数字签名技术的若干问题研究
|
摘要
随着计算机网络、电子商务的飞速发展,信息安全的重要性与日俱增。数字签名技术可以在电子数据传输中提供认证性、完整性和不可否认性等安全服务,是信息安全的核心技术之一,也是安全电子商务和安全电子政务的关键技术之一。对数字签名技术的研究有着重要的理论和实际意义。
基于身份的公钥密码体制简化了传统证书密码体制的密钥管理问题,对它的研究是目前的一个热点。本文围绕基于身份的数字签名方案的设计、安全性证明,以及如何解决该体制存在的密钥托管问题而展开,研究内容主要包括设计基于身份的短签名、基于身份的聚合签名、可追踪的基于身份的签名。另外还研究了无证书签名、无证书代理签名和无证书指定验证者签名。论文的主要研究成果如下:
1.提出了一个基于身份的短签名方案,在k-CAA难题假设及随机预言机模型下是可证明安全的。该方案具备已有的基于身份的签名方案的优点,且它比已有方案的效率高,签名的长度仅有160比特,是目前最短的基于身份的签名。
2.利用双线性对提出了一个新的基于身份的聚合签名方案。在随机预言机模型下给出了方案的安全性证明,其安全性可规约为计算Diffie-Hellman问题。与已有的基于身份的聚合签名相比,我们的方案更能提高签名验证与传输效率,因签名的验证只需计算3个双线性对,签名的长度只有320比特。另外,对Song-Kim-Lee-Yoon的聚合签名进行了安全性分析,指出该签名是可以普遍伪造的。
3.密钥托管问题是基于身份的数字签名的主要缺陷。为了解决该问题,提出了可追踪的基于ID的签名(Traceable ID-Based Signature,T-IBS)的定义及安全模型,并构造了一个不需要双线性对的T-IBS方案,在随机预言机模型与椭圆曲线离散对数假设下该方案是可证明安全的。与已有的无密钥托管的签名方案相比,我们的方案实施效率高:签名算法只需要1个加法群上的标量乘运算,而验证算法仅需3个标量乘运算。
4.无证书公钥密码学是近年来提出的一个好的密码学范例,它汲取了基于证书和基于身份的公钥密码学的优点,而避免了这两种体制的缺陷。在k-CAA和Inv-CDH困难假设下提出了一个可证明安全的无证书签名方案。该方案不仅具有同类方案的优点,且它的构造只用到普通的Hash函数,而避免了使用低效的MapToPoint函数。且该方案比已有的同类方案都高效,还有签名的长度仅有160比特,是目前最短的无证书签名,所以它非常适用于网络带宽受限的通信环境。
5.提出无证书强代理签名的定义及安全模型,利用双线性对构造了一个无证书强代理签名方案。该方案能满足无证书公钥体制下强代理签名应具备的所有性质,且在构造过程中只用到普通的Hash函数,而避免使用效率低的MapToPoint函数。方案的签名与验证在线计算只需1个标量乘、2个指数和1个双线性对运算。
6.利用双线性对构造了一个无证书的指定验证者签名方案,给出了方案的安全性证明及效率分析。另外,首次提出了无证书的指定验证者的代理签名方案的定义,构造了一个无证书的指定验证者的代理签名方案,且分析说明了该方案满足无证书密码系统中指定验证者的代理签名应具备的所有性质。
With rapid development of computer network and E-commerce, information security has become more and more important. Digital signature, which can provide authentication, integrity and non-repudiation for data transfer, is one of the crucial techniques concerning information security and plays a very important role in E-commerce and E-governance. Hence, it's significant and practical to research on digital signatures.
ID-based public key cryptography simplifies key management process which is a heavy burden in traditional certificate-based cryptosystems, and it has been a hot topic in modern cryptography. This dissertation studies how to design an ID-based signature scheme, and how to prove its security and solve its drawback of key escrow. And we focus on ID-based short signatures, ID-based aggregate signatures, traceable ID-based signatures, certificateless signatures, certificateless proxy signatures and certificateless designated verifier signatures. The major contributions of the dissertation are as follows:
1. We present a short ID-based signature (IBS) scheme that is proved to be secure in the random oracle model under the hardness assumption of k-CAA problem. The proposed scheme upholds all desirable properties of previous IBS schemes. Furthermore, our scheme requires less computational cost and is significantly more efficient than all known IBS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest ID-based signatures so far.
2. We propose a new ID-based aggregate signature scheme from bilinear pairings. Its security proof is given in the random oracle model and it can be reduced to the computational Diffie-Hellman problem. Compared with the existing ID-based aggregate signature schemes, our scheme drastically improves the efficiency of signature communication and verification since the verification algorithm only requires 3 pairing evaluations and the size of the signature generated by our scheme is only about 320 bits. In addition, we cryptanalyze an ID-based aggregate signature scheme presented by Song, Kim, Lee and Yoon, and show that this scheme is universally forgeable.
3. The inherent key escrow problem is a main disadvantage in IBS schemes. This paper introduces the concept and security model of traceable ID-based signature (T-IBS) which is a new approach to mitigate the key escrow problem in IBS schemes. We present a T-IBS scheme without pairing and give the security proof for our scheme under the elliptic curve discrete logarithm assumption in the random oracle model. Compared with the existing schemes without suffering from key escrow, ours achieves higher efficiency since the signing algorithm needs only one scalar multiplication in the additive group while the reverse operation requires only three scalar multiplications.
4. Certificateless public key cryptography is a recently proposed attractive paradigm which combines the advantages of both certificate-based and ID-based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow. We present a certificateless signature (CLS) scheme that is proved to be secure in the random oracle model under the hardness assumptions of k-CAA and Inv-CDHP. The proposed scheme upholds all desirable properties of previous CLS schemes, and requires general cryptographic hash functions instead of MapToPoint hash function which is inefficient. Furthermore, our scheme requires less computational cost and significantly more efficient than all known CLS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest certificateless signatures so far. So it can be used widely, especially in low-bandwidth communication environments.
5. We first formalize the definition and the security model of certificateless strong proxy signatures (CLSPS), and then propose a novel CLSPS scheme from bilinear pairings. It proves that our CLSPS scheme satisfies all the requirements of strong proxy signatures in certificateless public key cryptography. Furthermore, our scheme is more efficient than the existing CLSPS schemes because it requires general cryptographic hash functions instead of MapToPoint function which is inefficient, and the signing algorithm and the verification algorithm online altogether require one scalar multiplication, two exponentiations and one pairing computation.
6. We present a new pairing based certificateless designated verifier signature (CLDVS) scheme and provide the security proofs and efficiency analysis for our scheme. Moreover, as an application of our CLDVS, the first notion and construction of the certificateless designated verifier proxy signature (CLDVPS) scheme is proposed. It proves that our CLDVPS scheme satisfies all the requirements of the designated verifier proxy signature schemes in the certificateless cryptography.
基于身份的公钥密码体制简化了传统证书密码体制的密钥管理问题,对它的研究是目前的一个热点。本文围绕基于身份的数字签名方案的设计、安全性证明,以及如何解决该体制存在的密钥托管问题而展开,研究内容主要包括设计基于身份的短签名、基于身份的聚合签名、可追踪的基于身份的签名。另外还研究了无证书签名、无证书代理签名和无证书指定验证者签名。论文的主要研究成果如下:
1.提出了一个基于身份的短签名方案,在k-CAA难题假设及随机预言机模型下是可证明安全的。该方案具备已有的基于身份的签名方案的优点,且它比已有方案的效率高,签名的长度仅有160比特,是目前最短的基于身份的签名。
2.利用双线性对提出了一个新的基于身份的聚合签名方案。在随机预言机模型下给出了方案的安全性证明,其安全性可规约为计算Diffie-Hellman问题。与已有的基于身份的聚合签名相比,我们的方案更能提高签名验证与传输效率,因签名的验证只需计算3个双线性对,签名的长度只有320比特。另外,对Song-Kim-Lee-Yoon的聚合签名进行了安全性分析,指出该签名是可以普遍伪造的。
3.密钥托管问题是基于身份的数字签名的主要缺陷。为了解决该问题,提出了可追踪的基于ID的签名(Traceable ID-Based Signature,T-IBS)的定义及安全模型,并构造了一个不需要双线性对的T-IBS方案,在随机预言机模型与椭圆曲线离散对数假设下该方案是可证明安全的。与已有的无密钥托管的签名方案相比,我们的方案实施效率高:签名算法只需要1个加法群上的标量乘运算,而验证算法仅需3个标量乘运算。
4.无证书公钥密码学是近年来提出的一个好的密码学范例,它汲取了基于证书和基于身份的公钥密码学的优点,而避免了这两种体制的缺陷。在k-CAA和Inv-CDH困难假设下提出了一个可证明安全的无证书签名方案。该方案不仅具有同类方案的优点,且它的构造只用到普通的Hash函数,而避免了使用低效的MapToPoint函数。且该方案比已有的同类方案都高效,还有签名的长度仅有160比特,是目前最短的无证书签名,所以它非常适用于网络带宽受限的通信环境。
5.提出无证书强代理签名的定义及安全模型,利用双线性对构造了一个无证书强代理签名方案。该方案能满足无证书公钥体制下强代理签名应具备的所有性质,且在构造过程中只用到普通的Hash函数,而避免使用效率低的MapToPoint函数。方案的签名与验证在线计算只需1个标量乘、2个指数和1个双线性对运算。
6.利用双线性对构造了一个无证书的指定验证者签名方案,给出了方案的安全性证明及效率分析。另外,首次提出了无证书的指定验证者的代理签名方案的定义,构造了一个无证书的指定验证者的代理签名方案,且分析说明了该方案满足无证书密码系统中指定验证者的代理签名应具备的所有性质。
With rapid development of computer network and E-commerce, information security has become more and more important. Digital signature, which can provide authentication, integrity and non-repudiation for data transfer, is one of the crucial techniques concerning information security and plays a very important role in E-commerce and E-governance. Hence, it's significant and practical to research on digital signatures.
ID-based public key cryptography simplifies key management process which is a heavy burden in traditional certificate-based cryptosystems, and it has been a hot topic in modern cryptography. This dissertation studies how to design an ID-based signature scheme, and how to prove its security and solve its drawback of key escrow. And we focus on ID-based short signatures, ID-based aggregate signatures, traceable ID-based signatures, certificateless signatures, certificateless proxy signatures and certificateless designated verifier signatures. The major contributions of the dissertation are as follows:
1. We present a short ID-based signature (IBS) scheme that is proved to be secure in the random oracle model under the hardness assumption of k-CAA problem. The proposed scheme upholds all desirable properties of previous IBS schemes. Furthermore, our scheme requires less computational cost and is significantly more efficient than all known IBS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest ID-based signatures so far.
2. We propose a new ID-based aggregate signature scheme from bilinear pairings. Its security proof is given in the random oracle model and it can be reduced to the computational Diffie-Hellman problem. Compared with the existing ID-based aggregate signature schemes, our scheme drastically improves the efficiency of signature communication and verification since the verification algorithm only requires 3 pairing evaluations and the size of the signature generated by our scheme is only about 320 bits. In addition, we cryptanalyze an ID-based aggregate signature scheme presented by Song, Kim, Lee and Yoon, and show that this scheme is universally forgeable.
3. The inherent key escrow problem is a main disadvantage in IBS schemes. This paper introduces the concept and security model of traceable ID-based signature (T-IBS) which is a new approach to mitigate the key escrow problem in IBS schemes. We present a T-IBS scheme without pairing and give the security proof for our scheme under the elliptic curve discrete logarithm assumption in the random oracle model. Compared with the existing schemes without suffering from key escrow, ours achieves higher efficiency since the signing algorithm needs only one scalar multiplication in the additive group while the reverse operation requires only three scalar multiplications.
4. Certificateless public key cryptography is a recently proposed attractive paradigm which combines the advantages of both certificate-based and ID-based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow. We present a certificateless signature (CLS) scheme that is proved to be secure in the random oracle model under the hardness assumptions of k-CAA and Inv-CDHP. The proposed scheme upholds all desirable properties of previous CLS schemes, and requires general cryptographic hash functions instead of MapToPoint hash function which is inefficient. Furthermore, our scheme requires less computational cost and significantly more efficient than all known CLS schemes, and the size of signatures generated by our scheme is approximate 160 bits, which is the shortest certificateless signatures so far. So it can be used widely, especially in low-bandwidth communication environments.
5. We first formalize the definition and the security model of certificateless strong proxy signatures (CLSPS), and then propose a novel CLSPS scheme from bilinear pairings. It proves that our CLSPS scheme satisfies all the requirements of strong proxy signatures in certificateless public key cryptography. Furthermore, our scheme is more efficient than the existing CLSPS schemes because it requires general cryptographic hash functions instead of MapToPoint function which is inefficient, and the signing algorithm and the verification algorithm online altogether require one scalar multiplication, two exponentiations and one pairing computation.
6. We present a new pairing based certificateless designated verifier signature (CLDVS) scheme and provide the security proofs and efficiency analysis for our scheme. Moreover, as an application of our CLDVS, the first notion and construction of the certificateless designated verifier proxy signature (CLDVPS) scheme is proposed. It proves that our CLDVPS scheme satisfies all the requirements of the designated verifier proxy signature schemes in the certificateless cryptography.
引文
[1]Diffie W,Hellman M.New direction in cryptography.IEEE Transaction on Information Theory,1976,(22)6:644-654.
[2]Rivest R,Shamir A and Adleman L.A method for obtaining digital signatures and public key cryptosystems.Communications of ACM,1978,21(2):120-126.
[3]Lamport L.Construct a digital signature scheme from a one-way function.Technical report,SRI,1979.
[4]Merkle L.A certified digital signature.In Crypto'89,Springer-Verlag,1989:218-238.
[5]Rabin M.Digital signatures as intractable as factoring.Technical report,MIT Lab for computer science,1979.
[6]EIGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms.IEEE Trans.Information Theory,1985,IT-31(4):469-472.
[7]Schnorr C P.Efficient identification and signature for smart cards.Advances in Cryptology-CRYPTO'89,LNCS435,Springer-Verlag,Berlin,1990,pp.239-252.
[8]National Institute of Standards and Technology,NIST FIPS PUB 186,Digital Signature Standard,U.S.Department of Commerce,May 1994.
[9]Okamoto T.Provably secure and practical identification schemes and corresponding signature schemes.Advances in Cryptology-Crypto'92,LNCS 740,Springer-Verlag,Berlin,1992,pp.31-53.
[10]Fiat A and Shamir A.How to prove yourself:Practical solutions to identification and signature problems.Advances in Cryptology-Crypto'86,LNCS 263,Springer-Verlag,Berlin,1986,pp.186-194.
[11]Neberg K,Rueppel R A.A new signature scheme based on the DSA giving message recovery.Proceedings of the 1st ACM conference on computer and communications security,Fairfax,Virginia,1993.
[12]Miller V S.Use of elliptic curve in cryptography.In:Advances in Cryptology-CRYPTO'85.LNCS 218.Berlin:Springer-Verlag,1986,pp.417-426.
[13]Koblitz N.Elliptic curve cryptosystems.Mathematics of Computation,1987,48(177),pp.417-426.
[14]ANSI X9.62.Public key cryptography for the financial services industry:the elliptic curve digital signature algorithm(ECDSA),1999.
[15]Chaum D.Blind signatures for untraceable payments.Advances in Cryptology-Crypto'82,Prenum Publishing Corporation,1982.pp.199-204.
[16]Itakura K,Nakamura K.A public key cryptosystem suitable for digital multi-signature.NEC Research and Development,1983,(71):1-8.
[17]Desmedt Y and Frankel Y.Shared generation of authentication and signature.Advances in Cryptology-Crypto'91,LNCS 576,Springer-Verlag,Berlin,1991,pp 457-469.
[18]Chaum D and Heyst E.Group signatures.Advances in Cryptology-Eurocrypt'91,LNCS 547,Springer-Verlag,Berlin,1992.pp.257-265.
[19]Chaum D.Designated confirmer signatures.Advances in Cryptology-Eurocrypt'94,LNCS 950,Springer-Verlag,Berlin,1994.pp.86-91.
[20]Mambo M,Usuda K and Okamoto E.Proxy signature.In Proe of the 1995Symposium on Cryptography and information security(SCIS'95),1995,pp.147-158.
[21]Zheng Y.Digital signcryption or how to achieve Cost(signature & encryption)< [22]Rivest R,Shamir A and Tauman Y.How to leak a secret.Advances in Cryptology-Asiacrypto'01,LNCS 2248,Springer-Verlag,Berlin,2001,pp.552-565.
[23]Boneh D,Gentry C and Lynn B.Aggregate and verifiably encrypted signatures from bilinear maps.Advances in Cryptology-Eurocrypt 2003,LNCS 2656,Springer-Verlag,Berlin,2003.pp.416-432.
[24]Zhang K.Threshold proxy signature schemes.Information Security Workshop,Japan,1997.
[25]Tan Z,Liu Z and Tang C.Digital proxy blind signature schemes based on DLP and ECDLP.MM Research Preprints,No.21,December 2002,MMRC,AMSS,Academia,Sinica,Beijing,pp.212-217.
[26]Yi L,Bai G,Xiao G.Proxy multisignature- a new type of proxy signature schemes.Electronic letters,2000,36(6),pp.527-528.
[27]Lysyanskaya A and Ramzan Z.Group blind digital signatures:A scalable solution to electronic cash.Financial Cryptography(FC)'98,LNCS 1465.Springer-Verlag.Berlin.1998.pp.184-197.
[28]Juang W and Lei C.Blind threshold signatures based on discrete logarithm.in Proc.of Second Asian Computing Science Conference on Programming,Concurrency and Parallelism,Networking and Security,LNCS 1179,Springer-Verlag,Berlin,1996,pp.172-181.
[29]Shamir A.Identity-based cryptosystems and signature schemes.Advances in Cryptology-Crypto'84,LNCS 196,Springer-Verlag,Berlin,1984,pp.47-53.
[30]laih C,Lee J,Harn L,et al.A new scheme for ID-based cryptosystem and signature.In Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies.Technology:Emerging or Converging IEEE 23-27,1989,998-1002.
[31]Ohta K,Okamoto E.Practical extension of Fiat-Shamir scheme.Electr.Lett.1988,24(15):955-956.
[32]Guillou L,Quisquater J.A paradoxical identity-based signature scheme resulting from zero-knowledge.In Advances in Cryptology-CRYPTO'88,LNCS 403.Berlin:Springer-Verlag,1990,pp,216-231.
[33]Chang C,Lin C.An ID-based signature scheme based upon Rabin's public key cryptosystem.In Proceedings 25th Annual IEEE International Carnahan Conference on Security Technology,1991,pp.139-141.
[34]Joux A.A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium,ANTS-IV,LNCS1838,Springer-Verlag,Berlin,2000,pp.385- 394.
[35]Boneh D,Franklin M.Identity-based encryption from the weil pairing.In Advances in Cryptology -Crypto'2001,LNCS 2139,Springer-Verlag,2001,pp.213-229.
[36]Sakai R,Ohgishi K and Kashhara M.Cryptosystems based on pairing.2000Symposium on Cryptography and Information Security(SCIS2000),Okinawa,Japan,2000,pp.26-28.
[37]Paterson K G.ID-based signature from pairings on elliptic curves.Electronic Letters,2002,38(18),pp.1025-1026.
[38]Hess F.Efficient identity based signature schemes based on pairings.SAC2002,LNCS 2595,Springer-Verlag,Berlin,2003,pp.310-324.
[39]Cha J and Cheon J.An identity-based signature from Gap Diffie-Hellman groups.PKC2003,LNCS 2567,Springer-Verlag,Berlin,2003,pp.18-30.
[40]Barreto P S L M,Libert B,McCullagh N,Quisquater J J.Efficient and provably-seeureidentity-based signatures and signeryption from bilinear maps.Asiaerypt 2005,LNCS 3788,pp.515-532,2005.
[41]Zhang F,Kim K.ID-based blind signature and ring signature from pairings.Advances in Cryptology-ASIACRYPT2002,LNCS 2501,Springer-Verlag,Berlin,2002,pp.533-547.
[42]Zhang F,Safavi- Naini R and Susilo W.Efficient verifiably encrypted signature and partially blind signature from bilinear pairings.INDOCRYPT 2003,LNCS 2904,Springer-Verlag,Berlin,2003,pp.191-204.
[43]Zhang F,Safave-Naini R and Susilo W.An effieien signature scheme from bilinear pairings and it's applications.PKC 2004,LNCS 2947,Springer-Verlag,Berlin,2004,pp.277-290.
[44]Susilo W,Mu Y.Non-interactive deniable ring authentication,ICISC 2003,LNCS 2971,Springer-Verlag,Berlin,2003,pp.397-412.
[45]Zhang F,Safavi-Naini R and Susilo W.ID-based chameleon hashes from bilinear pairings,http://www.iacr.org/2003/208.
[46]Chen X,Zhang F and Kim K.A New ID-based group signature scheme from Bilinear Pairings.In Proceedings of WISA'2003,August 2003,Jeju Island(KR),pp.585-592.
[47]Chen X,Zhang F and Kim K.ID-based multi-proxy signature and blind multisignature from bilinear pairings.In Proceedings of KIISC'2003,August 2003,Korea,pp.11-19.
[48]Boneh D,Lynn B and Shacham H.Short signatures from the Weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Springer-Verlag,Berlin,2001,pp.514- 532
[49]Boneh D and Boyen X.Short signatures without random oracles.In Advances in Cryptology-Eurocrypt'2004,LNCS 3027,Springer-Verlag,Berlin,2004,pp.56-73.
[50]Chen X,Zhang F and Liu S.ID-based restrictive partially blind signatures,http://www.iacr.org/2005/319.
[51]Gu C,Zhu Y.An Efficient ID-based proxy signature scheme from pairings.http://www.iacr.org/2006/158.
[52]Gao W,Wang X and Wang G.One-round ID-based blind signature scheme without ROS Assumption.http://www.iacr.org/2007/007.
[53]Du H,Wen Q.An efficient identity-based short signature scheme from bilinear pairings,CIS2007,2007.pp.725-729.
[54]Zhang J,Mao J.A novel ID-based designated verifier signature scheme,Information Science,178(3),2008,pp.766-773.
[55]Huang X,Susilo W,Mu Y,Zhang F.Short designated verifier signature scheme and its identity-based variant,International Journal of Network Security,6(1),2008,pp.82-93.
[56]Kang B,Boyd C,Dawson E.A novel identity-based strong designated verifier signature scheme,The Journal of Systems and Software(2008),doi:10.1016/j.jss.2008.06.014.
[57]Kang B,Boyd C,Dawson E.Identity-based strong designated verifier signature schemes:Attacks and new construction.Computers and Electrical Engineering (2008),doi:10.1016/.
[58]Li J,Kim K,Zhang F,et al.Aggregate proxy signature and verifiably encrypted proxy signature[C].ProvSec 2007,LNCS 4784,Springer-Verlag,2007,pp.208 -217.
[59]Bellare M,Namprempre C,Neven G.Unrestricted aggregate signatures.ICALP 2007,LNCS 4596,Springer-Verlag,2007,pp.411 - 422.
[60]陆荣幸.若干代理密码体制的研究与设计.上海交通大学博士论文,2007.
[61]王少辉.数字签名算法的研究与设计.山东大学博士论文,2008.
[62]Baek J,Zheng Y.Identity-Based Threshold Decryption,Practice and Theory in Public Key Cryptography-PKC'2004,Singapore(SG),LNCS 2947.Berlin:Springer-Verlag,2004,pp.262-276.
[63]Craig Gentry.Certificate-based encryption and the certificate revocation problem.In EUROCRYPT'2003,LNCS 2656,Springer-Verlag,2003,pp.272-293.
[64]Chen L,Harrison K,Smart N P,et al.Applications of multiple trust authorities in pairing based cryptosystems.Infrasec2002,LNCS2437,Springer-Verlag,2002,pp.260-275.
[65]Al-Riyami S and Paterson K G.Certificateless Public key cryptography.In Proceedings of ASIACRYPT 2003,LNCS 2894,Springer-Verlag,2003,pp.452-473.
[66]Yum D H,Lee P J.Generic construction of certificateless signature.In ACISP'04,LNCS 3108,Springer.2004,pp.200-211.
[67]Li X,Chen K and Sun L.Certificateless signature and proxy signature schemes from bilinear pairings.Lithuanian Mathematical Journal,Vol 45,Springer-Verlag,2005,pp.76-83.
[68]Zhang Z,Wong D S,Xu J,et al.Certificateless public-key signature:security model and efficient construction.In ACNS 2006,LNCS 3989,Springer-Verlag:Berlin Heidelberg 2006,pp.293-308.
[69]Gorantla M C,Saxena A.An efficient certificateless signature scheme.CIS 2005,Part Ⅱ,LNAI 3802,2005.Springer-Verlag Berlin Heidelberg 2005,pp.110-116.
[70]Yap W S,Heng S-H and Goi B M.An efficient certificateless signature scheme.Proc.Of EUC Workshops 2006,LNCS 4097,2006,pp.322-331.
[71]Zhang L,Zhang F T,Zhang F G.New efficient certificateless signature scheme.In EUC Workshops 2007,LNCS 4809,Springer-Verlag,2007,pp.692-703.
[72]Huang X,Mu Yi,Susilo W,et al.Certificateless signature revisited.In ACISP 2007,LNCS 4586,Springer-Vedag,2007,pp.308-322.
[73]Park J H.An attack on the certificateless signature scheme from EUC Workshops 2006.http://eprint.iacr.org/2007/023.
[74]Huang X,Susilo Willy,Mu Yi,et al.Certificateless designated verifier signature schemes.Proceedings of the 20th International Conference on Advanced Information Networking and Applications(AINA'06),2006 IEEE.
[75]Liu J K,Au M H,Susilo W.Self-generated-certificate public key cryptography and certificateless signature / encryption scheme in the standard model.In Proceedings of ASIACCS 2007.
[76]Hwang Y H,Liu Joseph K,Chow S S M.Certificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model.http://eprint.iacr.org/2007/262/.
[77]Hu,B C,Wong D S,Zhang Z,et al.Certificateless signature:a new security model and an improved generic construction.Des Codes Crypt,2007(42),pp.109-126.
[78]Choi K Y,Park J H,Hwang J Y,et al.Efficient Certificateless Signature Schemes.ACNS 2007,LNCS 4521,Springer-Verlag,Berlin Heidelberg 2007,pp.443-458.
[79]Yap W S,Chow S S M,Heng S H,et al:Security mediated certificateless signatures.ACNS 2007,LNCS 4521,Berlin:Springer-Verlag,2007,pp.459-477.
[80]Chow S S M,Yap W S.Certificateless ring signatures,http://eprint.iacr.org/2007/236/.
[81]Du H,Wen Q.Efficient and provably-secure certificateless short signature scheme from bilinear pairings,Computer Standards and Interfaces 31(2009),pp.390-394.
[82]Zhang L,Zhang F.A new certificateless aggregate signature scheme.Comput.Commun.(2009).Doi:10.1016/j.com.2009.12.042.
[83]Ju H S,Kim Y D,Lee D H,et al.Efficient revocation of security capability in certificateless public key cryptography.KES 2005,LNAI 3682,Springer-Verlag,2005,453-459.
[84]Huang X,Susilo W,Mu Yi,et al.On the Security of Certificateless Signature Schemes from Asiacrypt 2003.CANS 2005,LNCS 3810,2005.Springer-Verlag,Berlin Heidelberg 2005,pp.13-25.
[85]张国艳.无证书的密码算法和代理密码算法的设计及分析.山东大学博士论文,2008.
[86]Sun Y,Zhang F.Secure certificateless public key encryption without redundancy.http://eprint,iacr.org/2008/487/.
[87]Castro R and Dahab R.Efficient Certificateless Signatures Suitable for Aggregation.http://eprint,iacr.org/2007/454/.
[88]Gorantla M C,Saxena,A.An efficient certificateless signature scheme.CIS 2005,Part Ⅱ,LNAI 3802,2005.Springer-Verlag,Berlin Heidelberg 2005,pp.110-116.
[89]Dent A W,Libert B and Paterson K G.Certificateless Encryption Schemes Strongly Secure in the Standard Model.http://eprint,iacr.org/2007/121/.
[90]明洋,王育民.有效的无证书签名方案[J].电子与信息学报,2008,37(2): 175-177.
[91]Goldwasser S,Micali S,Rivest R.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing,1988,17(2),pp.281-308.
[92]Goldwasser S,Micali S.Probabilistic encryption.Journal of Computer and System Science,1984,28,pp.270-299.
[93]Bellare M.Practice-oriented provable-security.In:Modem Cryptology in Theory and Practice,LNCS 1561.Berlin:Springer-Verlag,1999,pp.1-15.
[94]Bellare M and Rogaway P.Random Oracles are Practical:a Paradigm for Designing Efficient Protocols,In:Proc.of the 1st ACM Conference on Computer and Communication Security,New York:ACM Press,1993,pp.62-73.
[95]Canetti R,Goldreich O,Halevi S.The random oracle methodology revisited.In:Proceedings of the 30th Annual Symposium on the Theory of Computing (STOC'98).New York:ACM Press,1998,pp.209-218.
[96]Cramer R,Shoup V.A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack.In:Advance in Cryptology-Crypto'98,LNCS 1462.Berlin:Springer-Verlag,1998,pp.13-25.
[97]Waters B.Efficient identity-based encryption without random oracles.Advances in EUROCRYPT 2005,LNCS 3494.Berlin:Springer-verlag,2005,pp.114-127.
[98]Gennaro R,Halevi S,Rabin T.Secure hash-and-sign signatures without random oracle.In:Euroerypt'1999,LNCS 1592.Berlin:Springer-Verlag,1999,pp.123-139.
[99]Cramer R,ShoupV.Signature schemes based on the strong RSA assumption.ACMTISSEC,3(3),2000,pp.161-185.
[100]Paterson K G,Schuldt J C N.Efficient identity-based signatures secure in the standard model.In:ACISP2006,LNCS4058.Berlin:Springer-Verlag,2006,pp.207-222.
[101]Micali S,Rivest R.Transitive signature schemes.In:CT-RSA'02,LNCS 2271.Berlin:Springer-Verlag,2002,pp.236-243.
[102]Coron J.On the exact security of full domain hash.In:Advances in Crypto'00,LNCS 1880.Berlin:Springer-Verlag,2000,pp.229-235.
[103] Katz J, Wang N. Efficiency improvements for signatures schemes with tight security reductions. In: Proc. of the10th CCS. Washington: ACM Press, 2003, pp. 155-164.
[104] Coron J. Optimal security proofs for PSS and other signature schemes. In: Advances in CryPtology-Eurocrypt'02, LNCS 2332. Berlin: Springer-Verlag, 2002, pp. 272-287.
[105] Goh E, Jarecki S. A signatures scheme as secure as the Diffie-Hellman problem. In: Advances in Cryptology-Euroerypt'03, LNCS 2656. Berlin: Springer-Verlag, 2003, pp. 401-415.
[106] Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory, Vol.39,1993, pp. 1639-1646.
[107] Chen L, Harrison K, Moss A, et al. Certification of public keys within an identity based system. 5th International Conference on Information Security, Springer-Verlag, LNCS 2433, 2002, pp. 322-333.
[108] Yao A C. Theory and Applications of trapdoor functions, Proceedings of the 23th Symposium on the Foundation of Computer Science, 1982, pp.80-91.
[109] Goldwasser S and Micali S. Probabilitic encryption and how to paly mental poker. Keeping secret all partial information Proe. 14th ACM Sympon Theory of Computing 1982, pp. 365-377.
[110] Bellare M and Rogaway P. Random oracle are Practical: a paradiam for designing efficient Protocols, In First ACM Conference on Computer and Communications Security, ACM, 1993.
[111] Bellare M and Rogaway P. The exact security of digital signatures—how to sign with RSA and Rabin. In Advances in CryPtology-EuroeryPt' 96. LNCS1070, 1996, pp. 399-416.
[112] Xu J, Zhang Z, Feng D. ID-based aggregate signatures from bilinear pairings. Proceedings of CANS 2005, LNCS 3810, Springer-Verlag, 2005, pp. 110-119.
[113] Gentry C, Ramzan Z. Identity-based aggregate signatures. Proceedings of PKC 2006, LNCS 3958,2006, pp. 257 - 273.
[114] Song J, Kim H, Lee S, et al. Security enhancement in Ad Hoc network with ID-based cryptosystem.Proceedings of ICACT 2005,pp.372-376.
[115]Li J,Kim K,Zhang F,et al.Aggregate proxy signature and verifiably encrypted proxy signature.Proceedings of ProvSec 2007,LNCS 4784,Springer-Verlag,2007,pp.208-217.
[116]Cheng X,Liu J,Wang X.Identity-based aggregate and verifiably encrypted signatures from bilinear pairing.ICCSA 2005,Springer-Verlag,LNCS 3483,2005,pp.1046-1054.
[117]刘景伟,孙蓉,马文平.高效的基于ID的无证书签名方案.通信学报,2008,29(2):87-94.
[118]Goyal V.Reducing trust in the PKG in identity based cryptosystems.Crypt' 2007,LNCS 4622,Springer-Verlag,2007,pp.430-447.
[119]Liao J,Xiao J,Qi Y,Huang P,et al.ID-based signature scheme without trusted PKG.CISC 2005,LNCS 3822,Springer-Verlag,2005,pp.53-62.
[120]Bellare M,Neven G.Multi-signatures in the plain public-key model and a general forking lemma.ACM-CCS 2006,pp.390-399.
[121]Mambo M,Usuda K,Okamoto E.Proxy Signatures:Delegation of the Power to Sign Messages.IEICE Transactions on Fundamentals of Electronic Communications and Computer Science E79-A(9),1996 pp.1338-1354.
[122]Mambo M,Usuda K,Okamoto E.Proxy signatures for delegating signing operation.Proc.Of 3th ACM Conf.on Computer and Communications Security(CCS'96)1996.(ACM Press),pp.48-57.
[123]Lee B,Kim H and Kim K.Strong proxy signature and its applications.SCIS2001.Oiso.Japan vol 2(2),2001,pp.603-608.
[124]Kim S,Park S,Won D.Proxy signatures,revisited.ICICS'97,Springer- Verlag;Berlin.1997,pp.223-232.
[125]Zhang K.Threshold proxy signature schemes.1997 Information Security Workshop.Japan,1997.pp.191-197.
[126]Yi L J,Bai G Q,Xiao G Z.Proxy multi-signature scheme:a new type of proxy signature scheme.Electron Letter,2000,36(6),pp.527-528.
[127]Lee B,Kim H and Kim K.Secure mobile agent using strong non-designated proxy signature.Proc of ACISP'2001,2001,pp.474-476.
[128]Shum K,Wei Victor.A strong proxy signature scheme with proxy signer privacy protection,http://www.computer.Org/proceedings/wetice/1748/17480055,2002.
[129]谷利泽,李忠献,杨义先.不需要可信任方的匿名代理签名方案.北京邮电大学学报,2005,28(1):48-51.
[130]周亮,杨文忠,杨义先.有限次的代理签名方案.北京邮电大学学报,2008,31(3):103-106.
[131]Lu R,He D,Wang C.Cryptanalysis and Improvement of a Certificateless Proxy Signature Scheme from Bilinear Pairings.Eighth ACIS International Conference on Sottware Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing.2007 IEEE,pp.285-290.
[132]Chaum D and Antwerpen H van.Undeniable signatures.In Advances in Cryptology-Crypto'89,LNCS 435,1990,pp.212-216.
[133]Desmedt Y and Yung M.Weakness of undeniable signature schemes(Extended Abstract).In Advances in Cryptology-Crypto'91,LNCS 547,1992,pp.205-220.
[134]Desmedt Y,Goutier C and Bengio S.Special uses and abuses of the Fiat-Shamir passport protocol.In Advances in Cryptology-Crypto' 87,LNCS 293,1988,pp.21-39.
[135]Jakobsson M.Blackmailing using undeniable signatures.In Advances in Cryptology-Eurocrypt'94,LNCS 950,1995,PP.425-427.
[136]Jakobsson M,Sako K,Impagliazzo R.Designated Verifier Proofs and their Applications.Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Verlag,1996,pp.142-154.
[137]Saeednia S,Kramer S,Markovitch O.An Efficient Strong Designated Verifier Signature Scheme.Advances in the 6th Conf on Inf-Security and Cryptology (ICISC 2003),2003,pp.40-54.
[138]Laguillaumie F,Vergnaud D.Designated Verifiers Signature:Anonymity and Efficient Construction from any Bilinear Map.Advances in the 4th Conference on Security in Communication Networks'04(SCN 04),Berlin,Springer-Verlag,2004,pp.107-121.
[139]Laguillaumie F and Vergnaud D.Multi-designated verifier signatures,ICICS 2004,LNCS 3269,2004,pp.495-507.
[140]Susilo W,Zhang F,Mu Y.Identity-based strong designated verifier signature schemes,ACISP 2004,LNCS 3108,pp.313-324.
[141]Kumar K,Shailaja G,Saxena A.Identity based strong designated verifier signature scheme,http//www.eprint.iacr.org/2006/134.
[142]Dai J,Yang X,Dong J.Designated receiver proxy signature scheme for e-commerce.Proc.of IEEE International Conference on System,Man and Cybernetic,IEEE-2003,pp.384-389.
[143]Wang G.Designated-receiver proxy signatures for e-commerce.IEEE 2004International Conference on Multimedia and Expo(ICME2004),IEEE press,2004,pp.1731-1734.
[144]Li X,Chen K,Li S.Designated verifier proxy signatures for Commerce from bilinear pairings.Proc.Of 16th Int.Conf.on Computer Communication,2004,pp.1249-1252.
[145]Huang X,Mu Y,Susilo W,et al.Short Designated Verifier Proxy Signature from Pairings.In the First International Workshop on Security in Ubiquitous Computing Systems-SecUbiq 2005,Lecture Notes in Computer Science,vol.3823,2005,pp.835-844.
[146]Lu R X,Cao Z F.Designated verifier proxy scheme with message recovery.Applied Mathematics and Computation,169(2),2005,1237-1246.
[147]Cao T,Lin D and xue R.ID-based designated-verifier proxy signatures,IEE Proc.-Commun.,Vol.152,No.6,December 2005.pp.989-994.
[148]Lu R X,Cao Z F,Dong X L.Designated verifier proxy signature scheme from bilinear pairings.Proc of the First International Multi-Symposiums on Computer and Computational Sciences 2006,IEEE Press,2006,pp.40-47.
[149]Yoon H,Cheon J H and Kim Y.Batch verifications with ID-based signatures.ICISC 2004,LNCS 3506,Springer-Verlag,2005,pp.223-248.
[150]Yu Y,Xu C,Zhang X,et al.Designated verifier proxy signature scheme without random oracles.Computers & Mathematics with Applications,57(8),2009,pp.1352-1364.
[2]Rivest R,Shamir A and Adleman L.A method for obtaining digital signatures and public key cryptosystems.Communications of ACM,1978,21(2):120-126.
[3]Lamport L.Construct a digital signature scheme from a one-way function.Technical report,SRI,1979.
[4]Merkle L.A certified digital signature.In Crypto'89,Springer-Verlag,1989:218-238.
[5]Rabin M.Digital signatures as intractable as factoring.Technical report,MIT Lab for computer science,1979.
[6]EIGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms.IEEE Trans.Information Theory,1985,IT-31(4):469-472.
[7]Schnorr C P.Efficient identification and signature for smart cards.Advances in Cryptology-CRYPTO'89,LNCS435,Springer-Verlag,Berlin,1990,pp.239-252.
[8]National Institute of Standards and Technology,NIST FIPS PUB 186,Digital Signature Standard,U.S.Department of Commerce,May 1994.
[9]Okamoto T.Provably secure and practical identification schemes and corresponding signature schemes.Advances in Cryptology-Crypto'92,LNCS 740,Springer-Verlag,Berlin,1992,pp.31-53.
[10]Fiat A and Shamir A.How to prove yourself:Practical solutions to identification and signature problems.Advances in Cryptology-Crypto'86,LNCS 263,Springer-Verlag,Berlin,1986,pp.186-194.
[11]Neberg K,Rueppel R A.A new signature scheme based on the DSA giving message recovery.Proceedings of the 1st ACM conference on computer and communications security,Fairfax,Virginia,1993.
[12]Miller V S.Use of elliptic curve in cryptography.In:Advances in Cryptology-CRYPTO'85.LNCS 218.Berlin:Springer-Verlag,1986,pp.417-426.
[13]Koblitz N.Elliptic curve cryptosystems.Mathematics of Computation,1987,48(177),pp.417-426.
[14]ANSI X9.62.Public key cryptography for the financial services industry:the elliptic curve digital signature algorithm(ECDSA),1999.
[15]Chaum D.Blind signatures for untraceable payments.Advances in Cryptology-Crypto'82,Prenum Publishing Corporation,1982.pp.199-204.
[16]Itakura K,Nakamura K.A public key cryptosystem suitable for digital multi-signature.NEC Research and Development,1983,(71):1-8.
[17]Desmedt Y and Frankel Y.Shared generation of authentication and signature.Advances in Cryptology-Crypto'91,LNCS 576,Springer-Verlag,Berlin,1991,pp 457-469.
[18]Chaum D and Heyst E.Group signatures.Advances in Cryptology-Eurocrypt'91,LNCS 547,Springer-Verlag,Berlin,1992.pp.257-265.
[19]Chaum D.Designated confirmer signatures.Advances in Cryptology-Eurocrypt'94,LNCS 950,Springer-Verlag,Berlin,1994.pp.86-91.
[20]Mambo M,Usuda K and Okamoto E.Proxy signature.In Proe of the 1995Symposium on Cryptography and information security(SCIS'95),1995,pp.147-158.
[21]Zheng Y.Digital signcryption or how to achieve Cost(signature & encryption)<
[23]Boneh D,Gentry C and Lynn B.Aggregate and verifiably encrypted signatures from bilinear maps.Advances in Cryptology-Eurocrypt 2003,LNCS 2656,Springer-Verlag,Berlin,2003.pp.416-432.
[24]Zhang K.Threshold proxy signature schemes.Information Security Workshop,Japan,1997.
[25]Tan Z,Liu Z and Tang C.Digital proxy blind signature schemes based on DLP and ECDLP.MM Research Preprints,No.21,December 2002,MMRC,AMSS,Academia,Sinica,Beijing,pp.212-217.
[26]Yi L,Bai G,Xiao G.Proxy multisignature- a new type of proxy signature schemes.Electronic letters,2000,36(6),pp.527-528.
[27]Lysyanskaya A and Ramzan Z.Group blind digital signatures:A scalable solution to electronic cash.Financial Cryptography(FC)'98,LNCS 1465.Springer-Verlag.Berlin.1998.pp.184-197.
[28]Juang W and Lei C.Blind threshold signatures based on discrete logarithm.in Proc.of Second Asian Computing Science Conference on Programming,Concurrency and Parallelism,Networking and Security,LNCS 1179,Springer-Verlag,Berlin,1996,pp.172-181.
[29]Shamir A.Identity-based cryptosystems and signature schemes.Advances in Cryptology-Crypto'84,LNCS 196,Springer-Verlag,Berlin,1984,pp.47-53.
[30]laih C,Lee J,Harn L,et al.A new scheme for ID-based cryptosystem and signature.In Proceedings of the Eighth Annual Joint Conference of the IEEE Computer and Communications Societies.Technology:Emerging or Converging IEEE 23-27,1989,998-1002.
[31]Ohta K,Okamoto E.Practical extension of Fiat-Shamir scheme.Electr.Lett.1988,24(15):955-956.
[32]Guillou L,Quisquater J.A paradoxical identity-based signature scheme resulting from zero-knowledge.In Advances in Cryptology-CRYPTO'88,LNCS 403.Berlin:Springer-Verlag,1990,pp,216-231.
[33]Chang C,Lin C.An ID-based signature scheme based upon Rabin's public key cryptosystem.In Proceedings 25th Annual IEEE International Carnahan Conference on Security Technology,1991,pp.139-141.
[34]Joux A.A one round protocol for tripartite Diffie-Hellman.Algorithmic Number Theory Symposium,ANTS-IV,LNCS1838,Springer-Verlag,Berlin,2000,pp.385- 394.
[35]Boneh D,Franklin M.Identity-based encryption from the weil pairing.In Advances in Cryptology -Crypto'2001,LNCS 2139,Springer-Verlag,2001,pp.213-229.
[36]Sakai R,Ohgishi K and Kashhara M.Cryptosystems based on pairing.2000Symposium on Cryptography and Information Security(SCIS2000),Okinawa,Japan,2000,pp.26-28.
[37]Paterson K G.ID-based signature from pairings on elliptic curves.Electronic Letters,2002,38(18),pp.1025-1026.
[38]Hess F.Efficient identity based signature schemes based on pairings.SAC2002,LNCS 2595,Springer-Verlag,Berlin,2003,pp.310-324.
[39]Cha J and Cheon J.An identity-based signature from Gap Diffie-Hellman groups.PKC2003,LNCS 2567,Springer-Verlag,Berlin,2003,pp.18-30.
[40]Barreto P S L M,Libert B,McCullagh N,Quisquater J J.Efficient and provably-seeureidentity-based signatures and signeryption from bilinear maps.Asiaerypt 2005,LNCS 3788,pp.515-532,2005.
[41]Zhang F,Kim K.ID-based blind signature and ring signature from pairings.Advances in Cryptology-ASIACRYPT2002,LNCS 2501,Springer-Verlag,Berlin,2002,pp.533-547.
[42]Zhang F,Safavi- Naini R and Susilo W.Efficient verifiably encrypted signature and partially blind signature from bilinear pairings.INDOCRYPT 2003,LNCS 2904,Springer-Verlag,Berlin,2003,pp.191-204.
[43]Zhang F,Safave-Naini R and Susilo W.An effieien signature scheme from bilinear pairings and it's applications.PKC 2004,LNCS 2947,Springer-Verlag,Berlin,2004,pp.277-290.
[44]Susilo W,Mu Y.Non-interactive deniable ring authentication,ICISC 2003,LNCS 2971,Springer-Verlag,Berlin,2003,pp.397-412.
[45]Zhang F,Safavi-Naini R and Susilo W.ID-based chameleon hashes from bilinear pairings,http://www.iacr.org/2003/208.
[46]Chen X,Zhang F and Kim K.A New ID-based group signature scheme from Bilinear Pairings.In Proceedings of WISA'2003,August 2003,Jeju Island(KR),pp.585-592.
[47]Chen X,Zhang F and Kim K.ID-based multi-proxy signature and blind multisignature from bilinear pairings.In Proceedings of KIISC'2003,August 2003,Korea,pp.11-19.
[48]Boneh D,Lynn B and Shacham H.Short signatures from the Weil pairing.Advances in Cryptology-ASIACRYPT 2001,LNCS 2248,Springer-Verlag,Berlin,2001,pp.514- 532
[49]Boneh D and Boyen X.Short signatures without random oracles.In Advances in Cryptology-Eurocrypt'2004,LNCS 3027,Springer-Verlag,Berlin,2004,pp.56-73.
[50]Chen X,Zhang F and Liu S.ID-based restrictive partially blind signatures,http://www.iacr.org/2005/319.
[51]Gu C,Zhu Y.An Efficient ID-based proxy signature scheme from pairings.http://www.iacr.org/2006/158.
[52]Gao W,Wang X and Wang G.One-round ID-based blind signature scheme without ROS Assumption.http://www.iacr.org/2007/007.
[53]Du H,Wen Q.An efficient identity-based short signature scheme from bilinear pairings,CIS2007,2007.pp.725-729.
[54]Zhang J,Mao J.A novel ID-based designated verifier signature scheme,Information Science,178(3),2008,pp.766-773.
[55]Huang X,Susilo W,Mu Y,Zhang F.Short designated verifier signature scheme and its identity-based variant,International Journal of Network Security,6(1),2008,pp.82-93.
[56]Kang B,Boyd C,Dawson E.A novel identity-based strong designated verifier signature scheme,The Journal of Systems and Software(2008),doi:10.1016/j.jss.2008.06.014.
[57]Kang B,Boyd C,Dawson E.Identity-based strong designated verifier signature schemes:Attacks and new construction.Computers and Electrical Engineering (2008),doi:10.1016/.
[58]Li J,Kim K,Zhang F,et al.Aggregate proxy signature and verifiably encrypted proxy signature[C].ProvSec 2007,LNCS 4784,Springer-Verlag,2007,pp.208 -217.
[59]Bellare M,Namprempre C,Neven G.Unrestricted aggregate signatures.ICALP 2007,LNCS 4596,Springer-Verlag,2007,pp.411 - 422.
[60]陆荣幸.若干代理密码体制的研究与设计.上海交通大学博士论文,2007.
[61]王少辉.数字签名算法的研究与设计.山东大学博士论文,2008.
[62]Baek J,Zheng Y.Identity-Based Threshold Decryption,Practice and Theory in Public Key Cryptography-PKC'2004,Singapore(SG),LNCS 2947.Berlin:Springer-Verlag,2004,pp.262-276.
[63]Craig Gentry.Certificate-based encryption and the certificate revocation problem.In EUROCRYPT'2003,LNCS 2656,Springer-Verlag,2003,pp.272-293.
[64]Chen L,Harrison K,Smart N P,et al.Applications of multiple trust authorities in pairing based cryptosystems.Infrasec2002,LNCS2437,Springer-Verlag,2002,pp.260-275.
[65]Al-Riyami S and Paterson K G.Certificateless Public key cryptography.In Proceedings of ASIACRYPT 2003,LNCS 2894,Springer-Verlag,2003,pp.452-473.
[66]Yum D H,Lee P J.Generic construction of certificateless signature.In ACISP'04,LNCS 3108,Springer.2004,pp.200-211.
[67]Li X,Chen K and Sun L.Certificateless signature and proxy signature schemes from bilinear pairings.Lithuanian Mathematical Journal,Vol 45,Springer-Verlag,2005,pp.76-83.
[68]Zhang Z,Wong D S,Xu J,et al.Certificateless public-key signature:security model and efficient construction.In ACNS 2006,LNCS 3989,Springer-Verlag:Berlin Heidelberg 2006,pp.293-308.
[69]Gorantla M C,Saxena A.An efficient certificateless signature scheme.CIS 2005,Part Ⅱ,LNAI 3802,2005.Springer-Verlag Berlin Heidelberg 2005,pp.110-116.
[70]Yap W S,Heng S-H and Goi B M.An efficient certificateless signature scheme.Proc.Of EUC Workshops 2006,LNCS 4097,2006,pp.322-331.
[71]Zhang L,Zhang F T,Zhang F G.New efficient certificateless signature scheme.In EUC Workshops 2007,LNCS 4809,Springer-Verlag,2007,pp.692-703.
[72]Huang X,Mu Yi,Susilo W,et al.Certificateless signature revisited.In ACISP 2007,LNCS 4586,Springer-Vedag,2007,pp.308-322.
[73]Park J H.An attack on the certificateless signature scheme from EUC Workshops 2006.http://eprint.iacr.org/2007/023.
[74]Huang X,Susilo Willy,Mu Yi,et al.Certificateless designated verifier signature schemes.Proceedings of the 20th International Conference on Advanced Information Networking and Applications(AINA'06),2006 IEEE.
[75]Liu J K,Au M H,Susilo W.Self-generated-certificate public key cryptography and certificateless signature / encryption scheme in the standard model.In Proceedings of ASIACCS 2007.
[76]Hwang Y H,Liu Joseph K,Chow S S M.Certificateless Public Key Encryption Secure against Malicious KGC Attacks in the Standard Model.http://eprint.iacr.org/2007/262/.
[77]Hu,B C,Wong D S,Zhang Z,et al.Certificateless signature:a new security model and an improved generic construction.Des Codes Crypt,2007(42),pp.109-126.
[78]Choi K Y,Park J H,Hwang J Y,et al.Efficient Certificateless Signature Schemes.ACNS 2007,LNCS 4521,Springer-Verlag,Berlin Heidelberg 2007,pp.443-458.
[79]Yap W S,Chow S S M,Heng S H,et al:Security mediated certificateless signatures.ACNS 2007,LNCS 4521,Berlin:Springer-Verlag,2007,pp.459-477.
[80]Chow S S M,Yap W S.Certificateless ring signatures,http://eprint.iacr.org/2007/236/.
[81]Du H,Wen Q.Efficient and provably-secure certificateless short signature scheme from bilinear pairings,Computer Standards and Interfaces 31(2009),pp.390-394.
[82]Zhang L,Zhang F.A new certificateless aggregate signature scheme.Comput.Commun.(2009).Doi:10.1016/j.com.2009.12.042.
[83]Ju H S,Kim Y D,Lee D H,et al.Efficient revocation of security capability in certificateless public key cryptography.KES 2005,LNAI 3682,Springer-Verlag,2005,453-459.
[84]Huang X,Susilo W,Mu Yi,et al.On the Security of Certificateless Signature Schemes from Asiacrypt 2003.CANS 2005,LNCS 3810,2005.Springer-Verlag,Berlin Heidelberg 2005,pp.13-25.
[85]张国艳.无证书的密码算法和代理密码算法的设计及分析.山东大学博士论文,2008.
[86]Sun Y,Zhang F.Secure certificateless public key encryption without redundancy.http://eprint,iacr.org/2008/487/.
[87]Castro R and Dahab R.Efficient Certificateless Signatures Suitable for Aggregation.http://eprint,iacr.org/2007/454/.
[88]Gorantla M C,Saxena,A.An efficient certificateless signature scheme.CIS 2005,Part Ⅱ,LNAI 3802,2005.Springer-Verlag,Berlin Heidelberg 2005,pp.110-116.
[89]Dent A W,Libert B and Paterson K G.Certificateless Encryption Schemes Strongly Secure in the Standard Model.http://eprint,iacr.org/2007/121/.
[90]明洋,王育民.有效的无证书签名方案[J].电子与信息学报,2008,37(2): 175-177.
[91]Goldwasser S,Micali S,Rivest R.A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal of Computing,1988,17(2),pp.281-308.
[92]Goldwasser S,Micali S.Probabilistic encryption.Journal of Computer and System Science,1984,28,pp.270-299.
[93]Bellare M.Practice-oriented provable-security.In:Modem Cryptology in Theory and Practice,LNCS 1561.Berlin:Springer-Verlag,1999,pp.1-15.
[94]Bellare M and Rogaway P.Random Oracles are Practical:a Paradigm for Designing Efficient Protocols,In:Proc.of the 1st ACM Conference on Computer and Communication Security,New York:ACM Press,1993,pp.62-73.
[95]Canetti R,Goldreich O,Halevi S.The random oracle methodology revisited.In:Proceedings of the 30th Annual Symposium on the Theory of Computing (STOC'98).New York:ACM Press,1998,pp.209-218.
[96]Cramer R,Shoup V.A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack.In:Advance in Cryptology-Crypto'98,LNCS 1462.Berlin:Springer-Verlag,1998,pp.13-25.
[97]Waters B.Efficient identity-based encryption without random oracles.Advances in EUROCRYPT 2005,LNCS 3494.Berlin:Springer-verlag,2005,pp.114-127.
[98]Gennaro R,Halevi S,Rabin T.Secure hash-and-sign signatures without random oracle.In:Euroerypt'1999,LNCS 1592.Berlin:Springer-Verlag,1999,pp.123-139.
[99]Cramer R,ShoupV.Signature schemes based on the strong RSA assumption.ACMTISSEC,3(3),2000,pp.161-185.
[100]Paterson K G,Schuldt J C N.Efficient identity-based signatures secure in the standard model.In:ACISP2006,LNCS4058.Berlin:Springer-Verlag,2006,pp.207-222.
[101]Micali S,Rivest R.Transitive signature schemes.In:CT-RSA'02,LNCS 2271.Berlin:Springer-Verlag,2002,pp.236-243.
[102]Coron J.On the exact security of full domain hash.In:Advances in Crypto'00,LNCS 1880.Berlin:Springer-Verlag,2000,pp.229-235.
[103] Katz J, Wang N. Efficiency improvements for signatures schemes with tight security reductions. In: Proc. of the10th CCS. Washington: ACM Press, 2003, pp. 155-164.
[104] Coron J. Optimal security proofs for PSS and other signature schemes. In: Advances in CryPtology-Eurocrypt'02, LNCS 2332. Berlin: Springer-Verlag, 2002, pp. 272-287.
[105] Goh E, Jarecki S. A signatures scheme as secure as the Diffie-Hellman problem. In: Advances in Cryptology-Euroerypt'03, LNCS 2656. Berlin: Springer-Verlag, 2003, pp. 401-415.
[106] Menezes A, Okamoto T and Vanstone S. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory, Vol.39,1993, pp. 1639-1646.
[107] Chen L, Harrison K, Moss A, et al. Certification of public keys within an identity based system. 5th International Conference on Information Security, Springer-Verlag, LNCS 2433, 2002, pp. 322-333.
[108] Yao A C. Theory and Applications of trapdoor functions, Proceedings of the 23th Symposium on the Foundation of Computer Science, 1982, pp.80-91.
[109] Goldwasser S and Micali S. Probabilitic encryption and how to paly mental poker. Keeping secret all partial information Proe. 14th ACM Sympon Theory of Computing 1982, pp. 365-377.
[110] Bellare M and Rogaway P. Random oracle are Practical: a paradiam for designing efficient Protocols, In First ACM Conference on Computer and Communications Security, ACM, 1993.
[111] Bellare M and Rogaway P. The exact security of digital signatures—how to sign with RSA and Rabin. In Advances in CryPtology-EuroeryPt' 96. LNCS1070, 1996, pp. 399-416.
[112] Xu J, Zhang Z, Feng D. ID-based aggregate signatures from bilinear pairings. Proceedings of CANS 2005, LNCS 3810, Springer-Verlag, 2005, pp. 110-119.
[113] Gentry C, Ramzan Z. Identity-based aggregate signatures. Proceedings of PKC 2006, LNCS 3958,2006, pp. 257 - 273.
[114] Song J, Kim H, Lee S, et al. Security enhancement in Ad Hoc network with ID-based cryptosystem.Proceedings of ICACT 2005,pp.372-376.
[115]Li J,Kim K,Zhang F,et al.Aggregate proxy signature and verifiably encrypted proxy signature.Proceedings of ProvSec 2007,LNCS 4784,Springer-Verlag,2007,pp.208-217.
[116]Cheng X,Liu J,Wang X.Identity-based aggregate and verifiably encrypted signatures from bilinear pairing.ICCSA 2005,Springer-Verlag,LNCS 3483,2005,pp.1046-1054.
[117]刘景伟,孙蓉,马文平.高效的基于ID的无证书签名方案.通信学报,2008,29(2):87-94.
[118]Goyal V.Reducing trust in the PKG in identity based cryptosystems.Crypt' 2007,LNCS 4622,Springer-Verlag,2007,pp.430-447.
[119]Liao J,Xiao J,Qi Y,Huang P,et al.ID-based signature scheme without trusted PKG.CISC 2005,LNCS 3822,Springer-Verlag,2005,pp.53-62.
[120]Bellare M,Neven G.Multi-signatures in the plain public-key model and a general forking lemma.ACM-CCS 2006,pp.390-399.
[121]Mambo M,Usuda K,Okamoto E.Proxy Signatures:Delegation of the Power to Sign Messages.IEICE Transactions on Fundamentals of Electronic Communications and Computer Science E79-A(9),1996 pp.1338-1354.
[122]Mambo M,Usuda K,Okamoto E.Proxy signatures for delegating signing operation.Proc.Of 3th ACM Conf.on Computer and Communications Security(CCS'96)1996.(ACM Press),pp.48-57.
[123]Lee B,Kim H and Kim K.Strong proxy signature and its applications.SCIS2001.Oiso.Japan vol 2(2),2001,pp.603-608.
[124]Kim S,Park S,Won D.Proxy signatures,revisited.ICICS'97,Springer- Verlag;Berlin.1997,pp.223-232.
[125]Zhang K.Threshold proxy signature schemes.1997 Information Security Workshop.Japan,1997.pp.191-197.
[126]Yi L J,Bai G Q,Xiao G Z.Proxy multi-signature scheme:a new type of proxy signature scheme.Electron Letter,2000,36(6),pp.527-528.
[127]Lee B,Kim H and Kim K.Secure mobile agent using strong non-designated proxy signature.Proc of ACISP'2001,2001,pp.474-476.
[128]Shum K,Wei Victor.A strong proxy signature scheme with proxy signer privacy protection,http://www.computer.Org/proceedings/wetice/1748/17480055,2002.
[129]谷利泽,李忠献,杨义先.不需要可信任方的匿名代理签名方案.北京邮电大学学报,2005,28(1):48-51.
[130]周亮,杨文忠,杨义先.有限次的代理签名方案.北京邮电大学学报,2008,31(3):103-106.
[131]Lu R,He D,Wang C.Cryptanalysis and Improvement of a Certificateless Proxy Signature Scheme from Bilinear Pairings.Eighth ACIS International Conference on Sottware Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing.2007 IEEE,pp.285-290.
[132]Chaum D and Antwerpen H van.Undeniable signatures.In Advances in Cryptology-Crypto'89,LNCS 435,1990,pp.212-216.
[133]Desmedt Y and Yung M.Weakness of undeniable signature schemes(Extended Abstract).In Advances in Cryptology-Crypto'91,LNCS 547,1992,pp.205-220.
[134]Desmedt Y,Goutier C and Bengio S.Special uses and abuses of the Fiat-Shamir passport protocol.In Advances in Cryptology-Crypto' 87,LNCS 293,1988,pp.21-39.
[135]Jakobsson M.Blackmailing using undeniable signatures.In Advances in Cryptology-Eurocrypt'94,LNCS 950,1995,PP.425-427.
[136]Jakobsson M,Sako K,Impagliazzo R.Designated Verifier Proofs and their Applications.Advances in Cryptology-Eurocrypt 1996,LNCS 1070,Berlin,Springer-Verlag,1996,pp.142-154.
[137]Saeednia S,Kramer S,Markovitch O.An Efficient Strong Designated Verifier Signature Scheme.Advances in the 6th Conf on Inf-Security and Cryptology (ICISC 2003),2003,pp.40-54.
[138]Laguillaumie F,Vergnaud D.Designated Verifiers Signature:Anonymity and Efficient Construction from any Bilinear Map.Advances in the 4th Conference on Security in Communication Networks'04(SCN 04),Berlin,Springer-Verlag,2004,pp.107-121.
[139]Laguillaumie F and Vergnaud D.Multi-designated verifier signatures,ICICS 2004,LNCS 3269,2004,pp.495-507.
[140]Susilo W,Zhang F,Mu Y.Identity-based strong designated verifier signature schemes,ACISP 2004,LNCS 3108,pp.313-324.
[141]Kumar K,Shailaja G,Saxena A.Identity based strong designated verifier signature scheme,http//www.eprint.iacr.org/2006/134.
[142]Dai J,Yang X,Dong J.Designated receiver proxy signature scheme for e-commerce.Proc.of IEEE International Conference on System,Man and Cybernetic,IEEE-2003,pp.384-389.
[143]Wang G.Designated-receiver proxy signatures for e-commerce.IEEE 2004International Conference on Multimedia and Expo(ICME2004),IEEE press,2004,pp.1731-1734.
[144]Li X,Chen K,Li S.Designated verifier proxy signatures for Commerce from bilinear pairings.Proc.Of 16th Int.Conf.on Computer Communication,2004,pp.1249-1252.
[145]Huang X,Mu Y,Susilo W,et al.Short Designated Verifier Proxy Signature from Pairings.In the First International Workshop on Security in Ubiquitous Computing Systems-SecUbiq 2005,Lecture Notes in Computer Science,vol.3823,2005,pp.835-844.
[146]Lu R X,Cao Z F.Designated verifier proxy scheme with message recovery.Applied Mathematics and Computation,169(2),2005,1237-1246.
[147]Cao T,Lin D and xue R.ID-based designated-verifier proxy signatures,IEE Proc.-Commun.,Vol.152,No.6,December 2005.pp.989-994.
[148]Lu R X,Cao Z F,Dong X L.Designated verifier proxy signature scheme from bilinear pairings.Proc of the First International Multi-Symposiums on Computer and Computational Sciences 2006,IEEE Press,2006,pp.40-47.
[149]Yoon H,Cheon J H and Kim Y.Batch verifications with ID-based signatures.ICISC 2004,LNCS 3506,Springer-Verlag,2005,pp.223-248.
[150]Yu Y,Xu C,Zhang X,et al.Designated verifier proxy signature scheme without random oracles.Computers & Mathematics with Applications,57(8),2009,pp.1352-1364.