［1］RIVEST R,SHAMIR A,TAUMAN Y.How to leak a secret advances in cryptology［C］.Heidelberg:Springer-Verlag,2001:552-565.

［2］BONEH D,GENTRY C,LYNN B,et al.Aggregate and verifiably encrypted signatures,from bilinear maps advances in cryptology:proceedings of Eurocrypt 2003［C］.Heidelberg:Springer-Verlag,2003:416-432.

［3］GOLDWASSER S,MICALI S,RIVEST R A.Digital signature scheme secure against adaptive chosenmessage attacks［J］.SIAM Journal of Computing,1988,17(2):281-308.

［4］LIU J,WONG D,LINKABLE R.Signatures:security models and new schemes computational science and its applications:proceedings of ICCSA 2005［C］.Heidelberg:Springer-Verlag,2005:614-623.

［5］SHAMIRA.Identity-based cryptosystems and signature［C］.Heidelberg:Springer Verlag,1984:47-53.

［6］NEUMAN B,STUBBLEBINE S.A note on the use of timestamps as nonces［J］.Operating Systems Review,1993,27(2):10-14.

［7］BELLOVIN S,MERRITT M.Encrypted key exchange:password based protocols secure against dictionary attacks research in security and privacy［C］.Proceedings.of 1992 IEEE Symposium on Research in Security and Privacy,IEEE Computer Society,1992:72-84.

［8］HALEVI S,MICALI S.Proactical and provably-secure commitment schemes from collision-free hashing［C］.Heidelberg:Springer-Verlag,1996,96:201-215.

［9］WU Qianhong,ZHU Xiaoyan,WANG Yumin.A practical electronic.auction scheme based on the RSA function［J］.Journal of Xidian University,2003,30(6):788-791.

［10］邱卫东,黄征,李祥学,等.密码协议基础［M］.北京:高等教育出版社,2009.