journal of Communication and Computer,Vol.2,No.5,2005:32-40.
[66]罗文俊,李祥.多方安全矩阵乘积协议及应用.计算机学报,28(7),2005:1230-1235.
[67]李顺东,窦家维,贾晓林.集合相交问题的多方保密计算.西安交通大学学报,40(10),2006:1091-1102.
[68]M.J.Xiao,L.S.Huang,A.Liu,and K.Han.Multivariate Oblivious Polynomial Evaluation Protocol.Chinese Journal of Electronics,Vol.16,No.2,2007:217-222.
[69]罗永龙,黄刘生,荆巍巍,徐维江,陈国良.保护私有信息的叉积协议及其应用.计算机学报,30(2),2007:248-254.
[70]W.L.Du and M.J.Atallah.Privacy-Preserving Cooperative Statistical Analysis.In Proceedings of the 17th Annual Computer Security Application Conference,New Orleans,Louisiana,USA,December 10-14,2001:102-110.
[71]W.J.Luo and X.Li.A Study of Secure Multi-party Statistical Analysis.In Proceeding of IEEE International Conference on Computer Networks and Mobile Computing,Shanghai,2003:377-382.
[72]W.Du and M.J.Atallah.Privacy-Preserving Cooperative Scientific Computation.In Proceeding of the 14~(th) IEEE Computer Security Foundations Workshop,Nova Scotia,Canada,2001:273-282.
[73]罗永龙,徐致云,黄刘生.安全多方的统计分析问题及其应用.计算机工程与应用.41(24),2005:141-143.
[74]罗永龙,徐致云,黄刘生.多元线性回归分析中的隐私保护问题.计算机工程与应用.41(34),2005:111-113.
[75]G.Di-Crescenzo,Y.Ishai,and R.Ostrovsky.Universal Service-providers for database private information retrieval.In Proceedings of the 17~(th) Annual ACM Symposium on Principles of Distributed Computing,1998:91-100.
[76]C.Cachin,S.Micali and M.Stadler.Computationally Private Information Retrieval with Polylogarithmic Communication.Advances in Cryptology:EUROCRYPT'99,LNCS 1592,1999:402-414.
[77]Y.Ishai and E.Kushilevitz.Improved Upper Bounds on Information Theoretic Private Information Retrieval.In Proceedings of the 31th Annual ACM Symposium on the Theory of Computing,1999:79-88.
[78]T.Itoh.On Lower Bounds for the Communication Complexity of Private Information Retrieval.IEICE Transactions Fundamentals of Electronics,Communications and Computer Sciences,E84-A(1),2001:157-164.
[79]A.Beimel and Y.Stahl.Robust Information-theoretic Private Information Retrieval.In Proceedings of the 3~(rd) Conference on Security in Communications Networks,2002:326-341.
[80]R.Beigel,L.Fortnow,and W.Gasarch.A Nearly Tight Lower Bound for Private Information Retrieval Protocols.Technical Report TR03-087,Electronic Colloquim on Computational Complexity,2003.
[81]W.L.Du and M.J.Atallah.Multi-Party Computation Problems and their Applications:A Review and Open Problems.In New Security Paradigms Workshop 2001,Cloudcroft,New Mexico,USA,September 11-13,2001:11-20.
[82]W.L.Du,M.J.Atallah,and F.Kerschbaum.Protocols for Secure Remote Database Access with Approximate Matching.Technique report,2001.
[83]S.D.Li,Y.Q.Dai,Q.Y.You.Secure Multi-Party Computation Solution to Yao's Millionaires' Problem Based on Set-Inclusion.Progress in Natural Science,Vol.15,No.9,2005:851-856.
[84] L. Lamport, R. Shostak, and M. Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and System, 1982.3(4): 382-401.
[85] M. Ben-Or, R. Canetti, and O. Goldreich. Asynchronous secure computation. In Proceedings of the 25th ACM STOC, 1993:52-61.
[86] R. Canetti. Studies in Secure Multiparty Computation and Application. PHD Thesis, Weizmann Institute, Israel, 1995.
[87] R. Canetti, R. Gennaro, S. Jarecki, H. Krawczy, and T. Rabin. Adaptive security for threshold cryptosystems. In CRYPTO'99, LNCS.1166, 1999:98-115.
[88] O. Goldreich, S. Goldwasser, and N. Linial. Fault-Tolerant Computation in the Full Information Model. 32nd FOCS, 1991:447-457.
[89] A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Advances in Cryptology-Crypto'86, LNCS 263,1986:186-194.
[90] M. Bellare and P. Rogaway. Random Oracles are Pratical: A Paradigm for Designing Efficient Protocols. In Proc. of the 1st ACM Conference on Computer and Communication Security, ACM Press, New York, 1993:62-73.
[91] W. Mao. Modern Cryptography: Theory and Practice. Published by Prentice Hall PTR, 2003
[92] D. Pointcheval. Contemporary Cryptology Provable Security for Public Key Scheme. Advanced Course on Contemporary Cryptology, Advanced Courses CRM Bacelona, June, 2005:133-189.
[93] R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystem Comm. ACM, 1978:120-126.
[94] O. Rabin. Digital Signature and Public-Key Functions as Intractable as Factorization. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR212,1979.
[95] T. ElGamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Tran. Information Theory, 31(4), 1985:469-472.
[96] C. Schnorr. Efficient Identification and Signatures for Smart Cards. Advances in Cryptology-Eurocrypt'89, Springer- Verlag, 1990:239-252.
[97] D. Chaum. Blind signature for untraceable payments. Advances in Cryptology-Crypto'82, Prenum Publishing Corporation, 1982:199-204.
[98] K. Itakura, and K. Nakamura. A public key cryptosystem suitable for digital multisignature. NEC Research and Development, 1983, 71:1-8.
[99] D. Chaum, and van Antwerpen. Undeniable signatures. Advances in Cryptology-Crypto'89, LNCS 435, Springer-Verlag, 1990:212-216.
[100] S. Even, O. Goldreich, and S. Micali. On-line/Off-line digital signatures. Advances in Cryptology- Crypto'89, LNCS 435, Springer-Verlag, 1990:263-277.
[101] Y. Desmedt, and Y. Frankel. Shared generation of authentication and signature. Advances in Cryptology- Crypto'91, LNCS 576, Springer-Verlag, 1992:457-469.
[102] D. Chaum, and E. van Heyst. Group signatures. Advances in Cryptology-Eurocrypt'91, LNCS 547, Springer-Verlag, 1991:257-265.
[103] B. Pfitzmann, and M. Waidner. Fail-stop signatures and their applications. In Proceedings of 9th Worldwide Congress on Computer and Communications Security and Protection (Securicom'91), 1991: 145-160.
[104] S. Goldwasser, and R. Ostrovsky. Invariant signatures and non-interactive zero-knowledge proofs are equivalent. Advances in Cryptology-Crypto'92, LNCS 740, Springer-Verlag, 1992: 228-245.
[105] C. Lim, and P. Lee. Modified Maurer-Yacobi's scheme and its applications. Advances in Cryptology- Auscrypt'92, LNCS 718, Springer-Verlag, 1992:308-323.
[106] K. Nyberg, and R. Rueppel. A new signature scheme based on the DSA giving message recovery. 1st ACM Cofference on Computer and Communications Security, ACM press, 1993:58-61.
[107] K. Nyberg, and R. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:182-193.
[108] D. Chaum. Designated confirmer signatures. Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:86-91.
[109] S. Kim, S. Park, and D. Won. Zero-knowledge nominative signatures. In Proceedings of PragoCrypt'96, International Conference on the Theory and Applications of Cryptology, 1996:380-392.
[110] M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures: Delegation of the power to sign messages. IEICE Trans. Fundamentals, E79-A(9), 1996:1338-1353.
[111] Y. Zheng. Digital signcryption or how to achieve cost (signature & encryption) ? cost (signature) + cost (encryption). Advances in Cryptology-Crypto'97, LNCS 1294, Springer-Verlag, 1997:165-179.
[112] M. Jakobasson, and M. Yung. Distributed "Magic ink" signatures. Advances in Cryptology-Eurocrypt'97, LNCS 1233, Springer-Verlag, 1997:450-464.
[113] H. Krawczyk and T. Rabin. Chameleon signatures. In Proceedings of NDSS, 2000:143-154.
[114] R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. Advances in Cryptology-Asiacrypt'01, LNCS 2248, Springer-Verlag, 2001:552-565.
[115] R. Johnson, D. Molnar, D. Song ,and Wagner. Homomorphic signature schemes. Topics in Cryptology- CT-RSA 2002, LNCS 2271, Springer-Verlag, 2002:244-262.
[116] S. Micali and R. Rivest. Transitive signature schemes. Topics in Cryptology-CT-RSA 2002, LNCS 2271, Springer-Verlag, 2002:236-243.
[117] B. Lee and K. Kim. Self-certified signatures. Progress in Cryptology-Indocrypt 2002, LNCS 2551, Springer-Verlag, 2002:199-214.
[118] D. Boneh, C. Gentry, B. lynn and Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology-Eurocrypt'03, LNCS 2656, Springer-Verlag, 2003:416-432.
[119] W. S. Juang and C. L. Lei. Blind threshold signatures based on discrete logarithm. In Proceedings of the 2nd Asian Computing Science Conference, LNCS 1179, Springer-Verlag, 1996:172-181.
[120] K. Zhang. Threshold proxy signature schemes. Information Security Workshop(ISW'97), LNCS 1396, Springer-Verlag, 1997:282-290.
[121] W. D. Lin, and J. K. Jan. A security personal learning tools using a proxy blind signature scheme. In Proc. of Int'l Conference on Chinese Language Computing, 2000:273-277.
[122] A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: A scalable solution to electronic cash. Financial Cryptography (FC'98), LNCS 1465, Springer-Verlag, 1998:184-197.
[123] C Gamage, J Leiwo, and Y Zheng. An efficient scheme for secure message transmission using proxy- signcryption. In: Proceedings of the 22th Australasian Computer Science. Auckland: Springer-Verlag, 1999: 420-430.
[124] T. EIGamal. A Public Key Cryptosystem and signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, IT-31(4), 1985:469-472.
[125] B. Lee, H. Kim, and K. Kim. Strong Proxy Signature and its Applications. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS'01), Japan, Vol. 2/2, 2001:603-608.
[126] M. Mambo, K. Usuda, and E. Okamoto. Proxy Signatures for delegating signing operation. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996:48-57.
[127] B. Lee, H. Kim, and K. Kim. Secure Mobile Agent Using Strong Non-Desigated Proxy Signature. In: ACISP'01, LNCS 2119, Springer-Verlag, 2001:474-486.
[128] G. Wang, F. Bao, J. Zhou, and R. H. Deng. Comments on "A Practical (t,n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem". IEEE Transactions on Knowledge and Data Engineering(TKDE), 16(10), 2004:1309-1311.
[129] J. B. Shin, K. Lee, and K. Shim. New DSA-verifiable signcryption schemes. Information Security and Cryptology-ICISC 2002, LNCS 2587, Berlin: Springer-Verlag, 2003:35-47.
[130] C.Gamage, J. Leiwo, and Y. Zheng. Encrypted message authentication by firewalls. Public Key Cryptography-PKC'99, LNCS 1560, Berlin: Springer-Verlag, 1999: 69-81.
[131] S. S. M. Chow, S. M. Yiu, L.C.K. Hui, and K.P. Chow. Efficient forward and provably secure ID-based signcryption scheme with public verifiability and public ciphertext authenticity. Information Security and Cryptology-ICISC 2003, LNCS 2971, Berlin: Springer-Verlag, 2004: 352-369.
[132] S. Miyazaki, K. Sakurai. A More Efficient Untraceable E-Cash System With Partially Blind Signatures Based on the Discrete Logarithm Problem. FC'98, Berlin: Springer-Verlag, 1998:296-307.
[133] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. Advances in Cryptology-Eurocrypt, LNCS 1070, Springer-Verlag, 1996:143-154.
[134] G. Ateniese, D. B. Medeiros. On the key exposure problem in chameleon hashes. In: Proceedings of the Fourth Conference on Security in Communication Networks (SCN'04), LNCS 3352. Berlin: Springer-Verlag, 2004:165-179.
[135] F. Bao, R. H. Deng, and W. Mao. Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of the 1998 IEEE Sympium on Security and Privacy. IEEE Computer Press, Oakland, 1998:77-85.
[136] J. Zhou, and D. Gollmann. A fair non-repudiation protocol. In Proceedings of the 1996 IEEE Sympium on Security and Privacy, IEEE Computer Press, Oakland, 1996:55-61.
[137]. Y. Dodis, and L. Reyzin. Breaking and repairing optimistic fair exchange. In Proceedings of the 2003 ACM Workshop on Digital Rights Management, ACM Press, New York, 2003:47-54.
[138]. H. Pagnia, and F. C. Gartner. On the impossibility of fair exchange without a trusted third party. Technical Report TUD-BS-1999-02, Darmstadt University, 1999.
[139]. N. Asokan, M. Schunter, and M. Waidner. Optimistic protocols for fair exchange. The 4th ACM Conference on Computer and Communications Security, ACM Press, 1997:7-17.
[140] N. Asokan, V. Shoup, M. Waidner. Optimistic fair exchange of digital signatures. Advances in Cryptology-ASICRYPT'98, Helsinki: Springer-Verlag, 1998:591-606.
[141] A Shamir. Identity-based cryptosystems and signature schemes. In: Proceeding of CRYPTO 84. LNCS 196. Berlin: Springer-Verlag, 1984:47-53.
[142] F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. SAC 2002, Berlin: Springer-Verlag, 2003:310-324.
[143] C. J. Chan, J. H. Cheon. An Identity-Based Signature from Gap Diffie-Hellman Groups. PKC 2003, Berlin: Springer-Verlag, 2003:18-30.
[144] D Boneh, M Franklin. Identity-based encryption from the weil pairing. In: Proc. CRYPTO2001. LNCS 2139. Berlin: Springer-Verlag, 2001:213-229.
[145] X Li, K Chen. Identity based proxy-signcryption scheme from pairings. In: Proceedings of the IEEE International Conference on Services Computing (SCC2004). Los Alamitos, California, IEEE Computer Society Press, 2004:494-497.
[146] M Wang, H Li, Z Liu. Efficient identity based proxy-signcryption schemes with forward security and public verifiability. The third International Conference on Networking and Mobile Computing (ICCNMC2005). Springer-Verlag, 2005, 3619:982-991.
[147] S Duan, Z Cao, Y Zhou. Secure delegation-by-warrant ID-based proxy signcryption scheme. CIS2005, PartII, LNAI 3802. Springer-Verlag, 2005:445-450.
[148] J. Malone-Lee. Identity Based Signcryption. Cryptology ePrint Archive, Report 2002/098, 2002, http://eprint.iacr,org/2002/098.
[149] Z. W. Tan, Z. J. Liu, and C. M. Tang. A proxy blind signature scheme based on DLP. Journal of Software, Voll4, Noll, 2003:1931-1935.
[150] S. Lal, and A. K. Awasthi. Proxy blind signature scheme. http://eprint.iacr.org/2003/072.pdf.
[151]S.H.Wang,G.L.Wang,F.Bao,and J.Wang.Cryptanalysis of a proxy blind signature scheme based on DLP.Journal of Software,Vol.16,No.5,2005:911-915.
[152]Q.S.Xue,and Z.F.Cao.A new proxy blind signature scheme with warrant.IEEE Conference on Cybernetics and Intelligent Systems(CIS and RAM 2004),Singapore,2004:1385-1390.
[153]J.G.Li,Y.C.Zhang,and S.T.Yang.Cryptanalysis of new proxy blind signature scheme with warrant.ICCMSE'2005,Athens,Greece,2005.
[154]J.G.Li,and S.H.Wang.New Efficient Proxy Blind Signature Scheme Using Verifiable Self-certified Public Key.International Journal of Network Security,Vol.4,No.2,2007:193-200.
[155]X.Chen,F.Zhang,and K.Kim.Chameleon hashing without key exposure.In:ISC04 LNCS 3225.Berlin:Springer-Verlag,2004:87-98.
[156]杜欣军,王莹,葛建华,王育民。基于双线性对的Chameleon签名方案。软件学报,18(10),2007:2662-2668。
[157]W.Gao,X.L.Wang,and D.Q.Xie.Chameleon Hashes Without Key Exposure Based on Factoring.Journal of Computer Science and Technology,Vol.22,No.1,2007:109-113.
[158]G.Ateniese,B.D.Medeiros.Identity-based chameleon hash and applications.In:Proceedings of Financial Cryptography 2004(FC'04),LNCS 3110.Berlin:Springer-Verlog,2004:164-180.
[159]罗永龙.安全多方计算中的若干关键问题及其应用研究,中国科学技术大学博士学位论文,2005年10月.
[160]Y.Z.Ding,D.Harnik,and A.Rosen et.al.Oblivious Transfer in the Bounded Storage Model.Advances in Cryptology-CRYPTO 2001,LNCS 2139,2001:155-170.
[161]S.Even,O.Goldreich,and A.Lempel.A Randomized Protocol for Signing Contacts.ACM,28(6),1985:637-647.
[162]S.Wolf.Ruducing String Oblivious Transfer to Universal Oblivious Transfer.In Proc.of IEEE International Symp.on Information Theory,2000.
[163]G.Brassard,C.Crepeau,and J.Robert.Information Theoretic Reduction among Disclosure Problems.In Proc.of the 27~(th) IEEE Symp.Foundations of Computer Science,1986:168-173.
[164]Wen-Guay Tzeng.Efficient 1 out-of-n Oblivious Transfer Schemes.In Proc.of the Pulic-Key Cryptography(PKC'02),Springer-Verlog,2002:159-171.
[165]Y.Mu,J.Zhang,and V.Varadharajan.m out of n Oblivious Transfer.ACISP 2002,LNCS 2384,Springer-Verlog,2002:395-405.
[166]M.Naor,B.Pinkas.Oblivious Transfer with Adaptive Queries.In Proc.of Advances in Cryptology (Crypto'99),LNCS 1606,Springer-Verlog,1999:573-590.
[167]H.Lipmaa.An Oblivious Transfer Protocol with Log-squared Communication.Technical Report,Cryptography ePrint Archive:Report 2004/063,2004.
[168]I.Damgard,M.Jurik.A Generalisation,a Simplification and some Applications of Paillier's Probabilistic Public-Key System. PKC'01, LNCS 1992, Springer-Verlog, 2001:119-136.
[169] R. Majdodim, H. Farhadi. A new method for polynomial interpolation. In Proc. of World Academy of Science, Engineering and Technology, 2007:298-299.