[1] Abe M, Okamoto T. A signature scheme with message recovery assecure as discrete logarithm [J]. Lecture Notes in ComputerScience, 1999, 1716: 378-389.[2] Nyberg K, Tuepple R A. A new signature scheme based on the DSAgiving message recovery [C]// Proceedings of the 1st ACMConference on Communication and Computer Security. Fairfax, USA: ACMPress, 1993: 58-61.[3] Tso R, Gu C, Okamoto T, et al. Efficient ID-based digitalsignatures with message recovery [J]. Lecture Notes in ComputerScience, 2007, 4856: 47-59.[4] Al-Riyami S S, Paterson K G. Certificateless public keycryptography [J]. Lecture Notes in Computer Science, 2003, 2894: 452-473.[5] Boneh D, Lynn B, Shacham H. Short signatures from the Weilpairing [J]. Lecture Notes in Computer Science, 2001, 2248: 514-533.[6] Shamir A. Identity-based cryptosystems and signature schemes[J]. Lecture Notes in Computer Science, 1984, 0196: 47-53.[7] Hu B C, Wong D S, Zhang Z, et al. Certificateless signature: Anew security model and an improved generic construction [J]. International Journal of Designs, Codes and Cryptography, 2007, 42(2): 109-126.[8] Huang X, Mu Y, Susilo W, et al. Certificateless signaturerevisited [J]. Lecture Notes in Computer Science, 2007, 4586: 308-322.[9] Tso R, Yi X, Huang X. Efficient and short certificatelesssignatures [J]. Lecture Notes in Computer Science, 2008, 5339: 64-79.[10] Yap W L, Heng S H, Goi B M. An efficient certifictelesssignature [J]. Lecture Notes in Computer Science, 206, 4097: 322-331.[11] Zhang Z, Wong D S, Xu J, et al. Certificateless public-keysignature: Security model and efficiet construction [J]. Lecture Notes in Computer Science, 2006, 3989: 293-308.[12] Girault M. Self-certified public keys [J]. Lecture Notesin Computer Science, 1991, 547: 490-497.[13] Barreto P S L M, Kim H Y, Lynn B, et al. Efficient algorithmfor pairing-based cryptosystems [J]. Lecture Notes in ComputerScience, 2002, 2442: 354-369.[14] Barreto P S L M, Lynn B, Scott M. On the selection ofpairing-friendly groups [J]. Lecture Notes in ComputerScience, 2003, 3006: 17-25.[15] Boneh D, Boyen X. Efficient selective ID secure identity basedencryption without random oracles [J]. Lecture Notes inComputer Science, 2004, 3027: 223-238.[16] Barreto P S L M, Libert B, Mccullagh N, et al. Efficient andprovably-secure identity-based signatures and signcryption frombilinear maps [J]. Lecture Notes in Computer Science, 2005, 3778: 515-532.[17] Bellare M, Neven G. Multi-signatures in the plain public-keymodel and a general forking lemma [C]// Proceedings of 13thACM Conference on Computer and Communication Security. [s.l.]: ACMPress, 2006: 390-398.[18] Bellare M, Palacio A. The knowledge of exponent assumptions and3-round zero-knowledge protocols [J]. Lecture Notes in ComputerScience, 2004, 3152: 273-289.[19] Hada S, Tanaka T. On the existence of 3-round zero-knowledgeprotocols [J]. Lecture Notes in Computer Science, 1998, 1462: 408-423.[20] Pintcheval D, Stern J. Security arguments for digitalsignatures and blind signatures [J]. Journal of Cryptology,2000, 13(3): 361-396.[21] Tso R, Yi X, Huang X. Efficient and short certificatelesssignatures secure against realistic adversaries [J]. Journal ofSupercomputing, 2011, 55(2): 173-191.[22] Goldwasser S, Micali S, Rivest R L. A digital signature schemesecure against adaptive chosen-message attacks [J]. SIAMJournal of Computing, 1988, 17(2): 281-308. |