具隱私權強化之數位簽章

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：24

、訪客IP：3.22.27.41

姓名

林熙中(Hsi-Chung Lin) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

具隱私權強化之數位簽章
(Digital Signatures with Privacy Enhancement)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

歷經逾三十年之研究發展，數位簽章已普遍地被視為傳統手寫式簽名於數位世界中的可行替代方案。然而，相較於傳統的手寫式簽名，一般型的數位簽章雖可提供更為強健的安全性保障，但未必具有更豐富且實用的功能。為拓展可應用之範圍，許多近期的研究試圖使數位簽章實現傳統手寫式簽名所無法達到的眾多新穎功能；而這些近期研究中，相當大的比例著眼於隱私權的強化。由於數位簽章的應用環境十分多樣且多變，數位簽章系統中隱私權及其相關議題，著實不容忽視。本論文將對數位簽章系統中隱私權及其相關議題，分別由系統中不同參與者的觀點，進行廣泛的討論與深入的分析。
於簽章簽署者之隱私權部份，數種具備簽署者混淆性（signer ambiguity）之簽章系統將分別被討論。首先，本論文將提出一個具有合理且安全之混淆性撤銷機制的指定驗證者簽章系統（designated verifier signature scheme）；該系統在保障簽署者身份於觀察者角度之混淆性的同時，仍然可維持數位簽章所必備的不可否認性（non-repudiation）。此外，本論文利用同步生效式簽章系統（concurrent signature scheme），架構出一個具高度公平性與可行性之線上交易模式。本論文亦利用環簽章系統（ring signature scheme）建構一個行動代理人之線上訪價協定，而該協定同時達成可公開驗證之前向完整性（public verifiable forward integrity）與前向隱私性（forward privacy）。
於簽章系統中驗證者之隱私權部份，本論文對一個十分具代表性之提名式簽章系統（nominative signature scheme）的安全性進行再分析。分析結果顯示，該提名式簽章足以抵抗近期文獻中所宣稱，針對指定驗證者隱私權的可能攻擊；事實上，該攻擊並非完全正確，其謬誤之處肇因於對安全性定義間細微差異的疏忽與誤解。本論文亦將該安全性定義間之細微差異與相關議題，延伸至以身份為基礎之簽章系統（identity-based signature scheme），及其批次驗證演算法（batch verification algorithm）。研究結果顯示，部份該類簽章系統之批次驗證研究，亦未正確精準地引用安全性定義。
於某些具有特殊功能之數位簽章系統中，除簽署者與驗證者外，亦可能包含第三位參與者。對於此一可能之第三參與者的隱私權，本論文將以代理簽章系統（proxy signature scheme）為範例，進行分析討論。本論文將提出一個對代理簽署者之隱私權提供良好保護的代理簽章系統，該系統不僅能保障代理簽署者之匿名性（anonymity），亦能確保代理簽章間的不可連結性（unlinkability）。於部份應用環境中，上述兩項特徵亦強化了原始簽署者之隱私權。

摘要(英)

Being a digital alternative of a hand-written signature, an ordinary digital signature provides better protections in security aspects but unfortunately achieves no significant improvement in functional aspects. Many recent researches try to enrich digital signatures by introducing a diversity of novel and practical functionalities over the ordinary ones. Duo to the variety of application scenarios digital signatures can be applied to, privacy-related issues of digital signatures should never be overlooked; hence a large part of those new signature developments involves privacy enhancement. In this dissertation, privacy-related issues of digital signatures are extensively discussed from the view points of different participants of a digital signature scheme.
For the privacy of the signer, some signature schemes with signer-ambiguity are discussed. First of all, a designated verifier signature scheme with secure disavowability is suggested; the suggested scheme keeps the identity of the signer ambiguous to third-party observers while maintains the signature non-repudiation property. Secondly, by using concurrent signatures, a fair and practical transaction model for online shopping applications is introduced; and thirdly, by using ring signatures, a mobile agent price survey protocol which simultaneously achieves publicly verifiable forward integrity and forward privacy is proposed.
For the privacy of the verifier, the security of a previous nominative signature scheme is reconsidered. It is showed that the previous scheme survives after a recent cryptanalysis against the designated verifier’’s privacy, since the recent cryptanalysis neglects a subtle difference between two related security notions, namely, verification and screening. This dissertation also points out that this subtle difference is neglected in some research works of signature batch verification as well.
In some signature schemes with sophisticated functionalities, a third participant might be involved. For the privacy of the possible third participant in a digital signature scheme, proxy signatures are taken as an example and a new proxy signature scheme with privacy enhancement to proxy signers is proposed. More precisely, the proposed scheme provides anonymity and unlinkability to proxy signers; in some applications, these two properties also enhance the privacy of the original signer.

關鍵字(中)

★ 環簽章
★ 同步生效式簽章
★ 指定驗證者簽章
★ 混淆性
★ 數位簽章
★ 隱私權
★ 匿名性
★ 代理簽章
★ 密碼學
★ 批次驗證
★ 提名式簽章

關鍵字(英)

★ designated-verifier signatures
★ ambiguity
★ concurrent signatures
★ privacy
★ digital signatures
★ cryptography
★ proxy signatures
★ batch verification
★ anonymity
★ nominative signatures
★ ring signatures

論文目次

1 Introduction (1)
1.1 Motivation of the Research (1)
1.2 Organization of the Dissertation (2)
1.3 Our Contributions (3)
Part I -- Privacy of the Signer (7)
2 Designated Verifier Signatures with Secure Disavowability (9)
2.1 Introduction to Designated Verifier Signatures (9)
2.1.1 Secure disavowability and non-delegatability (11)
2.1.2 Related works (12)
2.2 Introduction to Chameleon Signatures (14)
2.2.1 Chameleon hash functions (14)
2.2.2 Chameleon signatures: a simple construction of DVS (15)
2.3 The Proposed Designated Verifier Signature Scheme (16)
2.3.1 The proposed generic DVS construction (16)
2.3.2 Security analysis of the basic DVS construction (17)
2.3.3 A concrete DVS scheme (18)
2.4 Some Possible Extensions (19)
2.4.1 Flexible disavowability with better privacy (19)
2.4.2 From DVS to strong DVS (20)
3 A Fair Transaction Model by Using Concurrent Signatures (21)
3.1 The Current Transaction Model and Its Drawbacks (21)
3.2 Introduction to Concurrent Signatures (24)
3.2.1 The idea of concurrent signatures (25)
3.2.2 Related works (26)
3.3 A Proposed Variant: Asymmetric Proxy Concurrent Signatures (27)
3.3.1 A concrete asymmetric proxy concurrent signature (28)
3.3.2 Security analysis and some possible variants (30)
3.4 The Proposed Fair Transaction Model (32)
3.4.1 Flows of the proposed model (32)
3.4.2 Practicability and security of the proposed model (33)
4 Protection of Mobile Agent Data Collection by Using Ring Signatures (37)
4.1 Introduction to Data Collection in the Mobile Agent Environment (37)
4.1.1 Related works (39)
4.1.2 Two protocols in the KAG family (40)
4.2 Introduction to Ring Signatures (42)
4.3 The Proposed Protocol with Predetermined Candidate Hosts (43)
4.3.1 A modified ring signature scheme (44)
4.3.2 The proposed protocol (46)
4.4 Analysis of the Proposed Protocol (48)
4.4.1 Security analysis (48)
4.4.2 Possible extensions (49)
4.4.3 Concluding remarks on the proposed protocol (49)
Part II -- Privacy of the Verifier (51)
5 Security Reconsideration of the HW Nominative Signature Scheme (53)
5.1 Introduction to Nominative Signatures (53)
5.1.1 The KPW nominative signature scheme (55)
5.1.2 The HW nominative signature scheme (56)
5.2 Analysis of the SM Cryptanalysis against the HW Scheme (58)
5.2.1 The SM cryptanalysis (58)
5.2.2 Reconsideration of the SM cryptanalysis (59)
5.2.3 Screening by the nominator (61)
5.3 Security Proofs of the HW Scheme (61)
5.3.1 Unforgeability of nominative signature scheme (61)
5.3.2 On cheating nominators (65)
5.3.3 Verification untransferability (66)
5.4 Summary of Security Facts about the HW Scheme (68)
6 Security Analysis of Batch Verification on Identity-Based Signature Schemes (71)
6.1 Introduction to Batch Verification on IBS Schemes (71)
6.1.1 Related works (73)
6.1.2 ID-based signature schemes and batch verification algorithms (75)
6.1.3 The attack model for batch screening (76)
6.2 Cryptanalysis against the Batch Screener of the CDC Scheme (77)
6.2.1 Brief review of the CDC scheme (77)
6.2.2 The proposed attack against the CDC scheme (78)
6.2.3 A flaw of the security proof of the CDC scheme (80)
6.3 Discussions on the CLX Attack (81)
6.4 Summary of Security Analysis (83)
Part III -- Privacy of the Third Participant (85)
7 Privacy of Proxy Signers--Proxy Signatures with Proxy Anonymity and Unlinkability (87)
7.1 Introduction to Proxy Signatures (87)
7.2 The Proposed Proxy Signatures with Unlinkability (90)
7.2.1 The basic construction (91)
7.2.2 Unforgeability of the basic construction (94)
7.2.3 Selfless-anonymity of the basic construction (100)
7.3 Two Possible Variants of the Basic Construction (103)
7.3.1 A backward unlinkable version (103)
7.3.2 A partial delegation with warrant version (107)
Part IV -- Concluding Remarks (111)
8 Summary and Future Works (113)
8.1 Summary of Contributions (113)
8.2 Future Research Directions (114)

參考文獻

[1] David Chaum and Hans Van Antwerpen. Undeniable signatures. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 212-216. Springer, 1990.
[2] Markus Jakobsson, Kazue Sako, and Russell Impagliazzo. Designated verifier proofs and their applications. In Ueli M. Maurer, editor, Advances in Cryptology - EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 143-154. Springer, 1996.
[3] Seungjoo Kim, Sungjun Park, and Dongho Won. Zero-knowledge nominative signatures. In Proceedings of the International Conference on the Theory and Applications of Cryptology, PragoCrypt '96, pages 380-392. Czech Technical University Publishing House, 1996.
[4] Helger Lipmaa, Guilin Wang, and Feng Bao. Designated verifier signature schemes: Attacks, new security notions and a new construction. In Luis Caires, Giuseppe F. Italiano, Luis Monteiro, Catuscia Palamidessi, and Moti Yung, editors, Automata, Languages and Programming, ICALP 2005, volume 3580 of Lecture Notes in Computer Science, pages 459-471. Springer, 2005.
[5] Hugo Krawczyk and Tal Rabin. Chameleon signatures. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2000. The Internet Society, 2000.
[6] Liqun Chen, Caroline Kudla, and Kenneth G. Paterson. Concurrent signatures. In Christian Cachin and Jan Camenisch, editors, Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pages 287-305. Springer, 2004.
[7] Ronald L. Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. In Colin Boyd, editor, Advances in Cryptology - ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 552-565. Springer, 2001.
[8] Zhenjie Huang and Yumin Wang. Convertible nominative signatures. In Huaxiong Wang, Josef Pieprzyk, and Vijay Varadharajan, editors, Information Security and Privacy, ACISP 2004, volume 3108 of Lecture Notes in Computer Science, pages 348-357. Springer, 2004.
[9] Willy Susilo and Yi Mu. On the security of nominative signatures. In Colin Boyd and Juan Manuel Gonzalez Nieto, editors, Information Security and Privacy, ACISP 2005, volume 3574 of Lecture Notes in Computer Science, pages 329-335. Springer, 2005.
[10] Mihir Bellare, Juan A. Garay, and Tal Rabin. Fast batch verification for modular exponentiation and digital signatures. In Kaisa Nyberg, editor, Advances in Cryptology - EUROCRYPT '98, volume 1403 of Lecture Notes in Computer Science, pages 236-250. Springer, 1998.
[11] Masahiro Mambo, Keisuke Usuda, and Eiji Okamoto. Proxy signatures for delegating signing operation. In Li Gong and Jacques Stern, editors, Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS '96, pages 48-57. ACM, 1996.
[12] Seungjoo Kim, Sangjoon Park, and Dongho Won. Proxy signatures, revisited. In Yongfei Han, Tatsuaki Okamoto, and Sihan Qing, editors, Information and Communication Security, ICICS '97, volume 1334 of Lecture Notes in Computer Science, pages 223-232. Springer, 1997.
[13] Shi Cui, Pu Duan, and Choong Wah Chan. An efficient identity-based signature scheme with batch verifications. In Proceedings of the First International Conference on Scalable Information Systems, InfoScale 2006, volume 152 of ACM International Conference Proceeding Series. ACM, 2006. Article No. 22.
[14] Tianjie Cao, Dongdai Lin, and Rui Xue. Security analysis of some batch verifying signatures from pairings. International Journal of Network Security, 3(2):112-117, 2006.
[15] HyoJin Yoon, Jung Hee Cheon, and Yongdae Kim. Batch verifications with ID-based signatures. In Choonsik Park and Seongtaek Chee, editors, Information Security and Cryptology - ICISC 2004, volume 3506 of Lecture Notes in Computer Science, pages 233-248. Springer, 2005.
[16] Dan Boneh and Hovav Shacham. Group signatures with verifier-local revocation. In Vijayalakshmi Atluri, Birgit Pfitzmann, and Patrick Drew McDaniel, editors, Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004. ACM, 2004.
[17] David Chaum. Zero-knowledge undeniable signatures. In Ivan Damgard, editor, Advances in Cryptology - EUROCRYPT '90, volume 473 of Lecture Notes in Computer Science, pages 458-464. Springer, 1991.
[18] David Chaum. Designated confirmer signatures. In Alfredo De Santis, editor, Advances in Cryptology - EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 86-91. Springer, 1995.
[19] Markus Michels and Markus Stadler. Efficient convertible undeniable signature schemes. In C. Adams and M. Just, editors, Proceedings of the 4th International Workshop on Selected Areas in Cryptography, SAC '97, pages 231-244, 1997.
[20] Yong Li, Helger Lipmaa, and Dingyi Pei. On delegatability of four designated verifier signatures. In Sihan Qing, Wenbo Mao, Javier Lopez, and Guilin Wang, editors, Information and Communications Security, ICICS 2005, volume 3783 of Lecture Notes in Computer Science, pages 61-71. Springer, 2005.
[21] Shahrokh Saeednia, Steve Kremer, and Olivier Markowitch. An efficient strong designated verifier signature scheme. In Jong In Lim and Dong Hoon Lee, editors, Information Security and Cryptology - ICISC 2003, volume 2971 of Lecture Notes in Computer Science, pages 40-54. Springer, 2004.
[22] Willy Susilo, Fangguo Zhang, and Yi Mu. Identity-based strong designated verifier signature schemes. In Huaxiong Wang, Josef Pieprzyk, and Vijay Varadharajan, editors, Information Security and Privacy, ACISP 2004, volume 3108 of Lecture Notes in Computer Science, pages 313-324. Springer, 2004.
[23] Fabien Laguillaumie and Damien Vergnaud. Designated verifier signatures: Anonymity and efficient construction from any bilinear map. In Carlo Blundo and Stelvio Cimato, editors, Security in Communication Networks, SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 105-119. Springer, 2005.
[24] Ron Steinfeld, Laurence Bull, Huaxiong Wang, and Josef Pieprzyk. Universal designated-verifier signatures. In Chi-Sung Laih, editor, Advances in Cryptology - ASIACRYPT 2003, volume 2894 of Lecture Notes in Computer Science, pages 523-542. Springer, 2003.
[25] Xinyi Huang, Willy Susilo, Yi Mu, and Futai Zhang. Short (identity-based) strong designated verifier signature schemes. In Kefei Chen, Robert H. Deng, Xuejia Lai, and Jianying Zhou, editors, Information Security Practice and Experience, ISPEC 2006, volume 3903 of Lecture Notes in Computer Science, pages 214-225. Springer, 2006.
[26] K. Phani Kumar, G. Shailaja, and Ashutosh Saxena. Identity based strong designated verifier signature scheme. Cryptology ePrint Archive, Report 2006/134, 2006. Available at http://eprint.iacr.org/2006/134.
[27] Jianhong Zhang and Jane Mao. A novel id-based designated verifier signature scheme. Information Sciences, 178:766-773, 2008.
[28] Fabien Laguillaumie and Damien Vergnaud. Multi-designated verifiers signatures. In Javier Lopez, Sihan Qing, and Eiji Okamoto, editors, Information and Communications Security, ICICS 2004, volume 3269 of Lecture Notes in Computer Science, pages 495-507. Springer, 2004.
[29] Giuseppe Ateniese and Breno de Medeiros. Identity-based chameleon hash and applications. In Ari Juels, editor, Financial Cryptography, FC 2004, volume 3110 of Lecture Notes in Computer Science, pages 164-180. Springer, 2004.
[30] Giuseppe Ateniese and Breno de Medeiros. On the key exposure problem in chameleon hashes. In Carlo Blundo and Stelvio Cimato, editors, Security in Communication Networks, SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 165-179. Springer, 2005.
[31] Xiaofeng Chen, Fangguo Zhang, and Kwangjo Kim. Chameleon hashing without key exposure. In Kan Zhang and Yuliang Zheng, editors, Information Security, ISC 2004, volume 3225 of Lecture Notes in Computer Science, pages 87-98. Springer, 2004.
[32] Mihir Bellare and Phillip Rogaway. The exact security of digital signatures - how to sign with rsa and rabin. In Ueli M. Maurer, editor, Advances in Cryptology - EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 399-416. Springer, 1996.
[33] Oded Goldreich. A simple protocol for signing contracts. In David Chaum, editor, Advances in Cryptology - CRYPTO '83, pages 133-136. Plenum Press, 1984.
[34] N. Asokan, Victor Shoup, and Michael Waidner. Optimistic fair exchange of digital signatures. In Kaisa Nyberg, editor, Advances in Cryptology - EUROCRYPT '98, volume 1403 of Lecture Notes in Computer Science, pages 591-606. Springer, 1998.
[35] Khanh Nguyen. Asymmetric concurrent signatures. In Sihan Qing,Wenbo Mao, Javier Lopez, and Guilin Wang, editors, Information and Communications Security, ICICS 2005, volume 3783 of Lecture Notes in Computer Science, pages 181-193. Springer, 2005.
[36] Willy Susilo, Yi Mu, and Fangguo Zhang. Perfect concurrent signature schemes. In Javier Lopez, Sihan Qing, and Eiji Okamoto, editors, Information and Communications Security, ICICS 2004, volume 3269 of Lecture Notes in Computer Science, pages 14-26. Springer, 2004.
[37] Guilin Wang, Feng Bao, and Jianying Zhou. The fairness of perfect concurrent signatures. In Peng Ning, Sihan Qing, and Ninghui Li, editors, Information and Communications Security, ICICS 2006, volume 4307 of Lecture Notes in Computer Science, pages 435-451. Springer, 2006.
[38] Sherman S. M. Chow and Willy Susilo. Generic construction of (identity-based) perfect concurrent signatures. In Sihan Qing, Wenbo Mao, Javier Lopez, and Guilin Wang, editors, Information and Communications Security, ICICS 2005, volume 3783 of Lecture Notes in Computer Science, pages 194-206. Springer, 2005.
[39] Sherman S. M. Chow and Willy Susilo. Generic construction of (identity-based) perfect concurrent signatures. Cryptology ePrint Archive, Report 2006/361, 2006. Available at http://eprint.iacr.org/2006/361.
[40] Zhenjie Huang, Kefei Chen, and Yumin Wang. Analysis and improvements of two identity-based perfect concurrent signature schemes. Cryptology ePrint Archive, Report 2006/353, 2006. Available at http://eprint.iacr.org/2006/353.
[41] Huanzhong Huang. Concurrent signatures: Security notions, analysis, and construction issues. Master's thesis, National Central University, Taiwan, R.O.C., 2008.
[42] Yen-Chang Chen and Sung-Ming Yen. Balanced concurrent signature. In Proceedings of the 16th Information Security Conference, ISC 2006 (Taichung, Taiwan), 2006.
[43] Huanzhong Huang, Hsi-Chung Lin, and Sung-Ming Yen. On the possibility of constructing a concurrent signature scheme from a conditional signature scheme. In Proceedings of the 18th Cryptology and Information Security Conference, CISC 2008 (Hualien, Taiwan), pages 97-107, 2008.
[44] Marek Klonowski, Miroslaw Kutylowski, Anna Lauks, and Filip Zagorski. Conditional digital signatures. In Sokratis K. Katsikas, Javier Lopez, and Gunther Pernul, editors, Trust, Privacy and Security in Digital Business, TrustBus 2005, volume 3592 of Lecture Notes in Computer Science, pages 206-215. Springer, 2005.
[45] Dongvu Tonien, Willy Susilo, and Reihaneh Safavi-Naini. Multi-party concurrent signatures. In Sokratis K. Katsikas, Javier Lopez, Michael Backes, Stefanos Gritzalis, and Bart Preneel, editors, Information Security, ISC 2006, volume 4176 of Lecture Notes in Computer Science, pages 131-145. Springer, 2006.
[46] Chieh-Tai Shieh, Hsi-Chung Lin, and Sung-Ming Yen. Fair multi-party concurrent signatures. In Proceedings of the 18th Cryptology and Information Security Conference, CISC 2008 (Hualien, Taiwan), pages 108-118, 2008.
[47] Hung-Min Sun and Bin-Tsan Hsieh. Remarks on two nonrepudiable proxy signature schemes. In Proceedings of the 9th National Conference on Information Security, pages 241-246, 1999.
[48] Chung-Pei Hung. On the design of proxy signatures. Master's thesis, National Central University, Taiwan, R.O.C., 2001.
[49] Wayne Jansen and Tom Karygiannis. NIST special publication 800-19-mobile agent security. Technical report, National Institute of Standards and Technology, October 1999.
[50] Gunter Karjoth, N. Asokan, and Ceki Gulcu. Protecting the computation results of free-roaming agents. In Kurt Rothermel and Fritz Hohl, editors, Mobile Agents, MA'98, volume 1477 of Lecture Notes in Computer Science, pages 195-207. Springer, 1999.
[51] Bennet S. Yee. A sanctuary for mobile agents. In Secure Internet Programming, pages 261-273, 1999.
[52] Sergio Loureiro, Refik Molva, and Alain Pannetrat. Secure data collection with updates. Electronic Commerce Research, 1(1-2):119-130, 2001.
[53] Gunter Karjoth. Secure mobile agent-based merchant brokering in distributed marketplaces. In David Kotz and Friedemann Mattern, editors, Agent Systems, Mobile Agents, and Applications, ASA/MA 2000, volume 1882 of Lecture Notes in Computer Science, pages 44-56. Springer, 2000.
[54] Volker Roth. On the robustness of some cryptographic protocols for mobile agent protection. In Gian Pietro Picco, editor, Mobile Agents, MA 2001, volume 2240 of Lecture Notes in Computer Science, pages 1-14. Springer, 2002.
[55] Volker Roth. Programming Satan's agent. Electronic Notes in Theoretical Computer Science, 63:124-139, 2002.
[56] Neeran M. Karnik and Anand R. Tripathi. Security in the Ajanta mobile agent system. Software: Practice & Experience, 31(4):301-329, 2001.
[57] Jeff S. L. Cheng and Victor K. Wei. Defenses against the truncation of computation results of free-roaming agents. In Robert H. Deng, Sihan Qing, Feng Bao, and Jianying Zhou, editors, Information and Communications Security, ICICS 2002, volume 2513 of Lecture Notes in Computer Science, pages 1-12. Springer, 2002.
[58] Paolo Maggi and Riccardo Sisto. A configurable mobile agent data protection protocol. In The Second International Joint Conference on Autonomous Agents & MultiAgent Systems, AAMAS 2003, pages 851-858. ACM, 2003.
[59] Jong-Youl Park, Dong-Ik Lee, and Hyung-Hyo Lee. Data protection in mobile agents: One-time key-based approach. In Proceedings of the 5th International Sympoisum on Autonomous Decentralized Systems, ISADS 2001, pages 411-418. IEEE Computer Society, 2001.
[60] David Chaum and Eugµene van Heyst. Group signatures. In Donald W. Davies, editor, Advances in Cryptology - EUROCRYPT '91, volume 547 of Lecture Notes in Computer Science, pages 257-265. Springer, 1991.
[61] Hsi-Chung Lin, Sung-Ming Yen, and Yi-Hsiung Huang. Security of Huang-Wang nominative signature scheme-revisited. In Proceedings of the 16th Information Security Conference, ISC 2006 (Taichung, Taiwan), 2006.
[62] Lifeng Guo, Guilin Wang, and Duncan S. Wong. Further discussions on the security of a nominative signature scheme. Cryptology ePrint Archive, Report 2006/007, 2006. Available at http://eprint.iacr.org/2006/007.
[63] Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 239-252. Springer, 1990.
[64] Jan Camenisch. Efficient and generalized group signatures. In Walter Fumy, editor, Advances in Cryptology - EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 465-479. Springer, 1997.
[65] Dan Boneh. The decision Diffie-Hellman problem. In Joe Buhler, editor, Algorithmic Number Theory, ANTS-III, volume 1423 of Lecture Notes in Computer Science, pages 48-63. Springer, 1998.
[66] Adi Shamir. Identity-based cryptosystems and signature schemes. In G. R. Blakley and David Chaum, editors, Advances in Cryptology - CRYPTO '84, volume 196 of Lecture Notes in Computer Science, pages 47-53. Springer, 1985.
[67] Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In Colin Boyd, editor, Advances in Cryptology - ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 514-532. Springer, 2001.
[68] Sung-Ming Yen and Chi-Sung Laih. Improved digital signature suitable for batch verification. IEEE Transactions on Computers, 44(7):957-959, 1995.
[69] David Naccache, David M'Raihi, Serge Vaudenay, and Dan Raphaeli. Can D.S.A. be improved? complexity trade-offs with the digital signature standard. In Alfredo De Santis, editor, Advances in Cryptology - EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 77-85. Springer, 1995.
[70] Amos Fiat. Batch RSA. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 175-185. Springer, 1990.
[71] Fangguo Zhang and Kwangjo Kim. Efficient ID-based blind signature and proxy signature from bilinear pairings. In Reihaneh Safavi-Naini and Jennifer Seberry, editors, Information Security and Privacy, ACISP 2003, volume 2727 of Lecture Notes in Computer Science, pages 312-323. Springer, 2003.
[72] Fangguo Zhang, Reihaneh Safavi-Naini, and Willy Susilo. Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In Thomas Johansson and Subhamoy Maitra, editors, Progress in Cryptology - INDOCRYPT 2003, volume 2904 of Lecture Notes in Computer Science, pages 191-204. Springer, 2003.
[73] Jae Choon Cha and Jung Hee Cheon. An identity-based signature from gap Diffie-Hellman groups. In Yvo Desmedt, editor, Public Key Cryptography - PKC 2003, volume 2567 of Lecture Notes in Computer Science, pages 18-30. Springer, 2002.
[74] Shigeo Mitsunari, Ryuichi Sakai, and Masao Kasahara. A new traitor tracing. IEICE Trans on Fundamentals of Electronics, Communications and Computer Sciences, E85-A(2):481-484, 2002.
[75] Jung Hee Cheon and Dong Hoon Lee. Use of sparse and/or complex exponents in batch verification of exponentiations. IEEE Transactions on Computers, 55(12):1536-1542, 2006.
[76] Fangguo Zhang, Reihaneh Safavi-Naini, and Willy Susilo. An efficient signature scheme from bilinear pairings and its applications. In Feng Bao, Robert H. Deng, and Jianying Zhou, editors, Public Key Cryptography - PKC 2004, volume 2947 of Lecture Notes in Computer Science, pages 277-290. Springer, 2004.
[77] Toru Nakanishi and Nobuo Funabiki. Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In Bimal K. Roy, editor, Advances in Cryptology - ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science, pages 533-548. Springer, 2005.
[78] Dan Boneh and Xavier Boyen. Short signatures without random oracles. In Christian Cachin and Jan Camenisch, editors, Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pages 56-73. Springer, 2004.
[79] Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Matthew K. Franklin, editor, Advances in Cryptology - CRYPTO 2004, volume 3152 of Lecture Notes in Computer Science, pages 41-55. Springer, 2004.
[80] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Advances in Cryptology - CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 186-194. Springer, 1987.
[81] Toru Nakanishi and Nobuo Funabiki. A short verifier-local revocation group signature scheme with backward unlinkability. In Hiroshi Yoshiura, Kouichi Sakurai, Kai Rannenberg, Yuko Murayama, and Shin ichi Kawamura, editors, Advances in Information and Computer Security, IWSEC 2006, volume 4266 of Lecture Notes in Computer Science, pages 17-32. Springer, 2006.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2008-7-22

推文