摘要
Internet极大地改变了人们的工作、生活方式,也改变了政府、企业及其它各类团体的通讯、交流及业务行为的方式。Internet是一个开放的体系,在设计之初并没有考虑安全问题,任何进入网络的数据都面临着被窃取、滥用及篡改等风险,而来自网络的数据则有可能是假冒的、伪造的,而这又可成为数据发送者抵赖的借口。
近年来,认证系统随着计算机网络和通信技术的普遍应用而迅速发展起来,它己经成为密码学的一个重要研究方向。数字签名是认证系统的主要内容,它提供了认证性、完整性和不可否认性的重要技术,解决了否认、伪造、篡改及冒充等问题,使得使用电子签名代替传统手写签名或印章可能。随着电子商务、电子政务的快速发展,单个用户的一般数字签名技术已不能完全满足需要,研究面向群组及具有特殊性质的数字签名成为认证理论的一个重要研究方向。同时认证与加密融合系统的出现也是认证系统发展的一个新的方向。
面向群组的特殊数字签名在现实生活中有着非常广泛的应用前景。在基于RSA的门限签名体制中,要在其成员参与间共享一组参数,包括公开参数n,e,及要在参与成员间共享的解密密钥d。使得各成员所持有各自的私钥份额,但任何成员都不知道d,且任何少于规定门限值的成员子集都无法恢复d。由可信中心产生这些参数存在效率瓶颈及单点失效的问题,且TC也并非总是可用。因此提出一个由参与者共同计算产生RSA共享密钥的协议。该协议在计算模数N时利用分布式的初始素数筛选协议,降低了寻找两素数乘积的计算复杂度。同时由于采用了基于同态加密体制构造的共享转换协议进行模数N和密钥d的共同计算,避免了使用不经意传输协议,使得协议更加简单而且具有很高的效率。方案中增加了对共享d的验证,因而除具有被动安全性外,还可以防止参与一方进行欺诈。
根据应用背景的不同,面向群组的签名往往有不同的特性要求。在MANET中,MANET的自组织性、动态性导致了其网络中某个特定的节点并不总是可用的,称为弱连接性。在这类网络中采用具有在线可信中心(TC)的密码体制会带来效率瓶颈及单点失效的问题。门限签名体制的特点使得它可以用于避免上述问题,因而在此类网络中具有很高的应用价值。另一方面,大规模的移动自主网络通常会组成一个多层次的网络,每个层次的安全需求可能是不同的。为了满足这类需求,提出了一个适合于多级安全MANET的门限-按序多重签名方案。使得一个消息可以被各部门或各级网络间按线性顺序签名,而各部门或各级网络内则可按门限的方式签名。该方案的设计基于一个RSA签名体制的变体和一个按序多重签名方案,具有较高的计算和空间效率,并在随机预言机模型中给出了到RSA难解问题的线性归约。
在电子政务或电子商务的应用中,往往需要事务参与者按一定的顺序签名。按线性顺序的签名仅可满足一些简单的应用场合,而许多事务处理流程往往错综复杂,无法用线性顺序进行描述。结构化多重签名技术允许多个签名者以更复杂的顺序进行签名,并且签名的消息和顺序都是可以验证的。为描述这类顺序,引入了一些能表达复杂顺序的概念。串并图就是一种可以描述串行、并行事件混合顺序的图。在此基础上,提出了一种基于DSA的按序多重签名方案。该方案支持顺序灵活性,签名者按一定顺序签名后,验证者同时验证消息与顺序的正确性。安全性方面,该方案可抵抗适应性内部选择消息攻击。方案的签名及验证的时间与同类方案相比更短。
大多数基于RSA的多重签名方案仅支持按线性序签名,而由于RSA算法已被全世界广泛采用,因此对结构化RSA多重签名的研究具有重要的意义。为满足在复杂环境中进行RSA多重签名的要求,采用了可表达丰富的顺序关系的签名结构来表示签名的顺序,并提出一个支持以这种结构化顺序签名的RSA多重签名方案。该方案产生签名的计算代价与签名者的数量成正比,所产生的签名大小以及验证所需的计算代价与RSA单签名相同。方案的安全性可以归约到RSA求逆的安全性。
签密是一种融保密和认证为一体的新的密码体制。除了保密和认证以外,对于签密系统而言,不可抵赖性也是必不可少的性质,这就要求签密方案可公开验证,而与此同时又带来了新的安全问题。为解决此问题,提出了一个可公开验证的短签密方案,该方案具有强保密性,可抵抗灵活反签密预言机模型中的IND-CCA2攻击,同时具有强不可伪造性,可抵抗强选择消息攻击,并具有公开可验证的性质,给出了标准模型下的安全性证明。
The emergence of the Internet changes people’s ways of life and work. It also changes the ways of communication, conservation and transaction of governments, enterprise and other organizations. But Internet is an open system, it is not designed with the security consideration. Anybody including malicious users can access the network, so any data connected to the network are threaten by theft, abuse or tamper. Any data from the network may be personated or forged. Also, dishonest users may deny their behaviors that have happened in fact.
With the widely application of the computer networks and communication technologies authentication systems have developed rapidly recent years. It becames one of the most important research directions in cryptography. Digital signature technology the main issue of authentication systems. It provides authentication, integrity and non-repudiation services and can solve the repudiation, forgery, tamper and personation problems and consequently enables e-business, e-government and so on. With the rapidly development of e-business and e-government gernal digital signature technology that the signature is signed by a single user can not satisfy the growing requirement any longer. As a result, the signature technologies in multi-user settings and signature technologies with specificated properties becames important new directions in authentication researches. Group oriented signature with specificated property is a kind of signature in multi-user settings and is widely applicable in real life.
We studied the following group oriented signature technologies including group signature, threshold signature, order-specified signature and signcryption in this paper. We analyzed several digital signature schemes and proposed several new digital signature schemes in multi-user settings.
In RSA based threshold signature systems, some parameters including the public parameter n and e should be shared among the parties, while the private key d should be shared by the parties. Each party keeps its private share secret and there is not a sub set of the parties less than t can recover the private key d. There are some problems such as efficient bottleneck and single point failure when these parameters generated by the Trusted Center. To deal with these problems, we proposed an efficient two party RSA secret key sharing generation scheme based on a homomorphic encryption, which is semantically secure under the prime residuosity assumption is proposed in this paper. At the stage of computing RSA modulo N, an initial distributed primality test protocol is used to reduce the computation complexity and increase the probability of N being a two-prime product. On the other aspect, the homomorphic encryption based sharing conversion protocols is devised and adopted in multi-party computing modulus N and secret key d. Comparing to any sharing conversion protocols based on oblivious transfer protocol, the homomorphic encryption based sharing conversion protocols are of high performance. Our scheme resists the passive attack and since a method of verifying the sharing was introduced in, the scheme can resists any cheating behaviors too. Security proof, computation complexity and communication complexity analysis are given at last.
Threshold signature schemes are useful in MANET because of the mobility and weak connectivity. Meanwhile, order-specified multi-signature schemes are valuable in some multi-level security systems. To meet such kind of requirements, we proposed a secure threshold order-specified multi-signature scheme based on RSA in this paper. The scheme is designed based on a modified threshold RSA signature scheme and an order-specified. It has a certain extent exact security. Proof is given in the random oracle model and the computational and spatial complexity are presented at the end.
In multisignature schemes signers can sign either in a linear order or not in any specified order, but neither of them is adequate in some scenarios where require mixture using of orderless and ordered multisignature. Most order-specified multisignatures specified the orders as linear ones. In this paper, we proposed an order-specified multisignature scheme based on DSA secure against active insider attack. To our knowledge, it is the first order-specified multisignature scheme based on DSA signature scheme, in which signers can sign in flexible order represented by series-parallel graphs. In the multisignature scheme verification to both signers and signing order are available. The security of the scheme is proved by reduce to an identification scheme that is proved have some concrete security. The running time of verifying a signature is comparable to previous schemes while the running time of multisignature generation and the space needed is less than those schemes. Most previous multi-signature schemes based on RSA only support signing in a serial order. To meet the need of signing in more complex order, we proposed a structured multi-signature scheme based on RSA. The size of the multi-signature and the multi-signature verification computational cost of are the same as that of single RSA signature scheme and the computational cost of signing is proportion to the increase of signers. The security of the proposed scheme is reduced the complexity of inverting RSA.
Signcryption is a new crypto primitive to model a process achieving privacy and authenticity simultaneously. Besides privacy and authenticity, non-repudiation is also a pre-requisite property a signcryption for a signcryption scheme. To achieve the objective, it is required that the signcryption must be publicly verifiable which in turn brings new security troubles. We proposed a publicly verifiable short signcryption scheme which is strong existentially unforgeable under active chosen message attack and is of strong confidentiality under the active chosen cipher-text attack in the flexible unsigncryption oracle. All the security proofs is given standard model without using random oracles.
引文
[1] Diffie W. and Hellman M. E. New Directions in Cryptography. IEEE Transactions on Informtion Theory. IT-22 (1976): 644~654
[2] Bruce Schneier.应用密码学协议、算法与C源程序.吴世忠,祝世雄,张文政等译,北京:机械工业出版社.2001. 25~25
[3] Merkle R.C. A Digital Signature Based on a Conventional Encryption Function. Advances in Cryptology– CRYPTO’87 Proceedings. Springer-Verlag, 1988. 369~378
[4] Merkle R.C. A Certified Digital Signature. Advances in Cryptology– CRYPTO’89 Proceedings. Springer-Verlag, 1990. 218~238
[5] Rivest R., Shamir A. and Adleman L. A method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM. vol.21, No. 2, 1978. 120~126
[6]冯登国,卿斯汉.信息安全——核心理论与实践.北京:国防工业出版社, 2000
[7]杨义先,孙伟,钮心忻.现代密码新理论[M].北京:科学出版社, 2002
[8] Mao W.现代密码学理论与实践.王继林等译北京:电子工业出版社, 2004
[9] Goldwasser S., Micali S., Yao A. Strong signature schemes. In: Proc. 15th ACM Symp. on Theory of Computing. Boston, 1983, 431~439
[10] Goldwasser S., Micali S., Rivest R.L. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 1988, 17(2):281~308
[11] Li, C.M.,Hwang, T. and Lee, N Y. Remark on the threshold RSA signature scheme. Advances in cryptography, Crypto'93, 1994. 413~420
[12] Menezes A.J., van Oorschot P.C. and Vanstone S.A. Handbook of applied cryptography, NewYork: CRC Press, 2000, 425~488
[13] Nyberg, K., Rueppel, R. A. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. EUROCRYPT'94, 1994,182~193
[14] MAMBO M, USUDA K, OKAMOTO E. Proxy signatures for delegating signing operation[A]. Proc 3rd ACM Conference on Computer and Communications Security[C].ACM Press, 1996. 48~57
[15] Mambo M., Usuda K. and Okamoto E. Proxy Signatures: Delegation of the Power to Sign Messages. IEICE Trans. Fundam. 1996, E79-A(9):1338~1354
[16] Lee B., Kim H., and Kim K. Secure Mobile Agent Using Strong Non-Desinated Proxy Signature. Proc. Of ACISP2001, 2001. LNCS 2119, Springer-Verlag, 2001. 474~486
[17] Lee B., Kim H., and Kim K. Strong Proxy Signature and Its Application. Proc. Of ACISP 2001, 11B-1, 2001. 603~608
[18] Chaum D. Blind signature systems. In:Chaum D, ed. Proceedings of the Crypto'83. New York: Springer-Verlag, 1983. 153~56
[19] Shamir A. Identity-based cryptosystems and signature schemes. Advances in Cryptology-Proceedings of CRYPTO'84, LNCS 196. Berlin: Springer-Verlag, 1985. 48~53
[20] Desmedt Y. Society and group oriented cryptography: A new concept. In: Advances in Cryptology. Proceedings of Crypto’87, Lecture Notes in Computer Science, Vol. 293. Springer-Verlag, 1988. 120~127
[21] Hwang Tzonelih. Cryptosystem for Group Oriented Cryptography. Heidelberg: Springer Berlin LNCS 473,1991, Advances in Cryptology - EUROCRYPT '90. 1991.352~360
[22] Shamir A. How to Share a Secret. Communication of the ACM, 1979, 22. 612~613
[23] Franklin M. and Haber S. Joint encryption and message-efficient secure computation. Journal of Cryptology, 1996, 9(4):217~232
[24] Itakura K, Nakamura K. A public key cryptosystem suitable for digital multisignatures. NEC Res Develop 1983. 1~8
[25] Ham I, Keisler T. New scheme for Digital Multisignature. Electronic Letters, 1989, 25(15):1002~1003
[26] Kawauchi K, Minato H, Miyaji A, et al. A Multi-signature Scheme with Signers' Intentions Secure against Active Atacks. ICISC 2001:328~340
[27] Burmester M, Doi H, Mambo M. et al. A structured ElGamal-Type multisignature scheme. Proceedings of International Workshop on Practiceand Theory in Public Key Cryptography, LNCS 1751. Springer-Verlag, 2000, 466~483
[28] Yi Lijiang, Wang Guoqiang. Proxy Multi-Signature. Journal of Computer Research and Development. 2001, 38 (2):204~206
[29]许春香,董庆宽,肖国镇.矢量空间秘密共享多重签名方案.电子学报. 2003, 31(1):48-50
[30] Boyd, Colin. Digital signatures. Cryptography and Coding. H. J. Beker and F. C. Piper Eds., Oxford University Press. 1989. 241~246
[31] Itakura K. and Nakamura K. A public-key Cryptosystem Suitable for Digital Multi-signatures. NEC J. Res. Dev. 71, Oct. 1983. 1~8
[32] Burmester M., Desmedt Y., Doi H. et al. A structured ElGamal-type Multisignature Scheme. Proceedings of PKC 2000, LNCS 1751, Springer-Verlag, 2000. 466~483
[33] Doi H., Mambo M. and Okamoto E. On the Security of the RSA-based Multisignature Scheme for Various Group Structure. Proceedings of ACISP 2000. LNCS 1841, Springer-Verlag, 2000.352~367
[34] Yen S., and Laih C. New Digital Signature Scheme Based on Discrete Logarithm. Electronics Letters. 1993, 29 (12): 1120~1121
[35] Lin C.-Y, Wu T.-C. and Zhang F. A Structured Multisignature Scheme from the Gap Diffie-Hellman Group. http://eprint.iacr.org/2003/090
[36] Shimbo. Multisignature Schemes Based on the Elgamal Scheme. The 1994 Symposium on Cryptography and Information Security, SCIS94-2C[C]. Jan. 1994
[37] Kawauchi K. and Tada M.. On the Exact Security of Multi-signature Schemes Based on RSA. R. Safavi-Naini and J. Seberry (Eds.): ACISP 2003, LNCS 2727, Springer-Verlag, 2003. 336~349
[38] Okamoto T. A Digital Multisignature Scheme Using Bijective Public-keyCryptosystems. ACM Trans. on Computer Systems, 1988,Vol.6, No.8: 432~441
[39] Mitomi S. and Miyaji A. A Multisignature Scheme with Message Flexibility, Order flexibility and Order verifiability. Proceedings of ACISP 2000, LNCS 1841, Springer-Verlag, 2000.298~312
[40] Ohta K. and Okamoto T. Multi-signature Schemes Secure against Active insider Attacks. IEICE Transactions of Fundamentals, 1999, vol.82-A, No.1: 22-31
[41] Harn L., Lin C.-Y. and Wu T.-C. Structured multisignature algorithms. IEE Proc. Comput. Digit. Tech, 2004, 151(3):231~234
[42] Tada M., An Order-Specified Multisignature Scheme Secure against Active Insider Attacks. L. Batten and J. Seberry (Eds.): ACISP 2002, LNCS 2384, 2002. 328~345
[43] Chaum D., van Heyst. Group signatures. In: Eurocrypt’91, Springer-Verlag: LNCS 547,1992.257~265
[44] Camenisch J. and Michels M. A group signature scheme with improved efficiency. In: Advances in Cryptology– ASIACRYPT'98, Berlin: LNCS 1514, Springer-Verlag, 1998. 160~174
[45] Ateniese G, Tsudik G. Some open issues and new directions in group signatures. In: Franklin M, ed. Financial Cryptography Conf. LNCS 1648, Berlin: Springer-Verlag, 1999. 196~211
[46] Ateniese G, Camenish J, Joye M, et al. A practical and provably secure coalition-resistant group signature scheme. In: Bellare M., editor, Advances in Crypto’2000. Berlin: Springer-Verlag. 2000. 255~270
[47] Camenisch J., Lysyanskays A. Dynamic accumulators and application to efficient revocation of anonymous credentials. In Advances in Cryptology-Crypto'02, LNCS 2442, Springer-Verlag, 2002. 61~77
[48] Ateniese G., Tsudik G.. Quasi-efficient revocation of group signature. In: Proc. of Financial Cryptography(FC'02).183~197
[49] Camenisch J., Lysyanskaya A. Eficient non-transferable anonymous multishowcredential system with optional anonymity revocation. Advances in Cryptology- EuroCrypto'01, LNCS 2045, Springer-Verlag, 2001. 93~118
[50] D Song. Practical forward secure group signature schemes. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS2001), ACM, 2001. 225-~34
[51] Kim H.J., Lim J.I., and Lee D.H. Efficient and secure member deletion in group signature schemes. In: Information Security and Cryptology (ICISC 2000), LNCS 2015, Berlin: Springer-Verlag, 2001. 150~161
[52] Wang Guilin, Bao Feng, Zhou Jianying et al. Security Remarks on a Group Signature Scheme with Member Deletion. Qing S., Gollmann D., and Zhou J. (Eds.): ICICS 2003, LNCS 2836, 2003. 72~83
[53] Choi Eun Young, Kim Hyun-Jeong, and Lee Dong Hoon. Efficient Member Revocation in Group Signature Schemes. Katsikas S., Lopez J., Pernul G. (Eds.): TrustBus 2005, LNCS 3592, 2005. 195~205
[54] Nakanishi Toru, Kubooka Fumiaki, Hamada Naoto et al. Group Signature Schemes with Membership Revocation for Large Groups. Boyd C. and Gonzalez Nieto J.M. (Eds.): ACISP 2005, LNCS 3574, 2005. 443~454
[55]王尚平,王育民,王晓峰,秦波,何成,邹又姣.群签名中成员删除问题的更新算子解决方案.软件学报, 2003, 14(11):1911~1917
[56]黄振杰,牛志华,王育民. Camenisch群签名方案的改进和成员废除.计算机学报. 2004, 27(8):1115~1120
[57]陈泽文,王继林,黄继武,王育民,黄达人. ACJT群签名方案中成员撤消的高效实现.软件学报. 2005, 16(1):151~157
[58] Blackley, G. R. Safeguarding cryptographic keys. Proceedings of the National Computer Conference of AFIPS. 1979. 313~317
[59] Desmedt Y. and Frankel Y. Threshold Cryptosystems. In: Proc. of CRYPTO 89, LNCS 435, Springer-verlag, 1990. 307~315
[60] Shoup V. Practical Threshold Signatures. In: Proc. of Eurocrypt 2000, LNCS 1807,2000. 207~220
[61] Desmedt Y. Threshold Cryptography. European Transactions on Tele- communications, 1994, 5 (4): 449~457
[62] Chor B., Goldwasser S., Micali S. et al. Verifiable Secret sharing and Achieving Simultaneity in the Presence of Faults. In: Proc. 26th IEEE Symposium on Foundations of Computer Sciences(FOCS'85). Los Angeles: IEEE Computer Society, 1985, 383~395
[63] Feldman P.. A Pratical Scheme for Non-Interactive Verifiable Secret Sharing. In: Proc. 28th Annual FOCS. IEEE, 1987. 427~437.
[64] Pedersen T. P. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Advances in Cryptology-Crypto'91, LNCS 576, J. Feigenbaum ed., Berlin: Springer-Verlag. 1992. 129~140
[65] Desmedt Y., Jajodia S. Redistributing secret shares to new access structures and its application. George Mason University, Fairfax, VA,Tech. Rep.: ISSE TR-97-01, 1997
[66] Cocks C. split knowledge of RSA parameters Ed. (Michael Darnell), Cryptography and Coding, Lecture Notes in Computer Science. Springer-Verlag, 1997, 1335: 89-95
[67] Boneh D, Franklin M. Efficient generation of shared RSA keys. Proc of Crypto‘97. Springer-Verlag, 1997.425~439
[68] Boneh D, Franklin M. Efficient generation of shared RSA keys. Journal of the ACM, 2001, 48(4): 702~722
[69] Gilboa N. Two party RSA key generation. Wiener M (ed.), Proceedings of the Crypto’99. Berlin: Springer-Verlag, 1999. 116~129
[70] Frankel Y, MacKenziei P D, Yun M. Robust efficient distributed RSA-key generation. STOC ACM. 1998. 663~672
[71] Wang H, Xiao H, Xiao G Z. Two-Party shared RSA key against cheater. Journal of Software. 2000, 11(10): 1344~1347
[72] Rabin T. A simplified approach to threshold and proactive RSA. In: ed(Krawczyk H.). CRYPTO'98, LNCS 1462, New York, Springer-Verlag, 1998. 89~104
[73]王宏,肖鸿,肖国镇.防欺诈的二方共享RSA密钥.软件学报, 2000, 11(10):1344~1347
[74] Zhang R, Imai H. Round optimal distributed key generation of threshold cryptosystem based on discrete logarithm problem. In: Eds(Zhou J, Yung M, Han Y). ACNS 2003, LNCS 2846. Berlin Heidelberg, Springer-Verlag, 2003. 96~110
[75] Rosario Gennaro. Theory and Practice of Verifiable Secret Sharing. Massachusetts Institute of Technology. PhD thesis. May 1996
[76] Zheng Y. Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption), Advances in Cryptology -- Crypto'97, Lecture Notes in Computer Science, Vol. 1294, Springer-Verlag, 1997. 165~179
[77] Bao F. and Deng R. H. A Signcryption Scheme with Signature Directly Verifiable by Public Key Public Key Cryptography (PKC’98), LNCS 1431 Springer-Verlag, 1998. 55~59.
[78] Steinfeld R. and Zheng Y., A Signcryption Scheme Based on Integer Factorization, Information Security Workshop (ISW '00), LNCS 1975, Springer-Verlag, 2000. 308~322
[79] Dodis Y. Signcryption (a short survey), Encyclopedia of Cryptography and Security (updated version), 2005
[80] Balke, G. Seroussi, and N. Smart. Elliptic Curves in Cryptogarphy. Cambridge University Press, 1999. Lodon Mahtematical Society Lecture Note Series 265
[81] Malone-Lee J. and Mao W. Two Birds One Stone: Signcryption Using RSA. CT-RSA 2003, LNCS 2612, Springer-Verlag, 2003. 211~225
[82] An J. H. and Dodis Y. and Rabin T. On the Security of Joint Signature and Encryption, In Advances in Cryptology - EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, Springer-Verlag, 2002. 83~107
[83] Baek J., Steinfeld R. and Zheng Y. Formal Proofs for the Security of Signcryption. In Public Key Cryptography 2002, volume 2274 of Lecture Notes in Computer Science, Springer-Verlag, 2002. 80~98
[84] Alexander W. Dent. Hybrid Signcryption Schemes With Outsider Security, Information Security -- ISC 2005, Springer-Verlag, LNCS, Vol.3650, 2005. 203~217
[85] Alexander W. Dent, Hybrid Signcryption Schemes With Insider Security, Information Security and Privacy -- ACISP 2005, Springer-Verlag, LNCS, Vol.3574, 2005. 253~266
[86] Libert Beno?t and Quisquater Jean-Jacques. Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups. Public Key Cryptography (PKC 04), LNCS 2947, Springer-Verlag, 2004. 187~200
[87] Wang G., Bao F., Ma C.et al. Efficient Authenticated Encryption Schemes with Public Verifiability. IEEE Vehicular Technology Conference (VTC 2004) - Wireless Technologies for Global Security. IEEE Computer Society, 2004
[88] Libert Beno?t, Quisquater Jean-Jacques. Improved Signcryption from q-Diffie-Hellman Problems. In: Carlo Blundo, editor(s), 4h Conference on Security in Communication Networks '04 (SCN'04), Volume 3352 of Lecture Notes in Computer Science, Spinger-Verlag, September 2004. 220~234
[89] Boneh D., Lynn B., and Shacham H. Short signatures from the Weil pairing. In: Advances in Cryptology -Proceedings of Asiacrypt’01, LNCS 2248, Springer, 2001. 514~532.
[90] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Inform. Theory, 1985, IT-31(4):469~472
[91] Canetti Ran, Goldreich Oded, Halevi Shai. Association for Computing Machinery. Journal of the Association for Computing Machinery. New York: 2004. 51(4) p. 557
[92] Stéphanie Alt. Authenticated Hybrid Encryption for Multiple Recipients. Cryptology ePrint Archive Report 2006/029
[93] Tor E. Bjorstad and Alexander W. Dent. Building Better Signcryption Schemes with Tag-KEMs. Public Key Cryptography (PKC 2006). LNCS 3958, Springer-Verlag, 2006. 491~507,
[94] Han Yiliang and Yang Xiaoyuan. ECGSC: Elliptic Curve based Generalized Signcryption Scheme. Cryptology ePrint Archive Report 2006/126
[95] Kwak D. and Moon S. Efficient Distributed Signcryption Scheme as Group Signcryption. Applied Cryptography and Network Security (ACNS '03), LNCS 2846, Springer-Verlag, 2003. 403~417
[96] Kwak DongJin, Moon SangJae, Wang Guilin et al. A Secure Extension of the Kwak–Moon Group Signcryption Scheme. Computers & Security Volume 25, Issue 6 , September 2006. 435~444
[97] Li Ji-Guo, Li Jian-Zhong, Cao Zhen-Fu et al. A Nonrepudiable Threshold Proxy Signcryption Scheme with Known Proxy Agent. Journal of Software, 2003, Vol.14, No.12.2021~2027
[98] Ma Changshe, Chen Kefei, Zheng Dong et al. Efficient and Proactive Threshold Signcryption. Information Security -- ISC 2005, Springer-Verlag, LNCS, Vol.3650, 2005. 233~243
[99] Sunder Lal and Tej Singh. New ID Based Multi-Proxy Multi-Signcryption Scheme from Pairings, arXiv.org > cs > cs/0701044, January 2007
[100] Park Bok-Nyong and Lee Wonjun. ISMANET: A Secure Routing Protocol Using Identity-Based Signcryption Scheme for Mobile Ad-Hoc Networks. IEICE Transations on Comunications, June 2005, Vol.E88-B, No.66:2548~2565
[101] Park Namje, Moon Kiyoung, Chung Kyoil et al. A Security Acceleration Using XML Signcryption Scheme in Mobile Grid Web Services. Proceedings of the 5th International Conference on Web Engineering (ICWE 2005), Sydney, Australia, July 27-29
[102] YANG Muxiang, HONG Fan, ZHENG Minghui et al. Efficient and Robust Two-Party RSA Key Generation, Wuhan University Journal of Natural Sciences,2006, 11(6): 1313~1616
[103] YANG Muxiang, SU Li, LI Jun et al. Secure Order-Specified Multisignature Scheme Based on DSA, Wuhan University Journal of Natural Sciences, 2006, 11(6):1617~1620
[104] Yang Muxiang, Hong Fan, Li Jun et al. Secure Threshold Order-Specified Multi-signature Scheme in MANET, Proceedings of the 2006 International conference on Computaional Intelligence and Security (cis 2006)
[105] John M. Pollard. Monte Carlo methods for index computation (mod p). Mathematics of Computation, 1978, 32(143):918~924
[106] Stephen C. Pohlig and Martin E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inform. Theory, IT24. 1978. 106~110
[107] Cramer R. and Shoup V. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. Advances in Cryptology - CRYPTO'98 Proceedings, LNCS Vol. 1462, Krawczyk H., ed., Springer-Verlag, 1998. 13~25
[108] Brands Stefan. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI, April 1993
[109] Shannon C.E.. Communications theory of secrecy systems. Bell Systems Technical Journal, October 1949, 28: 656~715
[110] Bellare M and Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS), 1993
[111] Canetti R., Goldreich O. and Halevi S. The random oracle methodology, revisited. In: Proceedings of the 30th Annual Symposium on the Theory of Computing (STOC'98), ACM Press, 1998. pages 209~218
[112] Bellare M., Rogaway P. Optimal Asymmetric Encryption. In: Santis A. de, (ed.) Advanes in Cryptology– Proceedings of EUROCRYPT’94. Springer-Verlag, LNCS 950, 1995. 92~11
[113] Goldwasser S, Micali S. Probabilistic encryption. Journal of Computer and System Science, 1984, 28:270~299
[114] Koeune F. Careful design and integration of cryptographic primitives with contributions to timing attack, padding schemes and random number generators [Ph.D. Thesis]. Louvain-la-Neuve: Universite Catholique de Louvain, 2001
[115] Gennaro R, Halevi S, Rabin T. Secure Hash-and-sign signatures without the random oracle. In: Stern J, ed. Proc. of the Advances in Cryptology—EUROCRYPT’99. LNCS 1592, Berlin, Heidelberg: Springer-Verlag, 1999. 123~139
[116] Cramer R, Shoup V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk H, ed. Proc. of the Advances in Cryptology—Crypto’98. LNCS 1462, Berlin, Heidelberg: Springer-Verlag, 1998. 13-25
[117] Naccache D and Stern J. A New Public Key Cryptosystem Based on Higher Residues. Proc. ACM Conference on Computer and Communications Security. 1998, 59~66
[118] Straub T. Efficient Two-Party Multi-Prime RSA Key Generation, IASTED CNIS, 2003
[119] Der?me M F A. Generating RSA keys without the Euclid algorithm. Electronic Letters. 1993, 29(1): 19~21
[120] Coron J.-S. On the exact security of full domain hash[A], Advances in Cryptology - CRYPTO 2000 (M. Bellare, ed.), LNCS 1880[C], 229~235
[121] Boneh D. and Boyen X. Short Signatures Without Random Oracles. In Euro-crypt’04, volume 3027 of LNCS. Springer-Verlag, 2004,56~73