聚合签名与聚合签密研究
|
摘要
本文首先介绍了聚合签名和聚合签密技术,然后简单介绍了相关的数学知识和密码学原理,最后对基于身份聚合签名、无证书聚合签名和无证书聚合签密进行了较深入的研究。主要成果有:
1、指出了一个基于身份聚合签名方案无法抵抗伪造攻击,当攻击者得到某个成员的签名后,就可以对任意的消息产生有效的签名。提出的改进方案弥补了其中的安全缺陷,在随机预言模型下证明新方案的安全性。
2、针对无证书密码体制可以解决基于证书公钥密码体制的公钥认证问题和基于身份公钥密码体制的密钥托管问题,构造了无证书聚合签名的可证明安全模型,并提出了一个具体的签名长度与人数无关的聚合签名方案。基于计算性Diffie-Hellman难题,在随机预言机模型下,证明了新方案能够抵抗适应性选择身份和消息的存在性伪造攻击。
3、构造了n个用户对n个不同消息生成聚合签密的可证明安全模型,设计了基于双线性对的无证书聚合签密方案。在随机预言机模型下,基于双线性Diffie-Hellamn难题和计算性Diffie-Hellamn难题,证明方案满足适应性选择消息攻击下的不可伪造性和适应性选择密文攻击下的保密性。
In this dissertation, we firstly make a description about aggretage signature, aggregate signcryption and its security. Then, we reviewed the related mathematical knowledge. At last, we mainly research on ID-based aggregate signature, certificateless aggregante signature and certicateless aggregate signcryption. The main contributions are as follows:
1. We show that an ID-based aggregate signature scheme can't resist the forgery attack, because an attacker can generate a valid signature for any message if he has ever obtained a signature. Then, an improved scheme to overcome their weakness is proposed, and it is provably secure in random oracle model.
2. Aggregate signature allows n different users to sign n different messages; the major challenge of designing this signature is how to achieve both security and efficiency. Certificateless cryptosystem can solve the key escrow of ID-based cryptosystem and the public key authentication of certification-based cryptosystem. A formal model of certificateless aggregate signature is proposed. Then propose a concrete certificateless aggregate signature, which the length of the signature is independent of the signers. Based on the hardness of computational Diffie-Hellman problem, the proposed scheme is secure against existential forgery under adaptive chosen identities and messages in random oracle model.
3. A formal model of certificateless aggregate signcryption is proposed, which allows n different users to signcrypt n different messages. Then we propose a concrete certificateless aggregate signcryption scheme. Based on the Bilinear Diffie-Hellman Problem and Computational Diffie-Hellam Problem, the proposed scheme captures existential unforgeability against chosen message attacks (EUF-CMA) and indistinguishability of encryptions under adaptively chosen ciphertext attacks (IND-CCA2) in the random oracle model.
1、指出了一个基于身份聚合签名方案无法抵抗伪造攻击,当攻击者得到某个成员的签名后,就可以对任意的消息产生有效的签名。提出的改进方案弥补了其中的安全缺陷,在随机预言模型下证明新方案的安全性。
2、针对无证书密码体制可以解决基于证书公钥密码体制的公钥认证问题和基于身份公钥密码体制的密钥托管问题,构造了无证书聚合签名的可证明安全模型,并提出了一个具体的签名长度与人数无关的聚合签名方案。基于计算性Diffie-Hellman难题,在随机预言机模型下,证明了新方案能够抵抗适应性选择身份和消息的存在性伪造攻击。
3、构造了n个用户对n个不同消息生成聚合签密的可证明安全模型,设计了基于双线性对的无证书聚合签密方案。在随机预言机模型下,基于双线性Diffie-Hellamn难题和计算性Diffie-Hellamn难题,证明方案满足适应性选择消息攻击下的不可伪造性和适应性选择密文攻击下的保密性。
In this dissertation, we firstly make a description about aggretage signature, aggregate signcryption and its security. Then, we reviewed the related mathematical knowledge. At last, we mainly research on ID-based aggregate signature, certificateless aggregante signature and certicateless aggregate signcryption. The main contributions are as follows:
1. We show that an ID-based aggregate signature scheme can't resist the forgery attack, because an attacker can generate a valid signature for any message if he has ever obtained a signature. Then, an improved scheme to overcome their weakness is proposed, and it is provably secure in random oracle model.
2. Aggregate signature allows n different users to sign n different messages; the major challenge of designing this signature is how to achieve both security and efficiency. Certificateless cryptosystem can solve the key escrow of ID-based cryptosystem and the public key authentication of certification-based cryptosystem. A formal model of certificateless aggregate signature is proposed. Then propose a concrete certificateless aggregate signature, which the length of the signature is independent of the signers. Based on the hardness of computational Diffie-Hellman problem, the proposed scheme is secure against existential forgery under adaptive chosen identities and messages in random oracle model.
3. A formal model of certificateless aggregate signcryption is proposed, which allows n different users to signcrypt n different messages. Then we propose a concrete certificateless aggregate signcryption scheme. Based on the Bilinear Diffie-Hellman Problem and Computational Diffie-Hellam Problem, the proposed scheme captures existential unforgeability against chosen message attacks (EUF-CMA) and indistinguishability of encryptions under adaptively chosen ciphertext attacks (IND-CCA2) in the random oracle model.
引文
[1]张福泰.密码学教程[M].武汉大学出版社,2006.
[2]Diffie W,Hellman M E. New directions in cryptography[J]. IEEE Transactions on Information Theory,1976,22(6):644-654.
[3]Rivest R L,Shamir A,Adleman L M. A method for obtain digital signatures and public key cryptosystem[J]. Communication of the ACM,1978,21(2):120-126.
[4]Elgamal T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on information Theory,1985, IT-31(4):469-472.
[5]Rabin M. Digital signatures and public-key functions as intractable as factorization[P]. MIT Lab of Computer Science, Technical Report, MTT/LCS/TR-212,1979.
[6]Schnorr C P. Efficient identification and signatures for smart cards[C]// Advances in Cryptology-CRYPTO'98, LNCS 1294. Berlin:Springer-Verlag,1990:239-252.
[7]Okamaoto T. Provable secure and practical identification schemes and corresponding digital signature scheme [C]. CRYPTO'921992:31-52.
[8]National Institute of Standard and Technology, NIST Digital signature algorithm, DSA U.S.department of commerce 1994.
[9]Byberg K, Rueppel R A. Message recovery for signature schemes based on the discrete logarithm problem[C]//Advances in Cryptology-EUROCRYPT'94, LNCS950. Berlin:Springer-Verlag,1986:186-194.
[10]Fiat A, Shamir A. How to prove yourself:Practical solutions to identification and signature problems [C]//Advances in Cryptology-CRYPTO'86, LNCS263. Berlin:Springer-Verlag,1986:186-194.
[11]Chaum D. Blind signatures for untraceable payments[C]//Advances in Cryptology-Crypto'82. Berlin:Springer-Verlag,1983:199-203.
[12]Shamir A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO'84,LNCS 196. Berlin:Springer-Verlag,1985:47-53.
[13]Vacca J R. Public Key Infrastructure Building Trusted Applications and Web Services[M]. New York:CRC Press,2004.
[14]Desmedt Y, Frankel Y. Sbared generation of authentieation and signature [C]// Advances in Cryptology-Crypto'91,LNCS 576.Berlin:Springer-Verlag, 1991:457-469.
[15]Chaum D, Heyst E. Group Signature[C]//Advances in Cryptology-Crypto'91, LNCS576. Berlin:Springer-Verlag,1991:257-265.
[16]Chaum D. Designated confirmer signature[C]//Advances in Cryptolog-Eurocrypt'94, LNCS 950.Berlin:Springer-Verlag,1995:86-91.
[17]Mambo M, Usuda K, Okamoto E. Proxy signature:delegation of the power to sign messages[J]. IEICE Trans.Fundamentals,1996,E79-A(5):1338-1354.
[18]Rivest R L, Shamir A, Tauman Y. How to leak a secret[C]//Advances in Cryptology-Asiacrypt 2001,LNCS 2248.Berlin:Springer-Verlag,2001:552-565.
[19]Al-riyami S S, Paterson K G. Certificateless public key cryptography[C]// Advances in Cryptology-ASIACRYPTO'03, LNCS 2894. Berlin Springer-Verlag,2003:452-473.
[20]Chaum D, Antwerpen H. Undeniable signatures[C]//Advanees in Cryptology-Crypto'89, LNCS435,Berlin:Springer-Verlag,1990:212-216.
[21]Even S, Goldreieh O, Mieali S. On-line/Off-line digital signatures [C]// Advances in Cryptology-Crypto'89, LNCS 435. Berlin:Springer-Verlag, 1990:263-277.
[22]Lim C, Lee P. Modifed Maurer-Yacobi's scheme and its aplications[C]// Advances in Cryptology-AUSCRYPT'92,LNCS 718. Berlin:Springer-Verlag, 1992:308-323.
[23]Goldwasser S, Mieali S, Rivest R. A digital signature scheme secure against adaptive chosen-message attacks [J]. SI AM Journal of computing,1988, 17(2):281-308.
[24]Zheng, Y. Digital signcryption or how to achieve cost(signature & encryption) [C]< [25]李发根,基于双线性对的签密体制研究[D],西安电子科技大学博士学位’论文.
[26]Shin J B, Lee K, Shim K. New DSA-verifiable signcryption scheme [C]. Information Security and Cryptography-ICISC 2002, LNCS 2587,Berlin: Springer-Verlag,2003:35-47.
[27]Gamage C, Leiwo J, Zheng Y. Encrypted message authentication by firewalls [C]. Public Key Cryptography-PKC'99, LNCS 1560, Berlin:Springer-Verlag, 1999:69-81.
[28]Pertersen H, Michels M. Cryptanalysis and improvement of signcryption schemes[J]. IEEE Proceedings. Computers and Digital Techniques,1998, 145(2):149-151.
[29]Bao F, Deng R H. A signcryption scheme with signature directly verifiable by public key [C]. Public Key Cryptography-PKC'98, LNCS 1431, Berlin: Springer-Verlag,1998; 55-59.
[30]Yun D H, Lee P J. New signcryption schemes based on KCDSA [C] Information Security and Cryptology-ICISC2001, LNCS 2288, Berlin: Springer-Verlag,2002:305-317.
[31]NIST, Digital Signature Standard, FIPS PUB 186, U.S. Department of Commerce,1994.
[32]Jung H Y, Lee D H, Lim J I. Signcryption schemes with forward secrecy [C]. Information Security Application-WISA 2001, Seoul, Korea,2001:463-475.
[33]Steinfeld R, Zheng Y. A signcryption scheme based on integer factorization [C]. Information Security Workshop-ISW 2000,LNCS 1975,Berlin:Springer-Verlag,2000:308-322.
[34]Malone L J,Mao W. Two birds one stone:signcryption using RSA [C]. Topics in Cryptology-CT-RSA 2003,LNCS 2612, Berlin:Springer-Verlag,2003: 211-226.
[35]Zheng Y, Imai H. How to construct effcient signcryption schemes on elliptic curves [J]. Information Processing Letters,1998,68(5):227-233.
[36]Koo J H, Kim H J, Jeong I R. Jointly unsigncryptable signcryption schemes [C]. Information Security Application-WISA 2001, Seoul,Korea,2001: 397-407.
[37]Zhang Z, Mian C, Jin Q. Signcryption scheme with threshold shared unsigncryption preventing malicious receivers [C].2002 IEEE Region 10 Conference on Computers,Communications, Control and Power Engineering, Vol.1, Beijing, China,2002:196-199.
[38]Peng C, Li X. Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing [C].2005 International Conference on Wireless Communications, Networking and Mobile Computing, Vol.2, Wuhan,China,2005:1136-1139.
[39]Seo M, Kim K. Electronic funds transfer protocol using domain-verifiable signcryption scheme [C]. Information Security and Cryptology-ICISC'99, LNCS 1787, Berlin:Springer-Verlag,1999:269-277.
[40]Gamage C, Leiwo J, Zheng Y. An effcient scheme for secure message transmission using proxy-signcryption [C].The 22nd Australasian Computer Science Conference,Auckland, New Zealand,1999:420-431.
[41]Seo S H, Lee S H. A secure and flexible multi-signcryption scheme [C]. Computational Science and Its Applications-ICCSA 2004, LNCS 3046, Berlin:Springer-Verlag,2004:689-697.
[42]李发根,胡予濮,李刚.一个高效的基于身份的签密方案[J].计算机学报,2006,29(9):1641-1647.
[43]张键红.两种签密方案的安全分析[J].东南大学学报,2007,37(1):29-33.
[44]Boneh D, Gentry C, Lynn B, Shacham H. Aggregate and verifiably encrypted signatures from bilinear maps [C].Advances in Cryptology-Eurocrypt 2003, LNCS 2656,416-432, Springer-Verlag,2003.
[45]Lysyanskaya A, Micali S, Reyzin L, Shacham H. Sequential aggregate signatures from trapdoor permutations [C]. In Proc.of Eurocrypt 2004,volume 9999 of LNCS,74-90.Springer-Verlag,2004.
[46]Cheon J H, Kim Y, Yoon H J. A new ID-based signature with batch verification. Cryptology ePrint Archive, Report 2004/13, http://eprint.iacr.org/2004/131.
[47]Shim K H. An ID-based aggregate signature scheme with constant pairing computations [J]. The Journal of Systems and Software 2010,83:1873-1880.
[48]Wang Z, Chen H. Practical identity-based aggregate signature scheme from bilinear maps [J], Shanghai Jiao Tong University Press,2008,13(6):684-687.
[49]Selvi S D, Vivek S S, Shriram J. Security analysis of aggregate signature and batch verification signature schemes. Cryptology ePrint Archive, Report 2009, http://eprint.iacr.org/2009.
[50]Herranz J. Deterministic identity-based signatures for partial aggregation [J], The Computer Journal 2006,49(3):322-330.
[51]Cheng X, Liu J, Wang X. Identity-based aggregate and verifiably encrypted signatures from bilinear pairing [C]//ICCSA'05, LNCS 3483, Springer-Verlag: 1046-1054.
[52]Gentry C, Ramzan Z., Identity-based aggregate signatures[C]//PKC'06, LNCS 3958. Springer-Verlag:257-273.
[53]Selvi S D, Vivik S S, Shriram J. Efficient and provably secure identity based aggregate signature scheme with partial and full aggregation, Cryptology ePrint Archive, Report 2010, http://eprint.iacr.org/2010.
[54]Gong Z, Long Y, Hong X, Chen K. Two certificateless aggregate signatures from bilinear maps[C], IEEE Press, Qingdao, China,2007:188-193.
[55]Zhang L, Zhang F T. A new certificateless aggregate signature scheme [J], Computer Communications,2009,32:1079-1085.
[56]Chen H, Song W, Zhao B. Certificateless aggregate signature scheme[C]. IEEE international conference on E-Busness and E-government 2010: 3790-3793.
[57]Lei Z, Bo Q, Wu Q, Zhang F T. Novel efficient certificateless aggregate signatures[C]. AAECC 2009, LNCS 5527, Springer-Verlag Berlin Heidelberg 2009:235-238.
[58]Zhang L et al. Efficient many-to-one authentication with certificateless aggregate signatures [J], Computer Networks. (2010), doi:10.1016/jcomnet. 2010.04.008.
[59]Baek J, Steinfeld R, Zheng Y. Formal proofs for the security of signcryption[C]. Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol.2274, pp.80-98. Springer, Heidelberg (2002).
[60]Malone L J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098 (2002).
[61]Libert, B, Quisquater J J. A new identity based signcryption scheme from pairings[C]. In:Proceedings of the IEEE Information Theory Workshop, pp. 155-158(2003).
[62]Boyen X. Multipurpose identity-based signcryption:a swiss army knife for identity-based cryptography [C].Advances in Cryptology-CRYPTO 2003, LNCS 2729,Berlin:Springer-Verlag,2003:383-399.
[63]Chen L, Malone L J. Improved identity-based signcryption [C]. Public Key Cryptography-PKC 2005, LNCS 3386, Berlin:Springer-Verlag,2005: 362-379.
[64]Barreto P S, Libert B, McCullagh N, Quisquater J J.Effcient and provably-secure identity-based signatures and signcryption from bilinear maps [C]. Advances in Cryptology-ASIACRYPT 2005,LNCS 3788, Berlin:Springer-Verlag,2005:515-532.
[65]Selvi D, Vivek S, Shriram J. Identity Based Aggregate Signcryption Schemes[C], B. Roy and N. Sendrier (Eds.):INDOCRYPT 2009, LNCS 5922, pp.378-397,2009, Springer-Verlag Berlin Heidelberg 2009.
[66]Barbosa M, Farshim P. Certificateless signcryption[J], in:M. Abe, V. Gligor (Eds.), Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM, New York,2008, pp. 369-372, Also Cryptology ePrint Archive, Report 2008/143, http://eprint. iacr.org/2008/143.
[67]Wu C, Chen Z. A new efficient certificateless signcryption scheme[C]. In International Symposium on Information Science and Engieering,2008. ISISE'08., volume 1.pages 661-664,2008.21.
[68]Barreto P, Deusajute A, Cruz E. Toward efficient certificateless signcryption from (and without) bilinear pairings. Http://sbseg2008.inf.ufrg.br/anais/data /pdf/st03_03_artigo.pdf.
[69]Selvi S D, Vivek S S, Ragan C P. On the security of certificateless signcryption schemes. Cryptology ePrint Archive:Report 2009/298, http://eprint. iacr. org/ 2009/298.
[70]Xie W J, Zhang Z. Efficient and provably secure certificateless signcryption from bilinear maps. Cryptology ePrint Archive, Report 2009/578,2009.
[71]Yu G, Yang H Z, Fan S Q. Efficient Certificateless Signcryption Scheme [C]. ISECS'10 Guangzhou,55-59.
[72]Liu Z H, Hu Y P, Zhang X S, Ma H. Certificateless signcryption scheme in the standard model[J]. Information Sciences,180(3):452-464,2010.
[73]Selvi D, Vivik S, Rangan P. Security Weaknesses in Two Certificateless Signcryption Schemeshttp://eprint.iacr.org/2010/092.
[74]周晓燕,杜伟章.基于身份和weil对的聚合签名方案[J].计算机工程与应用,2010,46(15):106-108.
[75]Boneh D, Franklin M. Identity-based encryption from the well pairing [C]. Advances in Cryptology-CRYPTO 2001,LNCS 2139, Berlin:Springer-Verlag, 2001:213-229.
[76]Vacca J R. Public Key Infrastructure Building Trusted Applications and Web Services[M]. New York:CRC Press,2004.
[77]Canetti R,Goldreich O, Halevi S.The random oracle mehtodology, revisited[C]. Journal of the ACM,2004,51(4):557-594.
[2]Diffie W,Hellman M E. New directions in cryptography[J]. IEEE Transactions on Information Theory,1976,22(6):644-654.
[3]Rivest R L,Shamir A,Adleman L M. A method for obtain digital signatures and public key cryptosystem[J]. Communication of the ACM,1978,21(2):120-126.
[4]Elgamal T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on information Theory,1985, IT-31(4):469-472.
[5]Rabin M. Digital signatures and public-key functions as intractable as factorization[P]. MIT Lab of Computer Science, Technical Report, MTT/LCS/TR-212,1979.
[6]Schnorr C P. Efficient identification and signatures for smart cards[C]// Advances in Cryptology-CRYPTO'98, LNCS 1294. Berlin:Springer-Verlag,1990:239-252.
[7]Okamaoto T. Provable secure and practical identification schemes and corresponding digital signature scheme [C]. CRYPTO'921992:31-52.
[8]National Institute of Standard and Technology, NIST Digital signature algorithm, DSA U.S.department of commerce 1994.
[9]Byberg K, Rueppel R A. Message recovery for signature schemes based on the discrete logarithm problem[C]//Advances in Cryptology-EUROCRYPT'94, LNCS950. Berlin:Springer-Verlag,1986:186-194.
[10]Fiat A, Shamir A. How to prove yourself:Practical solutions to identification and signature problems [C]//Advances in Cryptology-CRYPTO'86, LNCS263. Berlin:Springer-Verlag,1986:186-194.
[11]Chaum D. Blind signatures for untraceable payments[C]//Advances in Cryptology-Crypto'82. Berlin:Springer-Verlag,1983:199-203.
[12]Shamir A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO'84,LNCS 196. Berlin:Springer-Verlag,1985:47-53.
[13]Vacca J R. Public Key Infrastructure Building Trusted Applications and Web Services[M]. New York:CRC Press,2004.
[14]Desmedt Y, Frankel Y. Sbared generation of authentieation and signature [C]// Advances in Cryptology-Crypto'91,LNCS 576.Berlin:Springer-Verlag, 1991:457-469.
[15]Chaum D, Heyst E. Group Signature[C]//Advances in Cryptology-Crypto'91, LNCS576. Berlin:Springer-Verlag,1991:257-265.
[16]Chaum D. Designated confirmer signature[C]//Advances in Cryptolog-Eurocrypt'94, LNCS 950.Berlin:Springer-Verlag,1995:86-91.
[17]Mambo M, Usuda K, Okamoto E. Proxy signature:delegation of the power to sign messages[J]. IEICE Trans.Fundamentals,1996,E79-A(5):1338-1354.
[18]Rivest R L, Shamir A, Tauman Y. How to leak a secret[C]//Advances in Cryptology-Asiacrypt 2001,LNCS 2248.Berlin:Springer-Verlag,2001:552-565.
[19]Al-riyami S S, Paterson K G. Certificateless public key cryptography[C]// Advances in Cryptology-ASIACRYPTO'03, LNCS 2894. Berlin Springer-Verlag,2003:452-473.
[20]Chaum D, Antwerpen H. Undeniable signatures[C]//Advanees in Cryptology-Crypto'89, LNCS435,Berlin:Springer-Verlag,1990:212-216.
[21]Even S, Goldreieh O, Mieali S. On-line/Off-line digital signatures [C]// Advances in Cryptology-Crypto'89, LNCS 435. Berlin:Springer-Verlag, 1990:263-277.
[22]Lim C, Lee P. Modifed Maurer-Yacobi's scheme and its aplications[C]// Advances in Cryptology-AUSCRYPT'92,LNCS 718. Berlin:Springer-Verlag, 1992:308-323.
[23]Goldwasser S, Mieali S, Rivest R. A digital signature scheme secure against adaptive chosen-message attacks [J]. SI AM Journal of computing,1988, 17(2):281-308.
[24]Zheng, Y. Digital signcryption or how to achieve cost(signature & encryption) [C]<
[26]Shin J B, Lee K, Shim K. New DSA-verifiable signcryption scheme [C]. Information Security and Cryptography-ICISC 2002, LNCS 2587,Berlin: Springer-Verlag,2003:35-47.
[27]Gamage C, Leiwo J, Zheng Y. Encrypted message authentication by firewalls [C]. Public Key Cryptography-PKC'99, LNCS 1560, Berlin:Springer-Verlag, 1999:69-81.
[28]Pertersen H, Michels M. Cryptanalysis and improvement of signcryption schemes[J]. IEEE Proceedings. Computers and Digital Techniques,1998, 145(2):149-151.
[29]Bao F, Deng R H. A signcryption scheme with signature directly verifiable by public key [C]. Public Key Cryptography-PKC'98, LNCS 1431, Berlin: Springer-Verlag,1998; 55-59.
[30]Yun D H, Lee P J. New signcryption schemes based on KCDSA [C] Information Security and Cryptology-ICISC2001, LNCS 2288, Berlin: Springer-Verlag,2002:305-317.
[31]NIST, Digital Signature Standard, FIPS PUB 186, U.S. Department of Commerce,1994.
[32]Jung H Y, Lee D H, Lim J I. Signcryption schemes with forward secrecy [C]. Information Security Application-WISA 2001, Seoul, Korea,2001:463-475.
[33]Steinfeld R, Zheng Y. A signcryption scheme based on integer factorization [C]. Information Security Workshop-ISW 2000,LNCS 1975,Berlin:Springer-Verlag,2000:308-322.
[34]Malone L J,Mao W. Two birds one stone:signcryption using RSA [C]. Topics in Cryptology-CT-RSA 2003,LNCS 2612, Berlin:Springer-Verlag,2003: 211-226.
[35]Zheng Y, Imai H. How to construct effcient signcryption schemes on elliptic curves [J]. Information Processing Letters,1998,68(5):227-233.
[36]Koo J H, Kim H J, Jeong I R. Jointly unsigncryptable signcryption schemes [C]. Information Security Application-WISA 2001, Seoul,Korea,2001: 397-407.
[37]Zhang Z, Mian C, Jin Q. Signcryption scheme with threshold shared unsigncryption preventing malicious receivers [C].2002 IEEE Region 10 Conference on Computers,Communications, Control and Power Engineering, Vol.1, Beijing, China,2002:196-199.
[38]Peng C, Li X. Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing [C].2005 International Conference on Wireless Communications, Networking and Mobile Computing, Vol.2, Wuhan,China,2005:1136-1139.
[39]Seo M, Kim K. Electronic funds transfer protocol using domain-verifiable signcryption scheme [C]. Information Security and Cryptology-ICISC'99, LNCS 1787, Berlin:Springer-Verlag,1999:269-277.
[40]Gamage C, Leiwo J, Zheng Y. An effcient scheme for secure message transmission using proxy-signcryption [C].The 22nd Australasian Computer Science Conference,Auckland, New Zealand,1999:420-431.
[41]Seo S H, Lee S H. A secure and flexible multi-signcryption scheme [C]. Computational Science and Its Applications-ICCSA 2004, LNCS 3046, Berlin:Springer-Verlag,2004:689-697.
[42]李发根,胡予濮,李刚.一个高效的基于身份的签密方案[J].计算机学报,2006,29(9):1641-1647.
[43]张键红.两种签密方案的安全分析[J].东南大学学报,2007,37(1):29-33.
[44]Boneh D, Gentry C, Lynn B, Shacham H. Aggregate and verifiably encrypted signatures from bilinear maps [C].Advances in Cryptology-Eurocrypt 2003, LNCS 2656,416-432, Springer-Verlag,2003.
[45]Lysyanskaya A, Micali S, Reyzin L, Shacham H. Sequential aggregate signatures from trapdoor permutations [C]. In Proc.of Eurocrypt 2004,volume 9999 of LNCS,74-90.Springer-Verlag,2004.
[46]Cheon J H, Kim Y, Yoon H J. A new ID-based signature with batch verification. Cryptology ePrint Archive, Report 2004/13, http://eprint.iacr.org/2004/131.
[47]Shim K H. An ID-based aggregate signature scheme with constant pairing computations [J]. The Journal of Systems and Software 2010,83:1873-1880.
[48]Wang Z, Chen H. Practical identity-based aggregate signature scheme from bilinear maps [J], Shanghai Jiao Tong University Press,2008,13(6):684-687.
[49]Selvi S D, Vivek S S, Shriram J. Security analysis of aggregate signature and batch verification signature schemes. Cryptology ePrint Archive, Report 2009, http://eprint.iacr.org/2009.
[50]Herranz J. Deterministic identity-based signatures for partial aggregation [J], The Computer Journal 2006,49(3):322-330.
[51]Cheng X, Liu J, Wang X. Identity-based aggregate and verifiably encrypted signatures from bilinear pairing [C]//ICCSA'05, LNCS 3483, Springer-Verlag: 1046-1054.
[52]Gentry C, Ramzan Z., Identity-based aggregate signatures[C]//PKC'06, LNCS 3958. Springer-Verlag:257-273.
[53]Selvi S D, Vivik S S, Shriram J. Efficient and provably secure identity based aggregate signature scheme with partial and full aggregation, Cryptology ePrint Archive, Report 2010, http://eprint.iacr.org/2010.
[54]Gong Z, Long Y, Hong X, Chen K. Two certificateless aggregate signatures from bilinear maps[C], IEEE Press, Qingdao, China,2007:188-193.
[55]Zhang L, Zhang F T. A new certificateless aggregate signature scheme [J], Computer Communications,2009,32:1079-1085.
[56]Chen H, Song W, Zhao B. Certificateless aggregate signature scheme[C]. IEEE international conference on E-Busness and E-government 2010: 3790-3793.
[57]Lei Z, Bo Q, Wu Q, Zhang F T. Novel efficient certificateless aggregate signatures[C]. AAECC 2009, LNCS 5527, Springer-Verlag Berlin Heidelberg 2009:235-238.
[58]Zhang L et al. Efficient many-to-one authentication with certificateless aggregate signatures [J], Computer Networks. (2010), doi:10.1016/jcomnet. 2010.04.008.
[59]Baek J, Steinfeld R, Zheng Y. Formal proofs for the security of signcryption[C]. Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol.2274, pp.80-98. Springer, Heidelberg (2002).
[60]Malone L J. Identity-based signcryption. Cryptology ePrint Archive, Report 2002/098 (2002).
[61]Libert, B, Quisquater J J. A new identity based signcryption scheme from pairings[C]. In:Proceedings of the IEEE Information Theory Workshop, pp. 155-158(2003).
[62]Boyen X. Multipurpose identity-based signcryption:a swiss army knife for identity-based cryptography [C].Advances in Cryptology-CRYPTO 2003, LNCS 2729,Berlin:Springer-Verlag,2003:383-399.
[63]Chen L, Malone L J. Improved identity-based signcryption [C]. Public Key Cryptography-PKC 2005, LNCS 3386, Berlin:Springer-Verlag,2005: 362-379.
[64]Barreto P S, Libert B, McCullagh N, Quisquater J J.Effcient and provably-secure identity-based signatures and signcryption from bilinear maps [C]. Advances in Cryptology-ASIACRYPT 2005,LNCS 3788, Berlin:Springer-Verlag,2005:515-532.
[65]Selvi D, Vivek S, Shriram J. Identity Based Aggregate Signcryption Schemes[C], B. Roy and N. Sendrier (Eds.):INDOCRYPT 2009, LNCS 5922, pp.378-397,2009, Springer-Verlag Berlin Heidelberg 2009.
[66]Barbosa M, Farshim P. Certificateless signcryption[J], in:M. Abe, V. Gligor (Eds.), Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM, New York,2008, pp. 369-372, Also Cryptology ePrint Archive, Report 2008/143, http://eprint. iacr.org/2008/143.
[67]Wu C, Chen Z. A new efficient certificateless signcryption scheme[C]. In International Symposium on Information Science and Engieering,2008. ISISE'08., volume 1.pages 661-664,2008.21.
[68]Barreto P, Deusajute A, Cruz E. Toward efficient certificateless signcryption from (and without) bilinear pairings. Http://sbseg2008.inf.ufrg.br/anais/data /pdf/st03_03_artigo.pdf.
[69]Selvi S D, Vivek S S, Ragan C P. On the security of certificateless signcryption schemes. Cryptology ePrint Archive:Report 2009/298, http://eprint. iacr. org/ 2009/298.
[70]Xie W J, Zhang Z. Efficient and provably secure certificateless signcryption from bilinear maps. Cryptology ePrint Archive, Report 2009/578,2009.
[71]Yu G, Yang H Z, Fan S Q. Efficient Certificateless Signcryption Scheme [C]. ISECS'10 Guangzhou,55-59.
[72]Liu Z H, Hu Y P, Zhang X S, Ma H. Certificateless signcryption scheme in the standard model[J]. Information Sciences,180(3):452-464,2010.
[73]Selvi D, Vivik S, Rangan P. Security Weaknesses in Two Certificateless Signcryption Schemeshttp://eprint.iacr.org/2010/092.
[74]周晓燕,杜伟章.基于身份和weil对的聚合签名方案[J].计算机工程与应用,2010,46(15):106-108.
[75]Boneh D, Franklin M. Identity-based encryption from the well pairing [C]. Advances in Cryptology-CRYPTO 2001,LNCS 2139, Berlin:Springer-Verlag, 2001:213-229.
[76]Vacca J R. Public Key Infrastructure Building Trusted Applications and Web Services[M]. New York:CRC Press,2004.
[77]Canetti R,Goldreich O, Halevi S.The random oracle mehtodology, revisited[C]. Journal of the ACM,2004,51(4):557-594.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |