电子投票协议的研究
|
摘要
随着网络的迅速发展和应用,人类已逐步进入信息社会,信息作为一种重要的资源,在社会生产生活中的作用越来越重要。电子投票也正是信息化的产物,其已成为电子商务、电子政务的一个重要组成。虽然目前电子投票方式还存在很多的不足,但是从长远来看,电子投票由于其快捷方便并且可提供更高的安全性的特点必将取代传统的投票方式。
传统的电子投票协议大都采用零知识证明来验证选票的合法性,由于零知识证明过程效率很低,极大的制约了选举的效率,并不适用于全国性大选这样的大规模选举,因此本文主要围绕无需零知识证明的电子投票系统展开研究。
首先,本文系统介绍了电子投票的基本概念及原理,概述其发展过程和研究进展,对电子投票中所用到的基本的技术进行了介绍。
其次,随着电子投票协议研究的进展,安全的电子投票协议所要满足的条件越来越多。这样导致设计者必须按照所有的安全性质逐条地设计协议,如此设计是困难和复杂的。所幸的是,Ran Canetti提出了UC安全的概念。UC框架为协议的设计提供了模块化的方式。本文利用数论中模数的性质构造了,具有UC安全的两候选人电子投票协议。在UC的框架下采用一种新的编码手段以达到无需零知识证明即可验证选票的合法性,并利用基于身份的(n,n)门限加解密以及双线性对来实现多个计票中心联合计票的多候选人选举方案。
第三,本文基于多方安全计算中的Bit分解协议构造了,无需零知识证明多候选人选举协议。Ivan Damard在2006年TCC会议中首次提出了Bit分解的概念,作为安全多方计算的一个典型应用,通过高性能服务器的合作将比特串的加密值分解成其对应每一位的加密值,因此利用该协议对重新编码后的选票进行分解得到其对应候选人的选票,再通过同态加密运算即可得到选举结果,通过上述手段将大量选票分解统计工作交给高性能服务器完成,可极大提高选举效率,适用于全国大选等大规模的选举。
As the rapid development and application of Intenet, humankind has gradually entered the information society. Information, an important resource, is as a more important role in social production and daily lives. Electronic voting is exactly the product of information technology, it has become an important component of e-commerce and e-government. Although there are many deficiencies in electronic voting system, in the long run, electronic voting which is quicker, more convenient and more security will replace the traditional voting.
Most of the traditional electronic voting protocol use zero-knowledge proof to verify the legitimacy of votes. While the low efficiency of the zero-knowledge proof process efficiency greatly restricted the efficiency of the election, so it does not apply to a large-scale national election. The focus of this article is electronic voting system without zero-knowledge proof.
First, in this article, it is described that the electronic voting protocol, the basic concepts and principles, an overview of its development process and the basic technology.
Second, with the progress of the e-voting protocols study, the conditions of secure electronic voting protocols were propsed more and more, so the designers must follow all the security natures of the design of the protocols, in this way the design is more difficult and complex than before. Fortunately, Ran Canetti proposed UC concept. In UC framework, the design of protocol is in a modular approach. In this paper, an electronic voting protocol with two candidates was proposed based on the nature of modulus in Number Theory. In the UC framework we adopt a new code to verify the legitimacy of votes without zero-knowledge proof and use identity-based (n,n) threshold encryption and decryption, as well as bi-linear to achieve the multiple counting of the Center for counting of the multi-candidate electoral scheme.
Third, based on Bit decomposition protocol, a without zero-knowledge proof multi-candidate election protocol was proposed. In 2006 TCC Bit decomposition was first proposed by Ivan Damard as a typical application of secure multi-party computation. By the cooperation of high-performance server, the encryption bit string value of each one broken down into its corresponding encrypted value, which is used to decompose the re-encoded the votes into the votes the candidates by their counterparts. And then through the homomorphic encryption algorithm with the state election results can be obtained. Using above-mentioned measures that the high-performance server is used to decompose a large number of votes and complete the statistical work can be greatly improve the efficiency of the elections for the national election, or another large-scale election.
传统的电子投票协议大都采用零知识证明来验证选票的合法性,由于零知识证明过程效率很低,极大的制约了选举的效率,并不适用于全国性大选这样的大规模选举,因此本文主要围绕无需零知识证明的电子投票系统展开研究。
首先,本文系统介绍了电子投票的基本概念及原理,概述其发展过程和研究进展,对电子投票中所用到的基本的技术进行了介绍。
其次,随着电子投票协议研究的进展,安全的电子投票协议所要满足的条件越来越多。这样导致设计者必须按照所有的安全性质逐条地设计协议,如此设计是困难和复杂的。所幸的是,Ran Canetti提出了UC安全的概念。UC框架为协议的设计提供了模块化的方式。本文利用数论中模数的性质构造了,具有UC安全的两候选人电子投票协议。在UC的框架下采用一种新的编码手段以达到无需零知识证明即可验证选票的合法性,并利用基于身份的(n,n)门限加解密以及双线性对来实现多个计票中心联合计票的多候选人选举方案。
第三,本文基于多方安全计算中的Bit分解协议构造了,无需零知识证明多候选人选举协议。Ivan Damard在2006年TCC会议中首次提出了Bit分解的概念,作为安全多方计算的一个典型应用,通过高性能服务器的合作将比特串的加密值分解成其对应每一位的加密值,因此利用该协议对重新编码后的选票进行分解得到其对应候选人的选票,再通过同态加密运算即可得到选举结果,通过上述手段将大量选票分解统计工作交给高性能服务器完成,可极大提高选举效率,适用于全国大选等大规模的选举。
As the rapid development and application of Intenet, humankind has gradually entered the information society. Information, an important resource, is as a more important role in social production and daily lives. Electronic voting is exactly the product of information technology, it has become an important component of e-commerce and e-government. Although there are many deficiencies in electronic voting system, in the long run, electronic voting which is quicker, more convenient and more security will replace the traditional voting.
Most of the traditional electronic voting protocol use zero-knowledge proof to verify the legitimacy of votes. While the low efficiency of the zero-knowledge proof process efficiency greatly restricted the efficiency of the election, so it does not apply to a large-scale national election. The focus of this article is electronic voting system without zero-knowledge proof.
First, in this article, it is described that the electronic voting protocol, the basic concepts and principles, an overview of its development process and the basic technology.
Second, with the progress of the e-voting protocols study, the conditions of secure electronic voting protocols were propsed more and more, so the designers must follow all the security natures of the design of the protocols, in this way the design is more difficult and complex than before. Fortunately, Ran Canetti proposed UC concept. In UC framework, the design of protocol is in a modular approach. In this paper, an electronic voting protocol with two candidates was proposed based on the nature of modulus in Number Theory. In the UC framework we adopt a new code to verify the legitimacy of votes without zero-knowledge proof and use identity-based (n,n) threshold encryption and decryption, as well as bi-linear to achieve the multiple counting of the Center for counting of the multi-candidate electoral scheme.
Third, based on Bit decomposition protocol, a without zero-knowledge proof multi-candidate election protocol was proposed. In 2006 TCC Bit decomposition was first proposed by Ivan Damard as a typical application of secure multi-party computation. By the cooperation of high-performance server, the encryption bit string value of each one broken down into its corresponding encrypted value, which is used to decompose the re-encoded the votes into the votes the candidates by their counterparts. And then through the homomorphic encryption algorithm with the state election results can be obtained. Using above-mentioned measures that the high-performance server is used to decompose a large number of votes and complete the statistical work can be greatly improve the efficiency of the elections for the national election, or another large-scale election.
引文
[1]什么是电子投票?[EB/OL]. http://people.bowenwang.com.cn/ government-channel. htm
[2]刘景美,傅晓彤,程相国,王新梅.电子投票的安全性及应用前景[J].计算机安全2004.12
[3]美国中期选举 电子投票难获信任[EB/OL]. http://cio.itl68.com/
[4]Chaum DL. Untraceable electronic mail, return address, and digital pseudonyms[C]. Communications of the ACM,1981,24(2):84-90
[5]Cohen JD, Fischer MJ. A robust and verifiable cryptograpuically secure election scheme[C]. In:IEEE computer Socirty, ed. Proc. Of the 26th IEEE symp. On Foundations of Computer Science. New York:IEEE Press,1985.372-382
[6]Magkos E, Burmester M, Chrissikopoulos V. Receipt-Freeness in largescale elections without untappable channels[C]. In:Schmid B, Pf al eds. Proc. of the 1st IFIP Conf.on Ecommerce/E. business/E. Government. Zuric:KIuwer Academics Publishers,2001.683-693
[7]Cranor LF, Cy RK. Sensus:A security-conscious electronic polling system for the Internet[C]. In:Proc. of the Hawaii Int'l Conf. On System Sciences.1997. http://lorrie. cranor. org/pubs/hicss/.
[8]Benaloh J, Tuinstra D. Receipt-Free ballot elections[C]. In:Proc. of the 26th Symp. on Theroy of Computing(STOC'94). Montreal,1994.544-553.
[9]Cranor L. Electonic voting:Computerized polls may save money,protect privacy[C]. In:Proc.of the Hawaii Internet of Conf. on System Science. Huawaii,1997.116-124. http://www.acm.org/crossroads/xrds2-4/voting.html.
[10]Martin H, Sako K. Efficient receipt-free voting based on homomorphic encryption[C]. In:Preneel B,ed. EUROCRYPT 2000. LNCS921, Berlin: Springer-Verlag,2000.393-403.
[11]Lee B, Kin K. Receipt-Free electronic voting through collaboration of voter and honest verifier[C]. In:Proc. of the JWISC 2000. Okinawa,2000.101-108. http://citeseer.ist.psu.edu/lee00receiptfree.html.
[12]D.Boneh and X.Boyen. Efficient Selective-ID Identity Based Encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2004, volume 3027 of LNCS, pages 223-238. Springer-Verlag,2004.
[13]陈晓峰,等.基于半信任模型的无收据的电子投票[J].计算机学报,2003,26(5): 557-562.
[14]Mike Burmester, Emmanouil Magkos. Towards secure and practical e-elections in the new era[C]. In D.Gritzalis, editor, Secure Electronic Voting, Pages 62-72. Kluwer Academic Publishers,2003.
[15]Costas Lambrinoudakis, Dumitris Gritzalis, Vassilis Tsoumas, Maria Karyda, Spyros Ikonomopoulos. Secure electronic voting:The current landscape[C]. In D.Gritzalis, editor, Secure Electronic Voting, Pages 101-122. Kluwer Academic Publishers,2003.
[16]Ben Adida. Advances in Cryptographic Voting Systems[D]. Submitted to the Department of Electrical Engineering and Computer in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MIT,2003.8.
[17]Ben Adida, Ronald L.Rivest. Self-Contained Paper-Based Cryptographic Voting[C]. CCS'06, October 30-November3,2006, Copright 2006 ACM.
[18]A.Joux. A one round protocol for tripartite Diffie-Hellman[C]. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385-394.
[19]A.Joux and K.Nguyen. Separating Decision Die-Hellman from Die-Hellman in cryptographic groups. J.Cryptology 16(4), pp.239-247,2003.
[20]Rivest R., Shamir A., and Adleman L. A method for obtaining digital signatures and public key cryptosystem[C]. Communications of the ACM, February 1978.
[21]P. Paillier. Public-Key Cryptosystems Based on Discrete Logarithms Residues[C]. In Eurocrypt'99, LNCS 1592. Springer-Verlag,1999.
[22]Ran Canetti. Universally Composable Security:A New Paradigm for Cryptographic Protocols [J]. IEEE Symposium on Foundations of Computer Science,136-145,2001.
[23]Ran Canetti, Marc Fischlin. Universally Composable Commitments[C]. Lecture Notes in Computer Science, volume 2139,19-28,2001, citeseer.ist.psu.edu/canetti01universally.html.
[24]Ran Canetti and Hugo Krawczyk. Universally Composable Notions of Key Exchange and Secure Channels[J]. Theory and Application of Cryptographic Techniques. pages 337-351.2002. citeseer.is.psu.edu/canetti02universally.html.
[25]R.Canetti and S.HMevi and J.Katz and Y.Lindell and P.MacKenzie. Universally Composable Password-Based Key Exchange[C], Eurocrypt 2005,2005 citeseer.ist.psu.edu/canetti05universally.html.
[26]I. Damgard and J. Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor[C]. In CRYPTO 2002,2002, citeseer.ist.psu.edu/dam901perfect.html.
[27]S.Go|dwasser, S.Micali and C.Rackoff. The knowledge Complexity of Interactive Proof Systems[J], SIAM Journal on Comput.,Voll8,NO.1,1989, pp.186-208.
[28]M.Bellare and P.Rogaway. Random oracles are practical:a paradigm for designing efficient protocols[C]. In first ACM conference on Computer and Communieations Security, pages 62-73, New York,1993. ACM press.
[29]YDesmedt and Y.Frankel, Threshold cryptosystems[C], In Advances in Cryptolog; Crypt089.
[30]YGDesmedt. Threshold cryptography [C]. European Transactions on Telecommunications,54;449-457,July 1994.
[31]W.Dime and M.E.Hellman. New Directions in cryptography[C]. IEEE Trans.info.Theory, IT-22(6):644-654,1976.
[32]D. Beaver. Foundations of secure interactive computing[C]. In Joan Feigenbaum,editor, Advances in Cryptology-Crypto'91, pages 377-391,Berlin, 1991. Springer-Verlag. Lecture Notes in Computer Science Volume 576.
[33]0.Goldreich, S.Micali, and A.Wigderson. How to play any mental game[C]. In Proceedings of the 19th Annum ACM Symposium on Theory of Computing, pages 218-229,1987.
[34]Jens Groth. Evaluating Security of Voting Schemes in the Universal Composability Framework[C]. ACNS 2004..
[35]Manoj Prabhakaran,Mike Rosulek. Cryptographic Complexity of Multi-Party Computation Problems:Classifications and Separations[C]. CRYPTO 2008, LNCS 5157,262-279.
[36]雷飞宇.UC安全多方安全计算模型及其典型应用研究[D].上海交通大学计算机科学与工程系博士论文,2007.1.
[37]Vanesa Daza,Javier Herranz,Paz Morillo,Carla Rafols. CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts[C]. ProvSec 2007,LNCS 4784,35-50.
[38]M.Ben-Or, S.Goldwasser, A.Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computation[C]. In Proc.20th Annual Symp. On the Theory of Computing, ACM,1988,1-10.
[39]I. Damgard, M. Fitzi, E. Kiltz, J.B. Nielsen, and T. Toft. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation[C]. In Proc.3rd Theory of Cryptography Conference, TCC 2006, volume 3876 of Lecture Notes in Computer Science, pages 285-304, Berlin,2006. Springer-Verlag.
[40]Berry Schoenmakers, Pim Tuyls2. Efficient Binary Conversion for Paillier Encrypted Values[C]. EUROCRYPT 2006, LNCS 4004, pp.522-537,2006.
[41]R. Cramer, I. Damgard, and J.B. Nielsen. Multiparty computation from threshold homomorphic encryption[C]. EUROCRYPT'01, volume 2045 of Lecture Notes in Computer Science, pp.280-300, Berlin,2001. Springer-Verlag. Full version eprint.iacr.org/2000/055, October 27,2000.
[42]Y. Desmedt, Y. Frankel. Threshold cryptosystems[C]. In:Proc. CRYPTO'89, Lecture Notes in Computer Science 435, Springer-Verlag,1990, pages 307-315.
[43]M. De Soete, J. J. Quisquater and K. Vedder. A signature with shared verification scheme[C]. In:Proc. CRYPTO'89, Lecture Notes in Computer Science 435, Springer-Verlag,1990, pages 253-262.
[44]R. A. Croft, S. P. Harris. Public-key cryptography and re-usable shared secrets[C]. In:Proc. Cryptography and Coding. Clarendon Press,1989, pages 189-201.
[45]Y. Desmedt, Y. Frankel. Shared Generation of Authenticators and Signatures[C]. In:Proc. CRYPTO'91, Lecture Notes in Computer Science 576, Springer-Verlag,1992, pages 457-469.
[2]刘景美,傅晓彤,程相国,王新梅.电子投票的安全性及应用前景[J].计算机安全2004.12
[3]美国中期选举 电子投票难获信任[EB/OL]. http://cio.itl68.com/
[4]Chaum DL. Untraceable electronic mail, return address, and digital pseudonyms[C]. Communications of the ACM,1981,24(2):84-90
[5]Cohen JD, Fischer MJ. A robust and verifiable cryptograpuically secure election scheme[C]. In:IEEE computer Socirty, ed. Proc. Of the 26th IEEE symp. On Foundations of Computer Science. New York:IEEE Press,1985.372-382
[6]Magkos E, Burmester M, Chrissikopoulos V. Receipt-Freeness in largescale elections without untappable channels[C]. In:Schmid B, Pf al eds. Proc. of the 1st IFIP Conf.on Ecommerce/E. business/E. Government. Zuric:KIuwer Academics Publishers,2001.683-693
[7]Cranor LF, Cy RK. Sensus:A security-conscious electronic polling system for the Internet[C]. In:Proc. of the Hawaii Int'l Conf. On System Sciences.1997. http://lorrie. cranor. org/pubs/hicss/.
[8]Benaloh J, Tuinstra D. Receipt-Free ballot elections[C]. In:Proc. of the 26th Symp. on Theroy of Computing(STOC'94). Montreal,1994.544-553.
[9]Cranor L. Electonic voting:Computerized polls may save money,protect privacy[C]. In:Proc.of the Hawaii Internet of Conf. on System Science. Huawaii,1997.116-124. http://www.acm.org/crossroads/xrds2-4/voting.html.
[10]Martin H, Sako K. Efficient receipt-free voting based on homomorphic encryption[C]. In:Preneel B,ed. EUROCRYPT 2000. LNCS921, Berlin: Springer-Verlag,2000.393-403.
[11]Lee B, Kin K. Receipt-Free electronic voting through collaboration of voter and honest verifier[C]. In:Proc. of the JWISC 2000. Okinawa,2000.101-108. http://citeseer.ist.psu.edu/lee00receiptfree.html.
[12]D.Boneh and X.Boyen. Efficient Selective-ID Identity Based Encryption without Random Oracles. In Advances in Cryptology-Eurocrypt 2004, volume 3027 of LNCS, pages 223-238. Springer-Verlag,2004.
[13]陈晓峰,等.基于半信任模型的无收据的电子投票[J].计算机学报,2003,26(5): 557-562.
[14]Mike Burmester, Emmanouil Magkos. Towards secure and practical e-elections in the new era[C]. In D.Gritzalis, editor, Secure Electronic Voting, Pages 62-72. Kluwer Academic Publishers,2003.
[15]Costas Lambrinoudakis, Dumitris Gritzalis, Vassilis Tsoumas, Maria Karyda, Spyros Ikonomopoulos. Secure electronic voting:The current landscape[C]. In D.Gritzalis, editor, Secure Electronic Voting, Pages 101-122. Kluwer Academic Publishers,2003.
[16]Ben Adida. Advances in Cryptographic Voting Systems[D]. Submitted to the Department of Electrical Engineering and Computer in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MIT,2003.8.
[17]Ben Adida, Ronald L.Rivest. Self-Contained Paper-Based Cryptographic Voting[C]. CCS'06, October 30-November3,2006, Copright 2006 ACM.
[18]A.Joux. A one round protocol for tripartite Diffie-Hellman[C]. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp.385-394.
[19]A.Joux and K.Nguyen. Separating Decision Die-Hellman from Die-Hellman in cryptographic groups. J.Cryptology 16(4), pp.239-247,2003.
[20]Rivest R., Shamir A., and Adleman L. A method for obtaining digital signatures and public key cryptosystem[C]. Communications of the ACM, February 1978.
[21]P. Paillier. Public-Key Cryptosystems Based on Discrete Logarithms Residues[C]. In Eurocrypt'99, LNCS 1592. Springer-Verlag,1999.
[22]Ran Canetti. Universally Composable Security:A New Paradigm for Cryptographic Protocols [J]. IEEE Symposium on Foundations of Computer Science,136-145,2001.
[23]Ran Canetti, Marc Fischlin. Universally Composable Commitments[C]. Lecture Notes in Computer Science, volume 2139,19-28,2001, citeseer.ist.psu.edu/canetti01universally.html.
[24]Ran Canetti and Hugo Krawczyk. Universally Composable Notions of Key Exchange and Secure Channels[J]. Theory and Application of Cryptographic Techniques. pages 337-351.2002. citeseer.is.psu.edu/canetti02universally.html.
[25]R.Canetti and S.HMevi and J.Katz and Y.Lindell and P.MacKenzie. Universally Composable Password-Based Key Exchange[C], Eurocrypt 2005,2005 citeseer.ist.psu.edu/canetti05universally.html.
[26]I. Damgard and J. Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor[C]. In CRYPTO 2002,2002, citeseer.ist.psu.edu/dam901perfect.html.
[27]S.Go|dwasser, S.Micali and C.Rackoff. The knowledge Complexity of Interactive Proof Systems[J], SIAM Journal on Comput.,Voll8,NO.1,1989, pp.186-208.
[28]M.Bellare and P.Rogaway. Random oracles are practical:a paradigm for designing efficient protocols[C]. In first ACM conference on Computer and Communieations Security, pages 62-73, New York,1993. ACM press.
[29]YDesmedt and Y.Frankel, Threshold cryptosystems[C], In Advances in Cryptolog; Crypt089.
[30]YGDesmedt. Threshold cryptography [C]. European Transactions on Telecommunications,54;449-457,July 1994.
[31]W.Dime and M.E.Hellman. New Directions in cryptography[C]. IEEE Trans.info.Theory, IT-22(6):644-654,1976.
[32]D. Beaver. Foundations of secure interactive computing[C]. In Joan Feigenbaum,editor, Advances in Cryptology-Crypto'91, pages 377-391,Berlin, 1991. Springer-Verlag. Lecture Notes in Computer Science Volume 576.
[33]0.Goldreich, S.Micali, and A.Wigderson. How to play any mental game[C]. In Proceedings of the 19th Annum ACM Symposium on Theory of Computing, pages 218-229,1987.
[34]Jens Groth. Evaluating Security of Voting Schemes in the Universal Composability Framework[C]. ACNS 2004..
[35]Manoj Prabhakaran,Mike Rosulek. Cryptographic Complexity of Multi-Party Computation Problems:Classifications and Separations[C]. CRYPTO 2008, LNCS 5157,262-279.
[36]雷飞宇.UC安全多方安全计算模型及其典型应用研究[D].上海交通大学计算机科学与工程系博士论文,2007.1.
[37]Vanesa Daza,Javier Herranz,Paz Morillo,Carla Rafols. CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts[C]. ProvSec 2007,LNCS 4784,35-50.
[38]M.Ben-Or, S.Goldwasser, A.Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computation[C]. In Proc.20th Annual Symp. On the Theory of Computing, ACM,1988,1-10.
[39]I. Damgard, M. Fitzi, E. Kiltz, J.B. Nielsen, and T. Toft. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation[C]. In Proc.3rd Theory of Cryptography Conference, TCC 2006, volume 3876 of Lecture Notes in Computer Science, pages 285-304, Berlin,2006. Springer-Verlag.
[40]Berry Schoenmakers, Pim Tuyls2. Efficient Binary Conversion for Paillier Encrypted Values[C]. EUROCRYPT 2006, LNCS 4004, pp.522-537,2006.
[41]R. Cramer, I. Damgard, and J.B. Nielsen. Multiparty computation from threshold homomorphic encryption[C]. EUROCRYPT'01, volume 2045 of Lecture Notes in Computer Science, pp.280-300, Berlin,2001. Springer-Verlag. Full version eprint.iacr.org/2000/055, October 27,2000.
[42]Y. Desmedt, Y. Frankel. Threshold cryptosystems[C]. In:Proc. CRYPTO'89, Lecture Notes in Computer Science 435, Springer-Verlag,1990, pages 307-315.
[43]M. De Soete, J. J. Quisquater and K. Vedder. A signature with shared verification scheme[C]. In:Proc. CRYPTO'89, Lecture Notes in Computer Science 435, Springer-Verlag,1990, pages 253-262.
[44]R. A. Croft, S. P. Harris. Public-key cryptography and re-usable shared secrets[C]. In:Proc. Cryptography and Coding. Clarendon Press,1989, pages 189-201.
[45]Y. Desmedt, Y. Frankel. Shared Generation of Authenticators and Signatures[C]. In:Proc. CRYPTO'91, Lecture Notes in Computer Science 576, Springer-Verlag,1992, pages 457-469.