环签名及其在电子现金中的应用研究
摘要
当前,网络通信技术及计算机技术的迅速发展给人们的工作和生活带来了巨大变革,电子商务、电子政务等信息化活动已成为经济生活的核心组成部分。作为信息安全技术中一种主要的认证手段,数字签名得到了广泛的应用。最初的数字签名仅被用于在电子传输中提供数据的认证性、完整性和不可否认性,但基本的数字签名并不总能满足实际应用中的不同需求,因而产生了在特定应用背景下的具有特殊性质的数字签名形式,如盲签名、群签名、环签名等。
环签名是一种简化的类群签名,它克服了群签名中群管理员权限过大的缺点,对签名者是无条件匿名的。它所具备的性质如自发性、无条件匿名性和群特性对于构建电子商务、电子政务等系统方案有着特殊作用,因此对于环签名方案的研究有重要的理论和实际意义。
电子支付系统是电子商务的核心组成部分,其实现和发展程度一直是影响电子商务发展速度的主要因素之一。电子现金作为传统现金在信息化空间的模拟,具有其它电子支付方式所不可比拟的优势,从而成为电子商务网络支付技术的首选技术。电子现金的安全性和匿名性都是靠密码技术来实现的,已有电子现金协议的设计大多基于盲签名和群签名设计,而环签名以其良好的特性成为电子现金协议设计中的重要手段之一。本文针对环签名的特点,对如何构造可适用于电子现金的环签名方案进行了深入研究。
本文主要内容如下:
1.首先介绍了与本文相关的密码学理论基础,包括数论基础、数学困难问题和数字签名的相关知识;简要总结了环签名和电子现金的研究发展状况。
2.介绍了环签名的基本原理和安全特性,分析和总结了环签名方案的设计方法;指出特殊数字签名技术是电子现金应用的关键技术之一,并简要介绍了几种特殊数字签名及其应用前景。
3.对基于身份的环签名方案进行了分析,给出了一个改进的的基于身份的环签名方案;重点对关联环签名方案进行了研究分析,对基于身份的关联环签名进行了改进,提出了一种可追踪关联环签名方案,该方案基于双线性对实现,与传统关联环签名相比,减少了双线性对的计算消耗,提高了运算效率,实现了对重复签名者身份的追踪,更好地满足了电子现金的应用需求。
4.为了保证特殊需求下的电子现金协议的安全性,基于已有环签名和盲签名方案,设计了一种安全高效的电子现金协议,与之前的电子现金协议相比,该协议充分利用了环签名的性质,实现了对重复花费行为的事前检测,并在撤消匿名性的情况下可追踪重复签名人的身份信息。
Currently, the rapid development of the computer technology and network communication brings people's work and life great changes. E-commerce, E-government and other information activities have become a core component of economic life. As a primary means of authentication in Information security technology, digital signature has been widely used. The first digital signature is only used in the electronic transmission of data to provide data authentication, integrity and non-repudiation. The basic digital signature does not always meet the different needs of practical applications, thus the special nature of the digital signature forms was generated in the context of specific applications, such as the blind signature, group signature and ring signatures.
As a kind of simplified group signatures, ring signature overcomes the disadvantage that the right of the administrator in group signatures is too large, and the signer is unconditionally anonymous. Its spontaneous, unconditional anonymity and group characteristics has a special role in building E-commerce, E-government system. Therefore, the research for ring signature scheme has important theoretical and practical significance.
Electronic payment system is a core component of E-commerce, its implementation and level of development has been the impact of E-commerce growth rate of the main factors. As an analog of traditional cash in the information space, with incomparable advantages than other E-commerce payments E-cash become the preferred technology in E-commerce online payment technology. The security and anonymity of E-cash are achieved by cryptography, the existing electronic cash protocols have been designed mostly based on blind signatures and group signatures. The ring signature with its good features is one important means in electronic cash protocol design. This paper focuses on how to construct ring signature scheme that can apply to electronic cash protocol.
This paper has conducted the following works:
1. Firstly, we have introduced the basis cryptography theory that associated with this article, ranging from basic number theory, mathematical difficulties and knowledge of digital signatures; then briefly summary of the ring signature and e-cash research and development status.
2. Secondly, we introduce the basic principles and security features of ring signatures, analyze and summarize the method of ring signature scheme design; and also point out that a special digital signature technology is one of the key technologies of the E-cash applications. outlined several specific digital signatures and their application.
3. Identity-based ring signature scheme is analyzed and an improved identity-based ring signature scheme is designed; we focus on the linkable ring signature scheme, and improve the identity-based ring signature, and propose a kind of traceability linkable ring signature scheme. The scheme is based on bilinear pairings. Compared with the traditional ring signature, it decreases the calculation of pairing consumption, and realizes the function of repetitive tracking. It is better meet the needs of the electronic cash applications.
4. To ensure the special needs under the security of electronic cash, based on the existing ring signature and blind signature scheme, we design a safe and efficient electronic cash system. Compared to the previous electronic cash protocol, the protocol use better of ring signatures features to achieve double-spending behavior of pre-testing, and is able to track the signer's repeat identity information in the case of withdrawal of anonymity.
环签名是一种简化的类群签名,它克服了群签名中群管理员权限过大的缺点,对签名者是无条件匿名的。它所具备的性质如自发性、无条件匿名性和群特性对于构建电子商务、电子政务等系统方案有着特殊作用,因此对于环签名方案的研究有重要的理论和实际意义。
电子支付系统是电子商务的核心组成部分,其实现和发展程度一直是影响电子商务发展速度的主要因素之一。电子现金作为传统现金在信息化空间的模拟,具有其它电子支付方式所不可比拟的优势,从而成为电子商务网络支付技术的首选技术。电子现金的安全性和匿名性都是靠密码技术来实现的,已有电子现金协议的设计大多基于盲签名和群签名设计,而环签名以其良好的特性成为电子现金协议设计中的重要手段之一。本文针对环签名的特点,对如何构造可适用于电子现金的环签名方案进行了深入研究。
本文主要内容如下:
1.首先介绍了与本文相关的密码学理论基础,包括数论基础、数学困难问题和数字签名的相关知识;简要总结了环签名和电子现金的研究发展状况。
2.介绍了环签名的基本原理和安全特性,分析和总结了环签名方案的设计方法;指出特殊数字签名技术是电子现金应用的关键技术之一,并简要介绍了几种特殊数字签名及其应用前景。
3.对基于身份的环签名方案进行了分析,给出了一个改进的的基于身份的环签名方案;重点对关联环签名方案进行了研究分析,对基于身份的关联环签名进行了改进,提出了一种可追踪关联环签名方案,该方案基于双线性对实现,与传统关联环签名相比,减少了双线性对的计算消耗,提高了运算效率,实现了对重复签名者身份的追踪,更好地满足了电子现金的应用需求。
4.为了保证特殊需求下的电子现金协议的安全性,基于已有环签名和盲签名方案,设计了一种安全高效的电子现金协议,与之前的电子现金协议相比,该协议充分利用了环签名的性质,实现了对重复花费行为的事前检测,并在撤消匿名性的情况下可追踪重复签名人的身份信息。
Currently, the rapid development of the computer technology and network communication brings people's work and life great changes. E-commerce, E-government and other information activities have become a core component of economic life. As a primary means of authentication in Information security technology, digital signature has been widely used. The first digital signature is only used in the electronic transmission of data to provide data authentication, integrity and non-repudiation. The basic digital signature does not always meet the different needs of practical applications, thus the special nature of the digital signature forms was generated in the context of specific applications, such as the blind signature, group signature and ring signatures.
As a kind of simplified group signatures, ring signature overcomes the disadvantage that the right of the administrator in group signatures is too large, and the signer is unconditionally anonymous. Its spontaneous, unconditional anonymity and group characteristics has a special role in building E-commerce, E-government system. Therefore, the research for ring signature scheme has important theoretical and practical significance.
Electronic payment system is a core component of E-commerce, its implementation and level of development has been the impact of E-commerce growth rate of the main factors. As an analog of traditional cash in the information space, with incomparable advantages than other E-commerce payments E-cash become the preferred technology in E-commerce online payment technology. The security and anonymity of E-cash are achieved by cryptography, the existing electronic cash protocols have been designed mostly based on blind signatures and group signatures. The ring signature with its good features is one important means in electronic cash protocol design. This paper focuses on how to construct ring signature scheme that can apply to electronic cash protocol.
This paper has conducted the following works:
1. Firstly, we have introduced the basis cryptography theory that associated with this article, ranging from basic number theory, mathematical difficulties and knowledge of digital signatures; then briefly summary of the ring signature and e-cash research and development status.
2. Secondly, we introduce the basic principles and security features of ring signatures, analyze and summarize the method of ring signature scheme design; and also point out that a special digital signature technology is one of the key technologies of the E-cash applications. outlined several specific digital signatures and their application.
3. Identity-based ring signature scheme is analyzed and an improved identity-based ring signature scheme is designed; we focus on the linkable ring signature scheme, and improve the identity-based ring signature, and propose a kind of traceability linkable ring signature scheme. The scheme is based on bilinear pairings. Compared with the traditional ring signature, it decreases the calculation of pairing consumption, and realizes the function of repetitive tracking. It is better meet the needs of the electronic cash applications.
4. To ensure the special needs under the security of electronic cash, based on the existing ring signature and blind signature scheme, we design a safe and efficient electronic cash system. Compared to the previous electronic cash protocol, the protocol use better of ring signatures features to achieve double-spending behavior of pre-testing, and is able to track the signer's repeat identity information in the case of withdrawal of anonymity.
引文
[1]D. Chaum and Evan Heyst. Group signatures [A]. D.W. Davies, editor, Advances in Cryptology-Eurocrypt'91, Lectures Notes in Computer Science [J]. Springer-Verlag, 1991,547:257-265.
[2]R.L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. Advances in Cryptology Asiacrypt'01 [C], Lecture Notes in Computer Science. Berlin: Springer-Verlag,2001, 2248:552-565.
[3]M Abe, M Ohkubo, K Suzuki.1-out of-n signatures from a variety of keys [A]. Proc Asiacrypt'02 [C]. Springer-Verlag,2002,2501:415-423.
[4]F.G. Zhang, K. Kim. ID-based blind signature and'ring signature from pairings [A]. Proc Asiacrypt'02 [C]. Springer-Verlag,2002,2501:533-547.
[5]E. Bresson, J. Stern, M. Szydlo. Threshold ring signatures and applications to ad-hoc groups [A]. Proc CRYPTO'02 [C]. Springer-Verlag,2002,2442:465-480.
[6]M. Naor. Deniable ring authentication [A]. Advances in Cryptology-Crypto'02 [C]. Springer-Verlag,2002,2442:481-498.
[7]Y. Dodis, A. Kiayias, A. Nicolosi, et al. Anonymous identification in ad-hoc groups [A]. Proc Eurocrypt'04 [C]. Springer-Verlag,2004,3027:609-626.
[8]J. Benaloh, M.D. Mare. One-way accumulators:a decentralized alternative to digital signatures [A]. Advances in Cryptology-Eurocrypt'93 [C]. Springer-Verlag,1993, 765:274-285.
[9]T.K. Chan, K. Fung, J.K. Liu, et al. Blind spontaneous anonymous group signatures for ad-hoc groups [A]. ESAS 2004 [C]. Springer-Verlag,2005,3313:82-94.
[10]L. Nguyen. Accumulator from bilinear pairings and application to ID-based ring signatures and group membership revocation [A].CT-RSA 2005[C].San Francisco, CA USA. Springer-Verlag,2005:275-292.
[11]Q.H. Wu, F.G. Zhang, W. Susilo, et al. An efficient static blind ring signature scheme [A]. ICISC 2005 [C]. Springer-Verlag,2006,3935:410-423.
[12]D. Chaum. Blind signatures for untraceable payments [A]. In:Advances in Cryptology, Proc of CRYPTO'82 [C]. Santa California: Springer-Verlag,1983,1440:199-203.
[13]李梦东,杨义先,马春光,等.由群签名实现的可撤销匿名性的电子现金方案[J].北京邮电大学学报,2005,28(2):30-33.
[14]J.K. Liu, V.K. Wei, D.S. Wong. Linkable spontaneous anonymous group signature for Ad-hoc groups [A] Proc. ACISP'04. [C]. Springer-Verlag,2004,3108:325-335.
[15]P.P. Tsang, V.K. Wei. Short linkable ring signatures for e-voting, e-cash and attestation [A] ISPEC 2005. [C]. Springer-Verlag,2005,3439:48-60.
[16]L.L Wang, G.Y Zhang, C.G Ma. A Short Linkable Ring Signature Scheme for E-Cash Protocol. Journal of Beijing University of Posts and Telecommunications [J], 2008:1007-5321.
[17]柯召,孙琦.数论讲义[M].北京大学出版社,1998.
[18]Douglas R. Stinson.密码学原理与实践[M].冯登国.第三版.北京,电子工业出版社.2003.
[19]陈恭亮.信息安全数学基础[M].北京,清华大学出版社,2004.
[20]W. B. Mao, Modern cryptography: theory and practice [M]. Publishing House of Electronics Industry,2004.
[21]R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems [J]. Communications of the ACM,1978:21(2):120-126.
[22]E. Asadi. Computing Weil and Tate Pairing and Application in Cryptography [EB/OL], http://www.math.vu.nl/~asadi/,2003.
[23]D. Boneh, M. Franklin, Identity-based encryption from the weil pairing. Advances in Cryptology-Crypto'01 [C]. Springer-Verlag 2001,2139:213-229.
[24]S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing [J],1988,17(2):281-308.
[25]S.D Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing [A]. Algorithmic Number Theory Symposium-ANTS-V [C], Springer-Verlag,2002,2369: 324-337.
[26]C.G. Gunther An Identity-based Key-exchange Protocol [A]. Advances in Cryptology-Eurocrypt'89 [C], Berlin, Springer-Verlag,1990,434:29-37.
[27]R. Anderson. Invited Lecture Fourth Annual Conference on Computer and Communications Security [C],ACM,1997.
[28]W. Susilo, Y. Mu. Non-interactive deniable ring authentication [A]. ICISC2003 [C]. Springer-Verlag,2004:386-401.
[29]M. Bellare, S.K. Miner. A Forward-secure Digital Signature Scheme. Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology [C], London, Springer-Verlag,1999,1666:431-448.
[30]W. Diffie, M.E. Hellman. Multi-user cryptographic techniques. Federal Information Processing Standard Conference [C].1976,45:109-112.
[31]张先红.数字签名原理及技术[M].北京,机械工业出版社,2004.
[32]B. Schneier.应用密码学-协议、算法与C源程序[M].吴世忠.北京,机械工业出
版社.2000.
[33]陈鲁生,沈世镒.现代密码学[M].第二版.北京,科学出版社,2002.
[34]David Chaum. Blind signature for untraceable payments. Advances in Cryptology-Crypto'82 [C] Proc. New York, Plenum,1983:199-203.
[35]徐光宝.盲签名方案及其应用研究[D].陕西师范大学硕士学位论文.2005:4-5.
[36]D Chaum, Evan Heyst. Group signatures [A]. D. W. Davies, editor, Advances in Cryptology-Eurocrpt'91 [C], Lectures Notes in Computer Science. Springer-Verlag, 1991,547:257-265.
[37]Z. Gan, K.F Chen. A new verifiable ring signature scheme [J]. Acta Sscientlarum Naturalium Universitatis Sunyatsenii,2004,43(2):132-134.
[38]K.C. Lee, H. Wei, T. Hwang. Convertible ring signature [A]. IEEE Proc Commum 2005 [C].2005:411-414.
[39]Y. Komano, K. Ohta, A. Shimbo, et al. Toward the fair anonymous signatures deniable ring signature [A]. CT-RSA 2006 [C]. Springer-Verlag,2006:174-191.
[40]C.H. Wang, C.Y. Liu. A new ring signature scheme with signer-admission property [J]. Information Sciences,2006,177(3):747-754.
[41]Q. Lei, Z.T. Jiang, Y.M. Wang. Ring-based anonymous finger-printing scheme [A]. CIS 2005 [C]. Springer-Verlag,2005:1080-1085.
[42]A. shamir, Identity based cryptosystems and signature schemes. Advances in Cryptology Crypto'84 [C]; Spring-Verlag,1984, LNCS 196:47-53.
[43]F. Zhang and K. Kim. ID-based blind signature and ring signature from Pairings. In: Asiacrypt'02 [C], Lecture Notes in Computer Science 2501, Berlin: Springer-Verlag, 2002:533-547.
[44]S. Mitsunari, R. Sakai and M. Kasahara, A new traitor tracing [J], IEICE Trans. Fundamentals,2002, E85-A(2):481-484.
[45]H.Y Chien. Highly Efficient ID-based Ring Signature from Pairings. IEEE Asia-Pacific Services Computing Conference [C].2008.
[46]兰宜生.电子商务基础教程[M].北京,清华大学出版社.2003.
[47]陈恺,魏仕民,肖国镇.电子现金系统的研究与发展[J].西安电子科技大学学报.2000.27(4):510-514
[48]S. Brands. An efficient off-line electronic cash system based on the representation problem [R]. Technical Report, CS-R9323, CWI, Amsterdam,1993:77.
[49]B. Waters. Efficient identity-based encryption without random oracles [C]. Eurocrypt'05,2005,3494:114-127.
[50]K. Amit, Awasthi and Sunder Lal. ID-based Ring Signature and Proxy Ring Signature
Schemes from Bilinear Pairings [J]. International Journal of Network Security,2007, 4(2):187-192.
[51]J.Q. Lv, X.M. Wang. Verifiable ring signature [A]. DMS [C].USA,2003:663-665.
[52]C.Z. Gao, Z.A. Yao, L. Li. A ring signature scheme based on the Nyberg-rueppel signature scheme [A].ACNS,2003 [C]. Springer-Verlag,2003:169-175.
[53]J. Herranz, G. S'aez. Forking lemmas for ring signature schemes [A], proc Indocrypt'03 [C]. Springer-Verlag,2003:266-279.
[54]F.G. Zhang, S.N. Reihaneh, C.Y. Lin. New Proxy Signature, Proxy blind signature and proxy ring signature schemes from bilinear pairings [EB/OL]. http://eprint.iacr.org/2003/104,2003.
[55]P.P. Tsang, V.K. Wei, T.K. Chan, et al. Separable linkable threshold ring signature [A]. Proc Indocrypt'04 [C]. Springer-Verlag,2004:384-398.
[56]J. Herranz, G. S'aez. New identity-based ring signature schemes [A]. ICICS 2004 [C].Springer-Verlag,2004:27-39.
[57]L. Nguyen. Accumulator from bilinear pairings and application to ID-based ring signatures and group membership revocation [A]. CT-RSA 2005 [C]. San Francisco, CA USA. Springer-Verlag,2005:275-292.
[58]J.K. Liu, D.S. Wong. Solutions to key exposure problem in ring signature [EB/OL]. http://eprint.iacr.org/2005/427/,2005.
[59]F.G. Zhang, X.F. Chen, Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA05 [EB/OL].http://eprint.iacr.org/2005/103/, 2005.
[60]Y.Q. Chen, W. Susilo, Y. Mu. Identity-based anonymous designated ring signatures [A]. IWCMC'06 [C]. Vancouver, British Columbia, Canada,2006:189-194.
[61].D. Chaum, A. Fiat and M. Naor. Untraceable electronic cash [A]. Advances in Cryptology-Crypto'88 [C]. Berlin:Springer-Verlag,1989:319-327.
[62]张方国,张福泰,王育民.多银行电子现金系统[J]_计算机学报,2001,24(5):455-462.
[63]J. Traore, S. Canard. On fair e-cash systems based on group signature schemes [A]. In:ACISP'03 [C]. Berlin:Springer-Verlag,2003:237-248.
[64]D. Boneh, M. Frankin. Identity-based encryption from the weil pairing [A]. Crypto'01 [C]. Berlin. Springer-Verlag,2001:213-229.
[65]K.G. Patcrson, J.C.N. Schuldt. Efficient identity-based signatures secure in the standard model [A]. In:ACISP'06 [C]. Springer-Verlag,2006,4058:207-222.
[66]M.H. Au, J.K. Liu and T.H. Yuen, et al. ID-based ring signature scheme secure in the standard model [C]. IWSEC'06,2006,4266:1-16.
[67]Y.Y Zhang. H. Li and Y.M Wang. Identity-based ring signature scheme under standard model [J]. journal of Communications,2008,29(4):40-44.
[68]刘振华,胡予濮,牟宁波,马华.新的标准模型下基于身份的坏签名方案[J].电子与信息学报.2009,31(7):1727-1731.
[69]王化群,于红,吕显强,等.两个标准模型中可证安全的环签名方案的安全性分析及其改进[J].通信学报.2008,29(8):57-62.
[70]J.K. Liu, D.S. Wong. On the security of (threshold) ring signature scheme [C]. proc of ICISC'04, Berlin, Springer-Verlag,2004:204-217.
[2]R.L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. Advances in Cryptology Asiacrypt'01 [C], Lecture Notes in Computer Science. Berlin: Springer-Verlag,2001, 2248:552-565.
[3]M Abe, M Ohkubo, K Suzuki.1-out of-n signatures from a variety of keys [A]. Proc Asiacrypt'02 [C]. Springer-Verlag,2002,2501:415-423.
[4]F.G. Zhang, K. Kim. ID-based blind signature and'ring signature from pairings [A]. Proc Asiacrypt'02 [C]. Springer-Verlag,2002,2501:533-547.
[5]E. Bresson, J. Stern, M. Szydlo. Threshold ring signatures and applications to ad-hoc groups [A]. Proc CRYPTO'02 [C]. Springer-Verlag,2002,2442:465-480.
[6]M. Naor. Deniable ring authentication [A]. Advances in Cryptology-Crypto'02 [C]. Springer-Verlag,2002,2442:481-498.
[7]Y. Dodis, A. Kiayias, A. Nicolosi, et al. Anonymous identification in ad-hoc groups [A]. Proc Eurocrypt'04 [C]. Springer-Verlag,2004,3027:609-626.
[8]J. Benaloh, M.D. Mare. One-way accumulators:a decentralized alternative to digital signatures [A]. Advances in Cryptology-Eurocrypt'93 [C]. Springer-Verlag,1993, 765:274-285.
[9]T.K. Chan, K. Fung, J.K. Liu, et al. Blind spontaneous anonymous group signatures for ad-hoc groups [A]. ESAS 2004 [C]. Springer-Verlag,2005,3313:82-94.
[10]L. Nguyen. Accumulator from bilinear pairings and application to ID-based ring signatures and group membership revocation [A].CT-RSA 2005[C].San Francisco, CA USA. Springer-Verlag,2005:275-292.
[11]Q.H. Wu, F.G. Zhang, W. Susilo, et al. An efficient static blind ring signature scheme [A]. ICISC 2005 [C]. Springer-Verlag,2006,3935:410-423.
[12]D. Chaum. Blind signatures for untraceable payments [A]. In:Advances in Cryptology, Proc of CRYPTO'82 [C]. Santa California: Springer-Verlag,1983,1440:199-203.
[13]李梦东,杨义先,马春光,等.由群签名实现的可撤销匿名性的电子现金方案[J].北京邮电大学学报,2005,28(2):30-33.
[14]J.K. Liu, V.K. Wei, D.S. Wong. Linkable spontaneous anonymous group signature for Ad-hoc groups [A] Proc. ACISP'04. [C]. Springer-Verlag,2004,3108:325-335.
[15]P.P. Tsang, V.K. Wei. Short linkable ring signatures for e-voting, e-cash and attestation [A] ISPEC 2005. [C]. Springer-Verlag,2005,3439:48-60.
[16]L.L Wang, G.Y Zhang, C.G Ma. A Short Linkable Ring Signature Scheme for E-Cash Protocol. Journal of Beijing University of Posts and Telecommunications [J], 2008:1007-5321.
[17]柯召,孙琦.数论讲义[M].北京大学出版社,1998.
[18]Douglas R. Stinson.密码学原理与实践[M].冯登国.第三版.北京,电子工业出版社.2003.
[19]陈恭亮.信息安全数学基础[M].北京,清华大学出版社,2004.
[20]W. B. Mao, Modern cryptography: theory and practice [M]. Publishing House of Electronics Industry,2004.
[21]R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems [J]. Communications of the ACM,1978:21(2):120-126.
[22]E. Asadi. Computing Weil and Tate Pairing and Application in Cryptography [EB/OL], http://www.math.vu.nl/~asadi/,2003.
[23]D. Boneh, M. Franklin, Identity-based encryption from the weil pairing. Advances in Cryptology-Crypto'01 [C]. Springer-Verlag 2001,2139:213-229.
[24]S. Goldwasser, S. Micali, R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing [J],1988,17(2):281-308.
[25]S.D Galbraith, K. Harrison and D. Soldera. Implementing the Tate pairing [A]. Algorithmic Number Theory Symposium-ANTS-V [C], Springer-Verlag,2002,2369: 324-337.
[26]C.G. Gunther An Identity-based Key-exchange Protocol [A]. Advances in Cryptology-Eurocrypt'89 [C], Berlin, Springer-Verlag,1990,434:29-37.
[27]R. Anderson. Invited Lecture Fourth Annual Conference on Computer and Communications Security [C],ACM,1997.
[28]W. Susilo, Y. Mu. Non-interactive deniable ring authentication [A]. ICISC2003 [C]. Springer-Verlag,2004:386-401.
[29]M. Bellare, S.K. Miner. A Forward-secure Digital Signature Scheme. Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology [C], London, Springer-Verlag,1999,1666:431-448.
[30]W. Diffie, M.E. Hellman. Multi-user cryptographic techniques. Federal Information Processing Standard Conference [C].1976,45:109-112.
[31]张先红.数字签名原理及技术[M].北京,机械工业出版社,2004.
[32]B. Schneier.应用密码学-协议、算法与C源程序[M].吴世忠.北京,机械工业出
版社.2000.
[33]陈鲁生,沈世镒.现代密码学[M].第二版.北京,科学出版社,2002.
[34]David Chaum. Blind signature for untraceable payments. Advances in Cryptology-Crypto'82 [C] Proc. New York, Plenum,1983:199-203.
[35]徐光宝.盲签名方案及其应用研究[D].陕西师范大学硕士学位论文.2005:4-5.
[36]D Chaum, Evan Heyst. Group signatures [A]. D. W. Davies, editor, Advances in Cryptology-Eurocrpt'91 [C], Lectures Notes in Computer Science. Springer-Verlag, 1991,547:257-265.
[37]Z. Gan, K.F Chen. A new verifiable ring signature scheme [J]. Acta Sscientlarum Naturalium Universitatis Sunyatsenii,2004,43(2):132-134.
[38]K.C. Lee, H. Wei, T. Hwang. Convertible ring signature [A]. IEEE Proc Commum 2005 [C].2005:411-414.
[39]Y. Komano, K. Ohta, A. Shimbo, et al. Toward the fair anonymous signatures deniable ring signature [A]. CT-RSA 2006 [C]. Springer-Verlag,2006:174-191.
[40]C.H. Wang, C.Y. Liu. A new ring signature scheme with signer-admission property [J]. Information Sciences,2006,177(3):747-754.
[41]Q. Lei, Z.T. Jiang, Y.M. Wang. Ring-based anonymous finger-printing scheme [A]. CIS 2005 [C]. Springer-Verlag,2005:1080-1085.
[42]A. shamir, Identity based cryptosystems and signature schemes. Advances in Cryptology Crypto'84 [C]; Spring-Verlag,1984, LNCS 196:47-53.
[43]F. Zhang and K. Kim. ID-based blind signature and ring signature from Pairings. In: Asiacrypt'02 [C], Lecture Notes in Computer Science 2501, Berlin: Springer-Verlag, 2002:533-547.
[44]S. Mitsunari, R. Sakai and M. Kasahara, A new traitor tracing [J], IEICE Trans. Fundamentals,2002, E85-A(2):481-484.
[45]H.Y Chien. Highly Efficient ID-based Ring Signature from Pairings. IEEE Asia-Pacific Services Computing Conference [C].2008.
[46]兰宜生.电子商务基础教程[M].北京,清华大学出版社.2003.
[47]陈恺,魏仕民,肖国镇.电子现金系统的研究与发展[J].西安电子科技大学学报.2000.27(4):510-514
[48]S. Brands. An efficient off-line electronic cash system based on the representation problem [R]. Technical Report, CS-R9323, CWI, Amsterdam,1993:77.
[49]B. Waters. Efficient identity-based encryption without random oracles [C]. Eurocrypt'05,2005,3494:114-127.
[50]K. Amit, Awasthi and Sunder Lal. ID-based Ring Signature and Proxy Ring Signature
Schemes from Bilinear Pairings [J]. International Journal of Network Security,2007, 4(2):187-192.
[51]J.Q. Lv, X.M. Wang. Verifiable ring signature [A]. DMS [C].USA,2003:663-665.
[52]C.Z. Gao, Z.A. Yao, L. Li. A ring signature scheme based on the Nyberg-rueppel signature scheme [A].ACNS,2003 [C]. Springer-Verlag,2003:169-175.
[53]J. Herranz, G. S'aez. Forking lemmas for ring signature schemes [A], proc Indocrypt'03 [C]. Springer-Verlag,2003:266-279.
[54]F.G. Zhang, S.N. Reihaneh, C.Y. Lin. New Proxy Signature, Proxy blind signature and proxy ring signature schemes from bilinear pairings [EB/OL]. http://eprint.iacr.org/2003/104,2003.
[55]P.P. Tsang, V.K. Wei, T.K. Chan, et al. Separable linkable threshold ring signature [A]. Proc Indocrypt'04 [C]. Springer-Verlag,2004:384-398.
[56]J. Herranz, G. S'aez. New identity-based ring signature schemes [A]. ICICS 2004 [C].Springer-Verlag,2004:27-39.
[57]L. Nguyen. Accumulator from bilinear pairings and application to ID-based ring signatures and group membership revocation [A]. CT-RSA 2005 [C]. San Francisco, CA USA. Springer-Verlag,2005:275-292.
[58]J.K. Liu, D.S. Wong. Solutions to key exposure problem in ring signature [EB/OL]. http://eprint.iacr.org/2005/427/,2005.
[59]F.G. Zhang, X.F. Chen, Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA05 [EB/OL].http://eprint.iacr.org/2005/103/, 2005.
[60]Y.Q. Chen, W. Susilo, Y. Mu. Identity-based anonymous designated ring signatures [A]. IWCMC'06 [C]. Vancouver, British Columbia, Canada,2006:189-194.
[61].D. Chaum, A. Fiat and M. Naor. Untraceable electronic cash [A]. Advances in Cryptology-Crypto'88 [C]. Berlin:Springer-Verlag,1989:319-327.
[62]张方国,张福泰,王育民.多银行电子现金系统[J]_计算机学报,2001,24(5):455-462.
[63]J. Traore, S. Canard. On fair e-cash systems based on group signature schemes [A]. In:ACISP'03 [C]. Berlin:Springer-Verlag,2003:237-248.
[64]D. Boneh, M. Frankin. Identity-based encryption from the weil pairing [A]. Crypto'01 [C]. Berlin. Springer-Verlag,2001:213-229.
[65]K.G. Patcrson, J.C.N. Schuldt. Efficient identity-based signatures secure in the standard model [A]. In:ACISP'06 [C]. Springer-Verlag,2006,4058:207-222.
[66]M.H. Au, J.K. Liu and T.H. Yuen, et al. ID-based ring signature scheme secure in the standard model [C]. IWSEC'06,2006,4266:1-16.
[67]Y.Y Zhang. H. Li and Y.M Wang. Identity-based ring signature scheme under standard model [J]. journal of Communications,2008,29(4):40-44.
[68]刘振华,胡予濮,牟宁波,马华.新的标准模型下基于身份的坏签名方案[J].电子与信息学报.2009,31(7):1727-1731.
[69]王化群,于红,吕显强,等.两个标准模型中可证安全的环签名方案的安全性分析及其改进[J].通信学报.2008,29(8):57-62.
[70]J.K. Liu, D.S. Wong. On the security of (threshold) ring signature scheme [C]. proc of ICISC'04, Berlin, Springer-Verlag,2004:204-217.