Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there a...Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there are only two identity-based proxy ring signature schemes have been proposed until now, i. e., Cheng's scheme and Lang's scheme. It's unlucky that the two identity-based proxy ring signature schemes are unfeasible. This paper points out the reasons why the two identity-based proxy ring signature schemes are unfeasible. In order to design feasible and efficient identity-based proxy ring signature schemes from bilinear pairings, we have to search for other methods.展开更多
The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However...The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.展开更多
An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and b...An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and based on the recently proposed identity-based signature scheme of Cha and Cheon. Due to the sound properties of m-torsion groups and the base scheme, it turns out that our schemes are very simple and efficient. Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.展开更多
In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature sche...In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.展开更多
In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In ...In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.展开更多
Identity-based (ID-based) ring signature has drawn great concerns in recent years and many ID-based ring signature schemes have been proposed until now. Unfortunately, all of these ID-based ring signatures are const...Identity-based (ID-based) ring signature has drawn great concerns in recent years and many ID-based ring signature schemes have been proposed until now. Unfortunately, all of these ID-based ring signatures are constructed from bilinear pairings, a powerful but computationally expensive primitive. Hence, ID-based ring signature without pairing is of great interest in the field of cryptography. In this paper, the authors firstly propose an ID-based ring signature scheme based on quadratic residues. The proposed scheme is proved to be existentially unforgeable against adaptive chosen message-and-identity attack under the random oracle model, assuming the hardness of factoring. The proposed scheme is more efficient than those which are constructed from bilinear pairings.展开更多
In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-...In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.展开更多
A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot....A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.展开更多
In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies: (1) when members leave or join an organization, the public verification key and the si...In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies: (1) when members leave or join an organization, the public verification key and the signature verification procedure are unchanged; (2) a user participates in several organizations at the same time, her secret key is only related with her identity. However, no previous schemes have these two properties.展开更多
Fair exchange of digital signatures is an important tool for signing digital contracts, e-payment and other electronic commerce actions. An ID-based scheme of fair exchange of digital signature is proposed in this pap...Fair exchange of digital signatures is an important tool for signing digital contracts, e-payment and other electronic commerce actions. An ID-based scheme of fair exchange of digital signature is proposed in this paper. The protocol relies on a trusted third party, but is "optimistic", in that the third party is only needed in cases where one player attempts to cheat or simply crashes. The proposed scheme has properties of short signature, low computation and verification cost. It can realize exchange of digital signatures fairly and effic, iently. A key feature of our scheme is that it is identity-based, which needs no certificates and has a simple key management. To our best knowledge, this is the first identity based scheme of fair exchange of digital signatures.展开更多
In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid th...In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.展开更多
An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, b...An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.展开更多
A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances priv...A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.展开更多
We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems wit...We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.展开更多
In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-...In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-payment. In this paper, we propose an identity-based proxy blind signature scheme which combines the advantages of proxy signature and of blind signature. Our scheme fulfills peffecdy the security requirements of a proxy blind signature. Comparing the previous scheme, our scheme needs less computational overhead and is more efficient.展开更多
Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an i...Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an important role in security solutions. Several ID-based signature schemes have been put forward, many of which are based on bilinear pairings. In key management and moderate security demand scenarios, ID-based public key cryptosystem is more preferable than other public key infrastructure based systems. In this paper, an improved ID-based proxy ring signature scheme from bilinear pairings is proposed which combines the advantages of proxy signature and of ring signatures. Our scheme can guarantee the profits of the proxy signer via preventing the original signer form generating the proxy ring signature. Furthermore, bilinear pairings are introduced to minimize the computation overhead and to improve the related performance of our scheme. In contrast with Zhang's scheme, our scheme is a computational efficiency improvement for signature verification because the computational cost of bilinear pairings required is reduced from O(n) to O( 1 ). In addition, the proxy ring signature presented in this paper can perfectly satisfy all the security requirements of proxy ring signature, i. e. signer-ambiguity, non-forgeability, verification, non-deniability and distinguishability.展开更多
Without the assumption that the private keys are kept secure perfectly, cryptographic primitives cannot be deployed in the insecure environments where the key leakage is inevitable. In order to reduce the damage cause...Without the assumption that the private keys are kept secure perfectly, cryptographic primitives cannot be deployed in the insecure environments where the key leakage is inevitable. In order to reduce the damage caused by the key exposure in the identity-based(ID-based) signature scenarios efficiently, we propose an ID-based key-insulated signature scheme in this paper, which eliminates the expensive bilinear pairing operations. Compared with the previous work, our scheme minimizes the computation cost without any extra cost. Under the discrete logarithm(DL) assumption, a security proof of our scheme in the random oracle model has also been given.展开更多
基金Supported by the National Natural Science Foundation of China (No.60432040).
文摘Recently, proxy ring signature schemes have been shown to be useful in various applications, such as electronic polling, electronic payment, etc. Although many proxy ring signature schemes have been pro-posed, there are only two identity-based proxy ring signature schemes have been proposed until now, i. e., Cheng's scheme and Lang's scheme. It's unlucky that the two identity-based proxy ring signature schemes are unfeasible. This paper points out the reasons why the two identity-based proxy ring signature schemes are unfeasible. In order to design feasible and efficient identity-based proxy ring signature schemes from bilinear pairings, we have to search for other methods.
基金Rising-Star Program of Shanghai 2023 Science and Technology Innovation Action Plan(Yangfan Special Project),China(No.23YF1401000)Fundamental Research Funds for the Central Universities,China(No.2232022D-25)。
文摘The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.
基金Supported by the National 973 Project of China (No.G1999035803), the National Natural Science Foundation of China (No.60373104) and the National 863 Project of China (No.2002AA143021).
文摘An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and based on the recently proposed identity-based signature scheme of Cha and Cheon. Due to the sound properties of m-torsion groups and the base scheme, it turns out that our schemes are very simple and efficient. Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.
基金Supported by the National Natural Science Foundation of China (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60672072, 60832003)Zhejiang Provincial Natural Science Foundation of China (No. Y106505)
文摘In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.
基金Supported by the National Natural Science Foun-dation of Chinafor Distinguished Young Scholars(60225007) the Na-tional Research Fundfor the Doctoral Programof Higher Education ofChina(20020248024) the Science and Technology Research Pro-ject of Shanghai (04DZ07067)
文摘In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.
基金Supported by the National High Technology Research and Development Program of China (No. 2006AA01Z428)the National Natural Science Foundation of China ( No. 60673075)
文摘Identity-based (ID-based) ring signature has drawn great concerns in recent years and many ID-based ring signature schemes have been proposed until now. Unfortunately, all of these ID-based ring signatures are constructed from bilinear pairings, a powerful but computationally expensive primitive. Hence, ID-based ring signature without pairing is of great interest in the field of cryptography. In this paper, the authors firstly propose an ID-based ring signature scheme based on quadratic residues. The proposed scheme is proved to be existentially unforgeable against adaptive chosen message-and-identity attack under the random oracle model, assuming the hardness of factoring. The proposed scheme is more efficient than those which are constructed from bilinear pairings.
基金the Major national S&T program under Grant No. 2011ZX03005-002National Natural Science Foundation of China under Grant No. 60872041,61072066the Fundamental Research Funds for the Central Universities under Grant No. JY10000903001,JY10000901034
文摘In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.
基金Project (No. 2005AA145110) supported by the Hi-Tech Research and Development Program (863) of China
文摘A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.
基金Supported by the National Natural Science Foundation of China (90604034, 10371127)
文摘In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies: (1) when members leave or join an organization, the public verification key and the signature verification procedure are unchanged; (2) a user participates in several organizations at the same time, her secret key is only related with her identity. However, no previous schemes have these two properties.
基金Supported by the National Natural Science Foun-dation of China (60372046 ,60573043)
文摘Fair exchange of digital signatures is an important tool for signing digital contracts, e-payment and other electronic commerce actions. An ID-based scheme of fair exchange of digital signature is proposed in this paper. The protocol relies on a trusted third party, but is "optimistic", in that the third party is only needed in cases where one player attempts to cheat or simply crashes. The proposed scheme has properties of short signature, low computation and verification cost. It can realize exchange of digital signatures fairly and effic, iently. A key feature of our scheme is that it is identity-based, which needs no certificates and has a simple key management. To our best knowledge, this is the first identity based scheme of fair exchange of digital signatures.
基金Supported by the National Natural Science Foun-dation of China (60473029)
文摘In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.
基金The National Hi-Tech Research and Development Program (863) of China (No. 2005AA145110)The Pudong New Area Technology Innovation Public Service Platform of China (No. PDP2005-04)
文摘An identity-based verifiably committed signature scheme (IB-VCS) was proposed, which is proved secure in the standard model (i.e., without random oracles). It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman (CDH) problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt's identity based signature (IBS) scheme is secure, which is proven true based on the CDH assumption in the standard model.
文摘A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.
基金Supported by National Natural Science Foundation of China (No.60503006 and No.60403007) and Natural Science Foundation of Guangdong, China (No. 04205407).
文摘We argue that traditional identity-based systems from pairings seem unsuitable for designing group signature schemes due to the problem of key escrow. In this paper we first propose new ID-based public key systems without trusted PKG (Private Key Generator) from bilinear pairings. In our new ID-based systems, if the dishonest PKG impersonates an honest user to communicate with others, the user can provide a proof of treachery of the PKG afterwards, which is similar to certificate-based systems. Therefore, our systems reach the Girault’s trusted level 3. We then propose a group signature scheme under the new ID-based systems, the security and performance of which rely on the new systems. The size of the group public key and the length of the signature are independent on the numbers of the group.
基金Supported by the Major Research Plan of the National Natural Science Foundation of China(90604023), the National Natural Science Foundation of China (60373059) and the National Research Foundation for the Doctoral Program of Higher Education of China(20040013007)
文摘In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. The proxy blind signature scheme is useful in several applications such as e-voting and e-payment. In this paper, we propose an identity-based proxy blind signature scheme which combines the advantages of proxy signature and of blind signature. Our scheme fulfills peffecdy the security requirements of a proxy blind signature. Comparing the previous scheme, our scheme needs less computational overhead and is more efficient.
基金Sponsored by the National Natural Science Foundation of China(Grant No.90104033).
文摘Ring signature and proxy signature are of vital importance to secure electronic commerce. Recently, the bilinear pairing such as Well pairing or Tate pairing on elliptic curves and hyperelliptic curves is playing an important role in security solutions. Several ID-based signature schemes have been put forward, many of which are based on bilinear pairings. In key management and moderate security demand scenarios, ID-based public key cryptosystem is more preferable than other public key infrastructure based systems. In this paper, an improved ID-based proxy ring signature scheme from bilinear pairings is proposed which combines the advantages of proxy signature and of ring signatures. Our scheme can guarantee the profits of the proxy signer via preventing the original signer form generating the proxy ring signature. Furthermore, bilinear pairings are introduced to minimize the computation overhead and to improve the related performance of our scheme. In contrast with Zhang's scheme, our scheme is a computational efficiency improvement for signature verification because the computational cost of bilinear pairings required is reduced from O(n) to O( 1 ). In addition, the proxy ring signature presented in this paper can perfectly satisfy all the security requirements of proxy ring signature, i. e. signer-ambiguity, non-forgeability, verification, non-deniability and distinguishability.
基金supported by the National Natural Science Foundation of China under Grant No.61003230,No.61370026,No.61103206,and No.61300191Chongqing Key Lab of Computer Network and Communication Technology under Grant No.CY-CNCL-2012-02
文摘Without the assumption that the private keys are kept secure perfectly, cryptographic primitives cannot be deployed in the insecure environments where the key leakage is inevitable. In order to reduce the damage caused by the key exposure in the identity-based(ID-based) signature scenarios efficiently, we propose an ID-based key-insulated signature scheme in this paper, which eliminates the expensive bilinear pairing operations. Compared with the previous work, our scheme minimizes the computation cost without any extra cost. Under the discrete logarithm(DL) assumption, a security proof of our scheme in the random oracle model has also been given.
