[1]Mambo M, Okamoto E. Proxy cryptosystems:delegation of the power to decrypt ciphertexts[J].IEICE Transactions on Fundamentals of Electronics,Communications & Computer Sciences,1997,E80A(1):5463.
[2]Blaze M, Bleumer G, Strauss M. Divertible protocol and atomic proxy cryptography[C]∥Proc of Eurocrypt 1998,1998:127144.
[3]Wang L,Cao Z,Okamoto E,et al.Transformationfree proxy cryptosystems and their applications to electronic commerce[C]∥Proc of International Conference on Information Security,2004:1.
[4]Wang L. Authorizationlimited transformationfree proxy cryptosystems and their security analyses[J].IEICE Transactions on Fundamentals of Electronics, Communications & Computer Sciences,2006,89(1):106114.
[5]Zhou Y,Cao Z,Chai Z.Constructing secure proxy cryptosystem[C]∥Proc of Information Security and Cryptology, 2005:150161.
[6]Wang L,Shao J,Cao Z,et al.A certificatebased proxy cryptosystem with revocable proxy decryption power[C]∥Proc of INDOCRYPT 2007, 2007:297311.
[7]Wang L,Shao J,Cao Z,et al.Certificatebased proxy decryption systems with revocability in the standard model[J].Information Sciences,2013,247:188201.
[8]Zhang G. A generic construction for proxy cryptography[M]∥Advances in Computer Science, Environment, Ecoinformatics, and Education. Berlin: Springer,2011:284289.
[9]Shamir A. Identitybased cryptosystems and signature schemes[C]∥Proc of Advances in Cryptology(CRYPT084),1984:4753.
[10]Boneh D, Franklin M. Identitybased encryption from the weil pairing[C]∥Proc of Advances in Cryptology(CRYPTO 2001),2001:213229.
[11]Cocks C. An identity based encryption scheme based on quadratic residues[M]∥Cryptography and coding.Berlin:Springer Berlin Heidelberg,2001:360363.
[12]Canetti R,Halevi S,Katz J.A forwardsecure publickey encryption scheme[C]∥Proc of Advances(Cryptology EUROCRYPT 2003),2003:255271.
[13]Boneh D, Boyen X. Efficient selectiveid secure identitybased encryption without random oracles[C]∥Proc of Advances in Cryptology(EUROCRYPT 2004),2004:223238.
[14]Waters B.Efficient identitybased encryption without random oracles[C]∥Proc of Advances in Cryptology(EUROCRYPT 2005),2005:114127.
[15]Gentry C. Practical identitybased encryption without random oracles[C]∥Proc of Advances in Cryptology(EUROCRYPT 2006),2006:445464.
附录1Waters基于身份加密方案[14]
·系统初始化算法:
-令G,G1为素数p阶循环群,且存在可计算的双线性映射G×G→G1;
-随机选取α∈Zp;
-随机选择G的生成元g,计算g1=gα;
-随机选取g2∈G,u′∈G和长度为n的向量U=(ui);
-该系统公共参数为params={g,g1,u′,U},主公钥mpk=g2,主私钥为msk=gα2。
·密钥生成算法:
-令v为n比特字符串,用来表示身份,vi表示v的第i个比特;
-V{1,…,n}是满足vi=1的所有i的集合;
-随机选取r∈Zp;
-计算dv=(gα2(u′∏i∈vui)r,gr)。
·加密算法:
-随机选取t∈Zp;
-输出密文C=<C1,C2,C3>,其中C1=e(g1,g2)tm,C2=gt,C3=(u′∏i∈vui)t。
·解密算法:
-使用dv=(d1,d2)解密如下:
C1e(d2,C3)e(d1,C2)=(e(g1,g2)tm)e(gr,(u′∏i∈vui)t)e(gα2(u′∏i∈vui)r,gt)=
(e(g1,g2)tm)e(g,(u′∏i∈vui)rt)e(g1,g2)te((u′∏i∈vui)rt,g)=m