公平交换协议的设计与安全性研究
|
摘要
电子商务时代,互联网的快速发展极大地提高了交易的便捷性,同时也带来了网络交易的危险性。由于数字化产品易于复制、网络环境又极其复杂,在网上从事商务活动存在特殊性——双方的交易活动一结束,双方当事人就可以消失的无影无踪,这为交易活动的可追究性,以及交易后可能出现的争议的妥善解决带来了巨大的麻烦。因此,如何保证网上交易活动的安全性就成了一个亟需解决的实际问题。这里的安全性不仅囊括开放网络中通信所要求的传统安全目标:有效性、机密性、认证性与完整性等,还需要具备时效性、不可否认性以及不可滥用性等特性,而公平交换协议正是实现这些安全性质的关键,日益受到国内外研究者的广泛关注。
近年众多国内外研究者提出了一些高效的公平交换协议及用于构造双方公平交换协议的基本模块。这些成果为公平交换协议的研究开拓了思路、奠定了基础,但仍存在一些缺陷。如,大多数的公平交换协议不能很好的保证交易方的不可滥用性;构造双方公平交换协议的基本模块不能直接用于设计交互方式相对复杂的多方交换协议;多数多方合同签署协议仅适合于异步网络,消息延迟没有上限,需要的轮数较多,效率比较低。因此,在设计安全高效的公平交换协议方面还有很多工作需要深入研究。
本文的目的即研究公平交换协议的设计及其安全性分析,主要内容包括四个方面:构造公平交换协议的基本模块、双方公平交换协议、多方公平交换协议以及无TTP参与的公平交换协议。主要创新工作如下:
1、在公平交换协议的基本模块方面,利用基于身份的数字签名方案设计了可证安全的可验证加密签名方案。新方案中没有使用零知识证明系统提供验证,从而有效地避免了交互认证带来的效率损失
2、在多方合同签署协议的基本模块方面,将可验证加密签名方案与聚合签名思想相结合,提出了可证安全的聚合可验证加密签名方案。从而,多个签署者可利用聚合可验证加密签名合成一个承诺消息,与验证者进行认证,避免了以往方案中验证者逐一与多个签署者进行交互认证。
3、在双方公平交换协议方面,首先,利用Cha-Cheon的基于身份的签名方案设计了可证安全的可验证加密签名方案,并将此方案与基于身份的代理可验证加密签名方案相结合设计了一个新颖的多元合同签署协议。其交换双方可以为原始签署者和代理签署者的任意组合形式,即原始签署者与原始签署者、原始签署者与代理签署者以及代理签署者与代理签署者三种情形。其次,利用抗密钥暴露的哈希函数方案设计了一个新的具有时效性的公平交换协议。新协议的交换阶段并未使用零知识证明系统,有效降低了通信消耗,提高了协议效率。最后,指出2008年Gao等提出的满足不可滥用性的公平交换协议存在的安全漏洞,进而,引入时效性条件对此协议进行改进,提出了一个新的满足不可滥用性的公平交换协议。
4、在多方交换协议方面,利用无限制聚合签名方案实现合同的签署和基于公钥密码系统的广播协议实现消息的分发,设计了一个新的多方合同签署协议。协议中不规定签署者发送消息的次序,设置了凭证的有效期,且无需提前确定不诚实签署者的数目。
5、在无TTP参与的公平交换协议方面,通过安全性分析,首先指出2008年陈广辉等提出的基于并发签名的公平交换协议在两个参与者都诚实可信的情况下不满足不可滥用性。进而,提出了一个改进的满足不可滥用性的公平交换协议;其次,指出2010年罗铭等提出的基于签密的并发签名方案是存在伪造的,即在没有签名者的关键数与密钥的情况下,接收者利用签名者的有效模糊签名便可恢复出签密消息,且可以以签名者身份伪造任意消息的模糊签名。因此,基于该签密并发签名方案的公平交换协议方案也是不安全的。然后,对并发签名方案进行了改进,弥补了原并发签名方案的安全缺陷,从而能够有效保证公平交换协议的安全性。
In the era of electronic commerce, the rapid development of the internet transaction has greatly improved the convenience and quickness, but it also brings the risk of online transactions. There are some specialties in the online transactions or business with the extremely complex network environment. And the participant can disappear without a trace at the end of the transaction. The traceability and disputes may arise after the transaction, which has brought more troubles. Therefore, the problem of the fair exchange becomes particularly important. And how to ensure the security of online transactions has become an urgent problem needs to solve. Beside the requirements of effectiveness, confidentiality, authentication and integrity, e-commerce also needs to satisfy timeless, non-repudiation and abuse-freeness etc., and the fair exchange protocol is the key to achieving these security properties.
In recent years, many researchers have proposed a number of efficient fair exchange protocols and primitives of the fair exchange protocol. These results laid the foundation for the research on fair exchange protocol, but still have some defects. For example, most of the fair exchange protocol can not guarantee the abuse-freeness for a good party; the primitives of the two parties fair exchange protocol can not be directly used to design multi-party exchange protocol; most multi-contract signing protocol is only suitable for asynchronous networks, no maximum number of rounds for message delay, and efficiency is relatively low. Therefore, in designing safe and efficient fair exchange protocol that much work needs further study.
This dissertation mainly focuses on the design and security analysis of the fair exchange protocol. The content of this dissertation includes four aspects: the design of the paradigm of the fair exchange protocol, the design of the fair exchange protocol, the design of the multi-party fair exchange protocol and the design of the fair exchange protocol without involved TTP. The main innovation of this dissertation briefly summarized as follows:
1、In the verifiably encrypted signature:Utilizing the Shim's identity-based signature scheme, a new identity-based verifiably encrypted signature scheme is proposed. As a building block of the fair exchange protocol, this approach does not use any zero-knowledge proofs to provide verifiability; it avoids most of the costly computations.
2、To construct the multi-party fair exchange protocol (multi-party contract signing protocol), a new concept:Aggregate verifiably encrypted signature (AVES) scheme is proposed by combining aggregate signature with the new verifiably encrypted signature scheme. As a building block of the multi-party fair exchange protocol, many signers can aggregate their verifiably encrypted signature to one commitment message by using aggregate verifiably encrypted signature scheme. Thus, the verifier interacts with each signer for certification can be avoided, and only needs once.
3、In the fair exchange protocol:Firstly, utilizing the Cha-Cheon's identity-based signature scheme, a new provably secure identity-based verifiably encrypted signature scheme is proposed. Then, combining the proposed scheme and identity-based proxy verifiably encrypted signature scheme, a new novel multiplex contract signing protocol is proposed. The original signer or proxy signer uses verifiably encrypted signature or proxy verifiably encrypted signature to realize the interaction and certification of the commitment message in the information exchange process. The users can be any combination of forms of the original signer and the proxy signer, such as the original signer and the original signer, the original signer and the proxy signer, the proxy signer and the proxy signer. Secondly, based on the key-exposure-free chameleon hashing scheme, a new timeliness optimistic fair exchange protocol is proposed. The new scheme does not require the use of interactive zero-knowledge proofs in the exchange phase. Both parties can contact the trusted third party and settle the argument before the deadline. Finally, based on the security analysis, an abuse-free optimistic fair exchange protocol can not satisfy the requirement of fairness. Such weaknesses may lead to an unfair situation for the honest party. In order to overcome these weaknesses, a new secure abuse-free optimistic fair exchange protocol is proposed. In the proposed scheme, both parties can contact the trusted third party and settle the argument before the deadline.
4、In the multi-party fair exchange protocol:Utilizing the unrestricted aggregate signature scheme and the public-key cryptosystem based broadcast protocol, a new multi-party contract signing protocol (MCSP) was proposed. The MCSP employed the public-key cryptosystem based broadcast protocol (PCBP) to distribute the messages of the signers, and employed the unrestricted aggregate signature scheme to sign the contract between the signers. The scheme does not require the order to send the messages and determining the number of dishonest in advance, and sets the validity of the certificate.
5、In the fair exchange protocol without involved TTP:Through analysis, the perfect concurrent signature (CS)-based fair exchange protocol does not satisfy the property of the abuse-freeness if both parties are honest. Before releasing the secret information (keystone), anyone can identify who is the real signer when two parties have exchanged their two ambiguous signatures and relative data items. Then, an improved perfect concurrent signature-based fair exchange protocol was presented which overcomes the flaw of the previous scheme and realizes the property of the abuse-freeness. Based on the security analysis, an existing signcryption-based concurrent signature is broken. If the receiver has a valid ambiguous signature of the signer, without the signer's keystone and secret key, he can obtain the signer's message and forge an ambiguous signature on arbitrary message on behalf of the signer easily. So, the fair exchange protocol is insecure. Then, an improved signcrytion-base concurrent signature was presented which overcame the flaw of the previous scheme, which ensured the security of the fair exchange protocol.
近年众多国内外研究者提出了一些高效的公平交换协议及用于构造双方公平交换协议的基本模块。这些成果为公平交换协议的研究开拓了思路、奠定了基础,但仍存在一些缺陷。如,大多数的公平交换协议不能很好的保证交易方的不可滥用性;构造双方公平交换协议的基本模块不能直接用于设计交互方式相对复杂的多方交换协议;多数多方合同签署协议仅适合于异步网络,消息延迟没有上限,需要的轮数较多,效率比较低。因此,在设计安全高效的公平交换协议方面还有很多工作需要深入研究。
本文的目的即研究公平交换协议的设计及其安全性分析,主要内容包括四个方面:构造公平交换协议的基本模块、双方公平交换协议、多方公平交换协议以及无TTP参与的公平交换协议。主要创新工作如下:
1、在公平交换协议的基本模块方面,利用基于身份的数字签名方案设计了可证安全的可验证加密签名方案。新方案中没有使用零知识证明系统提供验证,从而有效地避免了交互认证带来的效率损失
2、在多方合同签署协议的基本模块方面,将可验证加密签名方案与聚合签名思想相结合,提出了可证安全的聚合可验证加密签名方案。从而,多个签署者可利用聚合可验证加密签名合成一个承诺消息,与验证者进行认证,避免了以往方案中验证者逐一与多个签署者进行交互认证。
3、在双方公平交换协议方面,首先,利用Cha-Cheon的基于身份的签名方案设计了可证安全的可验证加密签名方案,并将此方案与基于身份的代理可验证加密签名方案相结合设计了一个新颖的多元合同签署协议。其交换双方可以为原始签署者和代理签署者的任意组合形式,即原始签署者与原始签署者、原始签署者与代理签署者以及代理签署者与代理签署者三种情形。其次,利用抗密钥暴露的哈希函数方案设计了一个新的具有时效性的公平交换协议。新协议的交换阶段并未使用零知识证明系统,有效降低了通信消耗,提高了协议效率。最后,指出2008年Gao等提出的满足不可滥用性的公平交换协议存在的安全漏洞,进而,引入时效性条件对此协议进行改进,提出了一个新的满足不可滥用性的公平交换协议。
4、在多方交换协议方面,利用无限制聚合签名方案实现合同的签署和基于公钥密码系统的广播协议实现消息的分发,设计了一个新的多方合同签署协议。协议中不规定签署者发送消息的次序,设置了凭证的有效期,且无需提前确定不诚实签署者的数目。
5、在无TTP参与的公平交换协议方面,通过安全性分析,首先指出2008年陈广辉等提出的基于并发签名的公平交换协议在两个参与者都诚实可信的情况下不满足不可滥用性。进而,提出了一个改进的满足不可滥用性的公平交换协议;其次,指出2010年罗铭等提出的基于签密的并发签名方案是存在伪造的,即在没有签名者的关键数与密钥的情况下,接收者利用签名者的有效模糊签名便可恢复出签密消息,且可以以签名者身份伪造任意消息的模糊签名。因此,基于该签密并发签名方案的公平交换协议方案也是不安全的。然后,对并发签名方案进行了改进,弥补了原并发签名方案的安全缺陷,从而能够有效保证公平交换协议的安全性。
In the era of electronic commerce, the rapid development of the internet transaction has greatly improved the convenience and quickness, but it also brings the risk of online transactions. There are some specialties in the online transactions or business with the extremely complex network environment. And the participant can disappear without a trace at the end of the transaction. The traceability and disputes may arise after the transaction, which has brought more troubles. Therefore, the problem of the fair exchange becomes particularly important. And how to ensure the security of online transactions has become an urgent problem needs to solve. Beside the requirements of effectiveness, confidentiality, authentication and integrity, e-commerce also needs to satisfy timeless, non-repudiation and abuse-freeness etc., and the fair exchange protocol is the key to achieving these security properties.
In recent years, many researchers have proposed a number of efficient fair exchange protocols and primitives of the fair exchange protocol. These results laid the foundation for the research on fair exchange protocol, but still have some defects. For example, most of the fair exchange protocol can not guarantee the abuse-freeness for a good party; the primitives of the two parties fair exchange protocol can not be directly used to design multi-party exchange protocol; most multi-contract signing protocol is only suitable for asynchronous networks, no maximum number of rounds for message delay, and efficiency is relatively low. Therefore, in designing safe and efficient fair exchange protocol that much work needs further study.
This dissertation mainly focuses on the design and security analysis of the fair exchange protocol. The content of this dissertation includes four aspects: the design of the paradigm of the fair exchange protocol, the design of the fair exchange protocol, the design of the multi-party fair exchange protocol and the design of the fair exchange protocol without involved TTP. The main innovation of this dissertation briefly summarized as follows:
1、In the verifiably encrypted signature:Utilizing the Shim's identity-based signature scheme, a new identity-based verifiably encrypted signature scheme is proposed. As a building block of the fair exchange protocol, this approach does not use any zero-knowledge proofs to provide verifiability; it avoids most of the costly computations.
2、To construct the multi-party fair exchange protocol (multi-party contract signing protocol), a new concept:Aggregate verifiably encrypted signature (AVES) scheme is proposed by combining aggregate signature with the new verifiably encrypted signature scheme. As a building block of the multi-party fair exchange protocol, many signers can aggregate their verifiably encrypted signature to one commitment message by using aggregate verifiably encrypted signature scheme. Thus, the verifier interacts with each signer for certification can be avoided, and only needs once.
3、In the fair exchange protocol:Firstly, utilizing the Cha-Cheon's identity-based signature scheme, a new provably secure identity-based verifiably encrypted signature scheme is proposed. Then, combining the proposed scheme and identity-based proxy verifiably encrypted signature scheme, a new novel multiplex contract signing protocol is proposed. The original signer or proxy signer uses verifiably encrypted signature or proxy verifiably encrypted signature to realize the interaction and certification of the commitment message in the information exchange process. The users can be any combination of forms of the original signer and the proxy signer, such as the original signer and the original signer, the original signer and the proxy signer, the proxy signer and the proxy signer. Secondly, based on the key-exposure-free chameleon hashing scheme, a new timeliness optimistic fair exchange protocol is proposed. The new scheme does not require the use of interactive zero-knowledge proofs in the exchange phase. Both parties can contact the trusted third party and settle the argument before the deadline. Finally, based on the security analysis, an abuse-free optimistic fair exchange protocol can not satisfy the requirement of fairness. Such weaknesses may lead to an unfair situation for the honest party. In order to overcome these weaknesses, a new secure abuse-free optimistic fair exchange protocol is proposed. In the proposed scheme, both parties can contact the trusted third party and settle the argument before the deadline.
4、In the multi-party fair exchange protocol:Utilizing the unrestricted aggregate signature scheme and the public-key cryptosystem based broadcast protocol, a new multi-party contract signing protocol (MCSP) was proposed. The MCSP employed the public-key cryptosystem based broadcast protocol (PCBP) to distribute the messages of the signers, and employed the unrestricted aggregate signature scheme to sign the contract between the signers. The scheme does not require the order to send the messages and determining the number of dishonest in advance, and sets the validity of the certificate.
5、In the fair exchange protocol without involved TTP:Through analysis, the perfect concurrent signature (CS)-based fair exchange protocol does not satisfy the property of the abuse-freeness if both parties are honest. Before releasing the secret information (keystone), anyone can identify who is the real signer when two parties have exchanged their two ambiguous signatures and relative data items. Then, an improved perfect concurrent signature-based fair exchange protocol was presented which overcomes the flaw of the previous scheme and realizes the property of the abuse-freeness. Based on the security analysis, an existing signcryption-based concurrent signature is broken. If the receiver has a valid ambiguous signature of the signer, without the signer's keystone and secret key, he can obtain the signer's message and forge an ambiguous signature on arbitrary message on behalf of the signer easily. So, the fair exchange protocol is insecure. Then, an improved signcrytion-base concurrent signature was presented which overcame the flaw of the previous scheme, which ensured the security of the fair exchange protocol.
引文
1. Asokan N. Fairness in electronic commerce.PhD thesis, University of Waterloo, May 1998.
2. Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory. IT-22(6),1976:644-654.
3. Blum M. How to exchange (secret) keys. ACM Trans. on Computer Systems,1983,1(2):175-193.
4. Even S, Goldreich O, Lempel A. A randomized protocol for signing contracts. Communications of the ACM,1985,28(6):637-647.
5. Rabin M O. How to exchange secrets by oblivious transfer. Technical report. Aiken Computation Laboratory. Harvard University.1981.
6. Ben-OR M, Goldrich O, Micali S, Rivest R A. A fair protocol for signing contracts. IEEE Transactions on Information Theory 1990,36:40-46.
7. Bahreman A, Tygar D. Certified electronic mail. In Symposium on Network and Distributed Systems Security,1994:3-19.
8. Damgard I. Practical and provably secure release of a secret and exchange of signatures. J. of Cryptology,1995,8(4):201-222.
9. Markowitch O, Roggeman Y. Probabilistic non-repudiation without trusted third party (1999).
10. Boneh D, Naor M. Timed commitments (extended abstract). Advances in Cryptology-CRYPTO 2000, LNCS1880, Springer-Verlag, Berlin,2000:236-254.
11. Garay J, Jackobsson M. Timed release of standard digital signatures. FC'03, LNCS 2742, Springer-Verlag, Berlin,2003:190-207.
12.卿斯汉.电子商务协议中的可信第三方角色.软件学报,2003,4(11):1936-1943.
13. Rabin M O. Transaction protection by beacons. Jour. of Com. and Sys. Sci.,1983,27:256-267.
14. Bahreman A, Tygar J D. Certified electronic mail. In proceedings of the 1994 Network and Distributed Systems Security Conference,1994:3-19
15. Coffey T, Saidha P. Non-repudiation with mandatory proof of receipt. Computer Communication Review,1996,26(1):6-17.
16. Cox B, Tygar J, Dsirbu M. NewBill security and transaction protocol. First UNIX Workshop of Electronic Commerce,1995:77-88.
17. Deng R H, Gong L, Lazar A A, Wang W G. Practical protocols for certified electronic mail. Journal of Network and System Management,1996,4(3):279-297.
18. Zhou J Y, Gollmann D. A fair non-repudiation protocol. IEEE SRSP 1996,1996:55-61.
19. Kim K, Park S, Baek J. Improving fairness and privacy of Zhou-Gollmann's fair non- repudiation protocol. Proceedings of ICPP Workshop on Security (ICPPWS).1999:140-145.
20. Petropoulos D, Kotzanikolaou P. Some more improvements on a fair non-repudiation protocol. Journal of Internet Technology,2003,4(4):255-259.
21. Kremer S, Markowitch O. Fair multi-party non-repudiation protocols. International Journal of Information Security,2003,1(4):223-235.
22.韩志耕,罗军舟.一个公平的多方不可否认协议.计算机学报.2008,31(10):1705-1715.
23. Asokan N, Baum-Waidner B, Schunter M, Waidner M. Optimistic synchronous multi-party contract signing. Research Report RZ3089, IBM Research Division,1998.
24. Asokan N, Schunter M, Waidner M. Optimistic protocols for multi-party fair exchange. Research Report RZ 2892 (#90840), IBM Research, December 1996.
25. Asokan N, Schunter M, Waidner M. Optimistic protocols for fair exchange. The 4th ACM Conference on Computer and Communications Security,1997:8-17.
26. Asokan N, Shoup V, Waidner M. Asynchronous protocols for optimistic fair exchange. In IEEE Symposium on Research in Security and Privacy, pages,1998:86-99.
27. Park J M, Chong E K P, Siegel P J. Constructing fair exchange protocols for e-commerce via distributed computation. Proceeding of PODC'03,2003:172-181.
28. Dodis Y. Reyzin L. Breaking and repairing optimistic fair exchange from PODC 2003. Proceedings of the 3rd ACM workshop on Digital Rights Management,2003:47-54.
29. Payeras-Capell M, Ferrer-Gomila J L, Huguet-Rotger L. Achieving fairness and timeliness in a previous electronic contract signing protocol. ARES 2006,2006:717-722.
30. Okada Y, Manabe Y, Okamoto T. Optimistic fair exchange protocol for e-Commerce. The 2006 Symposium on Cryptography and Information Security,2006.
31. Ray I, Zhang H J. Experiences in developing a fair exchange e-commerce protocol using common off-the-self components. Electronic Commerce Research and Applications,2008,7(2):247-259.
32. Okada Y, Manabe Y, Okamoto T. An optimistic fair exchange protocol and its security in the universal composability framework. Inter. Journal of Applied Cryptography,2008,1(1):70-77.
33. Shao Z H. Fair exchange protocol of signatures based on aggregate signatures. Computer communications,2008,31(10):1961-1969.
34. Yang X, Yu Z P, Kang B. Chameleon-based optimistic fair exchange protocol. Proc. of the International Conference on Embedded Software and Systems,2008:298-302.
35. Ma C S, Lei F Y, Cehn K F. Optimistic fair exchange e-commerce protocol based on secret sharing. Journal of Systems Engineering and Electronic,2006,17(4):858-863.
36. Wang C H, Yin C H, Juan C H. How to protect exchanged secrets in the fair exchange protocol with off-line TTP. Computer & Electrical Engineering,2006,32(5):364-375.
37. Shao Z H. Certificate-based fair exchange protocol of signatures from pairings. Computer Networks,2008,52(16):3075-3084.
38. Shao Z H. Fair exchange protocol of Schnorr signatures with semi-trust adjudicator. Computer & Electrical Engineering,2010,36(6):1035-1045.
39. Zhang Z F, Feng D G, Xu J, Zhou Y B. Efficient id-based optimistic fair exchange with provable security. ICICS 2005, LNCS 3783,2005:14-26.
40. Dodis Y, Lee P J, Yum D H. Optimistic fair exchange in a multi-user setting. PKC 2007, LNCS 4450,2007:118-133.
41. Dashti M T. Optimistic fair exchange using trusted devices stabilization, safety, and security of distributed systems, LNCS 5873,2009:711-725.
42. Huang X Y, Mu Y, Susilo W, Wu W, Xiang Y. Further observations on optimistic fair exchange protocols in the multi-user setting, PKC 2010, LNCS 6056,2010:124-141.
43. Kupcu A, Lysyanskaya A. Optimistic fair exchange with multiple arbiters. ESORICS 2010, LNCS 6345,2010:488-507.
44. Garay J, Jakobsson M, MacKenzie P. Abuse-free optimisitic contract signing, Crypto 1999, LNCS 1666,1999:449-466.
45. Garay J, MacKenzie P. Abuse-free multi-party contract signing. Distributed Computing 1999, LNCS 1693,1999:151-166.
46. Shmatikov V, Mitchell J. C. Analysis of abuse-free contract signing. FC'01, LNCS1962,2001: 174-191.
47. Chadha R, Kanovich M, Scedrov A. Inductive methods and contract-signing protocols. The 8th ACM conference on Computer and Communications Security.2001:176-185.
48. Wang G L, An abuse-free fair contract signing protocol based on the RSA signature. Proceedings of WWW 2005,2005:412-421.
49. Wang G L. An abuse-free fair contract signing protocol based on the RSA signature, IEEE Transactions on Information Forensics and Security,2010,5(1):158-168.
50. Gao W, Li F, Xu B H. An abuse-free optimistic fair exchange protocol based on BLS signature. Proceedings of CIS 2008,2008:841-845.
51. Chen L Q, Kudla C, Paterson K G. Concurrent signatures. EUROCRYPT 2004, LNCS 3027,2004: 287-305.
52. Rivest R, Shamir A, Tauman Y. How to leak a secret. ASIACRYPT 2001. LNCS 2248,2001: 552-565.
53. Chow S S M, Yiu S M, Hui L C K. Efficient identity based ring signature. Proceedings of ACNS 2005,2005:499-512.
54. Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their Applications. In: Eurocrypt'96, LNCS 1070,1996:142-154.
55. Susilo W, Mu Y, Zhang F. Perfect concurrent signature schemes. ICICS 2004. LNCS 3269,2004: 14-26.
56. Chow S, Susilo W. Generic construction of (identity-based) perfect concurrent signatures. Proceedings of ICICS 2005, LNCS 3783,2005:194-206.
57. Nguyen K. Asymmetric concurrent signatures. ICICS 2005, LNCS 3782,2005:181-193.
58. Wang G L, Bao F, Zhou J Y. The fairness of perfect concurrent signatures. ICICS 2006, LNCS 4307,2006:435-451.
59. Jiang H, Xu Q L, Zhang B. Perfect concurrent signature protocol for symmetric participant. International Conference on Computational Intelligence and Security,2008:273-277.
60. Huang X F, Wang L C. A fair concurrent signature scheme based on identity. HPCA 2009, LNCS 5938,2010:198-205.
61. Franklin M K, Tsudik G. Secure group barter:Multi-party fair exchange with semi-trusted neutral parties. FC 1998, LNCS 1465,1998:90-102.
62. Gonzalez-Deleito N, Markowitch O. Exclusion-freeness in multi-party exchange protocols. In 5th Information Security Conference, LNCS 2433,2002:200-209.
63. Mukhamedov A, Kremer S, Ritter E. Analysis of a multi-party fair exchange protocol and formal proof of correctness in the strand space model. FC2005, LNCS3570,2005:255-269.
64. Mut-Puigserver M, Payeras-Capella M, Ferrer-Gomila J L, Huguet-Rotger. Replay attack in a fair exchange protocol. ACNS 2008. LNCS 5037,2008:174-187.
65. Baum-Waidner B, Waidner M. Optimistic asynchronous multiparty contract signing. RZ3078. Zurich:IBM,1998.
66. Baum-Waidner B, Waidner M. Round-optimal and abuse-free optimistic multi-party contract signing. ICALP 2000. LNCS 1853,2000:24-535.
67. Baum-Waidner B, Optimistic asynchronous multi-party contract signing with reduced number of rounds. ICALP 2001. LNCS 2076,2001:898-911.
68. Mukhamedov A, Ryan M D, Fair multi-party contract signing using private contract signatures. Information and Computation,2008,206(2-4):272-290.
69. Mauw S, Radomirovic S, Dashti M T. Minimal message complexity of asynchronous multi- party contract signing. CSFS 2009,2009:13-25.
70. Boneh D, Franklin M. Identity-based encryption from the Weil pairing. CRYPTO 2001,2001: 213-229.
71. Koblitz N, Menezes A. Intractable problems in cryptography. http://eprint.iacr.org/2010/290.pdf.
72. Menezes A J, Oorschot P C V, Vanstone S A. Handbook of applied cryptography. CRC Press,1996.
73. Stinson D. Cryptography:Theory and Practice. CRC Press,1995.
74. Mao W. Modern Cryptography:Theory and Practice, Prentice Hall PTR,2003.
75. Camenisch J, Damgard I B. Verifiable encryption, group encryption, and their applications to group signature and signature sharing schemes. ASIACRYPT 2000, LNCS 1976,2000:331-345.
76. Ateniese G. Verifiable encryption of digital signatures and applications. ACM Transactions on Information and System Security,2004,7(1):1-20.
77. Boneh D, Gentry C, Lynn B. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology:EUROCRYPT 2003, LNCS 2656,2003:416-432.
78.辛向军,李刚,董庆宽,肖国镇.一个高效的随机化的可验证加密签名方案.电子学报,2008,36(7):1378-1382.
79.杨浩淼,孙世新,徐继友.一种无随机预言机的高效可验证加密签名方案.软件学报,2009,20(4):1069-1076.
80. Ruckert M, Schroder D. Security of verifiably encrypted signatures and a construction without random oracles. ICPC 2009, LNCS 5671,2009:17-34.
81. Gu C X, Zhu Y F. An ID-based verifiable encrypted signature scheme based on Hess's scheme. The 1st SKLOIS Conference on Information Security and Cryptology. LNCS 3822,2005:42-52.
82. Zhang J H, Zou W. A robust verifiably encrypted signature scheme. Proceedings of the EUC Workshops 2006, LNCS 4097,2006:731-740.
83. Kwon S, Lee S H. An efficient ID-based verifiably encrypted signature scheme based on Hess's scheme. ISPEC 2007, LNCS 4464,2007:93-104.
84. Shamir A. Identity based cryptosystems and signature schemes. CRYPTO 84, LNCS 196,1984: 47-53.
85. Hess F. Efficient identity based signature schemes based on pairings. The 9th Annual International Workshop on Selected Areas in Cryptography. LNCS 2595,2002:310-324.
86.张振峰.基于身份的可验证加密签名协议的安全性分析.计算机学报,2006,29(9):1688-1693.
87. Shim K A. An iD-based aggregate signature scheme with constant pairing computations. The Journal of Systems and Software,2010,83(10):1873-1880.
88. Shao Z H. Fair exchange protocol of Schnorr signatures with semi-trusted adjudicator. Computers and Electrical Engineering,2010,36(6):1035-1045.
89. Bellare M, Namprempre C, Neven G. Unrestricted aggregate signatures. ICALP 2007, LNCS 4596, 2007:411-422.
90. Wang Z, Wu Q, Ye D F, Chen H Y. Practical identity-based aggregate signature from bilinear maps. J. Shanghai Jiaotong Univ. (Sci.),2008,13(6):684-687.
91. Zhang L, Zhang F T. A new certificateless aggregate signature scheme. Computer Communi-cations,2009,32 (6):1079-1085.
92. Zhang L, Qin B, et al. Efficient many-to-one authentication with certificateless aggregate signatures. Computer Networks,2010,54(14):2482-2491.
93. Bagherzandi A, Jarecki S. Identity-based aggregate and multi-signature schemes based on RSA. PKC 2010, LNCS 6056,2010:480-498.
94. Zhang L, Wu Q H, Qin B. Identity-based verifiably encrypted signatures without random oracles. ProvSec 2009, LNCS 5848,2009:76-89.
95. Zhang J H, Liu C L, Yang Y X. An efficient secure proxy verifiably encrypted signature scheme. Journal of Network and Computer Applications,2010,33(1):29-34.
96. Pagnia H, Gartner F. On the impossibility of fair exchange without a trusted third party. Darmstadt University of Technology, Darmstadt, Germany, Technical Report:TUD-BS-1999-02,1999.
97. Goldreich O. A simple protocol for signing contracts. CRYPTO'83.1984.133-136.
98. Garay J, Pomerance C. Timed fair exchange of standard signatures. FC 2003, LNCS 2742,2003. 190-207.
99. Liu J W, Sun R, KWAK K S. Fair exchange signature schemes. Science China Information Sciences.2010,53(5):945-953.
100. Ateniese G. Efficient verifiable encryption (and fair exchange) of digital signature. The 6th ACM Conference on Computer and Communications Security,1999:138-146.
101. Garay J, Jakobsson M, MacKenzie P. Abuse-free optimistic contract signing. CRYPTO'99, LNCS, 1999.449-466.
102.周永彬,张振峰,卿斯汉,季庆光.基于RSA签名的优化公平交换协议.软件学报,2004,15(7):1049-1055.
103.徐静,张振峰,冯登国.利用代理签名构造基于身份的优化公平交换协议.软件学报,2007.18(3):746-754.
104. Li X X, Chen K F, Liu S L, Li S Q. Verifiably encrypted signatures without random oracles. Journal of Shanghai Jiaotong University(Science),2006, E-1(2):230-235.
105. Mambo M, Usuda K, Okamoto E. Proxy signatures:delegation of the power to sign messages. IEICE Trans. Fundamentals.1996, E79-A(9):1338-1354.
106. Cha J C, Cheon J C. An Identity-based signature from gap diffie-hellman groups. PKC 2003, LNCS 2567,2003.18-30.
107. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. Journal of Cryptology,2000,13(3):361-396.
108. Franklin M K, Reiter M K. Fair exchange with a semitrusted third party (extended abstract), The 4th ACM conference on computer and communications security,1997:1-5.
109. Asokan N, Shoup V, Waidner M. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in communications,2000:593-610.
110. Ray I, Zhang H J. Experiences in developing a fair exchange e-commerce protocol using common off-the-self components. Electronic Commerce Research and Applications,2008,7(2):247-259.
111. Hernandez-Ardieta J L, Gonzalez-Tablas A I, Ramos Alvarez B. An optimistic fair exchange protocol based on signature policies. Computers and Security,2008,27(7-8):309-322.
112. Piva F R, Monteiro J R M, Dahab R. Regarding timeliness in the context of fair exchange. International Conference on Network and Service Security (N2S'09),2009:1-6.
113. Boneh D, Lynn B, Shacham H. Short signatures from the weil paring. ASIACRYPT 2001, LNCS 2248,2001:514-532.
114. Kudla C J, Paterson K G. Non-interactive designated verifier proofs and undeniable signatures. Proceeding of IMA Conference on Cryptography and Coding, LNCS 3796,2005:136-154.
115. Thayer Fabrega F J, Herzorg J, Guttman J. Strand spaces:proving security protocols correct. Journal of Computer Security,1999,7(2-3):191-230.
116. Chiou G, Chen W. Secure broadcasting using the secure lock. IEEE Trans on Software Engineering,1989,15(8):929-934.
117. Boneh D, Lynn B, Shacham H. Short signatures from the Weil pairing. ASIACRYPT 2001, LNCS 2248,2001:514-532.
118. Lynch N. Distributed algorithms. San Francisco:Morgan Kaufmann Publishers Inc,1996.
119. Susilo W, Mu Y. Tripartite concurrent signatures. IFIP International Federation for Information Processing,2005,181:425-441.
120. Chow S, Susilo W. Generic construction of (identity-based) perfect concurrent signatures. ICICS'05, LNCS 3783,2005:194-206.
121. Nguyen K. Asymmetric concurrent signatures. ICICS'05, LNCS 3783,2005:181-193.
122. Wang G L, Bao F, Zhou J Y. The fairness of perfect concurrent signatures. ICICS 2006, LNCS 4307,2006:435-451.
123. Jiang H, Xu Q L, Zhang B. Perfect concurrent signature protocol for symmetric participant. International Conference on Computational Intelligence and Security,2008:273-277.
124.陈广辉,卿斯汉,齐志峰等.新颖的基于并发签名的公平交易协议.通信学报,2008,29(7):39-43.
125. Zheng Y. Digital signcryption or how to achieve cost(signature & encryption) (cost(signature)+ cost(encryption)). CRYPTO 1997,1997:165-179.
126.罗铭,邹春华,胡军等.基于签密的公平交易协议.通信学报,2010,31(8):87-93.
127. Huang Q, Yang G M, Wong D S, Susilo W. Ambiguous optimistic fair exchange. ASIACRYPT 2008, LNCS 5350,2008:74-89.
2. Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory. IT-22(6),1976:644-654.
3. Blum M. How to exchange (secret) keys. ACM Trans. on Computer Systems,1983,1(2):175-193.
4. Even S, Goldreich O, Lempel A. A randomized protocol for signing contracts. Communications of the ACM,1985,28(6):637-647.
5. Rabin M O. How to exchange secrets by oblivious transfer. Technical report. Aiken Computation Laboratory. Harvard University.1981.
6. Ben-OR M, Goldrich O, Micali S, Rivest R A. A fair protocol for signing contracts. IEEE Transactions on Information Theory 1990,36:40-46.
7. Bahreman A, Tygar D. Certified electronic mail. In Symposium on Network and Distributed Systems Security,1994:3-19.
8. Damgard I. Practical and provably secure release of a secret and exchange of signatures. J. of Cryptology,1995,8(4):201-222.
9. Markowitch O, Roggeman Y. Probabilistic non-repudiation without trusted third party (1999).
10. Boneh D, Naor M. Timed commitments (extended abstract). Advances in Cryptology-CRYPTO 2000, LNCS1880, Springer-Verlag, Berlin,2000:236-254.
11. Garay J, Jackobsson M. Timed release of standard digital signatures. FC'03, LNCS 2742, Springer-Verlag, Berlin,2003:190-207.
12.卿斯汉.电子商务协议中的可信第三方角色.软件学报,2003,4(11):1936-1943.
13. Rabin M O. Transaction protection by beacons. Jour. of Com. and Sys. Sci.,1983,27:256-267.
14. Bahreman A, Tygar J D. Certified electronic mail. In proceedings of the 1994 Network and Distributed Systems Security Conference,1994:3-19
15. Coffey T, Saidha P. Non-repudiation with mandatory proof of receipt. Computer Communication Review,1996,26(1):6-17.
16. Cox B, Tygar J, Dsirbu M. NewBill security and transaction protocol. First UNIX Workshop of Electronic Commerce,1995:77-88.
17. Deng R H, Gong L, Lazar A A, Wang W G. Practical protocols for certified electronic mail. Journal of Network and System Management,1996,4(3):279-297.
18. Zhou J Y, Gollmann D. A fair non-repudiation protocol. IEEE SRSP 1996,1996:55-61.
19. Kim K, Park S, Baek J. Improving fairness and privacy of Zhou-Gollmann's fair non- repudiation protocol. Proceedings of ICPP Workshop on Security (ICPPWS).1999:140-145.
20. Petropoulos D, Kotzanikolaou P. Some more improvements on a fair non-repudiation protocol. Journal of Internet Technology,2003,4(4):255-259.
21. Kremer S, Markowitch O. Fair multi-party non-repudiation protocols. International Journal of Information Security,2003,1(4):223-235.
22.韩志耕,罗军舟.一个公平的多方不可否认协议.计算机学报.2008,31(10):1705-1715.
23. Asokan N, Baum-Waidner B, Schunter M, Waidner M. Optimistic synchronous multi-party contract signing. Research Report RZ3089, IBM Research Division,1998.
24. Asokan N, Schunter M, Waidner M. Optimistic protocols for multi-party fair exchange. Research Report RZ 2892 (#90840), IBM Research, December 1996.
25. Asokan N, Schunter M, Waidner M. Optimistic protocols for fair exchange. The 4th ACM Conference on Computer and Communications Security,1997:8-17.
26. Asokan N, Shoup V, Waidner M. Asynchronous protocols for optimistic fair exchange. In IEEE Symposium on Research in Security and Privacy, pages,1998:86-99.
27. Park J M, Chong E K P, Siegel P J. Constructing fair exchange protocols for e-commerce via distributed computation. Proceeding of PODC'03,2003:172-181.
28. Dodis Y. Reyzin L. Breaking and repairing optimistic fair exchange from PODC 2003. Proceedings of the 3rd ACM workshop on Digital Rights Management,2003:47-54.
29. Payeras-Capell M, Ferrer-Gomila J L, Huguet-Rotger L. Achieving fairness and timeliness in a previous electronic contract signing protocol. ARES 2006,2006:717-722.
30. Okada Y, Manabe Y, Okamoto T. Optimistic fair exchange protocol for e-Commerce. The 2006 Symposium on Cryptography and Information Security,2006.
31. Ray I, Zhang H J. Experiences in developing a fair exchange e-commerce protocol using common off-the-self components. Electronic Commerce Research and Applications,2008,7(2):247-259.
32. Okada Y, Manabe Y, Okamoto T. An optimistic fair exchange protocol and its security in the universal composability framework. Inter. Journal of Applied Cryptography,2008,1(1):70-77.
33. Shao Z H. Fair exchange protocol of signatures based on aggregate signatures. Computer communications,2008,31(10):1961-1969.
34. Yang X, Yu Z P, Kang B. Chameleon-based optimistic fair exchange protocol. Proc. of the International Conference on Embedded Software and Systems,2008:298-302.
35. Ma C S, Lei F Y, Cehn K F. Optimistic fair exchange e-commerce protocol based on secret sharing. Journal of Systems Engineering and Electronic,2006,17(4):858-863.
36. Wang C H, Yin C H, Juan C H. How to protect exchanged secrets in the fair exchange protocol with off-line TTP. Computer & Electrical Engineering,2006,32(5):364-375.
37. Shao Z H. Certificate-based fair exchange protocol of signatures from pairings. Computer Networks,2008,52(16):3075-3084.
38. Shao Z H. Fair exchange protocol of Schnorr signatures with semi-trust adjudicator. Computer & Electrical Engineering,2010,36(6):1035-1045.
39. Zhang Z F, Feng D G, Xu J, Zhou Y B. Efficient id-based optimistic fair exchange with provable security. ICICS 2005, LNCS 3783,2005:14-26.
40. Dodis Y, Lee P J, Yum D H. Optimistic fair exchange in a multi-user setting. PKC 2007, LNCS 4450,2007:118-133.
41. Dashti M T. Optimistic fair exchange using trusted devices stabilization, safety, and security of distributed systems, LNCS 5873,2009:711-725.
42. Huang X Y, Mu Y, Susilo W, Wu W, Xiang Y. Further observations on optimistic fair exchange protocols in the multi-user setting, PKC 2010, LNCS 6056,2010:124-141.
43. Kupcu A, Lysyanskaya A. Optimistic fair exchange with multiple arbiters. ESORICS 2010, LNCS 6345,2010:488-507.
44. Garay J, Jakobsson M, MacKenzie P. Abuse-free optimisitic contract signing, Crypto 1999, LNCS 1666,1999:449-466.
45. Garay J, MacKenzie P. Abuse-free multi-party contract signing. Distributed Computing 1999, LNCS 1693,1999:151-166.
46. Shmatikov V, Mitchell J. C. Analysis of abuse-free contract signing. FC'01, LNCS1962,2001: 174-191.
47. Chadha R, Kanovich M, Scedrov A. Inductive methods and contract-signing protocols. The 8th ACM conference on Computer and Communications Security.2001:176-185.
48. Wang G L, An abuse-free fair contract signing protocol based on the RSA signature. Proceedings of WWW 2005,2005:412-421.
49. Wang G L. An abuse-free fair contract signing protocol based on the RSA signature, IEEE Transactions on Information Forensics and Security,2010,5(1):158-168.
50. Gao W, Li F, Xu B H. An abuse-free optimistic fair exchange protocol based on BLS signature. Proceedings of CIS 2008,2008:841-845.
51. Chen L Q, Kudla C, Paterson K G. Concurrent signatures. EUROCRYPT 2004, LNCS 3027,2004: 287-305.
52. Rivest R, Shamir A, Tauman Y. How to leak a secret. ASIACRYPT 2001. LNCS 2248,2001: 552-565.
53. Chow S S M, Yiu S M, Hui L C K. Efficient identity based ring signature. Proceedings of ACNS 2005,2005:499-512.
54. Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their Applications. In: Eurocrypt'96, LNCS 1070,1996:142-154.
55. Susilo W, Mu Y, Zhang F. Perfect concurrent signature schemes. ICICS 2004. LNCS 3269,2004: 14-26.
56. Chow S, Susilo W. Generic construction of (identity-based) perfect concurrent signatures. Proceedings of ICICS 2005, LNCS 3783,2005:194-206.
57. Nguyen K. Asymmetric concurrent signatures. ICICS 2005, LNCS 3782,2005:181-193.
58. Wang G L, Bao F, Zhou J Y. The fairness of perfect concurrent signatures. ICICS 2006, LNCS 4307,2006:435-451.
59. Jiang H, Xu Q L, Zhang B. Perfect concurrent signature protocol for symmetric participant. International Conference on Computational Intelligence and Security,2008:273-277.
60. Huang X F, Wang L C. A fair concurrent signature scheme based on identity. HPCA 2009, LNCS 5938,2010:198-205.
61. Franklin M K, Tsudik G. Secure group barter:Multi-party fair exchange with semi-trusted neutral parties. FC 1998, LNCS 1465,1998:90-102.
62. Gonzalez-Deleito N, Markowitch O. Exclusion-freeness in multi-party exchange protocols. In 5th Information Security Conference, LNCS 2433,2002:200-209.
63. Mukhamedov A, Kremer S, Ritter E. Analysis of a multi-party fair exchange protocol and formal proof of correctness in the strand space model. FC2005, LNCS3570,2005:255-269.
64. Mut-Puigserver M, Payeras-Capella M, Ferrer-Gomila J L, Huguet-Rotger. Replay attack in a fair exchange protocol. ACNS 2008. LNCS 5037,2008:174-187.
65. Baum-Waidner B, Waidner M. Optimistic asynchronous multiparty contract signing. RZ3078. Zurich:IBM,1998.
66. Baum-Waidner B, Waidner M. Round-optimal and abuse-free optimistic multi-party contract signing. ICALP 2000. LNCS 1853,2000:24-535.
67. Baum-Waidner B, Optimistic asynchronous multi-party contract signing with reduced number of rounds. ICALP 2001. LNCS 2076,2001:898-911.
68. Mukhamedov A, Ryan M D, Fair multi-party contract signing using private contract signatures. Information and Computation,2008,206(2-4):272-290.
69. Mauw S, Radomirovic S, Dashti M T. Minimal message complexity of asynchronous multi- party contract signing. CSFS 2009,2009:13-25.
70. Boneh D, Franklin M. Identity-based encryption from the Weil pairing. CRYPTO 2001,2001: 213-229.
71. Koblitz N, Menezes A. Intractable problems in cryptography. http://eprint.iacr.org/2010/290.pdf.
72. Menezes A J, Oorschot P C V, Vanstone S A. Handbook of applied cryptography. CRC Press,1996.
73. Stinson D. Cryptography:Theory and Practice. CRC Press,1995.
74. Mao W. Modern Cryptography:Theory and Practice, Prentice Hall PTR,2003.
75. Camenisch J, Damgard I B. Verifiable encryption, group encryption, and their applications to group signature and signature sharing schemes. ASIACRYPT 2000, LNCS 1976,2000:331-345.
76. Ateniese G. Verifiable encryption of digital signatures and applications. ACM Transactions on Information and System Security,2004,7(1):1-20.
77. Boneh D, Gentry C, Lynn B. Aggregate and verifiably encrypted signatures from bilinear maps. Advances in Cryptology:EUROCRYPT 2003, LNCS 2656,2003:416-432.
78.辛向军,李刚,董庆宽,肖国镇.一个高效的随机化的可验证加密签名方案.电子学报,2008,36(7):1378-1382.
79.杨浩淼,孙世新,徐继友.一种无随机预言机的高效可验证加密签名方案.软件学报,2009,20(4):1069-1076.
80. Ruckert M, Schroder D. Security of verifiably encrypted signatures and a construction without random oracles. ICPC 2009, LNCS 5671,2009:17-34.
81. Gu C X, Zhu Y F. An ID-based verifiable encrypted signature scheme based on Hess's scheme. The 1st SKLOIS Conference on Information Security and Cryptology. LNCS 3822,2005:42-52.
82. Zhang J H, Zou W. A robust verifiably encrypted signature scheme. Proceedings of the EUC Workshops 2006, LNCS 4097,2006:731-740.
83. Kwon S, Lee S H. An efficient ID-based verifiably encrypted signature scheme based on Hess's scheme. ISPEC 2007, LNCS 4464,2007:93-104.
84. Shamir A. Identity based cryptosystems and signature schemes. CRYPTO 84, LNCS 196,1984: 47-53.
85. Hess F. Efficient identity based signature schemes based on pairings. The 9th Annual International Workshop on Selected Areas in Cryptography. LNCS 2595,2002:310-324.
86.张振峰.基于身份的可验证加密签名协议的安全性分析.计算机学报,2006,29(9):1688-1693.
87. Shim K A. An iD-based aggregate signature scheme with constant pairing computations. The Journal of Systems and Software,2010,83(10):1873-1880.
88. Shao Z H. Fair exchange protocol of Schnorr signatures with semi-trusted adjudicator. Computers and Electrical Engineering,2010,36(6):1035-1045.
89. Bellare M, Namprempre C, Neven G. Unrestricted aggregate signatures. ICALP 2007, LNCS 4596, 2007:411-422.
90. Wang Z, Wu Q, Ye D F, Chen H Y. Practical identity-based aggregate signature from bilinear maps. J. Shanghai Jiaotong Univ. (Sci.),2008,13(6):684-687.
91. Zhang L, Zhang F T. A new certificateless aggregate signature scheme. Computer Communi-cations,2009,32 (6):1079-1085.
92. Zhang L, Qin B, et al. Efficient many-to-one authentication with certificateless aggregate signatures. Computer Networks,2010,54(14):2482-2491.
93. Bagherzandi A, Jarecki S. Identity-based aggregate and multi-signature schemes based on RSA. PKC 2010, LNCS 6056,2010:480-498.
94. Zhang L, Wu Q H, Qin B. Identity-based verifiably encrypted signatures without random oracles. ProvSec 2009, LNCS 5848,2009:76-89.
95. Zhang J H, Liu C L, Yang Y X. An efficient secure proxy verifiably encrypted signature scheme. Journal of Network and Computer Applications,2010,33(1):29-34.
96. Pagnia H, Gartner F. On the impossibility of fair exchange without a trusted third party. Darmstadt University of Technology, Darmstadt, Germany, Technical Report:TUD-BS-1999-02,1999.
97. Goldreich O. A simple protocol for signing contracts. CRYPTO'83.1984.133-136.
98. Garay J, Pomerance C. Timed fair exchange of standard signatures. FC 2003, LNCS 2742,2003. 190-207.
99. Liu J W, Sun R, KWAK K S. Fair exchange signature schemes. Science China Information Sciences.2010,53(5):945-953.
100. Ateniese G. Efficient verifiable encryption (and fair exchange) of digital signature. The 6th ACM Conference on Computer and Communications Security,1999:138-146.
101. Garay J, Jakobsson M, MacKenzie P. Abuse-free optimistic contract signing. CRYPTO'99, LNCS, 1999.449-466.
102.周永彬,张振峰,卿斯汉,季庆光.基于RSA签名的优化公平交换协议.软件学报,2004,15(7):1049-1055.
103.徐静,张振峰,冯登国.利用代理签名构造基于身份的优化公平交换协议.软件学报,2007.18(3):746-754.
104. Li X X, Chen K F, Liu S L, Li S Q. Verifiably encrypted signatures without random oracles. Journal of Shanghai Jiaotong University(Science),2006, E-1(2):230-235.
105. Mambo M, Usuda K, Okamoto E. Proxy signatures:delegation of the power to sign messages. IEICE Trans. Fundamentals.1996, E79-A(9):1338-1354.
106. Cha J C, Cheon J C. An Identity-based signature from gap diffie-hellman groups. PKC 2003, LNCS 2567,2003.18-30.
107. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. Journal of Cryptology,2000,13(3):361-396.
108. Franklin M K, Reiter M K. Fair exchange with a semitrusted third party (extended abstract), The 4th ACM conference on computer and communications security,1997:1-5.
109. Asokan N, Shoup V, Waidner M. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in communications,2000:593-610.
110. Ray I, Zhang H J. Experiences in developing a fair exchange e-commerce protocol using common off-the-self components. Electronic Commerce Research and Applications,2008,7(2):247-259.
111. Hernandez-Ardieta J L, Gonzalez-Tablas A I, Ramos Alvarez B. An optimistic fair exchange protocol based on signature policies. Computers and Security,2008,27(7-8):309-322.
112. Piva F R, Monteiro J R M, Dahab R. Regarding timeliness in the context of fair exchange. International Conference on Network and Service Security (N2S'09),2009:1-6.
113. Boneh D, Lynn B, Shacham H. Short signatures from the weil paring. ASIACRYPT 2001, LNCS 2248,2001:514-532.
114. Kudla C J, Paterson K G. Non-interactive designated verifier proofs and undeniable signatures. Proceeding of IMA Conference on Cryptography and Coding, LNCS 3796,2005:136-154.
115. Thayer Fabrega F J, Herzorg J, Guttman J. Strand spaces:proving security protocols correct. Journal of Computer Security,1999,7(2-3):191-230.
116. Chiou G, Chen W. Secure broadcasting using the secure lock. IEEE Trans on Software Engineering,1989,15(8):929-934.
117. Boneh D, Lynn B, Shacham H. Short signatures from the Weil pairing. ASIACRYPT 2001, LNCS 2248,2001:514-532.
118. Lynch N. Distributed algorithms. San Francisco:Morgan Kaufmann Publishers Inc,1996.
119. Susilo W, Mu Y. Tripartite concurrent signatures. IFIP International Federation for Information Processing,2005,181:425-441.
120. Chow S, Susilo W. Generic construction of (identity-based) perfect concurrent signatures. ICICS'05, LNCS 3783,2005:194-206.
121. Nguyen K. Asymmetric concurrent signatures. ICICS'05, LNCS 3783,2005:181-193.
122. Wang G L, Bao F, Zhou J Y. The fairness of perfect concurrent signatures. ICICS 2006, LNCS 4307,2006:435-451.
123. Jiang H, Xu Q L, Zhang B. Perfect concurrent signature protocol for symmetric participant. International Conference on Computational Intelligence and Security,2008:273-277.
124.陈广辉,卿斯汉,齐志峰等.新颖的基于并发签名的公平交易协议.通信学报,2008,29(7):39-43.
125. Zheng Y. Digital signcryption or how to achieve cost(signature & encryption) (cost(signature)+ cost(encryption)). CRYPTO 1997,1997:165-179.
126.罗铭,邹春华,胡军等.基于签密的公平交易协议.通信学报,2010,31(8):87-93.
127. Huang Q, Yang G M, Wong D S, Susilo W. Ambiguous optimistic fair exchange. ASIACRYPT 2008, LNCS 5350,2008:74-89.