带关键字搜索公钥加密的研究
|
摘要
带关键字搜索公钥加密最先由Boneh, Crescenzo, Ostrovsky和Persiano在欧洲密码会议Eurocrypt2004年会上提出,它能够让服务者搜索密文中是否包含某个加密后的关键字,并且不泄露密文中的原始数据信息以及关键字信息。带关键字搜索公钥加密在现实中有广泛的应用前景。比如:邮件智能路由,带关键字搜索公钥加密提供了一种接收者赋予邮件服务者能够测试原始邮件中是否包含特定关键字的机制,但是同时服务者不能了解到关于邮件本身和关键字的任何内容。
在近几年的发展中,带关键字搜索公钥加密已经取得了不少成果,但是还有很多问题亟待解决,相关研究者也提出了许多关于带关键字搜索公钥加密的公开问题。为此,本文首先对带关键字搜索公钥加密自身的安全性问题展开研究,包括无安全信道,陷门撤销,关键字猜测攻击等问题;接着研究了带关键字搜索加密(PEKS)与公钥加密(PKE)结合的方案;最后研究了带关键字搜索加密(PEKS)与条件代理重加密(CPRE)结合的方案。主要研究成果如下:
1、带关键字搜索加密自身安全性:
本文构造了标准模型下安全且有效的无安全信道的带关键字搜索公钥加密方案。接着,本文通过增加测试查询增强了安全模型,并提出了在增强的安全模型下可证安全的新方案。针对关键字猜测攻击,本文首次形式化地定义了抗关键字猜测攻击的无安全信道的带关键字搜索公钥加密方案强安全模型,接着在这一强模型下构造了方案并证明其安全性。解决了Byun等人在SDM2006提出的关于构造抗关键字猜测攻击的带关键字搜索公钥加密方案的公开问题。带关键字搜索公钥加密方案中接收者在发出陷门给服务者之后,无法高效地撤销陷门,影响了带关键字搜索公钥加密的应用。本文构造了一个可高效撤销的无安全信道的带关键字搜索公钥加密方案。
2、带关键字搜索加密(PEKS)与公钥加密(PKE)结合的方案:
通常的带关键字搜索公钥加密方案并不提供加解密数据,所以需要把带关键字搜索公钥加密方案和公钥加密方案结合起来,而简单的结合无法保证密文的一致性和高效性。针对这一问题,本文提出了标准模型下高效的可解密的带关键字搜索公钥加密方案。
3、带关键字搜索加密(PEKS)与条件代理重加密(CPRE)结合的方案:
本文把带关键字搜索公钥加密方案与条件代理重加密方案进行结合,提出了带关键字搜索的匿名条件代理重加密方案,使得代理重加密方案可以适应关键字搜索的应用,保护了关键字的隐私性。从而解决了Weng等人在ASIACCS2009年会上提出的关于构造匿名条件代理重加密方案的公开问题。
The public key encryption with keyword Search (PEKS) scheme, proposedby Boneh, Crescenzo, Ostrovsky and Persiano, enables one to search forencrypted keywords without compromising the security of the original data.PEKS schemes can be widely used and deployed in many practicalapplications. An interesting application of PEKS is intelligent email routing.PEKS provides a mechanism that enables Receiver to provide the gatewaywith the ability to test whether “urgent” is a keyword in the original email,but additionally, the gateway should learn nothing else about the email itself.
Recent years, public key encryption with keyword search system, due to itsunique advantages, has been extensive researched and applied. But in publickey encryption with keyword search system, there are still manyshortcomings and imperfections. Many open problems remain. Thus, wefirstly study the security problem like secure channel free, trapdoorrevocation, and keyword guessing attack in public key encryption withkeyword search itself. Secondly, we study the combination of PEKS andPKE. Thirdly, we study the combination of PEKS and C-PRE. The maincontributions of this research are as follows.
Firstly, in the public key encryption with keyword search itself, we presentan efficient and secure channel free public key encryption with keywordsearch scheme without random oracle. Furthermore, seeing that the securitymodel for secure channel free public key encryption with keyword searchlimits the ability of the adversary, we enhance the security model by addinga Test oracle. We also construct a new secure channel free public keyencryption with keyword search scheme secure in the enhanced securitymodel.
With regard to keyword guessing attack, we define the first formal security model of PEKS which is secure channel free and secure against keywordguessing attack. Then, we present an efficient and secure PEKS schemesecure under this model. This scheme answers an open problem at SDM2006which proposed by Byun et al. on how to construct efficient PEKSsecure against keyword guessing attacks.
Since it is difficult to revoke the trapdoor effectively when the receiversends out the trapdoor to the server in PEKS system, this thesis proposes asecure channel free PEKS scheme with efficient revocation.
Secondly, we study the combination of PEKS and PKE. Usually, a PEKSscheme does not allow the user to decrypt the encrypted massage, and this"no-decryption" property also limits the applicability of a PEKS scheme. Soit is desired to combine the PEKS scheme with public key encryption.However, a simple combination cannot ensure the consistency andefficiency for the ciphertext. To solve the problem, this thesis presents anefficient searchable encryption scheme with decryption (PEKSD) secureunder the standard model.
Thirdly, we study the combination of PEKS and C-PRE (Conditional ProxyRe-encryption). By combining C-PRE and PEKS, we propose a newcryptographic primitive called conditional proxy re-encryption withkeyword search (C-PRES). In C-PRES scheme, the proxy can search forencrypted keywords without compromising the security of the original data.Thus, we solved the interesting open problem left by Weng et al. atASIACCS2009on how to construct CCA-secure anonymous conditionalproxy re-encryption scheme.
在近几年的发展中,带关键字搜索公钥加密已经取得了不少成果,但是还有很多问题亟待解决,相关研究者也提出了许多关于带关键字搜索公钥加密的公开问题。为此,本文首先对带关键字搜索公钥加密自身的安全性问题展开研究,包括无安全信道,陷门撤销,关键字猜测攻击等问题;接着研究了带关键字搜索加密(PEKS)与公钥加密(PKE)结合的方案;最后研究了带关键字搜索加密(PEKS)与条件代理重加密(CPRE)结合的方案。主要研究成果如下:
1、带关键字搜索加密自身安全性:
本文构造了标准模型下安全且有效的无安全信道的带关键字搜索公钥加密方案。接着,本文通过增加测试查询增强了安全模型,并提出了在增强的安全模型下可证安全的新方案。针对关键字猜测攻击,本文首次形式化地定义了抗关键字猜测攻击的无安全信道的带关键字搜索公钥加密方案强安全模型,接着在这一强模型下构造了方案并证明其安全性。解决了Byun等人在SDM2006提出的关于构造抗关键字猜测攻击的带关键字搜索公钥加密方案的公开问题。带关键字搜索公钥加密方案中接收者在发出陷门给服务者之后,无法高效地撤销陷门,影响了带关键字搜索公钥加密的应用。本文构造了一个可高效撤销的无安全信道的带关键字搜索公钥加密方案。
2、带关键字搜索加密(PEKS)与公钥加密(PKE)结合的方案:
通常的带关键字搜索公钥加密方案并不提供加解密数据,所以需要把带关键字搜索公钥加密方案和公钥加密方案结合起来,而简单的结合无法保证密文的一致性和高效性。针对这一问题,本文提出了标准模型下高效的可解密的带关键字搜索公钥加密方案。
3、带关键字搜索加密(PEKS)与条件代理重加密(CPRE)结合的方案:
本文把带关键字搜索公钥加密方案与条件代理重加密方案进行结合,提出了带关键字搜索的匿名条件代理重加密方案,使得代理重加密方案可以适应关键字搜索的应用,保护了关键字的隐私性。从而解决了Weng等人在ASIACCS2009年会上提出的关于构造匿名条件代理重加密方案的公开问题。
The public key encryption with keyword Search (PEKS) scheme, proposedby Boneh, Crescenzo, Ostrovsky and Persiano, enables one to search forencrypted keywords without compromising the security of the original data.PEKS schemes can be widely used and deployed in many practicalapplications. An interesting application of PEKS is intelligent email routing.PEKS provides a mechanism that enables Receiver to provide the gatewaywith the ability to test whether “urgent” is a keyword in the original email,but additionally, the gateway should learn nothing else about the email itself.
Recent years, public key encryption with keyword search system, due to itsunique advantages, has been extensive researched and applied. But in publickey encryption with keyword search system, there are still manyshortcomings and imperfections. Many open problems remain. Thus, wefirstly study the security problem like secure channel free, trapdoorrevocation, and keyword guessing attack in public key encryption withkeyword search itself. Secondly, we study the combination of PEKS andPKE. Thirdly, we study the combination of PEKS and C-PRE. The maincontributions of this research are as follows.
Firstly, in the public key encryption with keyword search itself, we presentan efficient and secure channel free public key encryption with keywordsearch scheme without random oracle. Furthermore, seeing that the securitymodel for secure channel free public key encryption with keyword searchlimits the ability of the adversary, we enhance the security model by addinga Test oracle. We also construct a new secure channel free public keyencryption with keyword search scheme secure in the enhanced securitymodel.
With regard to keyword guessing attack, we define the first formal security model of PEKS which is secure channel free and secure against keywordguessing attack. Then, we present an efficient and secure PEKS schemesecure under this model. This scheme answers an open problem at SDM2006which proposed by Byun et al. on how to construct efficient PEKSsecure against keyword guessing attacks.
Since it is difficult to revoke the trapdoor effectively when the receiversends out the trapdoor to the server in PEKS system, this thesis proposes asecure channel free PEKS scheme with efficient revocation.
Secondly, we study the combination of PEKS and PKE. Usually, a PEKSscheme does not allow the user to decrypt the encrypted massage, and this"no-decryption" property also limits the applicability of a PEKS scheme. Soit is desired to combine the PEKS scheme with public key encryption.However, a simple combination cannot ensure the consistency andefficiency for the ciphertext. To solve the problem, this thesis presents anefficient searchable encryption scheme with decryption (PEKSD) secureunder the standard model.
Thirdly, we study the combination of PEKS and C-PRE (Conditional ProxyRe-encryption). By combining C-PRE and PEKS, we propose a newcryptographic primitive called conditional proxy re-encryption withkeyword search (C-PRES). In C-PRES scheme, the proxy can search forencrypted keywords without compromising the security of the original data.Thus, we solved the interesting open problem left by Weng et al. atASIACCS2009on how to construct CCA-secure anonymous conditionalproxy re-encryption scheme.
引文
[1] National Bureau of Standards. Federal Information Processing StandardPublication46: Data Encryption Standard (DES)[S].1977.
[2] Diffie W, Hellman M E. New directions in cryptography. IEEETransaction on Information Theory,1976,22(6):644-654.
[3] Rivest R L, Shamir A, Adleman L. A Method for Obtaining DigitalSignatures and Public-Key Cryptosystems. Communications of the ACM,February1978,21(2):120-126.
[4] Rbain, M O. Digitalized Signatures and Public-Key Functions asIntractable as Factorization. MIT Laboratory for computer Science,Technical Report, MIT/LC-S/TR212, Jan.1979.
[5] ElGamal T. A public key cryptosystem and a signature scheme based ondiscrete logarithms. IEEE Transaction on Information Theory,1985,31(4):469-472.
[6] Miller V S. Use of elliptic curve in cryptosystems. Advances inCryptology-CRYPTO85, LNCS218, Berlin:Springer-Verlag,1986:417-426.
[7] Koblitz N, Elliptic curve cryptosystems. Mathematics of Compution,1987,48(177):203-209.
[8] Koblitz N. Hyperelliptic cryptography. J.of Crypto,1989,1(3):139-150.
[9] Shamir A. Identity-based cryptosystems and signature schemes. Proc. ofCRYPTO84. Heidelberg: Springer-Verlag,1985:47-53.
[10] N. Cao, C. Wang, M. Li, K. Ren and W. Lou. Privacy-preservingmulti-keyword ranked search over encrypted cloud data, Proc. ofINFOCOM2011,2011:829-837.
[11] C. Dong, Gi. Russello and N. Dulay. Shared and searchableencrypted data for untrusted servers. Journal of Computer Security,2011:367-397.
[12] Seny Kamara and Kristin Lauter. Cryptographic Cloud Storage. Proc.of Workshop on Real-Life Cryptographic Protocols and Standardization2010, Microsoft Research.
[13] D. Boneh, G. Di Crescenzo, R. Ostrovsky, G Persiano. Public KeyEncryption with Keyword Search[C]. In Proc. of EUROCRYPT2004.LNCS3027, Heidelberg: Springer-Verlag,2004:506-522.
[14] B. Waters, D. Balfanz, G. Durfee, D. Smetters. Building anEncrypted and Searchable Audit Log[C]. Network and DistributedSystem Security Symposium (NDSS2004),(2004)
[15] P. Golle, J. Staddon, B. Waters. Secure Conjunctive Search overEncrypted Data[C]. In Proc. of ACNS2004. LNCS3089, Heidelberg:Springer,2004:3145.
[16] D.J. Park, K. Kim, P.J. Lee. Public Key Encryption with ConjunctiveField Keyword Search. In: Lim, C.H., Yung, M.(eds.), Proc. ofInformation Security Applications,5th International Workshop, WISA2004. LNCS3325, Springer-Verlag,2005:73-86.
[17] B. Zhang, F. Zhang. An efficient public key encryption withconjunctive-subset keywords search. Journal of Network and ComputerApplications,2011,34(1):262-267.
[18] D. Boneh and B. Waters. Conjunctive, subset, and range queries onencrypted data. Proc. of TCC2007. LNCS4392, Springer-Verlag,2007:535-554.
[19] J. Baek, R. Safavi-Naini and W. Susilo. On the Integration of PublicKey Data Encryption and Public Key Encryption with Keyword Search.Proc. of9th Information Security Conference, ISC2006, LNCS4176,Springer-Verlag,2006:217-232.
[20] T. Fuhr and P. Paillier. Decryptable searchable encryption. Proc. ofFirst International Conference on Provable Security, ProvSec2007,LNCS4784, Springer-Verlag,2007:228-236.
[21] D. Hofheinz and E. Weinreb. Searchable encryption with decryptionin the standard model. Cryptology ePrint Archive, Report2008/423.2008. http://eprint.iacr.org/2008/423.
[22] R. Zhang and H. Imai. Generic combination of public key encryptionwith keyword search and public key encryption. Proc. of Cryptology andNetwork Security,6th International Conference, CANS2007, LNCS4856, Springer-Verlag,2007:159-174.
[23] W. C. Yau, R.Phan, S.H. Heng and B. Goi. Proxy Re-encryption withKeyword Search: New Definitions and Algorithms. Journal of Securityand Its Applications,2011,5(2):149-160.
[24] J. Shao, Z. Cao, X. Liang, H. Lin. Proxy re-encryption with keywordsearch. Information Sciences,2010,180(13):2576-2587.
[25] J. Baek, R. Safavi-Naini and W. Susilo. Public Key Encryption withKeyword Search Revisited[C]. In Proc. of Applied Cryptography andInformation Security06(ACIS2006), LNCS5072, Springer-Verlag,2008:1249-1259.
[26] C. Gu, Y Zhu, and H. Pan. Efficient Public Key Encryption withKeyword Search Schemes from Pairings[C]. In Proc. of InformationSecurity and Cryptology: Third SKLOIS Conference, Inscrypt2007,LNCS4990, Springer-Verlag,2007:372-383.
[27] H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee. Improvedsearchable public key encryption with designated tester. Proc. of the4thinternational Symposium on information, Computer, andCommunications Security, ASIACCS2009, ACM, New York, NY,2009:376-379.
[28] H. S. Rhee, W. Susilo and H-J. Kim. Secure searchable public keyencryption scheme against keyword guessing attacks. IEICE Electron,2009,6(5):237-243.
[29] J.W. Byun, H.S. Rhee, H. A. Park, and D.H. Lee. Off-LineKeyword Guessing Attacks on Recent Keyword Search Schemes overEncrypted Data. Proc. of3rdVLDB Workshop on Secure DataManagement, SDM2006,. LNCS4165, Springer-Verlag,2006:75-83.
[30] W. C. Yau, S. H. Heng and B. Goi. Off-Line Keyword GuessingAttacks on Recent Public Key Encryption with Keyword SearchSchemes. Proc. of The5th International Conference on Autonomic andTrusted Computing, ATC2008, LNCS5060, Springer-Verlag,2008:100-105.
[31] J. Weng, R.H. Deng, C. Chu, X. Ding, J. Lai. Conditional proxyre-encryption secure against chosen-ciphertext attack. Proc. of the4thInternational Symposium on ACM Symposium on Information, Computerand Communications Security (ASIACCS2009),2009:322-332.
[32] Boneh D, Franklin MK. Identity-based encryption from the Weilpairing. Proc. of the21st Annual International Cryptology Conference.LNCS2139, Heidelberg: Springer-Verlag,2001:213-229.
[33] Gentry C. Practical identity-based encryption without randomoracles. In Proc. of EUROCRYPT2006, LNCS4004, Springer-Verlag,2006:457-464.
[34] Kiltz E, Vahlis Y. CCA2Secure IBE: Standard model efficiencythrough authenticated symmetric encryption. In Proc. of CT-RSA2008,LNCS4964, Springer-Verlag,2008:221-238.
[35] R. Canetti, S. Halevi, and J. Katz. Chosen-Ciphertext Security fromIdentity-Based Encryption. EUROCRYPT2004, LNCS3027, Heidelberg:Springer,2004:202-222.
[36] B. Libert, D. Vergnaud. Unidirectional chosen-ciphertext secureproxy re-encryption. Proc. of PKC2008, LNCS4939, Heidelberg:Springer,2008:360-379.
[37] Y. Dodis, A. Yampolskiy. A verifiable random function with shortproofs and keys. Proc. of PKC2005, LNCS3386, Heidelberg: Springer,2005:416-431.
[38]冯登国.可证安全性理论与方法研究.软件学报,2005,16(10):1743-1756.
[39]鲁力,胡磊.基于Weil对的多接收者公钥加密方案.软件学报,2008,19(8):2159-2166.
[40] Fiat A, Shamir A. How to prove yourself: Practical solutions toidentification and signature problems. In Advances inCryptology-Crypto’86, LNCS.263, Berlin:Springer-Verlag,1986.
[41] Mihir Bellare, Phillip Rogaway. Random oracles are practical:Aparadigm for designing efficient protocols. In Proceedings of the FirstACM Conference on Computer and Communications Security, ACMPress, New York, USA,1993:62-73.
[42] Miller V S. Use of elliptic curve in cryptosystems. Advances inCryptology-CRYPTO85, LNCS218, Berlin:Springer-Verlag,1986:417-426.
[43] Moni Naor, Moti Yung. Public-key cryptosystems provably secureagainst chosen ciphertext attacks. In22nd Annual ACM Symposium onTheory of Computing, ACM Press, New York, USA,1990:427-437.
[44] Rackoff C, Simon D. Non-interactive Zero-knowledge Proof ofKnowledge and Chosen Ciphertext Attack. In Advances inCryptology-CRYPTO’91, LNCS576, Berlin:Springer-Verlag,1991:433-444.
[45] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J.Malone-Lee, G. Neven, P. Paillier, and H. Shi. Searchable EncryptionRevisited: Consistency Properties, Relation to Anonymous IBE andExtension[sC]. In Proc. of CRYPTO2005, LNCS3621, Springer-Verlag,2005:205-222.
[46] Martijn Maas. Pairing-Based Cryptography.2004.
[47] Bellare, M., Boldyreva, A., Desai, A., and Pointcheval, D.2001.Key-Privacy in Public-Key Encryption. In Proceedings of the7thinternational Conference on the theory and Application of Cryptologyand information Security: Advances in Cryptology (December09-13,2001). C. Boyd, LNCS2248, London:Springer-Verlag,566-582.
[48] Ueli M. Maurer and Yacov Yacobi. A non-interactive public-keydistribution system. Des. Codes Cryptography,1996,9(3):305-316.
[49] Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-securepublic-key encryption scheme. In Eli Biham, editor, EUROCRYPT,LNCS2656, Springer,2003:255-271.
[50] Boneh D, Boyen X. Efficient selective-ID Identity based encryptionwithout random oracles. In Proc. of EUROCRYPT2004, LNCS3027,Springer-Verlag,2004:223-238.
[51] Waters B. Efficient identity based encryption without random oracles.In Proc. of EUROCRYPT2005, LNCS3494, Springer-Verlag,2005:114-127.
[52] David Naccache. Secure and practical identity-based encryption.CoRR, abs/cs/0510042,2005.
[53] Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. ofEUROCRYPT2005, LNCS3494, Springer-Verlag,2005:457-473.
[54] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryptionfor fine-grained access control of encrypted data. In Proc. of CCS,89-98,New York, ACM Press,2006:221-238.
[55] Pirretti M, Traynor P, McDaniel P, Waters B. Secure Attribute-BasedSystems. In Proc. of ACM CCS'06, ACM,2006:99-112.
[56] Baek J, Susilo W, Zhou J. New constructions of fuzzy identity-basedencryption. Proc. of the2nd ACM Symposium on Information, Computerand Communications Security. New York: ACM,2007:368-370.
[57] Chase M. Multi-authority attribute based encryption. Proc. of TCC2007. LNCS4392. Heidelberg: Springer-Verlag,2007:515-534.
[58] M. Chase and S. Chow. Improving privacy and security inmulti-authority attribute-based encryption. Proc. of ACM Conference onComputer and Communications Security.2009:121-130.
[59] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters.Fully secure functional encryption: Attribute-based encryption and(hierarchical) inner product encryption. Proc. of EUROCRYPT2010,LNCS6110, Springer-Verlag,2010:62-91.
[60] A. Lewko and B. Waters. Unbounded HIBE and Attribute-BasedEncryption. Proc. of EUROCRYPT2011, LNCS6632, Springer-Verlag,2011:547-567.
[61] B. Waters. Ciphertext-policy attribute-based encryption: Anexpressive, efficient, and provably secure realization. Proc. of PKC2011.
[62] Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. Proc.of ASIACRYPT2002. LNCS2501, Heidelberg: Springer,2002:548–566.
[63] Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity basedencryption with constant size ciphertext. In: Cramer, R.J.F.(ed.)EUROCRYPT2005. LNCS3494, Heidelberg: Springer,2005:440–456.
[64] Craig Gentry and Shai Halevi. Hierarchical Identity BasedEncryption with Polynomially Many Levels. In Proc. of TCC2009,LNCS5444, Springer-Verlag,2009:437-456.
[65] Brent Waters. Dual key encryption: Realizing fully secure IBE andHIBE under simple assumption. In Proc. of CRYPTO2009, LNCS5677,Springer-Verlag,2009:619-636.
[66] S. Agrawal, D. Boneh, and X. Boyen. Efficient lattice (H)IBE in thestandard model. In Proc. of Eurocrypt2010, LNCS6110,Springer-Verlag,2010, pp.553-572.
[67] Michel Abdalla, Dario Catalano, Alexander W. Dent, JohnMalone-Lee, Gregory Neven, and Nigel P. Smart. Identity-basedencryption gone wild. In Michele Bugliesi, Bart Preneel, VladimiroSassone and Ingo Wegener, editors, ICALP2006(2), LNCS4052,2006(300–311).
[68] J Birkett, AW Dent, G Neven, JCN Schuldt. EfficientChosen-Ciphertext Secure Identity-Based Encryption with Wildcards,ACISP2007, LNCS4586,2007:274–292.
[69] V. Goyal. Reducing Trust in the PKG in Identity BasedCryptosystems. CRYPTO2007, LNCS4622,2007:430-447.
[70] M. Green and G. Ateniese. Identity-based proxy re-encryption. Proc.of ACNS2007, LNCS,4521, Heidelberg: Springer,2007:288-306.
[71] C. Chu and W. Tzeng. Identity-based proxy re-encryption withoutrandom oracles. Proc. of ISC2007, LNCS4779, Heidelberg: Springer,2007:189-202.
[72] Y. Dodis and M. Yung, Exposure-resilience for free: the hierarchicalid-based encryption case. Proceedings of IEEE security in StorageWorkshop2002,2002:45-52.
[73] B. Libert and J. Quisquater, Efcient revocation and thresholdpairing based cryptosystems, Principles of Distributed Computing,2003.
[74] J. Baek and Y. Zheng, Identity-Based Threshold Decryption, PublicKey Cryptography, Proceedings of PKC2004, Lecture Notes inComputer Science, LNCS2947, Springer-Verlag,2004:262-276.
[75] E. Kiltz, D. Galindo, Direct Chosen-Ciphertext SecureIdentity-Based Key Encapsulation without Random Oracles,iacr.org/2006/034.
[76] S. Liu, K. Chen, and W. Qiu. Identity-Based Threshold DecryptionRevisited. ISPEC2007, LNCS4464,2007:329-343.
[77] Boneh, D. and Hamburg, M.2008. Generalized Identity Based andBroadcast Encryption Schemes. In Proceedings of the14th internationalConference on the theory and Application of Cryptology and informationSecurity: Advances in Cryptology. J. Pieprzyk, Ed. LNCS5350.Springer-Verlag, Berlin, Heidelberg, pp.455-470.
[78] D.Boneh, X.Boyen. Short Signatures Without Random Oracles.Advances in Cryptology-Eurocrypt'2004, Lecture Notes on ComputerScience3027, Springer-Verlag,2004:56-73.
[79] B.Libert, J.-J.Quisquater. Identity Based Undeniable Signatures.Cryptology ePrint Archive, Report2003/206.
[80] F.Hess. Efficient Identity Based Signature Schemes Based onPairings. Selected Areas in Cryptography-SAC'2002, Lecture Notes onComputer Science2595, Springer-Verlag,2003:310-324.
[81] F. Zhang, K. Kim. ID-based Blind Signature and Ring Signaturefrom Pairings,Advances in Cryptology-Asiacrypt'2002. Lecture Notes onComputer Science2501,Springer-Verlag2002:533-547.
[82] F. Zhang, K. Kim. Efficient ID-Based Blind Signature and ProxySignature from Bilinear Pairings. Australasian Conference onInformation Security and Privacy-ACISP'2003, Lecture Notes onComputer Science2727, Springer-Verlag,2003:312-323.
[83] F. Zhang, R. Safavi-Naini, C.Y.Lin. New Proxy Signature, ProxyBlind Signature and Proxy Ring Signature Schemes from BilinearPairing, Cryptology ePrint Archive, Report2003/104.
[84] L.Chen,C.Kudla. Identity Based Authenticated Key Agreement fromPairings. Cryptology ePrint Archive, Report2002/184.
[85] N.McCullagh, P.S.L.M.Barreto. A New Two-Party Identity-BasedAuthenticated Key Agreement. Cryptology ePrint Archive, Report2004/122.
[86] F.Zhang, S.Liu, K.Kim, ID-Based One Round AuthenticatedTripartite Key Agreement Protocol with Pairings. Cryptology ePrintArchive, Report2002/122.
[87] K.Y.Choi, J.Y.Hwang, D.H.Lee. Efficient ID-based Group KeyAgreement with Bilinear Maps. Practice and Theory in Public KeyCryptography-PKC'2004, Singapore(SG), March2004, Lecture Noteson Computer Science2947, Springer-Verlag,2004:130-144.
[88] X.Du, Y.Wang, J.Ge, Y.Wang. ID-based Authenticated Two RoundMulti-Party Key Agreement. Cryptology ePrint Archive, Report2003/247.
[89] D.Nalla, ID-based Tripartite Key Agreement withSignatures,Cryptology ePrint Archive. Report2003/144.
[90] S.S.M.Chow, L.C.K.Hui, S.M.Yiu, Identity Based Threshold RingSignature. Cryptology ePrint Archive, Report2004/179.
[91] F.Zhang, K.Kim. Signature-Masked Authentication Using theBilinear Pairings. Cryptology&Information Security Laboratory(CAIS),Information and Communications University, technical report,2002.
[92] F.Zhang, R.Safavi-Naini, W.Susilo. ID-Based Chameleon Hashesfrom Bilinear Pairings. Cryptology ePrint Archive, Report2003/208.
[93] A.Khalili, J.Katz, W.A.Arbaugh,Toward Secure Key Distribution inTruly Ad-Hoc Networks. IEEE Workshop on Security and Assurance inAd-Hoc Networks,2003.
[94] C.Cocks. An Identity based Encryption Scheme based on QuadraticResidues. Eighth IMA International Conference on Cryptography andCoding,Dec.2001, Royal Agricultural College, Cirencester, UK.
[95] Liqun Chen, Zhaohui Cheng, John Malone-Lee, and Nigel Smart.Efficient id-kem based on the sakai-kasahara key construction. IEEProceedings-Information Security, March2006,153(1):19-26.
[96] Xavier Boyen and Brent Waters. Anonymous hierarchicalidentity-based encryption (without random oracles). In Cynthia Dwork,editor, CRYPTO, LNCS4117, Springer,2006:290-307.
[97] Gentry C. Practical Identity-based Encryption Without RandomOracles.Advances in Cryptology-EUROCRYPT2006, Springer-Verlag,2006:445-464.
[98] D. Boneh, C. Gentry, and M. Hamburg. Space-Efficient IdentityBased Encryption Without Pairings. In proceedings of FOCS2007,2007:647-657.
[99] Oded Goldreich and Rafail Ostrovsky. Software protection andsimulation on oblivious rams. J. ACM,1996,43(3):431-473.
[100] Dawn Xiaodong Song, David Wagner, and Adrian Perrig. Practicaltechniques for searches on encrypted data. In IEEE Symposium onSecurity and Privacy,2000:44-45.
[101] Eyal Kushilevitz and Rafail Ostrovsky. Replication is not needed:Single database, computationally-private information retrieval. In FOCS,1997:364-373.
[102] Christian Cachin, Silvio Micali, and Markus Stadler.Computationally private information retrieval with polylogarithmiccommunication. In EUROCRYPT1999,1999:402-414.
[103] R. Canetti, O. Goldreich, and S. Halevi. The random oraclemethodology, revisited. Proc. of the Thirtieth Annual ACM Symposiumon the Theory of Computing, STOC1998, ACM Press,1998:209-218.
[104] I. R. Jeong, J. O. Kwon, D. Hong, and D. H. Lee. ConstructingPEKS schemes secure against keyword guessing attacks is possible?Computer Communications,2009,32(2):394-396.
[105] R. Zhang, G.Hanaoka, J. Shikata, and H. Imai. On the security ofmultiple encryption or CCA-security+CCA-security=CCA-security,Proc. of PKC2004, LNCS2947, Heidelberg: Springer,2004:360-374.
[106] Aiello, W., Lodha, S.P., Ostrovsky, R. Fast Digital IdentityRevocation. In: Krawczyk, H.(ed.) CRYPTO1998. LNCS1462,Heidelberg: Springer,1998:137–152.
[107] Elwailly, F., Gentry, C., Ramzan, Z.: QuasiModo: EfcientCertificate Validation and Revocation. In: Bao, F., Deng, R., Zhou, J.(eds.) PKC2004. LNCS2947, Heidelberg: Springer,2004:375–388.
[108] Goyal, V.: Certificate Revocation Using Fine Grained CertificateSpace Partitioning. In: Dietrich, S., Dhamija, R.(eds.) FC2007andUSEC2007. LNCS4886, Heidelberg: Springer,2007:247–259.
[109] Micali, S. Novomodo: Scalable Certificate Validation and SimplifiedPKI Management. In: PKI Research Workshop (2002)
[110] Boneh, D., Ding, X., Tsudik, G.,Wong, M. A Method for FastRevocation of Public Key Certificates and Security Capabilities. In:10thUSENIX Security Symposium,2001:297–308.
[111] Ding, X., Tsudik, G.: Simple Identity-Based Cryptography withMediated RSA. In: Joye, M.(ed.) CT-RSA2003. LNCS2612,Heidelberg: Springer,2003:193–210.
[112] Boldyreva, A., Goyal, V., Kumar, V.: Identity-Based Encryptionwith Efficient Revocation. In: ACM-CCS2008(2008)
[113] B. Libert and D. Vergnaud. Adaptive-ID Secure RevocableIdentity-Based Encryption. CT-RSA2009. LNCS5473, Heidelberg:Springer,2009:1–15.
[114] M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols andatomic proxy cryptography. Proc. of EUROCRYPT1998, LNCS1403,Heidelberg: Springer,1998:127-144.
[115] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxyre-encryption schemes with applications to secure distributed storage.Proc. of the12th Annual Network and Distributed System SecuritySymposium,2005:29-44.
[116] R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxyre-encryption. Proc. of the14th ACM conference on Computer andcommunications security, ACM New York, NY, USA,2007:185-194.
[117] R. Canetti, S. Halevi, and J. Katz. Chosen-Ciphertext Security fromIdentity-Based Encryption. Proc. of EUROCRYPT2004, LNCS3027,Heidelberg: Springer,2004:202-222.
[118] B. Libert, D. Vergnaud. Unidirectional chosen-ciphertext secureproxy re-encryption. Proc. of PKC2008, LNCS4939, Heidelberg:Springer,2008:360-379.
[119] R. Canetti, H. Krawczyk and J.B. Nielsen. Relaxingchosen-ciphertext security. Proc. of CRYPTO2003, LNCS2729,Heidelberg: Springer,2003:565-582.
[120] R. H. Deng, J. Weng, S. Liu, K. Chen. Chosen-cipertext secureproxy re-encryption without pairings. Proc. of CANS2008. LNCS5339,Heidelberg: Springer,2008:1-17.
[121] J. Shao, D. Xing, and Z. Cao. Analysis of CCA secure unidirectionalID-based PRE scheme. Technical Report of TDT, Shanghai Jiao TongUniversity.2008.
[122] J. Shao and Z. Cao. CCA-secure proxy re-encryption withoutpairings. Proc. of PKC2009, LNCS5443, Heidelberg: Springer,2009:357-376.
[123] T. Matsuda, R. Nishimaki, and K. Tanaka. Model. CCA ProxyRe-Encryption without Bilinear Maps in the Standard. Proc. of PKC2010, LNCS6056, Heidelberg: Springer,2010:261–278.
[124] J. Weng, Y. Zhao and G. Hanaoka. On the Security of a BidirectionalProxy Re-Encryption Scheme from PKC2010. Proc. of PKC2011,LNCS6571, Heidelberg: Springer,2011:284-295.
[125] S. Sree Vivek, S. Sharmila Deva Selvi, V. Radhakishan and C.Pandu Rangan. Conditional Proxy Re-Encryption--A More EfficientConstruction. Proc. of CNSA2011, CCIS196,2011:502-512.
[2] Diffie W, Hellman M E. New directions in cryptography. IEEETransaction on Information Theory,1976,22(6):644-654.
[3] Rivest R L, Shamir A, Adleman L. A Method for Obtaining DigitalSignatures and Public-Key Cryptosystems. Communications of the ACM,February1978,21(2):120-126.
[4] Rbain, M O. Digitalized Signatures and Public-Key Functions asIntractable as Factorization. MIT Laboratory for computer Science,Technical Report, MIT/LC-S/TR212, Jan.1979.
[5] ElGamal T. A public key cryptosystem and a signature scheme based ondiscrete logarithms. IEEE Transaction on Information Theory,1985,31(4):469-472.
[6] Miller V S. Use of elliptic curve in cryptosystems. Advances inCryptology-CRYPTO85, LNCS218, Berlin:Springer-Verlag,1986:417-426.
[7] Koblitz N, Elliptic curve cryptosystems. Mathematics of Compution,1987,48(177):203-209.
[8] Koblitz N. Hyperelliptic cryptography. J.of Crypto,1989,1(3):139-150.
[9] Shamir A. Identity-based cryptosystems and signature schemes. Proc. ofCRYPTO84. Heidelberg: Springer-Verlag,1985:47-53.
[10] N. Cao, C. Wang, M. Li, K. Ren and W. Lou. Privacy-preservingmulti-keyword ranked search over encrypted cloud data, Proc. ofINFOCOM2011,2011:829-837.
[11] C. Dong, Gi. Russello and N. Dulay. Shared and searchableencrypted data for untrusted servers. Journal of Computer Security,2011:367-397.
[12] Seny Kamara and Kristin Lauter. Cryptographic Cloud Storage. Proc.of Workshop on Real-Life Cryptographic Protocols and Standardization2010, Microsoft Research.
[13] D. Boneh, G. Di Crescenzo, R. Ostrovsky, G Persiano. Public KeyEncryption with Keyword Search[C]. In Proc. of EUROCRYPT2004.LNCS3027, Heidelberg: Springer-Verlag,2004:506-522.
[14] B. Waters, D. Balfanz, G. Durfee, D. Smetters. Building anEncrypted and Searchable Audit Log[C]. Network and DistributedSystem Security Symposium (NDSS2004),(2004)
[15] P. Golle, J. Staddon, B. Waters. Secure Conjunctive Search overEncrypted Data[C]. In Proc. of ACNS2004. LNCS3089, Heidelberg:Springer,2004:3145.
[16] D.J. Park, K. Kim, P.J. Lee. Public Key Encryption with ConjunctiveField Keyword Search. In: Lim, C.H., Yung, M.(eds.), Proc. ofInformation Security Applications,5th International Workshop, WISA2004. LNCS3325, Springer-Verlag,2005:73-86.
[17] B. Zhang, F. Zhang. An efficient public key encryption withconjunctive-subset keywords search. Journal of Network and ComputerApplications,2011,34(1):262-267.
[18] D. Boneh and B. Waters. Conjunctive, subset, and range queries onencrypted data. Proc. of TCC2007. LNCS4392, Springer-Verlag,2007:535-554.
[19] J. Baek, R. Safavi-Naini and W. Susilo. On the Integration of PublicKey Data Encryption and Public Key Encryption with Keyword Search.Proc. of9th Information Security Conference, ISC2006, LNCS4176,Springer-Verlag,2006:217-232.
[20] T. Fuhr and P. Paillier. Decryptable searchable encryption. Proc. ofFirst International Conference on Provable Security, ProvSec2007,LNCS4784, Springer-Verlag,2007:228-236.
[21] D. Hofheinz and E. Weinreb. Searchable encryption with decryptionin the standard model. Cryptology ePrint Archive, Report2008/423.2008. http://eprint.iacr.org/2008/423.
[22] R. Zhang and H. Imai. Generic combination of public key encryptionwith keyword search and public key encryption. Proc. of Cryptology andNetwork Security,6th International Conference, CANS2007, LNCS4856, Springer-Verlag,2007:159-174.
[23] W. C. Yau, R.Phan, S.H. Heng and B. Goi. Proxy Re-encryption withKeyword Search: New Definitions and Algorithms. Journal of Securityand Its Applications,2011,5(2):149-160.
[24] J. Shao, Z. Cao, X. Liang, H. Lin. Proxy re-encryption with keywordsearch. Information Sciences,2010,180(13):2576-2587.
[25] J. Baek, R. Safavi-Naini and W. Susilo. Public Key Encryption withKeyword Search Revisited[C]. In Proc. of Applied Cryptography andInformation Security06(ACIS2006), LNCS5072, Springer-Verlag,2008:1249-1259.
[26] C. Gu, Y Zhu, and H. Pan. Efficient Public Key Encryption withKeyword Search Schemes from Pairings[C]. In Proc. of InformationSecurity and Cryptology: Third SKLOIS Conference, Inscrypt2007,LNCS4990, Springer-Verlag,2007:372-383.
[27] H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee. Improvedsearchable public key encryption with designated tester. Proc. of the4thinternational Symposium on information, Computer, andCommunications Security, ASIACCS2009, ACM, New York, NY,2009:376-379.
[28] H. S. Rhee, W. Susilo and H-J. Kim. Secure searchable public keyencryption scheme against keyword guessing attacks. IEICE Electron,2009,6(5):237-243.
[29] J.W. Byun, H.S. Rhee, H. A. Park, and D.H. Lee. Off-LineKeyword Guessing Attacks on Recent Keyword Search Schemes overEncrypted Data. Proc. of3rdVLDB Workshop on Secure DataManagement, SDM2006,. LNCS4165, Springer-Verlag,2006:75-83.
[30] W. C. Yau, S. H. Heng and B. Goi. Off-Line Keyword GuessingAttacks on Recent Public Key Encryption with Keyword SearchSchemes. Proc. of The5th International Conference on Autonomic andTrusted Computing, ATC2008, LNCS5060, Springer-Verlag,2008:100-105.
[31] J. Weng, R.H. Deng, C. Chu, X. Ding, J. Lai. Conditional proxyre-encryption secure against chosen-ciphertext attack. Proc. of the4thInternational Symposium on ACM Symposium on Information, Computerand Communications Security (ASIACCS2009),2009:322-332.
[32] Boneh D, Franklin MK. Identity-based encryption from the Weilpairing. Proc. of the21st Annual International Cryptology Conference.LNCS2139, Heidelberg: Springer-Verlag,2001:213-229.
[33] Gentry C. Practical identity-based encryption without randomoracles. In Proc. of EUROCRYPT2006, LNCS4004, Springer-Verlag,2006:457-464.
[34] Kiltz E, Vahlis Y. CCA2Secure IBE: Standard model efficiencythrough authenticated symmetric encryption. In Proc. of CT-RSA2008,LNCS4964, Springer-Verlag,2008:221-238.
[35] R. Canetti, S. Halevi, and J. Katz. Chosen-Ciphertext Security fromIdentity-Based Encryption. EUROCRYPT2004, LNCS3027, Heidelberg:Springer,2004:202-222.
[36] B. Libert, D. Vergnaud. Unidirectional chosen-ciphertext secureproxy re-encryption. Proc. of PKC2008, LNCS4939, Heidelberg:Springer,2008:360-379.
[37] Y. Dodis, A. Yampolskiy. A verifiable random function with shortproofs and keys. Proc. of PKC2005, LNCS3386, Heidelberg: Springer,2005:416-431.
[38]冯登国.可证安全性理论与方法研究.软件学报,2005,16(10):1743-1756.
[39]鲁力,胡磊.基于Weil对的多接收者公钥加密方案.软件学报,2008,19(8):2159-2166.
[40] Fiat A, Shamir A. How to prove yourself: Practical solutions toidentification and signature problems. In Advances inCryptology-Crypto’86, LNCS.263, Berlin:Springer-Verlag,1986.
[41] Mihir Bellare, Phillip Rogaway. Random oracles are practical:Aparadigm for designing efficient protocols. In Proceedings of the FirstACM Conference on Computer and Communications Security, ACMPress, New York, USA,1993:62-73.
[42] Miller V S. Use of elliptic curve in cryptosystems. Advances inCryptology-CRYPTO85, LNCS218, Berlin:Springer-Verlag,1986:417-426.
[43] Moni Naor, Moti Yung. Public-key cryptosystems provably secureagainst chosen ciphertext attacks. In22nd Annual ACM Symposium onTheory of Computing, ACM Press, New York, USA,1990:427-437.
[44] Rackoff C, Simon D. Non-interactive Zero-knowledge Proof ofKnowledge and Chosen Ciphertext Attack. In Advances inCryptology-CRYPTO’91, LNCS576, Berlin:Springer-Verlag,1991:433-444.
[45] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J.Malone-Lee, G. Neven, P. Paillier, and H. Shi. Searchable EncryptionRevisited: Consistency Properties, Relation to Anonymous IBE andExtension[sC]. In Proc. of CRYPTO2005, LNCS3621, Springer-Verlag,2005:205-222.
[46] Martijn Maas. Pairing-Based Cryptography.2004.
[47] Bellare, M., Boldyreva, A., Desai, A., and Pointcheval, D.2001.Key-Privacy in Public-Key Encryption. In Proceedings of the7thinternational Conference on the theory and Application of Cryptologyand information Security: Advances in Cryptology (December09-13,2001). C. Boyd, LNCS2248, London:Springer-Verlag,566-582.
[48] Ueli M. Maurer and Yacov Yacobi. A non-interactive public-keydistribution system. Des. Codes Cryptography,1996,9(3):305-316.
[49] Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-securepublic-key encryption scheme. In Eli Biham, editor, EUROCRYPT,LNCS2656, Springer,2003:255-271.
[50] Boneh D, Boyen X. Efficient selective-ID Identity based encryptionwithout random oracles. In Proc. of EUROCRYPT2004, LNCS3027,Springer-Verlag,2004:223-238.
[51] Waters B. Efficient identity based encryption without random oracles.In Proc. of EUROCRYPT2005, LNCS3494, Springer-Verlag,2005:114-127.
[52] David Naccache. Secure and practical identity-based encryption.CoRR, abs/cs/0510042,2005.
[53] Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. ofEUROCRYPT2005, LNCS3494, Springer-Verlag,2005:457-473.
[54] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryptionfor fine-grained access control of encrypted data. In Proc. of CCS,89-98,New York, ACM Press,2006:221-238.
[55] Pirretti M, Traynor P, McDaniel P, Waters B. Secure Attribute-BasedSystems. In Proc. of ACM CCS'06, ACM,2006:99-112.
[56] Baek J, Susilo W, Zhou J. New constructions of fuzzy identity-basedencryption. Proc. of the2nd ACM Symposium on Information, Computerand Communications Security. New York: ACM,2007:368-370.
[57] Chase M. Multi-authority attribute based encryption. Proc. of TCC2007. LNCS4392. Heidelberg: Springer-Verlag,2007:515-534.
[58] M. Chase and S. Chow. Improving privacy and security inmulti-authority attribute-based encryption. Proc. of ACM Conference onComputer and Communications Security.2009:121-130.
[59] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters.Fully secure functional encryption: Attribute-based encryption and(hierarchical) inner product encryption. Proc. of EUROCRYPT2010,LNCS6110, Springer-Verlag,2010:62-91.
[60] A. Lewko and B. Waters. Unbounded HIBE and Attribute-BasedEncryption. Proc. of EUROCRYPT2011, LNCS6632, Springer-Verlag,2011:547-567.
[61] B. Waters. Ciphertext-policy attribute-based encryption: Anexpressive, efficient, and provably secure realization. Proc. of PKC2011.
[62] Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. Proc.of ASIACRYPT2002. LNCS2501, Heidelberg: Springer,2002:548–566.
[63] Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity basedencryption with constant size ciphertext. In: Cramer, R.J.F.(ed.)EUROCRYPT2005. LNCS3494, Heidelberg: Springer,2005:440–456.
[64] Craig Gentry and Shai Halevi. Hierarchical Identity BasedEncryption with Polynomially Many Levels. In Proc. of TCC2009,LNCS5444, Springer-Verlag,2009:437-456.
[65] Brent Waters. Dual key encryption: Realizing fully secure IBE andHIBE under simple assumption. In Proc. of CRYPTO2009, LNCS5677,Springer-Verlag,2009:619-636.
[66] S. Agrawal, D. Boneh, and X. Boyen. Efficient lattice (H)IBE in thestandard model. In Proc. of Eurocrypt2010, LNCS6110,Springer-Verlag,2010, pp.553-572.
[67] Michel Abdalla, Dario Catalano, Alexander W. Dent, JohnMalone-Lee, Gregory Neven, and Nigel P. Smart. Identity-basedencryption gone wild. In Michele Bugliesi, Bart Preneel, VladimiroSassone and Ingo Wegener, editors, ICALP2006(2), LNCS4052,2006(300–311).
[68] J Birkett, AW Dent, G Neven, JCN Schuldt. EfficientChosen-Ciphertext Secure Identity-Based Encryption with Wildcards,ACISP2007, LNCS4586,2007:274–292.
[69] V. Goyal. Reducing Trust in the PKG in Identity BasedCryptosystems. CRYPTO2007, LNCS4622,2007:430-447.
[70] M. Green and G. Ateniese. Identity-based proxy re-encryption. Proc.of ACNS2007, LNCS,4521, Heidelberg: Springer,2007:288-306.
[71] C. Chu and W. Tzeng. Identity-based proxy re-encryption withoutrandom oracles. Proc. of ISC2007, LNCS4779, Heidelberg: Springer,2007:189-202.
[72] Y. Dodis and M. Yung, Exposure-resilience for free: the hierarchicalid-based encryption case. Proceedings of IEEE security in StorageWorkshop2002,2002:45-52.
[73] B. Libert and J. Quisquater, Efcient revocation and thresholdpairing based cryptosystems, Principles of Distributed Computing,2003.
[74] J. Baek and Y. Zheng, Identity-Based Threshold Decryption, PublicKey Cryptography, Proceedings of PKC2004, Lecture Notes inComputer Science, LNCS2947, Springer-Verlag,2004:262-276.
[75] E. Kiltz, D. Galindo, Direct Chosen-Ciphertext SecureIdentity-Based Key Encapsulation without Random Oracles,iacr.org/2006/034.
[76] S. Liu, K. Chen, and W. Qiu. Identity-Based Threshold DecryptionRevisited. ISPEC2007, LNCS4464,2007:329-343.
[77] Boneh, D. and Hamburg, M.2008. Generalized Identity Based andBroadcast Encryption Schemes. In Proceedings of the14th internationalConference on the theory and Application of Cryptology and informationSecurity: Advances in Cryptology. J. Pieprzyk, Ed. LNCS5350.Springer-Verlag, Berlin, Heidelberg, pp.455-470.
[78] D.Boneh, X.Boyen. Short Signatures Without Random Oracles.Advances in Cryptology-Eurocrypt'2004, Lecture Notes on ComputerScience3027, Springer-Verlag,2004:56-73.
[79] B.Libert, J.-J.Quisquater. Identity Based Undeniable Signatures.Cryptology ePrint Archive, Report2003/206.
[80] F.Hess. Efficient Identity Based Signature Schemes Based onPairings. Selected Areas in Cryptography-SAC'2002, Lecture Notes onComputer Science2595, Springer-Verlag,2003:310-324.
[81] F. Zhang, K. Kim. ID-based Blind Signature and Ring Signaturefrom Pairings,Advances in Cryptology-Asiacrypt'2002. Lecture Notes onComputer Science2501,Springer-Verlag2002:533-547.
[82] F. Zhang, K. Kim. Efficient ID-Based Blind Signature and ProxySignature from Bilinear Pairings. Australasian Conference onInformation Security and Privacy-ACISP'2003, Lecture Notes onComputer Science2727, Springer-Verlag,2003:312-323.
[83] F. Zhang, R. Safavi-Naini, C.Y.Lin. New Proxy Signature, ProxyBlind Signature and Proxy Ring Signature Schemes from BilinearPairing, Cryptology ePrint Archive, Report2003/104.
[84] L.Chen,C.Kudla. Identity Based Authenticated Key Agreement fromPairings. Cryptology ePrint Archive, Report2002/184.
[85] N.McCullagh, P.S.L.M.Barreto. A New Two-Party Identity-BasedAuthenticated Key Agreement. Cryptology ePrint Archive, Report2004/122.
[86] F.Zhang, S.Liu, K.Kim, ID-Based One Round AuthenticatedTripartite Key Agreement Protocol with Pairings. Cryptology ePrintArchive, Report2002/122.
[87] K.Y.Choi, J.Y.Hwang, D.H.Lee. Efficient ID-based Group KeyAgreement with Bilinear Maps. Practice and Theory in Public KeyCryptography-PKC'2004, Singapore(SG), March2004, Lecture Noteson Computer Science2947, Springer-Verlag,2004:130-144.
[88] X.Du, Y.Wang, J.Ge, Y.Wang. ID-based Authenticated Two RoundMulti-Party Key Agreement. Cryptology ePrint Archive, Report2003/247.
[89] D.Nalla, ID-based Tripartite Key Agreement withSignatures,Cryptology ePrint Archive. Report2003/144.
[90] S.S.M.Chow, L.C.K.Hui, S.M.Yiu, Identity Based Threshold RingSignature. Cryptology ePrint Archive, Report2004/179.
[91] F.Zhang, K.Kim. Signature-Masked Authentication Using theBilinear Pairings. Cryptology&Information Security Laboratory(CAIS),Information and Communications University, technical report,2002.
[92] F.Zhang, R.Safavi-Naini, W.Susilo. ID-Based Chameleon Hashesfrom Bilinear Pairings. Cryptology ePrint Archive, Report2003/208.
[93] A.Khalili, J.Katz, W.A.Arbaugh,Toward Secure Key Distribution inTruly Ad-Hoc Networks. IEEE Workshop on Security and Assurance inAd-Hoc Networks,2003.
[94] C.Cocks. An Identity based Encryption Scheme based on QuadraticResidues. Eighth IMA International Conference on Cryptography andCoding,Dec.2001, Royal Agricultural College, Cirencester, UK.
[95] Liqun Chen, Zhaohui Cheng, John Malone-Lee, and Nigel Smart.Efficient id-kem based on the sakai-kasahara key construction. IEEProceedings-Information Security, March2006,153(1):19-26.
[96] Xavier Boyen and Brent Waters. Anonymous hierarchicalidentity-based encryption (without random oracles). In Cynthia Dwork,editor, CRYPTO, LNCS4117, Springer,2006:290-307.
[97] Gentry C. Practical Identity-based Encryption Without RandomOracles.Advances in Cryptology-EUROCRYPT2006, Springer-Verlag,2006:445-464.
[98] D. Boneh, C. Gentry, and M. Hamburg. Space-Efficient IdentityBased Encryption Without Pairings. In proceedings of FOCS2007,2007:647-657.
[99] Oded Goldreich and Rafail Ostrovsky. Software protection andsimulation on oblivious rams. J. ACM,1996,43(3):431-473.
[100] Dawn Xiaodong Song, David Wagner, and Adrian Perrig. Practicaltechniques for searches on encrypted data. In IEEE Symposium onSecurity and Privacy,2000:44-45.
[101] Eyal Kushilevitz and Rafail Ostrovsky. Replication is not needed:Single database, computationally-private information retrieval. In FOCS,1997:364-373.
[102] Christian Cachin, Silvio Micali, and Markus Stadler.Computationally private information retrieval with polylogarithmiccommunication. In EUROCRYPT1999,1999:402-414.
[103] R. Canetti, O. Goldreich, and S. Halevi. The random oraclemethodology, revisited. Proc. of the Thirtieth Annual ACM Symposiumon the Theory of Computing, STOC1998, ACM Press,1998:209-218.
[104] I. R. Jeong, J. O. Kwon, D. Hong, and D. H. Lee. ConstructingPEKS schemes secure against keyword guessing attacks is possible?Computer Communications,2009,32(2):394-396.
[105] R. Zhang, G.Hanaoka, J. Shikata, and H. Imai. On the security ofmultiple encryption or CCA-security+CCA-security=CCA-security,Proc. of PKC2004, LNCS2947, Heidelberg: Springer,2004:360-374.
[106] Aiello, W., Lodha, S.P., Ostrovsky, R. Fast Digital IdentityRevocation. In: Krawczyk, H.(ed.) CRYPTO1998. LNCS1462,Heidelberg: Springer,1998:137–152.
[107] Elwailly, F., Gentry, C., Ramzan, Z.: QuasiModo: EfcientCertificate Validation and Revocation. In: Bao, F., Deng, R., Zhou, J.(eds.) PKC2004. LNCS2947, Heidelberg: Springer,2004:375–388.
[108] Goyal, V.: Certificate Revocation Using Fine Grained CertificateSpace Partitioning. In: Dietrich, S., Dhamija, R.(eds.) FC2007andUSEC2007. LNCS4886, Heidelberg: Springer,2007:247–259.
[109] Micali, S. Novomodo: Scalable Certificate Validation and SimplifiedPKI Management. In: PKI Research Workshop (2002)
[110] Boneh, D., Ding, X., Tsudik, G.,Wong, M. A Method for FastRevocation of Public Key Certificates and Security Capabilities. In:10thUSENIX Security Symposium,2001:297–308.
[111] Ding, X., Tsudik, G.: Simple Identity-Based Cryptography withMediated RSA. In: Joye, M.(ed.) CT-RSA2003. LNCS2612,Heidelberg: Springer,2003:193–210.
[112] Boldyreva, A., Goyal, V., Kumar, V.: Identity-Based Encryptionwith Efficient Revocation. In: ACM-CCS2008(2008)
[113] B. Libert and D. Vergnaud. Adaptive-ID Secure RevocableIdentity-Based Encryption. CT-RSA2009. LNCS5473, Heidelberg:Springer,2009:1–15.
[114] M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols andatomic proxy cryptography. Proc. of EUROCRYPT1998, LNCS1403,Heidelberg: Springer,1998:127-144.
[115] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxyre-encryption schemes with applications to secure distributed storage.Proc. of the12th Annual Network and Distributed System SecuritySymposium,2005:29-44.
[116] R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxyre-encryption. Proc. of the14th ACM conference on Computer andcommunications security, ACM New York, NY, USA,2007:185-194.
[117] R. Canetti, S. Halevi, and J. Katz. Chosen-Ciphertext Security fromIdentity-Based Encryption. Proc. of EUROCRYPT2004, LNCS3027,Heidelberg: Springer,2004:202-222.
[118] B. Libert, D. Vergnaud. Unidirectional chosen-ciphertext secureproxy re-encryption. Proc. of PKC2008, LNCS4939, Heidelberg:Springer,2008:360-379.
[119] R. Canetti, H. Krawczyk and J.B. Nielsen. Relaxingchosen-ciphertext security. Proc. of CRYPTO2003, LNCS2729,Heidelberg: Springer,2003:565-582.
[120] R. H. Deng, J. Weng, S. Liu, K. Chen. Chosen-cipertext secureproxy re-encryption without pairings. Proc. of CANS2008. LNCS5339,Heidelberg: Springer,2008:1-17.
[121] J. Shao, D. Xing, and Z. Cao. Analysis of CCA secure unidirectionalID-based PRE scheme. Technical Report of TDT, Shanghai Jiao TongUniversity.2008.
[122] J. Shao and Z. Cao. CCA-secure proxy re-encryption withoutpairings. Proc. of PKC2009, LNCS5443, Heidelberg: Springer,2009:357-376.
[123] T. Matsuda, R. Nishimaki, and K. Tanaka. Model. CCA ProxyRe-Encryption without Bilinear Maps in the Standard. Proc. of PKC2010, LNCS6056, Heidelberg: Springer,2010:261–278.
[124] J. Weng, Y. Zhao and G. Hanaoka. On the Security of a BidirectionalProxy Re-Encryption Scheme from PKC2010. Proc. of PKC2011,LNCS6571, Heidelberg: Springer,2011:284-295.
[125] S. Sree Vivek, S. Sharmila Deva Selvi, V. Radhakishan and C.Pandu Rangan. Conditional Proxy Re-Encryption--A More EfficientConstruction. Proc. of CNSA2011, CCIS196,2011:502-512.