基于双线性对和多变量的指定验证者签名的研究
|
摘要
数字签名技术作为保障网络安全的重要手段之一,已成为信息安全科学领域一个重要的研究热点。在电子商务、电子政务逐渐成为社会的关键词之后,网络安全日益重要。基于不同的应用背景,需要研究具有特殊用途的数字签名。指定验证者签名可以提供对消息的认证性,但是没有传统签名的不可否认性,在很多场合,如电子支付、电子选举中指定验证者签名有重要意义。论文主要研究了指定验证者签名方案及其应用,本文的主要工作如下:
基于双线性对构造了一个新的基于身份的多签名者强指定验证者签名方案。新方案中每个签名者只进行私钥隐藏和对消息进行哈希,由签名收集者进行多签名者强指定验证者签名,减小了单个签名者权利过大的可能性。新方案在BDH问题和DLP问题的困难性假设下,具有不可伪造性和不可转发性。
多变量公钥密码体制是目前密码学研究的热点,是密码学研究的一个重要的分支。般的多变量密码体制都是基于求解多变量二次多项式困难问题。本文首次提出了基于多变量的指定验证者签名方案。并结合Rainbow体制构造了一个具体的基于Rainbow指定验证者签名方案,新方案满足指定验证者签名的安全性要求,能抵抗目前多变量公钥密码体制中已知的攻击方法,并且签名过程比传统的签名过程简单,而且保证了其高效性。
Digital signature, as one of the most primary methods of protecting information security, has become a new important subject in the information security. In the wake of popularization of the electronic commerce and electronic government, the discussion on network security has become a hot topic. We need to research the digital signatures with special purpose based on their different requirements. The designated verifier signatures can provide authentication of the message, but no non-repudiation of traditional signatures. In many occasions, such as electronic payment, e-elections, the designated verifier signature has great significance. The focus of this thesis is analyzing the designated verifier signatures and its appliances. The main contributions are as follows:
A new ID-based multi-signers strong designated verifier signature scheme is proposed in this paper which is based on the bilinear pairings. In the new scheme, each signer is only to hide the private key and hash of the message. The signature scheme which is made by the signature collector avoids the too large possibility of the rights of a single singer. We prove that our scheme has unforgeability and untransferability under the hypothesis of BDH and DLP.
Multivariate public key cryptosystem has become a new important subject in the information security and an important branch of research. The genera multivariate crytosystems are based on solving multivariable quadratic polynomial difficult issues.We propose a multi-signer identity-based designated verifier signature scheme based on multivariate. The new scheme satisfies the security of the designated verifier signature scheme and has a simple signature process. Meanwhile we give a practical designated verifier signature scheme based on Rainbow digital signature scheme. The length of the new scheme is shorter than the traditional scheme, and the efficiency is higher than the traditional signature.
基于双线性对构造了一个新的基于身份的多签名者强指定验证者签名方案。新方案中每个签名者只进行私钥隐藏和对消息进行哈希,由签名收集者进行多签名者强指定验证者签名,减小了单个签名者权利过大的可能性。新方案在BDH问题和DLP问题的困难性假设下,具有不可伪造性和不可转发性。
多变量公钥密码体制是目前密码学研究的热点,是密码学研究的一个重要的分支。般的多变量密码体制都是基于求解多变量二次多项式困难问题。本文首次提出了基于多变量的指定验证者签名方案。并结合Rainbow体制构造了一个具体的基于Rainbow指定验证者签名方案,新方案满足指定验证者签名的安全性要求,能抵抗目前多变量公钥密码体制中已知的攻击方法,并且签名过程比传统的签名过程简单,而且保证了其高效性。
Digital signature, as one of the most primary methods of protecting information security, has become a new important subject in the information security. In the wake of popularization of the electronic commerce and electronic government, the discussion on network security has become a hot topic. We need to research the digital signatures with special purpose based on their different requirements. The designated verifier signatures can provide authentication of the message, but no non-repudiation of traditional signatures. In many occasions, such as electronic payment, e-elections, the designated verifier signature has great significance. The focus of this thesis is analyzing the designated verifier signatures and its appliances. The main contributions are as follows:
A new ID-based multi-signers strong designated verifier signature scheme is proposed in this paper which is based on the bilinear pairings. In the new scheme, each signer is only to hide the private key and hash of the message. The signature scheme which is made by the signature collector avoids the too large possibility of the rights of a single singer. We prove that our scheme has unforgeability and untransferability under the hypothesis of BDH and DLP.
Multivariate public key cryptosystem has become a new important subject in the information security and an important branch of research. The genera multivariate crytosystems are based on solving multivariable quadratic polynomial difficult issues.We propose a multi-signer identity-based designated verifier signature scheme based on multivariate. The new scheme satisfies the security of the designated verifier signature scheme and has a simple signature process. Meanwhile we give a practical designated verifier signature scheme based on Rainbow digital signature scheme. The length of the new scheme is shorter than the traditional scheme, and the efficiency is higher than the traditional signature.
引文
[1]W. Diffie, M. Hellman. New directions in cryptography [J]. IEEE Transaction on Information Theory,1976,22(6):644-654.
[2]M. Jakobsson, K. Sako, R. Impagliazzo. Designated verifier proofs and their applications [C], Eurocrypt'96, LNCS 1070. Berlin:Springer-Verlag,1996:143-154.
[3]D. Chaum, H. van Antwerpan. Undeniable Signatures [C], EUROCRYPT'89, LNCS 435. Berlin: Springer-Verlag,1989:212-216.
[4]M. Mambo, K. Usuda, E. Okamoto. Proxy signatures for delegating signing operation [C], Conference on Computer and Communications Security, Proceedings of the 3th ACM Conference on Computer and Communications Security. New York:ACM,1996:48-57.
[5]G. Brassard, D. Chaum, C. Crepeau. Minimum Disclosure Proofs of Knowledge [J]. Journal of Computer and System Sciences,1988,37(2):156-189.
[6]D. Chaum. Private signature and proof systems [C], United States Patent, Proceedings of 3th ACM Conference on Computer and Communications Security. New York: ACM Press,1996:48-57.
[7]R. L. Rivest, A. Shamir, Y.Tauman. How to leak a secret [C], ASIACRYPT'01, LNCS 2248. Berlin: Springer-Verlag,2001,552-565.
[8]S. Saeednia, S. Kremer, O. Markowitch. An efficient strong designated verifier signature scheme [C], Information Security and Cryptology, LNCS 2971. Berlin: Springer-Verlag,2004,40-54.
[9]C. Schnorr. Efficient signature generation by smart cards [J]. Journal of Cryptology,1991,3(4): 161-174.
[10]Y. Zheng. Digital signcryption or how to achieve cost (signature & encryption) << cost (signature)+ cost (encryption) [C], EUROCRYPT'97, LNCS 1294.1997:165-179.
[11]R. Steinfeld, L. Bull, H. Wang, J. Pieprzyk. Universal Designated-Verifier Signatures [C], Asiacrypt'03, LNCS 2894. Berlin: Springer-Verlag,2003:523-542.
[12]D. Boneh, B. Lynn, H. Shacham. Short signature from the Weil Pairing [C], Asiacrypt'01, LNCS 2248, Berlin: Springer-Verlag,2001:514-532.
[13]D. Boneh, B. Lynn, H. Shacham. Short signature from the Weil Pairing [C], Crypto'04, LNCS 17. Berlin: Springer-Verlag,2004:297-319.
[14]W. Susilo, F.Zhang, Y.Mu. Identity-based Strong Designated Verifier Signature Schemes [C],9th Australasian Conference, LNCS 3108. Berlin: Springer-Verlag,2004:313-324.
[15]Fabien Laguillaumie, Damien Vergnaud. Multi-Designated Verifiers Signature Schemes [C], Information and Communications Security 6th International Conference, LNCS 3269. Berlin: Springer-Verlag,2004:495-507.
[16]R. Zhang, J.Furukawa, H.Imai. Short Signature and Universal Designated Verifier Signature Without Random Oracles [C], ACNS'05, LNCS 3531. Berlin:Springer-Verlag,2005:483-498.
[17]D.Boneh, X.Boyen. Short signatures without random oracles [C], EUROCRYPT'04, LNCS 3027. Berlin: Springer-Verlag,2004:56-73.
[18]H. Lipmaa, G. Wang, F. Bao. Designated Verifier Signature Schemes: Attacks, New Security Notations and a New construction [C], ICALP'05, LNCS 3580. Berlin: Springer-Verlag,2005:459-471.
[19]F. Laguillaumie, D. Vergnaud. Designated Verifier Signatures: Anonymity and Efficient Constructi on from Any Bilinear Map [C], Security in Communication Networks 4th International Conference(SCN'04), LNCS 3352. Berlin: Springer-Verlag,2004:105-119.
[20]R. Steinfeld, H. Wang, J. Pieprzyk. Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures [C], PKC'04, LNCS 2947. Berlin: Springer-Verlag,2004: 86-100.
[21]Y. Li, H. Lipmaa, D. Pei. On Delegatability of Four Designated Verifier Signatures [C], ICICS'05, LNCS 3783. Berlin: Springer-Verlag,2005:61-71.
[22]C. Y. Ng, W.S usilo, Y. Mu. Universal Designated Multi Verifier Signature Schemes[C], ICPADS'05, IEEE 2005.305-309.
[23]X. Huang, W. Susilo, Y. Mu, F. Zhang. Short(Identity-based) Strong Designited Verifier Signature Schemes [C], ISPEC'06, LNCS 3903. Berlin: Springer-Verlag,2006:214-225.
[24]Chunbo Ma, Dake He. A New Chameleon Multi-signature Based on Bilinear Pairing [C], GCC 2004 Workshops, LNCS 3252. Berlin: Springer-Verlag,2004:329-334.
[25]K. P. Kumar, G. Shailaja, A. Saxena. Identity Based Strong Designated Verifier Signature Scheme [C], ACISP 2004, LNCS 3108. Berlin: Springer-Verlag,2004:313-324.
[26]S. M. Chow. Identity-based strong multi-designated verifiers signatures [C],3rd European PKI Workshop: Theory and Practice, LNCS 4043. Berlin:Springer-Verlag,2006:257-259.
[27]Xinyi Huang, Willy Susilo, Yi Mu, Wei Wu. Universal Designated Verifier Signature Without Delegatability [C], ICICS'06, LNCS 4307. Berlin: Springer-Verlag,2006:479-498.
[28]D. Vergnaud. New Extensions of pairing-based Signatures into Universal Designated Verifier Signatures [C], ICALP'06, LNCS 4052. Berlin: Springer-Verlag,2006:58-69.
[29]W. Susilo, W. Wu, X. Huang, Y. Mu. On the "Non-Delegatability" Notion of Designated Verifier Signature Schemes [C], I WAP 2006. Berlin: Springer-Verlag,2006:61-71.
[30]Bell Laboratories, Murray Hill. The NP-completeness column: An ongoing guide [J]. Journal of Algorithms,1992,13(3),502-524.
[31]Matsumoto, Tsutomu, Imai, Hideki. Public quadratic polynomial-tuples for efficient signature Verification and message encryption [C], EUROCRYPT'88, LNCS 330. Berlin:Springer-Verlag, 1988:419-453.
[32]Patarin, Jacques. Hidden Field Equations (HFE) and Isomorphism of Polynomials (IP):Two new families of asymmetric algorithms [C], EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag, 1996:33-48.
[33]Jintai Ding, Jason E. Gower, Dieter S. Schmidt. Oil-Vinegar Signature Scheme [M]. Berlin: Springer-Verlag,2006:63-97.
[34]Moh, Tzuong-Tsieng. A fast public key system with signature and master key functions [J]. Communications in Algebra,1999,27(5):2207-2222.
[35]Ding, Jintai. A new variant of the Matsumoto-Imai cryptosystem through perturbation [C],7th International Workshop on Theory and Practice in Public Key Cryptography, LNCS 2947. Berlin: Springer-Verlag,2004:305-318.
[36]Bart Preneel. New European Schemes for Signature, Integrity and Encryption(NESSIE):A Status Report [C], PKC 2002, LNCS 2274. Berlin:Springer-Verlag,2002:195-216.
[37]D. Boneh, M. Franklin. Identity-based encryption from the Weil pairing [C],21st Annual International Cryptology Conference, LNCS 2139. Berlin:Springer-Verlag,2001:213-229.
[38]A. Joux, K. Nguyen. Separating Decision Diffie-Hellman from Computational Diffie-Hellman in Cryptographic Groups [J]. Journal of Cryptology,2003,16(4):239-247.
[39]Goubin, Louis, Courtois, Nicolas. Cryptanalysis of the TTM cryptosystem [C], ASIACRYPT 2000, LNCS 1976. Berlin:Springer-Verlag,2000:44-57.
[40]J. Chen, T. Moh. On the Goubin-Courtois Attack on TTM [DB/OL]. http://eprint.iacr.org/2001/072, 2002-07-09.
[41]Ding, Jintai and Hodges, Timothy. Cryptanalysis of an implementation scheme of TTM [C], ASIACRYPT 2000, LNCS 1976. Berlin: Springer-Verlag,2000:44-57.
[42]Jintai Ding, DS. Schmidt. The new TTM Implementation is not Secure [C], CCC 2003, Progress in Computer Science and Applied Logic 23. Basel:Birkhauser-Verlag,2004:113-128.
[43]Moh, Tzuong-Tsieng, Chen, Jiun-Ming, and Yang, Bo-Yin. Building Instances of TTM Immune to the Goubin-Courtois Attack and the Ding-Schmidt Attack [DB/OL]. http://eprint.iacr.org/2004/168, 2004-07-21.
[44]X. Nie, L. Hu, J. Li, C.Updegrove, J.Ding. Breaking A New Instance of TTM Cryptosystem [C], ACNS 2006, LNCS 3989. Berlin:Springer-Verlag,2006:210-225..
[45]T. Moh. The Recent Attack of Nie et al On TTM is Faulty [DB/OL]. http://eprint.iacr.org/2006/417, 2006-11-27.
[46]T. Moh. Two New Examples of TTM [DB/OL]. http://eprint.iacr.org/2007/144,2007-04-20.
[47]Xuyun Nie, Xin Jiang, Lei Hu, Jintai Ding. Cryptanalysis of Two New Instances of TTM Cryptosystem [C], ASIACRYPT 2000, LNCS 1976. Berlin:Springer-Verlag,2000:44-57.
[48]Chen JiunMing, Yang Bo-Yin, Peng BorYuan. Tame transformation signatures with topsy-yurvy Hashes [DB/OL]. http://dsns.csie.nctu.edu.tw/iwap/proceedings/sessionD/7,2008-01-08.
[49]Bo-Yin Yang, Jiun-Ming Chen. A more secure and efficacious TTS signature scheme[C], ICISC 2003, LNCS 2971. Berlin: Springer-Verlag,2004:320-338.
[50]Bo-Yin Yang, Jiun-Ming Chen. Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS [C], ACISP 2005, LNCS 3574. Berlin: Springer-Verlag,2005:518-531.
【51】 拾以娟.基于身份的公钥密码学关键问题研究[D].上海:上海交通大学,2006.
【52】 徐光宝.盲签名方案及其应用研究[D].陕西:陕西师范大学,2005.
[53]A. Shamir. Identity-based cryptosystems and signature schemes [C], EUROCRYPT'85 LNCS 196. Berlin: Springer-Verlag,1985:47-53.
【54】 张先红.数字签名原理及技术[M].北京:机械工业出版社,2004.
[55]R. L. Rivest, A. Shamir, L. Adleman.A method for obtaining digital signatures and public key [J]. Communications of the ACM,1978,21(2):120-126.
[56]T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms [J]. IEEE INFORMATION THEORY,1985,31(4):469-472.
【57】 杨波.现代密码学[M].北京:清华大学出版社,2003.
[58]Patarin, Jacques. Cryptanalysis of the Matsumoto and Imai public key scheme [C], Eurocrypt'95, LNCS 963,1995:248-261.
[59]Faugerc, Jean-Charles. A new efficient algorithm for computing Grobner bases without reduction to zero (F5) [C], International Conference on Symbolic and Algebraic Computation, Proceedings of the 2002 international symposium on Symbolic and algebraic computation. New York: ACM Press, 2002:75-83.
【60】 纪家慧,李大兴.新的基于身份的多签名体制[J].计算机工程与应用,2004,40(27):17-19.
[61]Jin-tai Ding, Bo-Yin Yang, Chia-Hsin Owen Chen, Ming-Shing Chen, Chen-Mou Cheng. New Differential-Algebraic Attacks and Reparametrization of Rainbow [C], Applied Cryptography and Network Security, LNCS 5037. Berlin: Springer-Verlag,2008:242-257.
[2]M. Jakobsson, K. Sako, R. Impagliazzo. Designated verifier proofs and their applications [C], Eurocrypt'96, LNCS 1070. Berlin:Springer-Verlag,1996:143-154.
[3]D. Chaum, H. van Antwerpan. Undeniable Signatures [C], EUROCRYPT'89, LNCS 435. Berlin: Springer-Verlag,1989:212-216.
[4]M. Mambo, K. Usuda, E. Okamoto. Proxy signatures for delegating signing operation [C], Conference on Computer and Communications Security, Proceedings of the 3th ACM Conference on Computer and Communications Security. New York:ACM,1996:48-57.
[5]G. Brassard, D. Chaum, C. Crepeau. Minimum Disclosure Proofs of Knowledge [J]. Journal of Computer and System Sciences,1988,37(2):156-189.
[6]D. Chaum. Private signature and proof systems [C], United States Patent, Proceedings of 3th ACM Conference on Computer and Communications Security. New York: ACM Press,1996:48-57.
[7]R. L. Rivest, A. Shamir, Y.Tauman. How to leak a secret [C], ASIACRYPT'01, LNCS 2248. Berlin: Springer-Verlag,2001,552-565.
[8]S. Saeednia, S. Kremer, O. Markowitch. An efficient strong designated verifier signature scheme [C], Information Security and Cryptology, LNCS 2971. Berlin: Springer-Verlag,2004,40-54.
[9]C. Schnorr. Efficient signature generation by smart cards [J]. Journal of Cryptology,1991,3(4): 161-174.
[10]Y. Zheng. Digital signcryption or how to achieve cost (signature & encryption) << cost (signature)+ cost (encryption) [C], EUROCRYPT'97, LNCS 1294.1997:165-179.
[11]R. Steinfeld, L. Bull, H. Wang, J. Pieprzyk. Universal Designated-Verifier Signatures [C], Asiacrypt'03, LNCS 2894. Berlin: Springer-Verlag,2003:523-542.
[12]D. Boneh, B. Lynn, H. Shacham. Short signature from the Weil Pairing [C], Asiacrypt'01, LNCS 2248, Berlin: Springer-Verlag,2001:514-532.
[13]D. Boneh, B. Lynn, H. Shacham. Short signature from the Weil Pairing [C], Crypto'04, LNCS 17. Berlin: Springer-Verlag,2004:297-319.
[14]W. Susilo, F.Zhang, Y.Mu. Identity-based Strong Designated Verifier Signature Schemes [C],9th Australasian Conference, LNCS 3108. Berlin: Springer-Verlag,2004:313-324.
[15]Fabien Laguillaumie, Damien Vergnaud. Multi-Designated Verifiers Signature Schemes [C], Information and Communications Security 6th International Conference, LNCS 3269. Berlin: Springer-Verlag,2004:495-507.
[16]R. Zhang, J.Furukawa, H.Imai. Short Signature and Universal Designated Verifier Signature Without Random Oracles [C], ACNS'05, LNCS 3531. Berlin:Springer-Verlag,2005:483-498.
[17]D.Boneh, X.Boyen. Short signatures without random oracles [C], EUROCRYPT'04, LNCS 3027. Berlin: Springer-Verlag,2004:56-73.
[18]H. Lipmaa, G. Wang, F. Bao. Designated Verifier Signature Schemes: Attacks, New Security Notations and a New construction [C], ICALP'05, LNCS 3580. Berlin: Springer-Verlag,2005:459-471.
[19]F. Laguillaumie, D. Vergnaud. Designated Verifier Signatures: Anonymity and Efficient Constructi on from Any Bilinear Map [C], Security in Communication Networks 4th International Conference(SCN'04), LNCS 3352. Berlin: Springer-Verlag,2004:105-119.
[20]R. Steinfeld, H. Wang, J. Pieprzyk. Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures [C], PKC'04, LNCS 2947. Berlin: Springer-Verlag,2004: 86-100.
[21]Y. Li, H. Lipmaa, D. Pei. On Delegatability of Four Designated Verifier Signatures [C], ICICS'05, LNCS 3783. Berlin: Springer-Verlag,2005:61-71.
[22]C. Y. Ng, W.S usilo, Y. Mu. Universal Designated Multi Verifier Signature Schemes[C], ICPADS'05, IEEE 2005.305-309.
[23]X. Huang, W. Susilo, Y. Mu, F. Zhang. Short(Identity-based) Strong Designited Verifier Signature Schemes [C], ISPEC'06, LNCS 3903. Berlin: Springer-Verlag,2006:214-225.
[24]Chunbo Ma, Dake He. A New Chameleon Multi-signature Based on Bilinear Pairing [C], GCC 2004 Workshops, LNCS 3252. Berlin: Springer-Verlag,2004:329-334.
[25]K. P. Kumar, G. Shailaja, A. Saxena. Identity Based Strong Designated Verifier Signature Scheme [C], ACISP 2004, LNCS 3108. Berlin: Springer-Verlag,2004:313-324.
[26]S. M. Chow. Identity-based strong multi-designated verifiers signatures [C],3rd European PKI Workshop: Theory and Practice, LNCS 4043. Berlin:Springer-Verlag,2006:257-259.
[27]Xinyi Huang, Willy Susilo, Yi Mu, Wei Wu. Universal Designated Verifier Signature Without Delegatability [C], ICICS'06, LNCS 4307. Berlin: Springer-Verlag,2006:479-498.
[28]D. Vergnaud. New Extensions of pairing-based Signatures into Universal Designated Verifier Signatures [C], ICALP'06, LNCS 4052. Berlin: Springer-Verlag,2006:58-69.
[29]W. Susilo, W. Wu, X. Huang, Y. Mu. On the "Non-Delegatability" Notion of Designated Verifier Signature Schemes [C], I WAP 2006. Berlin: Springer-Verlag,2006:61-71.
[30]Bell Laboratories, Murray Hill. The NP-completeness column: An ongoing guide [J]. Journal of Algorithms,1992,13(3),502-524.
[31]Matsumoto, Tsutomu, Imai, Hideki. Public quadratic polynomial-tuples for efficient signature Verification and message encryption [C], EUROCRYPT'88, LNCS 330. Berlin:Springer-Verlag, 1988:419-453.
[32]Patarin, Jacques. Hidden Field Equations (HFE) and Isomorphism of Polynomials (IP):Two new families of asymmetric algorithms [C], EUROCRYPT'96, LNCS 1070. Berlin: Springer-Verlag, 1996:33-48.
[33]Jintai Ding, Jason E. Gower, Dieter S. Schmidt. Oil-Vinegar Signature Scheme [M]. Berlin: Springer-Verlag,2006:63-97.
[34]Moh, Tzuong-Tsieng. A fast public key system with signature and master key functions [J]. Communications in Algebra,1999,27(5):2207-2222.
[35]Ding, Jintai. A new variant of the Matsumoto-Imai cryptosystem through perturbation [C],7th International Workshop on Theory and Practice in Public Key Cryptography, LNCS 2947. Berlin: Springer-Verlag,2004:305-318.
[36]Bart Preneel. New European Schemes for Signature, Integrity and Encryption(NESSIE):A Status Report [C], PKC 2002, LNCS 2274. Berlin:Springer-Verlag,2002:195-216.
[37]D. Boneh, M. Franklin. Identity-based encryption from the Weil pairing [C],21st Annual International Cryptology Conference, LNCS 2139. Berlin:Springer-Verlag,2001:213-229.
[38]A. Joux, K. Nguyen. Separating Decision Diffie-Hellman from Computational Diffie-Hellman in Cryptographic Groups [J]. Journal of Cryptology,2003,16(4):239-247.
[39]Goubin, Louis, Courtois, Nicolas. Cryptanalysis of the TTM cryptosystem [C], ASIACRYPT 2000, LNCS 1976. Berlin:Springer-Verlag,2000:44-57.
[40]J. Chen, T. Moh. On the Goubin-Courtois Attack on TTM [DB/OL]. http://eprint.iacr.org/2001/072, 2002-07-09.
[41]Ding, Jintai and Hodges, Timothy. Cryptanalysis of an implementation scheme of TTM [C], ASIACRYPT 2000, LNCS 1976. Berlin: Springer-Verlag,2000:44-57.
[42]Jintai Ding, DS. Schmidt. The new TTM Implementation is not Secure [C], CCC 2003, Progress in Computer Science and Applied Logic 23. Basel:Birkhauser-Verlag,2004:113-128.
[43]Moh, Tzuong-Tsieng, Chen, Jiun-Ming, and Yang, Bo-Yin. Building Instances of TTM Immune to the Goubin-Courtois Attack and the Ding-Schmidt Attack [DB/OL]. http://eprint.iacr.org/2004/168, 2004-07-21.
[44]X. Nie, L. Hu, J. Li, C.Updegrove, J.Ding. Breaking A New Instance of TTM Cryptosystem [C], ACNS 2006, LNCS 3989. Berlin:Springer-Verlag,2006:210-225..
[45]T. Moh. The Recent Attack of Nie et al On TTM is Faulty [DB/OL]. http://eprint.iacr.org/2006/417, 2006-11-27.
[46]T. Moh. Two New Examples of TTM [DB/OL]. http://eprint.iacr.org/2007/144,2007-04-20.
[47]Xuyun Nie, Xin Jiang, Lei Hu, Jintai Ding. Cryptanalysis of Two New Instances of TTM Cryptosystem [C], ASIACRYPT 2000, LNCS 1976. Berlin:Springer-Verlag,2000:44-57.
[48]Chen JiunMing, Yang Bo-Yin, Peng BorYuan. Tame transformation signatures with topsy-yurvy Hashes [DB/OL]. http://dsns.csie.nctu.edu.tw/iwap/proceedings/sessionD/7,2008-01-08.
[49]Bo-Yin Yang, Jiun-Ming Chen. A more secure and efficacious TTS signature scheme[C], ICISC 2003, LNCS 2971. Berlin: Springer-Verlag,2004:320-338.
[50]Bo-Yin Yang, Jiun-Ming Chen. Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS [C], ACISP 2005, LNCS 3574. Berlin: Springer-Verlag,2005:518-531.
【51】 拾以娟.基于身份的公钥密码学关键问题研究[D].上海:上海交通大学,2006.
【52】 徐光宝.盲签名方案及其应用研究[D].陕西:陕西师范大学,2005.
[53]A. Shamir. Identity-based cryptosystems and signature schemes [C], EUROCRYPT'85 LNCS 196. Berlin: Springer-Verlag,1985:47-53.
【54】 张先红.数字签名原理及技术[M].北京:机械工业出版社,2004.
[55]R. L. Rivest, A. Shamir, L. Adleman.A method for obtaining digital signatures and public key [J]. Communications of the ACM,1978,21(2):120-126.
[56]T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms [J]. IEEE INFORMATION THEORY,1985,31(4):469-472.
【57】 杨波.现代密码学[M].北京:清华大学出版社,2003.
[58]Patarin, Jacques. Cryptanalysis of the Matsumoto and Imai public key scheme [C], Eurocrypt'95, LNCS 963,1995:248-261.
[59]Faugerc, Jean-Charles. A new efficient algorithm for computing Grobner bases without reduction to zero (F5) [C], International Conference on Symbolic and Algebraic Computation, Proceedings of the 2002 international symposium on Symbolic and algebraic computation. New York: ACM Press, 2002:75-83.
【60】 纪家慧,李大兴.新的基于身份的多签名体制[J].计算机工程与应用,2004,40(27):17-19.
[61]Jin-tai Ding, Bo-Yin Yang, Chia-Hsin Owen Chen, Ming-Shing Chen, Chen-Mou Cheng. New Differential-Algebraic Attacks and Reparametrization of Rainbow [C], Applied Cryptography and Network Security, LNCS 5037. Berlin: Springer-Verlag,2008:242-257.