门限密码体制的形式化安全研究
|
摘要
随着计算机网络以及信息技术的飞速发展,为了解决网络系统中的单点故障问题,增强系统抗攻击能力,分布式环境下的安全性越来越受到人们的重视。门限密码体制是解决这类问题的一种最有效和最具潜力的技术。同时,由于分布式环境的复杂性,使得研究工作具有一定的难度和挑战。近几年来,国内外许多学者对于门限密码系统进行了深入研究。然而,就我们所知,对不同公钥密码环境下的门限密码系统的形式化安全性研究尚不够完善。而是否具有形式化的可证安全性,是衡量密码体制是否安全的最重要的标准。因此,开展门限密码体制的形式化研究,不仅对网络安全及信息化建设具有重要意义,而且具有重要的学术价值。
本文研究的重点在于通过形式化的方法系统的研究和设计一系列门限密码体制,完善公钥环境下对门限体制的研究。主要研究成果如下:
1.从降低密码系统中用户公钥管理代价来考虑,基于身份的门限密码体制的研究非常有意义。然而,目前对基于身份环境下的门限密码体制研究并不充分。因此,我们设计了一系列基于身份的门限解密体制。包括两个可证安全的基于身份的门限解密体制,以及一个能解决基于身份体制下成员动态更新问题的门限解密方案。我们提出的方案在完备的安全模型下具有可证安全性,且特别考虑了分布式环境的灵活性。弥补了已有相关工作中的不足,完善了对基于身份分布式体制的建模及形式化研究。
2.无证书密码体制是现代密码学中的一个重要的领域,然而就我们所知,目前仍没有针对无证书环境下分布式系统的专门研究。此外,需要根据分布式环境的特点,尽可能降低通信带宽以及减少分布式运算代价。因此,我们在论文中对无证书门限密码系统进行了形式化定义,提出了一个无证书门限解密体制,以及一个高效的无证书门限密钥封装机制,并在随机预言模型下对方案进行了安全证明。这是针对无证书体制在分布式环境下的首次形式化建模,是将无证书体制与分布式解密相结合的未来工作的基础。
3.密钥托管问题是基于身份密码体制的推广瓶颈。但为了平衡用户隐私权和政府对通信的监听权,又需要使用门限密钥托管。目前为止,仍缺乏对门限密钥托管的形式化研究。因此,我们首先提出了一种通用转换,从而解决基于身份密码体制的密钥托管问题。随后,对门限密钥托管进行了形式化定义,并提出了可证安全的具体方案。最后,提出了一个基于圆锥曲线的动态门限密钥托管体制。我们给出的通用方法在一定程度上解决了基于身份的密码体制的应用瓶颈。对门限密钥托管系统所作的安全模型抽象,则是形式化分析门限密钥托管系统安全性的基础。
With the rapid development of computer network and information technology, how tosolve the single-point failure in network system and the security problem in distributed sur-roundings has become more and more concerned. The threshold cryptography is one of themost efficient and potential techniques. Meanwhile, the distributed system is far more com-plex than the centralized one, which brings great difficulty and challenge to researchers. Inrecently years, many specialists both at home and abroad have made deep research on thresh-old cryptography. However, as far as we know, the research on threshold cryptography’sformal security is not ideal enough. While, the most important principle in evaluating a cryp-tosystem is whether it can be proved to be secure formally. Therefore, from the viewpointof theory and applications, to research the threshold cryptosystem with formal method is ofgreat importance and plays an important role in network security and academic value.Thereby, our point in this thesis is to study and design threshold cryptography schemessystematically via formalization means,to complete the study on threshold system in publickey setting. Our main achievements are as follows:
1. From the point of view of reducing the cost of pubic key management in cryptosys-tem, the study on identity based threshold cryptosystem is significant. However, theresearch on identity based threshold cryptography is insufficient. Thus we design aseries of identity based threshold decryption schemes, including two provable secureidentity based threshold decryption schemes, and a scheme focusing on the dynamicproblem of threshold cryptosystem. Our scheme is provably secure in the full model.Especially, we take the ?exibility of distributed system into consideration. We im-proved the related works and accomplished the modeling and formal study of identitybased distributed cryptosystem.
2. Certificateless cryptography is one of the most important topics in modern cryptog-raphy. However, as far as we know, the certificateless threshold cryptography is notyet been studied specifically. Moreover, the bandwidth and the cost of communication need to be minimized in distributed surrounding. Thus, we define the formal model ofcertificateless threshold cryptosystem, and construct a certificateless threshold cryp-tosystem and an efficient certificateless key encapsulation mechanism. We provideprovable security proof in the random oracle model for each of them. We formalizethe study on certificateless cryptosystem in the distributed system for the first time,which lays foundation of the future work.
3. Key escrow problem acts as the bottleneck in the application of identity based cryp-tosystem. However, to balance the user’s privacy and the government’s monitoringpower, we need to use the concept of the threshold key escrow. Since the relative studyis established at present, we proposed a generic construction to solve the key escrowproblem in identity based cryptosystem. Then we gave the formal definition of thresh-old key escrow and proposed a fully secure scheme. At last, we designed a dynamicthreshold key escrow system based on conic curve. The general construction solvesthe bottleneck in identity based cryptosystem from some point of view. We abstractedthe security model for threshold key escrow system, and lays foundation for analysingthe threshold key escrow cryptosystem with formalized methods.
本文研究的重点在于通过形式化的方法系统的研究和设计一系列门限密码体制,完善公钥环境下对门限体制的研究。主要研究成果如下:
1.从降低密码系统中用户公钥管理代价来考虑,基于身份的门限密码体制的研究非常有意义。然而,目前对基于身份环境下的门限密码体制研究并不充分。因此,我们设计了一系列基于身份的门限解密体制。包括两个可证安全的基于身份的门限解密体制,以及一个能解决基于身份体制下成员动态更新问题的门限解密方案。我们提出的方案在完备的安全模型下具有可证安全性,且特别考虑了分布式环境的灵活性。弥补了已有相关工作中的不足,完善了对基于身份分布式体制的建模及形式化研究。
2.无证书密码体制是现代密码学中的一个重要的领域,然而就我们所知,目前仍没有针对无证书环境下分布式系统的专门研究。此外,需要根据分布式环境的特点,尽可能降低通信带宽以及减少分布式运算代价。因此,我们在论文中对无证书门限密码系统进行了形式化定义,提出了一个无证书门限解密体制,以及一个高效的无证书门限密钥封装机制,并在随机预言模型下对方案进行了安全证明。这是针对无证书体制在分布式环境下的首次形式化建模,是将无证书体制与分布式解密相结合的未来工作的基础。
3.密钥托管问题是基于身份密码体制的推广瓶颈。但为了平衡用户隐私权和政府对通信的监听权,又需要使用门限密钥托管。目前为止,仍缺乏对门限密钥托管的形式化研究。因此,我们首先提出了一种通用转换,从而解决基于身份密码体制的密钥托管问题。随后,对门限密钥托管进行了形式化定义,并提出了可证安全的具体方案。最后,提出了一个基于圆锥曲线的动态门限密钥托管体制。我们给出的通用方法在一定程度上解决了基于身份的密码体制的应用瓶颈。对门限密钥托管系统所作的安全模型抽象,则是形式化分析门限密钥托管系统安全性的基础。
With the rapid development of computer network and information technology, how tosolve the single-point failure in network system and the security problem in distributed sur-roundings has become more and more concerned. The threshold cryptography is one of themost efficient and potential techniques. Meanwhile, the distributed system is far more com-plex than the centralized one, which brings great difficulty and challenge to researchers. Inrecently years, many specialists both at home and abroad have made deep research on thresh-old cryptography. However, as far as we know, the research on threshold cryptography’sformal security is not ideal enough. While, the most important principle in evaluating a cryp-tosystem is whether it can be proved to be secure formally. Therefore, from the viewpointof theory and applications, to research the threshold cryptosystem with formal method is ofgreat importance and plays an important role in network security and academic value.Thereby, our point in this thesis is to study and design threshold cryptography schemessystematically via formalization means,to complete the study on threshold system in publickey setting. Our main achievements are as follows:
1. From the point of view of reducing the cost of pubic key management in cryptosys-tem, the study on identity based threshold cryptosystem is significant. However, theresearch on identity based threshold cryptography is insufficient. Thus we design aseries of identity based threshold decryption schemes, including two provable secureidentity based threshold decryption schemes, and a scheme focusing on the dynamicproblem of threshold cryptosystem. Our scheme is provably secure in the full model.Especially, we take the ?exibility of distributed system into consideration. We im-proved the related works and accomplished the modeling and formal study of identitybased distributed cryptosystem.
2. Certificateless cryptography is one of the most important topics in modern cryptog-raphy. However, as far as we know, the certificateless threshold cryptography is notyet been studied specifically. Moreover, the bandwidth and the cost of communication need to be minimized in distributed surrounding. Thus, we define the formal model ofcertificateless threshold cryptosystem, and construct a certificateless threshold cryp-tosystem and an efficient certificateless key encapsulation mechanism. We provideprovable security proof in the random oracle model for each of them. We formalizethe study on certificateless cryptosystem in the distributed system for the first time,which lays foundation of the future work.
3. Key escrow problem acts as the bottleneck in the application of identity based cryp-tosystem. However, to balance the user’s privacy and the government’s monitoringpower, we need to use the concept of the threshold key escrow. Since the relative studyis established at present, we proposed a generic construction to solve the key escrowproblem in identity based cryptosystem. Then we gave the formal definition of thresh-old key escrow and proposed a fully secure scheme. At last, we designed a dynamicthreshold key escrow system based on conic curve. The general construction solvesthe bottleneck in identity based cryptosystem from some point of view. We abstractedthe security model for threshold key escrow system, and lays foundation for analysingthe threshold key escrow cryptosystem with formalized methods.
引文
[1] Masayuki Abe and Serge Fehr. Adaptively secure feldman vss and applications touniversally-composable threshold cryptography. In Advances in Cryptology –CRYPTO2004, volume 3152 of LNCS, pages 317–334. Springer-Verlag, Berlin, Germany, 2004.
[2] Masayuki Abe, Rosario Gennaro, Kaoru Kurosawa, and Victor Shoup. Tag-kem/dem: Anew framework for hybrid encryption and a new analysis of kurosawa-desmedt kem. InAdvances in Cryptology - EUROCRYPT 2005, volume 3494 of LNCS, pages 128–146,2005.
[3] S. S. Al-Riyami. Cryptographic schemes based on elliptic curve pairings. PhD thesis,University of London, 2004.
[4] Sattam S. Al-Riyami and Kenneth G. Paterson. Certificateless public key cryptography.In Advances in Cryptology - Asiacrypt 2003, volume 2894 of LNCS, pages 452–473.Springer-Verlag, Berlin, Germany, 2003.
[5] Sattam S. Al-Riyami and Kenneth G. Paterson. Cbe from cl-pke: A generic constructionand efficient schemes. In Public Key Cryptography - PKC 2005, volume 3386 of LNCS,pages 398–415. Springer-Verlag, Berlin, Germany, 2005.
[6] J. Baek and Y. Zheng. Identity-based threshold decryption. In Proceedings of PKC ’04,volume 2947 of LNCS, pages 262–276. Springer-Verlag, Berlin, Germany, 2004.
[7] D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adver-saries. In Advances in Cryptology - Eurocrypt ’92, volume 658 of LNCS, pages 307–323.Springer-Verlag, Berlin, Germany, 1992.
[8] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of securityfor public-key encryption schemes. In Advances in Cryptology - Crypto 98 Proceedings,volume 1462 of LNCS, pages 26–45. Springer-Verlag, Berlin, Germany, 1998.
[9] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for design-ing efficient protocols. In Proceedings of the First ACM Conference on Computer andCommunications Security, pages 62–73. ACM Press, New York, USA, 1993.
[10] K. Bentahar, P. Farshim, J. Malone-Lee, and N. P. Smart. Generic construction of identity-based and certificateless kems. Cryptography ePrint Archive, Report 2005/58 2005,http://eprint.iacr.org/, 2005.
[11] G. R. Blakley. Safeguarding cryptographic keys. In AFIPS 1979 national computer con-ference, 1979.
[12] M. Blum, A. D. Santis, S. Micali, and G. Persiano. Non-interactive zero knowledge. SIAMJ. Comput., 20(6):1084–1118, 1991.
[13] A. Boldyreva. Threshold signature, multisignature and blind signature schemes basedon the gap-diffie-hellman-group signature scheme. In Proceedings of PKC 2003, volume2567 of LNCS, pages 31–48. Springer-Verlag, Berlin, Germany, 2003.
[14] D. Boneh, X. Boyen, and S. Halevi. Chosen ciphertext secure public key threshold en-cryption without random oracles. In Proceedings of RSA-CT ’06, volume 3860 of LNCS,pages 226–243. Springer-Verlag, Berlin, Germany, 2006.
[15] D. Boneh, X. Ding, G. Tsudik, and M. Wong. A method for fast revocation of public keycertificates and security capabilities. In Proceedings of the 10th Annual USENIX SecuritySymposium, pages 297–308, Washington, DC, 2001.
[16] D. Boneh, X.Ding, and G. Tsudik. Identity-based mediated rsa. In 3rd International Work-shop on Information and Security Applications - WISA ’02, Jeju Island, Korea, 2002.
[17] Dan Boneh and Xavier Boyen. Efficient selective-id secure identity based encryptionwithout random oracles. In Advances in Cryptology - EUROCRYPT 2004, volume 3027of LNCS, pages 223–238. Springer-Verlag, Berlin, Germany, 2004.
[18] Dan Boneh and Xavier Boyen. Secure identity based encryption without random ora-cles. In Advances in Cryptology - CRYPTO 2004, volume 3152 of LNCS, pages 443–459.Springer-Verlag, Berlin, Germany, 2004.
[19] Dan Boneh and Matt Franklin. Identity-based encryption from the Weil pairing. In Ad-vances in Cryptology - Crypto 2001, volume 2139 of LNCS, pages 213–229. Springer-Verlag, Berlin, Germany, 2001.
[20] X. Boyen, Q. Mei, and B. Waters. Direct chosen ciphertext security from identity-basedtechniques. In proceedings of the 12th ACM conference on computer and communicationssecurity - CCS 2005, pages 320–329. New York, ACM Press, 2005.
[21] Ernest F. Brickell, Giovanni Di Crescenzo, and Yair Frankel. Sharing block ciphers. In Pro-ceedings of the 5th Australasian Conference on Information Security and Privacy, volume1841 of LNCS, pages 457–470. Springer-Verlag, Berlin, Germany, 2000.
[22] Ernest F. Brickell and Daniel M. Davenport. On the classification of ideal secret sharingschemes. Journal of Cryptology, 4(2):123–134, 2004.
[23] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited (ex-tended abstract). In The 30th Annual ACM Symposium on Theory of Computing, pages209–218. ACM Press, New York, USA, 1998.
[24] Ran Canetti, Ivan Damga?rd, Stefan Dziembowski, Yuval Ishai, and Tal Malkin. On adaptivevs. non-adaptive security of multiparty protocols. In Advances in Cryptology-Eurocrypt2001, volume 2045 of LNCS, pages 262–279. Springer-Verlag, Berlin, Germany, 2001.
[25] Ran Canetti, Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Adap-tive security for threshold cryptosystems. In Advances in Cryptology - CRYPTO ’99, vol-ume 1666 of LNCS, pages 98–115. Springer-Verlag, Berlin, Germany, 1999.
[26] Ran Canetti and Shafi Goldwasser. An efficient threshold public key cryptosystem secureagainst adaptive chosen ciphertext attack. In Advances in Cryptology - Eurocrypt ’99,volume 1592 of LNCS, pages 90–106. Springer-Verlag, Berlin, Germany, 1999.
[27] Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In Advances in Cryptology - EUROCRYPT.2004, volume 3027 ofLNCS, pages 207–222. Springer-Verlag, Berlin, Germany, 2004.
[28] Z. F. Cao. About the re-sharing of secret sharing (in chinese). In Advances in Cryptology- ChinaCrypt’92, 1992.
[29] Z. F. Cao. A public key cryptosystem based on conic over finite fields fp (in chinese). InAdvances in Cryptology - Chinacrypt’98. Science Press, 1998.
[30] Z. F. Cao. Conic analogy of rsa cryptosystem and some improved rsa cryptosystems (inchinese). Journal of Natural Science of Heilongjiang University, 16(4):15–18, 1999.
[31] Z. F. Cao. A threshold key escrow scheme based on the public key cryptosystem. Sciencein China (Series E), 44(4):441–448, 2001.
[32] Z. C. Chai, Z. F. Cao, and R. X. Lu. Id-based threshold decryption without random oraclesand its application in key escrow. In Proceedings of the 3rd international conference onInformation security, pages 119–124. ACM Press, New York, USA, 2004.
[33] L. Chen, K. Harrison, D. Soldera, and N.P. Smart. Applications of multiple trust authoritiesin pairing based cryptosystems. In Infrastructure Security - InfraSec 2002, volume 2437of LNCS, pages 260–275. Springer-Verlag, Berlin, Germany, 2002.
[34] Xiaofeng Chen, Fangguo Zhang, Divyan M. Konidala, and Kwangjo Kim. New id-basedthreshold signature scheme from bilinear pairings. In Progress in Cryptology - IN-DOCRYPT 2004, volume 3348 of LNCS, pages 371–383. Springer-Verlag, Berlin, Ger-many, 2004.
[35] Zhaohui Cheng, Richard Comley, and Luminita Vasiu. Remove key escrow from theidentity-based encryption system. In IFIP TCS 2004, pages 37–50, Toulouse, France,August 2004.
[36] Sherman S.M. Chow, Lucas C.K. Hui, and S.M. Yiu. Identity based threshold ring signa-ture. In Information Security and Cryptology –ICISC 2004, volume 3506 of LNCS, pages218–232. Springer-Verlag, Berlin, Germany, 2004.
[37] Jean-Se′bastien Coron. On the exact security of full domain hash. In Advances in Cryp-tology - CRYPTO 2000, volume 1880 of LNCS, pages 229–235. Springer-Verlag, Berlin,Germany, 2000.
[38] R. Cramer and V. Shoup. A practical public key cryptosystem provable secure againstadaptive chosen ciphertext attack. In Advances in Cryptology—Crypto ’98, volume 1462of LNCS, pages 13–25. Springer-Verlag, Berlin, Germany, 1998.
[39] R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemesecure against adaptive chosen ciphertext attack. SIAM Journal of Computing, 33:167–226, 2003.
[40] G. D. Crescenzo1, G. Arce, and R. Ge. Threshold cryptography in mobile ad hoc networks.In Security in Communication Networks - SCN 2004, volume 3352 of LNCS, pages 91–104. Springer-Verlag, Berlin, Germany, 2004.
[41] D. E. Denning and D. K. Branstad. A taxonomy for key escrow encryption systems. Com-munication of the ACM, 39(3):41–47, 1996.
[42] D. E. Denning and M. Smid. Key escrowing today. IEEE Communications Magazine,32(9):58–68, 1994.
[43] A. Dent and C. Kudla. On proofs of security for certificateless cryptosystems. CryptologryePrint Archive, Report 2005/348, http://eprint.iacr.org/2005/348., 2005.
[44] W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Infor-mation Theory, 22(6):644–654, 1976.
[45] X. Ding and G. Tsudik. Simple identity-based cryptography with mediated rsa. In Topicsin Cryptology - CT-RSA 2003, volume 2612 of LNCS, pages 1611–3349. Springer-Verlag,Berlin, Germany, 2003.
[46] D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proceedings of IEEE23th Annual ACM symposium on Theory of Computing, pages 542–552. Journal Versionin SIAM Journal on Computing, 30(2):391-437, 2000, 1991.
[47] T. ElGamal. A public key cryptosystem and a signature scheme based on discrete loga-rithms. IEEE Transactions on Information Theory, 31(4):462–472, 1985.
[48] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceed-ings of the 28th IEEE Ann. Symp. on Foundations of Computer Science - 28th FOCS,pages 427–437. IEEE, 1987.
[49] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and sig-nature problems. In Advances in Cryptology - Crypto’86, volume 263 of LNCS. Springer-Verlag, Berlin, Germany, 1986.
[50] P. Fouque and D. Pointcheval. Threshold cryptosystems secure against chosen-ciphertextattacks. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 351–368.Springer-Verlag, Berlin, Germany, 2001.
[51] Yair Frankel, Peter Gemmell, and Moti Yung. Witness-based cryptographic programchecking and robust function sharing. In Proceedings of 28th Annual ACM Symposiumon Theory of Computing - STOC ’96, pages 499–508. ACM Press, New York, USA, 1996.
[52] Yair Frankel, Philip D. MacKenzie, and Moti Yung. Robust efficient distributed rsa-keygeneration. In The Thirtieth Annual ACM Symposium on Theory of Computing - STOC’98, pages 663–672. ACM Press, New York, USA, 1998.
[53] Yair Frankel and Moti Yung. Cryptanalysis of the immunized LL public key systems. InAdvances in Cryptology - CRYPTO ’95, volume 287 of LNCS, pages 287–296. Springer-Verlag, Berlin, Germany, 1995.
[54] David Galindo and Eike Kiltz. Chosen-ciphertext secure threshold identity-based key en-capsulation without random oracles. In proceedings of Security and Cryptography forNetworks - SCN 2006, volume 4116 of LNCS, pages 173–185. Springer-Verlag, Berlin,Germany, 2006.
[55] P. Gemmel. An introduction to threshold cryptography. RSA CryptoBytes, 2(7):7–12, 1997.
[56] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure distributed key generationfor discrete-log based cryptosystem. In Advances in Cryptology - Proceedings of EURO-CRYPT ’99, volume 1592 of LNCS, pages 295–310. Springer-Verlag, Berlin, Germany,1999.
[57] Rosario Gennaro, Tal Rabin, Stanislav Jarecki, and Hugo Krawczyk. Robust and efficientsharing of RSA functions (full version). Journal of Cryptology, 13(2):273–300, 2000.
[58] C. Gentry. Certificate-based encryption and the certificate revocation problem. In Euro-crypt 2003, volume 2656 of LNCS, pages 272–293. Springer-Verlag, Berlin, Germany,2003.
[59] Marc Girault. Self-certified public keys. In Advances in Cryptology - EUROCRYPT’91,volume 547 of LNCS, pages 490–497. Springer-Verlag, Berlin, Germany, 1991.
[60] Oded Goldreich. Foundations of Cryptography Basic Tools. Cambridge University Press,2001.
[61] S. Goldwasser and S. Micali. Probabilistic encryption and how to paly mental poker, keep-ing secret all partial information. In Proceedings of 14th ACM symposium on Theory ofComputing, pages 365–377, 1982.
[62] C. Hall, I. Goldberg, and B. Schneier. Reaction attacks against several public key cryp-tosystems. In Proceedings of ICICS’99, volume 1726 of LNCS, pages 2–12. Springer-Verlag, Berlin, Germany, 1999.
[63] Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret shar-ing or: How to cope with perpetual leakage. In Advances in Cryptology - Crypto ’95,volume 963 of LNCS, pages 339–352. Springer-Verlag, Berlin, Germany, 1995.
[64] Bessie C. Hu, Duncan S. Wong, Zhenfeng Zhang, , and Xiaotie Deng. Key replacementattack against a generic construction of certificateless signature. In Information Securityand Privacy, 11th Australasian Conference, ACISP 2006, volume 4058, pages 235–246.Springer-Verlag, Berlin, Germany, 2006.
[65] Q. Huang and D. S. Wong. Generic certificateless encryption in the standard model. InCryptology ePrint Archive, Report 2007/095, http://eprint.iacr.org/, 2007.
[66] X. Huang, W. Susilo, Y. Mu, and F. Zhang. On the security of certificateless signatureschemes from asiacrypt 2003. In Proceedings of the forth International Conference Inter-national Conference on Cryptology and Network Security, pages 13–25, Xiamen, China,2005.
[67] S. Jarecki and A. Lysyanskaya. Adaptively secure threshold cryptography: Introducingconcurrency, removing erasures. In Advances in Cryptology - EUROCRYPT ’00, volume1807 of LNCS, pages 221–242. Springer-Verlag, Berlin, Germany, 2000.
[68] S. Jarecki and A. Lysyanskaya. Adaptively secure threshold cryptography without era-sures. Theory of Cryptography Library, 2000.
[69] E. E. Karnin, J. W. Greene, and M. E. Hellman. On secret sharing systems. IEEE trans-actions on information theory, 29:35–41, 1983.
[70] E. Kiltz. Chosen-ciphertext secure identity based encryption in the standard model withshort ciphertext. Cryptology ePrint Archive, Report 2006/122, http://eprint.iacr.org/, 2006.
[71] Eike Kiltz. Chosen-ciphertext secure key-encapsulation based on gap hashed diffie-hellman. In PKC 2007, volume 4450 of LNCS, pages 282–297. Springer-Verlag, Berlin,Germany, 2007.
[72] J. Kim, S. Kim, H. Kwon, S. Lee, S. Park, and D. Won. Forward secure commercial keyescrow systems. In 10th IEEE international workshops, pages 211–216, 2001.
[73] Kaoru Kurosawa and Yvo Desmedt. A new paradigm of hybrid encryption scheme. In Ad-vances in Cryptology –CRYPTO 2004, volume 3152 of LNCS, pages 426–442. Springer-Verlag, Berlin, Germany, 2004.
[74] C. S. Laih, I. Harn, J. Y. Lee, and T. Hwang. Dynamic threshold dscheme based on thedefinition of cross-product in an n-dimensional linear space. In Advances in cryptology -Eurocrypt 1989, pages 286–298. Springer-Verlag, Berlin, Germany, 1990.
[75] Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, and SeungjaeYoo. Secure key issuing in id-based cryptography. In Proceedings of the second workshopon Australasian information security, Data Mining and Web Intelligence, and SoftwareInternationalisation, volume 32, pages 69–74. Australian Computer Society, 2004.
[76] B. Libert and J. J. Quisquater. On construction certificateless cryptosystems from identitybased encryption. In Proceedings of the ninth International Conference on Theory andPractice in Public-Key Cryptography - PKC 2006, volume 3958 of LNCS, pages 474–490.Springer-Verlag, Berlin, Germany, 2006.
[77] B. Libert and J.J. Quisquater. Efficient revocation and threshold pairing based cryptosys-tems. In Proceedings of the 22 annual symposium on Principles of distributed computing,pages 163–171. ACM Press, New York, USA, 2003.
[78] C. H. Lim and P. J. Lee. Another method for attaining security against adaptively chosenciphertext attacks. In Advances in Cryptology - Crypto ’93, volume 773 of LNCS, pages420–434. Springer-Verlag, Berlin, Germany, 1994.
[79] Yehuda Lindell. A simpler construction of cca2-secure public-key encryption under generalassumptions (extended abstract). In Advances in Cryptology - Eurocrypt 2003, number2656 in LNCS, pages 241–254. Springer-Verlag, Berlin, Germany, 2003. Full version onJournal of Cryptology, Volume 19, Number 3, pages 359-377, 2005.
[80] Joseph K. Liu, Man Ho Au, and Willy Susilo. Self-generated certificate public key cryptog-raphy and certificateless signature/encryption scheme in the standard model. In Proceed-ings of the 2nd ACM symposium on Information, computer and communications security- AisaCCS, Full paper: Cryptology ePrint Archive, Report 2006/373, http://eprint.iacr.org/,pages 273–283. ACM Press, New York, NY, USA, 2007.
[81] R. Liu and X. F. Cao. Two new schemes of distributed management of communication key(in chinese). Journal of China Institute of Communications, 8(4):10–14, 1987.
[82] A. Lysyanskaya. Threshold cryptography secure against the adaptive adversary, concur-rently. Theory of Cryptography Library, 2000.
[83] Wenbo Mao. Modern Cryptography: Theory and Practice. HP Books, 2004.
[84] Keith M. Martin, Rei Safavi-Naini, Huaxiong Wang, and Peter R. Wild. Distributing the en-cryption and decryption of a block cipher. Designs, Codes and Cryptography, 36(3):263–287, 2005.
[85] Victor S. Miller. The weil pairing, and its efficient calculation. Journal of Cryptology,17(4):235–261, 2004.
[86] Moni Naor and Moti Yung. Public-key cryptosystems provably secure against chosenciphertext attacks. In 22nd Annual ACM Symposium on Theory of Computing, pages427–437. ACM Press, New York, USA, 1990.
[87] JoongHyo Oh, KyungKeun Lee, and Sang-Jae Moon. How to solve key escrow and iden-tity revocation in identity-based encryption schemes. In Information Systems Security,First International Conference - ICISS 2005, volume 3803 of LNCS, pages 290–303.Springer-Verlag, Berlin, Germany, 2005.
[88] T. Okamoto and D. Pointcheval. React: Rapid enhanced-security asymmetric cryptosys-tem transform. In Proceedings of Cryptographer’s Track at RSA Conference’01- CT-RSA’01, volume 2020 of LNCS, pages 159–175. Springer-Verlag, Berlin, Germany, 2001.
[89] T. Pedersen. A threshold cryptosystem without a trusted party. In Advances in Cryptology- Eurocrypt ’91, volume 547 of LNCS, pages 522–526. Springer-Verlag, Berlin, Germany,1991.
[90] Torben Pryds Pedersen. Non-interactive and information-theoretic secure verifiable secretsharing. In Advances in Cryptology - CRYPTO ’91, volume 576 of LNCS, pages 129–140.Springer-Verlag, Berlin, Germany, 1992.
[91] L. H. Ping, J. Z. Zhou, and H. Z. Zeng. A dynamic (k,n) threshold secret sharing schemebased on discrete logarithm. Journal of Electronics and Information Technology, 24(2),2002.
[92] D. Pointcheval. Contemporary cryptology provable security for public key schemes. In Ad-vanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, pages133–189. 2005.
[93] C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosenciphertext attack. In Advances in Cryptology - CRYPTO ’91, volume 576 of LNCS, pages433–444. Springer-Verlag, Berlin, Germany, 1991.
[94] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures andpublic key cryptosystem. Communication of ACM, 21:120–126, 1978.
[95] A. Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.
[96] A. Shamir. Partial key escrow: A new approach to software key escrow. In Proceedingsof the Key Escrow Conference, 1995.
[97] Adi Shamir. Identity-based cryptosystems and signature schemes. In Advances in Cryp-tology - CRYPTO ’84, volume 196 of LNCS, pages 47–53. Springer-Verlag, Berlin, Ger-many, 1985.
[98] C. Shannon. Communication theory of secrecy systems. Bell Systems Technical Journal,28:656–715, 1919.
[99] Victor Shoup. Practical threshold signatures. In Advances in Cryptology - EUROCRYPT2000., volume 1807 of LNCS, pages 207–220. Springer-Verlag, Berlin, Germany, 2000.
[100] Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosenciphertext attack. In Advances in Cryptology-EUROCRYPT ’98, volume 1430 of LNCS,pages 1–16. Springer-Verlag, Berlin, Germany, 1998.
[101] D.R. Stinson and R. Strobl. Provably secure distributed schnorr signatures and a (t,n)threshold scheme for implicit certificates. In Proceedings of ACISP ’01, volume 2119 ofLNCS, pages 417–434. Springer-Verlag, Berlin, Germany, 2001.
[102] H. M. Sun and S. P. Shieh. Constructions of dynamic threshold schemes. Electronicsletters, 30(24):2023–2025, 1994.
[103] H. Wang, Y. Zhang, and D. Feng. Short threshold signature schemes without random ora-cles. In Proceedings of Indocrypt 2005, volume 3797 of LNCS, pages 297–310. Springer-Verlag, Berlin, Germany, 2005.
[104] L. C. Wang, Z. F. Chao, X. X. Li, and H. F. Qian. Simulatability and security of certificatelessthreshold signatures. Information Sciences, 177(6):1382–1394, 2007.
[105] Brent Waters. Efficient identity-based encryption without random oracles. In Advancesin Cryptology –EUROCRYPT 2005, volume 3494 of LNCS, pages 114–127. Springer-Verlag, Berlin, Germany, 2005.
[106] Dae Hyun Yum and Pil Joong Lee. Generic construction of certificateless encryption. InComputational Science and Its Applications –ICCSA 2004, volume 3043 of LNCS, pages802–811. Springer-Verlag, Berlin, Germany, 2004.
[107] Z. M. Zhang. Factoring integers with conics (in chinese). Journal of Sichuan University(Natural Science Edition), 33(4):356–359, 1996.
[108] L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network Magazine, 13(6):24–30,1999.
[2] Masayuki Abe, Rosario Gennaro, Kaoru Kurosawa, and Victor Shoup. Tag-kem/dem: Anew framework for hybrid encryption and a new analysis of kurosawa-desmedt kem. InAdvances in Cryptology - EUROCRYPT 2005, volume 3494 of LNCS, pages 128–146,2005.
[3] S. S. Al-Riyami. Cryptographic schemes based on elliptic curve pairings. PhD thesis,University of London, 2004.
[4] Sattam S. Al-Riyami and Kenneth G. Paterson. Certificateless public key cryptography.In Advances in Cryptology - Asiacrypt 2003, volume 2894 of LNCS, pages 452–473.Springer-Verlag, Berlin, Germany, 2003.
[5] Sattam S. Al-Riyami and Kenneth G. Paterson. Cbe from cl-pke: A generic constructionand efficient schemes. In Public Key Cryptography - PKC 2005, volume 3386 of LNCS,pages 398–415. Springer-Verlag, Berlin, Germany, 2005.
[6] J. Baek and Y. Zheng. Identity-based threshold decryption. In Proceedings of PKC ’04,volume 2947 of LNCS, pages 262–276. Springer-Verlag, Berlin, Germany, 2004.
[7] D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adver-saries. In Advances in Cryptology - Eurocrypt ’92, volume 658 of LNCS, pages 307–323.Springer-Verlag, Berlin, Germany, 1992.
[8] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of securityfor public-key encryption schemes. In Advances in Cryptology - Crypto 98 Proceedings,volume 1462 of LNCS, pages 26–45. Springer-Verlag, Berlin, Germany, 1998.
[9] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for design-ing efficient protocols. In Proceedings of the First ACM Conference on Computer andCommunications Security, pages 62–73. ACM Press, New York, USA, 1993.
[10] K. Bentahar, P. Farshim, J. Malone-Lee, and N. P. Smart. Generic construction of identity-based and certificateless kems. Cryptography ePrint Archive, Report 2005/58 2005,http://eprint.iacr.org/, 2005.
[11] G. R. Blakley. Safeguarding cryptographic keys. In AFIPS 1979 national computer con-ference, 1979.
[12] M. Blum, A. D. Santis, S. Micali, and G. Persiano. Non-interactive zero knowledge. SIAMJ. Comput., 20(6):1084–1118, 1991.
[13] A. Boldyreva. Threshold signature, multisignature and blind signature schemes basedon the gap-diffie-hellman-group signature scheme. In Proceedings of PKC 2003, volume2567 of LNCS, pages 31–48. Springer-Verlag, Berlin, Germany, 2003.
[14] D. Boneh, X. Boyen, and S. Halevi. Chosen ciphertext secure public key threshold en-cryption without random oracles. In Proceedings of RSA-CT ’06, volume 3860 of LNCS,pages 226–243. Springer-Verlag, Berlin, Germany, 2006.
[15] D. Boneh, X. Ding, G. Tsudik, and M. Wong. A method for fast revocation of public keycertificates and security capabilities. In Proceedings of the 10th Annual USENIX SecuritySymposium, pages 297–308, Washington, DC, 2001.
[16] D. Boneh, X.Ding, and G. Tsudik. Identity-based mediated rsa. In 3rd International Work-shop on Information and Security Applications - WISA ’02, Jeju Island, Korea, 2002.
[17] Dan Boneh and Xavier Boyen. Efficient selective-id secure identity based encryptionwithout random oracles. In Advances in Cryptology - EUROCRYPT 2004, volume 3027of LNCS, pages 223–238. Springer-Verlag, Berlin, Germany, 2004.
[18] Dan Boneh and Xavier Boyen. Secure identity based encryption without random ora-cles. In Advances in Cryptology - CRYPTO 2004, volume 3152 of LNCS, pages 443–459.Springer-Verlag, Berlin, Germany, 2004.
[19] Dan Boneh and Matt Franklin. Identity-based encryption from the Weil pairing. In Ad-vances in Cryptology - Crypto 2001, volume 2139 of LNCS, pages 213–229. Springer-Verlag, Berlin, Germany, 2001.
[20] X. Boyen, Q. Mei, and B. Waters. Direct chosen ciphertext security from identity-basedtechniques. In proceedings of the 12th ACM conference on computer and communicationssecurity - CCS 2005, pages 320–329. New York, ACM Press, 2005.
[21] Ernest F. Brickell, Giovanni Di Crescenzo, and Yair Frankel. Sharing block ciphers. In Pro-ceedings of the 5th Australasian Conference on Information Security and Privacy, volume1841 of LNCS, pages 457–470. Springer-Verlag, Berlin, Germany, 2000.
[22] Ernest F. Brickell and Daniel M. Davenport. On the classification of ideal secret sharingschemes. Journal of Cryptology, 4(2):123–134, 2004.
[23] R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited (ex-tended abstract). In The 30th Annual ACM Symposium on Theory of Computing, pages209–218. ACM Press, New York, USA, 1998.
[24] Ran Canetti, Ivan Damga?rd, Stefan Dziembowski, Yuval Ishai, and Tal Malkin. On adaptivevs. non-adaptive security of multiparty protocols. In Advances in Cryptology-Eurocrypt2001, volume 2045 of LNCS, pages 262–279. Springer-Verlag, Berlin, Germany, 2001.
[25] Ran Canetti, Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Adap-tive security for threshold cryptosystems. In Advances in Cryptology - CRYPTO ’99, vol-ume 1666 of LNCS, pages 98–115. Springer-Verlag, Berlin, Germany, 1999.
[26] Ran Canetti and Shafi Goldwasser. An efficient threshold public key cryptosystem secureagainst adaptive chosen ciphertext attack. In Advances in Cryptology - Eurocrypt ’99,volume 1592 of LNCS, pages 90–106. Springer-Verlag, Berlin, Germany, 1999.
[27] Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In Advances in Cryptology - EUROCRYPT.2004, volume 3027 ofLNCS, pages 207–222. Springer-Verlag, Berlin, Germany, 2004.
[28] Z. F. Cao. About the re-sharing of secret sharing (in chinese). In Advances in Cryptology- ChinaCrypt’92, 1992.
[29] Z. F. Cao. A public key cryptosystem based on conic over finite fields fp (in chinese). InAdvances in Cryptology - Chinacrypt’98. Science Press, 1998.
[30] Z. F. Cao. Conic analogy of rsa cryptosystem and some improved rsa cryptosystems (inchinese). Journal of Natural Science of Heilongjiang University, 16(4):15–18, 1999.
[31] Z. F. Cao. A threshold key escrow scheme based on the public key cryptosystem. Sciencein China (Series E), 44(4):441–448, 2001.
[32] Z. C. Chai, Z. F. Cao, and R. X. Lu. Id-based threshold decryption without random oraclesand its application in key escrow. In Proceedings of the 3rd international conference onInformation security, pages 119–124. ACM Press, New York, USA, 2004.
[33] L. Chen, K. Harrison, D. Soldera, and N.P. Smart. Applications of multiple trust authoritiesin pairing based cryptosystems. In Infrastructure Security - InfraSec 2002, volume 2437of LNCS, pages 260–275. Springer-Verlag, Berlin, Germany, 2002.
[34] Xiaofeng Chen, Fangguo Zhang, Divyan M. Konidala, and Kwangjo Kim. New id-basedthreshold signature scheme from bilinear pairings. In Progress in Cryptology - IN-DOCRYPT 2004, volume 3348 of LNCS, pages 371–383. Springer-Verlag, Berlin, Ger-many, 2004.
[35] Zhaohui Cheng, Richard Comley, and Luminita Vasiu. Remove key escrow from theidentity-based encryption system. In IFIP TCS 2004, pages 37–50, Toulouse, France,August 2004.
[36] Sherman S.M. Chow, Lucas C.K. Hui, and S.M. Yiu. Identity based threshold ring signa-ture. In Information Security and Cryptology –ICISC 2004, volume 3506 of LNCS, pages218–232. Springer-Verlag, Berlin, Germany, 2004.
[37] Jean-Se′bastien Coron. On the exact security of full domain hash. In Advances in Cryp-tology - CRYPTO 2000, volume 1880 of LNCS, pages 229–235. Springer-Verlag, Berlin,Germany, 2000.
[38] R. Cramer and V. Shoup. A practical public key cryptosystem provable secure againstadaptive chosen ciphertext attack. In Advances in Cryptology—Crypto ’98, volume 1462of LNCS, pages 13–25. Springer-Verlag, Berlin, Germany, 1998.
[39] R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemesecure against adaptive chosen ciphertext attack. SIAM Journal of Computing, 33:167–226, 2003.
[40] G. D. Crescenzo1, G. Arce, and R. Ge. Threshold cryptography in mobile ad hoc networks.In Security in Communication Networks - SCN 2004, volume 3352 of LNCS, pages 91–104. Springer-Verlag, Berlin, Germany, 2004.
[41] D. E. Denning and D. K. Branstad. A taxonomy for key escrow encryption systems. Com-munication of the ACM, 39(3):41–47, 1996.
[42] D. E. Denning and M. Smid. Key escrowing today. IEEE Communications Magazine,32(9):58–68, 1994.
[43] A. Dent and C. Kudla. On proofs of security for certificateless cryptosystems. CryptologryePrint Archive, Report 2005/348, http://eprint.iacr.org/2005/348., 2005.
[44] W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Infor-mation Theory, 22(6):644–654, 1976.
[45] X. Ding and G. Tsudik. Simple identity-based cryptography with mediated rsa. In Topicsin Cryptology - CT-RSA 2003, volume 2612 of LNCS, pages 1611–3349. Springer-Verlag,Berlin, Germany, 2003.
[46] D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proceedings of IEEE23th Annual ACM symposium on Theory of Computing, pages 542–552. Journal Versionin SIAM Journal on Computing, 30(2):391-437, 2000, 1991.
[47] T. ElGamal. A public key cryptosystem and a signature scheme based on discrete loga-rithms. IEEE Transactions on Information Theory, 31(4):462–472, 1985.
[48] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceed-ings of the 28th IEEE Ann. Symp. on Foundations of Computer Science - 28th FOCS,pages 427–437. IEEE, 1987.
[49] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and sig-nature problems. In Advances in Cryptology - Crypto’86, volume 263 of LNCS. Springer-Verlag, Berlin, Germany, 1986.
[50] P. Fouque and D. Pointcheval. Threshold cryptosystems secure against chosen-ciphertextattacks. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 351–368.Springer-Verlag, Berlin, Germany, 2001.
[51] Yair Frankel, Peter Gemmell, and Moti Yung. Witness-based cryptographic programchecking and robust function sharing. In Proceedings of 28th Annual ACM Symposiumon Theory of Computing - STOC ’96, pages 499–508. ACM Press, New York, USA, 1996.
[52] Yair Frankel, Philip D. MacKenzie, and Moti Yung. Robust efficient distributed rsa-keygeneration. In The Thirtieth Annual ACM Symposium on Theory of Computing - STOC’98, pages 663–672. ACM Press, New York, USA, 1998.
[53] Yair Frankel and Moti Yung. Cryptanalysis of the immunized LL public key systems. InAdvances in Cryptology - CRYPTO ’95, volume 287 of LNCS, pages 287–296. Springer-Verlag, Berlin, Germany, 1995.
[54] David Galindo and Eike Kiltz. Chosen-ciphertext secure threshold identity-based key en-capsulation without random oracles. In proceedings of Security and Cryptography forNetworks - SCN 2006, volume 4116 of LNCS, pages 173–185. Springer-Verlag, Berlin,Germany, 2006.
[55] P. Gemmel. An introduction to threshold cryptography. RSA CryptoBytes, 2(7):7–12, 1997.
[56] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure distributed key generationfor discrete-log based cryptosystem. In Advances in Cryptology - Proceedings of EURO-CRYPT ’99, volume 1592 of LNCS, pages 295–310. Springer-Verlag, Berlin, Germany,1999.
[57] Rosario Gennaro, Tal Rabin, Stanislav Jarecki, and Hugo Krawczyk. Robust and efficientsharing of RSA functions (full version). Journal of Cryptology, 13(2):273–300, 2000.
[58] C. Gentry. Certificate-based encryption and the certificate revocation problem. In Euro-crypt 2003, volume 2656 of LNCS, pages 272–293. Springer-Verlag, Berlin, Germany,2003.
[59] Marc Girault. Self-certified public keys. In Advances in Cryptology - EUROCRYPT’91,volume 547 of LNCS, pages 490–497. Springer-Verlag, Berlin, Germany, 1991.
[60] Oded Goldreich. Foundations of Cryptography Basic Tools. Cambridge University Press,2001.
[61] S. Goldwasser and S. Micali. Probabilistic encryption and how to paly mental poker, keep-ing secret all partial information. In Proceedings of 14th ACM symposium on Theory ofComputing, pages 365–377, 1982.
[62] C. Hall, I. Goldberg, and B. Schneier. Reaction attacks against several public key cryp-tosystems. In Proceedings of ICICS’99, volume 1726 of LNCS, pages 2–12. Springer-Verlag, Berlin, Germany, 1999.
[63] Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret shar-ing or: How to cope with perpetual leakage. In Advances in Cryptology - Crypto ’95,volume 963 of LNCS, pages 339–352. Springer-Verlag, Berlin, Germany, 1995.
[64] Bessie C. Hu, Duncan S. Wong, Zhenfeng Zhang, , and Xiaotie Deng. Key replacementattack against a generic construction of certificateless signature. In Information Securityand Privacy, 11th Australasian Conference, ACISP 2006, volume 4058, pages 235–246.Springer-Verlag, Berlin, Germany, 2006.
[65] Q. Huang and D. S. Wong. Generic certificateless encryption in the standard model. InCryptology ePrint Archive, Report 2007/095, http://eprint.iacr.org/, 2007.
[66] X. Huang, W. Susilo, Y. Mu, and F. Zhang. On the security of certificateless signatureschemes from asiacrypt 2003. In Proceedings of the forth International Conference Inter-national Conference on Cryptology and Network Security, pages 13–25, Xiamen, China,2005.
[67] S. Jarecki and A. Lysyanskaya. Adaptively secure threshold cryptography: Introducingconcurrency, removing erasures. In Advances in Cryptology - EUROCRYPT ’00, volume1807 of LNCS, pages 221–242. Springer-Verlag, Berlin, Germany, 2000.
[68] S. Jarecki and A. Lysyanskaya. Adaptively secure threshold cryptography without era-sures. Theory of Cryptography Library, 2000.
[69] E. E. Karnin, J. W. Greene, and M. E. Hellman. On secret sharing systems. IEEE trans-actions on information theory, 29:35–41, 1983.
[70] E. Kiltz. Chosen-ciphertext secure identity based encryption in the standard model withshort ciphertext. Cryptology ePrint Archive, Report 2006/122, http://eprint.iacr.org/, 2006.
[71] Eike Kiltz. Chosen-ciphertext secure key-encapsulation based on gap hashed diffie-hellman. In PKC 2007, volume 4450 of LNCS, pages 282–297. Springer-Verlag, Berlin,Germany, 2007.
[72] J. Kim, S. Kim, H. Kwon, S. Lee, S. Park, and D. Won. Forward secure commercial keyescrow systems. In 10th IEEE international workshops, pages 211–216, 2001.
[73] Kaoru Kurosawa and Yvo Desmedt. A new paradigm of hybrid encryption scheme. In Ad-vances in Cryptology –CRYPTO 2004, volume 3152 of LNCS, pages 426–442. Springer-Verlag, Berlin, Germany, 2004.
[74] C. S. Laih, I. Harn, J. Y. Lee, and T. Hwang. Dynamic threshold dscheme based on thedefinition of cross-product in an n-dimensional linear space. In Advances in cryptology -Eurocrypt 1989, pages 286–298. Springer-Verlag, Berlin, Germany, 1990.
[75] Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, and SeungjaeYoo. Secure key issuing in id-based cryptography. In Proceedings of the second workshopon Australasian information security, Data Mining and Web Intelligence, and SoftwareInternationalisation, volume 32, pages 69–74. Australian Computer Society, 2004.
[76] B. Libert and J. J. Quisquater. On construction certificateless cryptosystems from identitybased encryption. In Proceedings of the ninth International Conference on Theory andPractice in Public-Key Cryptography - PKC 2006, volume 3958 of LNCS, pages 474–490.Springer-Verlag, Berlin, Germany, 2006.
[77] B. Libert and J.J. Quisquater. Efficient revocation and threshold pairing based cryptosys-tems. In Proceedings of the 22 annual symposium on Principles of distributed computing,pages 163–171. ACM Press, New York, USA, 2003.
[78] C. H. Lim and P. J. Lee. Another method for attaining security against adaptively chosenciphertext attacks. In Advances in Cryptology - Crypto ’93, volume 773 of LNCS, pages420–434. Springer-Verlag, Berlin, Germany, 1994.
[79] Yehuda Lindell. A simpler construction of cca2-secure public-key encryption under generalassumptions (extended abstract). In Advances in Cryptology - Eurocrypt 2003, number2656 in LNCS, pages 241–254. Springer-Verlag, Berlin, Germany, 2003. Full version onJournal of Cryptology, Volume 19, Number 3, pages 359-377, 2005.
[80] Joseph K. Liu, Man Ho Au, and Willy Susilo. Self-generated certificate public key cryptog-raphy and certificateless signature/encryption scheme in the standard model. In Proceed-ings of the 2nd ACM symposium on Information, computer and communications security- AisaCCS, Full paper: Cryptology ePrint Archive, Report 2006/373, http://eprint.iacr.org/,pages 273–283. ACM Press, New York, NY, USA, 2007.
[81] R. Liu and X. F. Cao. Two new schemes of distributed management of communication key(in chinese). Journal of China Institute of Communications, 8(4):10–14, 1987.
[82] A. Lysyanskaya. Threshold cryptography secure against the adaptive adversary, concur-rently. Theory of Cryptography Library, 2000.
[83] Wenbo Mao. Modern Cryptography: Theory and Practice. HP Books, 2004.
[84] Keith M. Martin, Rei Safavi-Naini, Huaxiong Wang, and Peter R. Wild. Distributing the en-cryption and decryption of a block cipher. Designs, Codes and Cryptography, 36(3):263–287, 2005.
[85] Victor S. Miller. The weil pairing, and its efficient calculation. Journal of Cryptology,17(4):235–261, 2004.
[86] Moni Naor and Moti Yung. Public-key cryptosystems provably secure against chosenciphertext attacks. In 22nd Annual ACM Symposium on Theory of Computing, pages427–437. ACM Press, New York, USA, 1990.
[87] JoongHyo Oh, KyungKeun Lee, and Sang-Jae Moon. How to solve key escrow and iden-tity revocation in identity-based encryption schemes. In Information Systems Security,First International Conference - ICISS 2005, volume 3803 of LNCS, pages 290–303.Springer-Verlag, Berlin, Germany, 2005.
[88] T. Okamoto and D. Pointcheval. React: Rapid enhanced-security asymmetric cryptosys-tem transform. In Proceedings of Cryptographer’s Track at RSA Conference’01- CT-RSA’01, volume 2020 of LNCS, pages 159–175. Springer-Verlag, Berlin, Germany, 2001.
[89] T. Pedersen. A threshold cryptosystem without a trusted party. In Advances in Cryptology- Eurocrypt ’91, volume 547 of LNCS, pages 522–526. Springer-Verlag, Berlin, Germany,1991.
[90] Torben Pryds Pedersen. Non-interactive and information-theoretic secure verifiable secretsharing. In Advances in Cryptology - CRYPTO ’91, volume 576 of LNCS, pages 129–140.Springer-Verlag, Berlin, Germany, 1992.
[91] L. H. Ping, J. Z. Zhou, and H. Z. Zeng. A dynamic (k,n) threshold secret sharing schemebased on discrete logarithm. Journal of Electronics and Information Technology, 24(2),2002.
[92] D. Pointcheval. Contemporary cryptology provable security for public key schemes. In Ad-vanced Course on Contemporary Cryptology, Advanced Courses CRM Barcelona, pages133–189. 2005.
[93] C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosenciphertext attack. In Advances in Cryptology - CRYPTO ’91, volume 576 of LNCS, pages433–444. Springer-Verlag, Berlin, Germany, 1991.
[94] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures andpublic key cryptosystem. Communication of ACM, 21:120–126, 1978.
[95] A. Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.
[96] A. Shamir. Partial key escrow: A new approach to software key escrow. In Proceedingsof the Key Escrow Conference, 1995.
[97] Adi Shamir. Identity-based cryptosystems and signature schemes. In Advances in Cryp-tology - CRYPTO ’84, volume 196 of LNCS, pages 47–53. Springer-Verlag, Berlin, Ger-many, 1985.
[98] C. Shannon. Communication theory of secrecy systems. Bell Systems Technical Journal,28:656–715, 1919.
[99] Victor Shoup. Practical threshold signatures. In Advances in Cryptology - EUROCRYPT2000., volume 1807 of LNCS, pages 207–220. Springer-Verlag, Berlin, Germany, 2000.
[100] Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosenciphertext attack. In Advances in Cryptology-EUROCRYPT ’98, volume 1430 of LNCS,pages 1–16. Springer-Verlag, Berlin, Germany, 1998.
[101] D.R. Stinson and R. Strobl. Provably secure distributed schnorr signatures and a (t,n)threshold scheme for implicit certificates. In Proceedings of ACISP ’01, volume 2119 ofLNCS, pages 417–434. Springer-Verlag, Berlin, Germany, 2001.
[102] H. M. Sun and S. P. Shieh. Constructions of dynamic threshold schemes. Electronicsletters, 30(24):2023–2025, 1994.
[103] H. Wang, Y. Zhang, and D. Feng. Short threshold signature schemes without random ora-cles. In Proceedings of Indocrypt 2005, volume 3797 of LNCS, pages 297–310. Springer-Verlag, Berlin, Germany, 2005.
[104] L. C. Wang, Z. F. Chao, X. X. Li, and H. F. Qian. Simulatability and security of certificatelessthreshold signatures. Information Sciences, 177(6):1382–1394, 2007.
[105] Brent Waters. Efficient identity-based encryption without random oracles. In Advancesin Cryptology –EUROCRYPT 2005, volume 3494 of LNCS, pages 114–127. Springer-Verlag, Berlin, Germany, 2005.
[106] Dae Hyun Yum and Pil Joong Lee. Generic construction of certificateless encryption. InComputational Science and Its Applications –ICCSA 2004, volume 3043 of LNCS, pages802–811. Springer-Verlag, Berlin, Germany, 2004.
[107] Z. M. Zhang. Factoring integers with conics (in chinese). Journal of Sichuan University(Natural Science Edition), 33(4):356–359, 1996.
[108] L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network Magazine, 13(6):24–30,1999.