隨著企業國際化與全球化之趨勢，電子化處理已成為企業重要課題之一，企業紛紛將文件數位化，便於組織成員以數位化方式進行審核與簽署，進而提昇組織之運作效率。然而，待審核與簽署之文件內容可能為跨部門，就組織之分工(division of labor)與責任分擔(responsibility sharing)的考量，組織中成員應依其職務權責簽署文件之部份內容，而不是整份文件。因此，建置具有彈性之群導向(group-oriented)安全機制乃為發展電子化企業的關鍵因素之一。

基於GDH群(gap Diffie-Hellman group)，本論文針對不同之群體導向應用，提出具文件切割(document decomposition)與選派簽署者(selective signer)之多重簽章(multisignature)正規安全模型與方法，包括簽署者具名(known signer)之多重簽章、簽署者匿名(signer anonymity)之多重簽章及公平共同多重簽章(concurrent multisignature)。在簽署者具名之多重簽章方法中，文件分派者(document dispatcher)將待簽署之文件分割成許多子文件且依據不同權責傳送子文件給簽署群體中(signing group)的選派簽署者(selective signer)。每個選派簽署者僅對其所負責之子文件進行簽署，產生部份簽章(partial signature)。在所有選派簽署者完成簽署後，由簽章收集者(signature collector)合併所有部份簽章成為多重簽章，若產生之多重簽章不正確，簽章收集者可以檢查遭受惡意篡改之部份簽章。在進行多重驗證時，驗證者(verifier)僅需使用群體公鑰進行多重簽章之有效性的驗證。此外，每個參與之簽署者可以驗證多重簽章是否包括自己所產生之部份簽章。

簽署者匿名之多重簽章方法適用於某些較具敏感性之群體導向應用中，外部驗證者(即非簽署群體中之選派簽署者)僅能驗證多重簽章與部份簽章之有效性，但無法得知其中某一份特定子文件之部份簽章的選派簽署者身分，此性質亦稱為模糊性(ambiguity)。亦即，外部驗證者僅能知道部份簽章由簽署群體中之某一個選派簽署者所簽署。當發生爭議時，內部驗證(即參與簽署之選派簽署者)可以識別子文件之部份簽章的簽署者身分。

在公平共同多重簽章方法中，除了滿足簽署者匿名之性質外，更提供監督管控機制。在多重簽章產生過程，簽章收集者 選擇群體基礎資訊(group keystone)，並產生群體基礎資訊之允諾值(commitment)，所有選派簽署者亦選擇個人基礎資訊，並產生允諾值。所產生之群體/個人基礎資訊之允諾值用於產生部份簽章中。與上述具簽署者匿名之多重簽章相同，外部驗證者無法得知某一份特定子文件與其相對應之部份簽章的簽署者關係。當簽章收集者公開群體基礎資訊且所有簽章收集者共同公開個人基礎資訊時，所有部份簽章皆同時與其實際簽署者具有連接關係，即達到公平性。

As a tendency toward internationalized and globalized enterprises, electronic processes become one of important issues in enterprises. To promote efficiency for organizational operation, enterprises digitalize documents, and organizational members review and sign digital documents in a digital way. However, documents to be reviewed and signed may include cross departmental content. Considering division of labor and responsibility sharing, an organizational member should sign a partial document, instead of a whole document, according to his/her post and accountability. To establish a flexible and group-oriented cryptographic mechanism is one of critical elements for e-businesses.

Based on gap Diffie-Hellman groups, this dissertation proposes several multisignature security models and schemes with document decomposition and selective signers for different group-oriented applications, including a multisignature with known signers, a multisignature with signer anonymity, and a fair concurrent multisignature. In the proposed multisignature with known signers, a document dispatcher decomposes a document into several subdocuments and sends the subdocuments to selective signers in the signing group according different authorities. Each selective signer only signs a subdocument to generate a partial signature with respect to his/her post and accountability. After all partial signatures are generated by selective signers, a signature collector is responsible for collecting all partial signatures to form a multisignature. If the formed multisignature is invalid, the signature collector can detect which partial signature is maliciously modified. During multisignature verification, any verifier just uses the group key to verify the validity of the formed multisignature. In addition, each selective signer is able to verify the inclusion of his partial signature in the formed multisignature.

The proposed multisignature with signer anonymity is applicable to some sensitive group-oriented applications, any outside verifier (not a selective signer in the signing group) can verify the validity of a multisignature and partial signatures, but he/she has no idea about the identity of a selective signer who signed one particular subdocument. This property is also called ambiguity. In case of a dispute, an inside verifier (a selective signer in the signing group) can identify who is the actual signer to sign some subdocument.

The proposed concurrent multisignature provides a monitor mechanism, besides satisfying the anonymity. In the process of multisignature generation, the signature collector chooses a group keystone and generates a commitment of the chosen keystone. In addition, all selective signers choose their own personal keystones and generate the corresponding commitments. All commitments are used to generate partial signatures. As the signature collector publishes the group keystone and all selective signers publish their personal keystones, all partial signatures become binding to their actual signers concurrently. It is said to achieve fairness.

[AOS01] M. Abe, M. Ohkubo, and K. Suzuki, “1-out-of-n Signatures from a Variety of Keys,” Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’02, Queenstown, New Zealand, pp. 415-432 (2002)
[AMV90] G.B. Agnew, R.C. Mullin, and S.A. Vanstone, “Improved Digital Signature Scheme Based on Eiscrete Exponentiation,” Electronics Letters, Vol. 26, pp. 1024-1025 (1990)
[AS04] A.K. Awasthi and L. Sunder, “ID-Based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings,” http://eprint.iacr.org/2004/184 (2004)
[BNN04] M. Bellare, C. Namprempre, and G. Neven, “Security Proofs for Identity-Based Identification and Signature Schemes,” Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques - Advances in Cryptology - EUROCRYPT’04, Interlaken, Switzerland, pp. 268-286 (2004)
[BN07] M. Bellare and G. Neven, “Identity-Based Multi-Signatures from RSA,” Proceedings of Topics in Cryptology - CT-RSA’07, San Francisco, CA, USA, pp. 145-162 (2007)
[BN02] M. Bellare and G. Neven, “Transitive Signatures Based on Factoring and RSA,” Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’02, Queenstown, New Zealand, pp. 397-414 (2002)
[BR93] M. Bellare and P. Rogaway, “Random Oracles are Practical: A Paradigm for Designing Efficient Protocols,” Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62-73 (1993)
[Bol03] A. Boldyreva, “Threshold Signatures, Multisignatures and Blind Signatures based on the Gap-Diffie-Hellman-Group Signature Scheme,” Proceedings of Public Key Cryptography - PKC’03, Miami, FL, USA, pp. 31-46 (2003)
[BB04] D. Boneh and X. Boyen, “Short Signatures without Random Oracles,” Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques - Advances in Cryptology - EUROCRYPT’04, Interlaken, Switzerland, pp. 56-73 (2004)
[BLS01] D. Boneh, B. Lynn, and H. Shacham, “Short Signature from the Weil Pairing,” Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’01, Gold Coast, Australia, pp.514-532 (2001)
[Boy91] C. Boyd, “Multisignatures Based on Zero Knowledge Schemes,” Electronics Letters, Vol. 27, No. 22, pp. 2002-2004 (1991)
[BSS02] E. Bresson, J. Stern, and M. Szydlo, “Threshold Ring Signatures and Applications to Ad-Hoc Groups,” Proceedings of the 22nd Annual International Cryptology Conference - Advances in Cryptology - CRYPTO’02, Santa Barbara, California, USA, pp. 465-480 (2002)
[CGH04a] R. Canetti, O. Goldreich, and S. Halevi, “On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes,” Proceedings of the 1st Theory of Cryptography Conference (TCC’04), Cambridge, MA, USA, pp. 40-57 (2004)
[CGH04b] R. Canetti, O. Goldreich, and S. Halevi, “The Random Oracle Methodology, Revisited,” Journal of the ACM, Vol. 51, No. 4, pp. 557-594 (2004)
[CGH98] R. Canetti, O. Goldreich, and S. Halevi, “The Random Oracle Methodology, Revisited,” Proceedings of the 3rd annual ACM symposium on Theory of computing, Dallas, Texas, United States, pp. 209 - 218 (1998)
[CG05] D. Catalano and R. Gennaro, “Cramer-Damgård Signatures Revisited: Efficient Flattree Signatures based on Factoring,” Proceedings of Public Key Cryptography - PKC’05, Les Diablerets, Switzerland, pp. 313-327 (2005)
[CL04] C.C. Chang and I.C. Lin, “An Improvement of Delegated Multisignature Scheme with Document Decomposition,” ACM SIGOPS Operating Systems Review, Vol. 38, No. 4, pp. 52-57 (2004)
[CKP04] L. Chen, C. Kudla, and K.G. Paterson, “Concurrent Signatures,” Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques - Advances in Cryptology - EUROCRYPT’04, Interlaken, Switzerland, pp.287-305 (2004)
[CY06] Y.C. Chen and S.M. Yen, “Balanced Concurrent Signature,” Proceedings of the 16th Cryptology and Information Security Conference’06 (CISC’06), Taichung, Taiwan, pp. 25-32 (2006)
[Chie08] H.Y. Chien, “Highly Efficient ID-based Ring Signature from Pairings,” Proceedings of 2008 IEEE Asia-Pacific Services Computing Conference (IEEE APSCC’08), Yilan, Taiwan, pp.829-834 (2008)
[Chie05] H.Y. Chien, “Comments on ID-Based Multi-Signature with Distinguished Signing Authorities,” Applied Mathematics and Computation, Vol. 170, pp. 1284-1289 (2005)
[CHY04] S.M. Chow, C.K. Hui, and S.M. Yiu, “Identity Based Threshold Ring Signature,” Proceedings of the 6th International Conference on Information Security and Cryptology (ICISC’04), Seoul, Korea, pp. 218-232 (2004)
[CS05] S.M. Chow and W. Susilo, “Generic Construction of (Identity-Based) Perfect Concurrent Signatures,” Proceedings of the 7th International Conference on Information and Communications Security (ICICS’05), Beijing, China, pp. 194-206 (2005)
[Den02] A.W. Dent, “Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model,” Proceedings of the 1st International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’02, Queenstown, New Zealand, pp. 100-109 (2002)
[DH76] W. Diffie and M.E. Hellman, “New Direction in Cryptography,” IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644-654 (1976)
[Elg85] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, Vol. 31, pp. 469-472 (1985)
[GYL03] C.Z. Gao, Z.A.Yao, and L. Li, “A Ring Signature Scheme Based on the Nyberg-Rueppel Signature Scheme,” Proceedings of The 1st MiAn International Conference on Applied Cryptography and Network Security (ACNS’03), Kunming, China, pp. 169-175 (2003)
[GMR88] S. Goldwasser, S. Micali, and R.L. Rivest, “A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 281-308 (1988)
[HZ92] T. Hardjono and Y. Zheng, “A Practical Digital Multisignature Scheme Based on Discrete Logarithms,” Proceedings of Advances in Cryptology - AUSCRYPT’92, Queensland, Australia, pp. 122-132 (1992)
[Har99] L. Harn, “Digital Multisignature with Distinguished Signing Authorities,” Electronics Letters, Vol. 35, No. 4, pp. 294-295 (1999)
[Har94a] L. Harn, “Group-Oriented (t, n) Threshold Digital Signature Scheme and Digital Multisignature,” IEE Proceedings of Computers and Digital Techniques, Vol. 141, No. 5, pp. 307-313 (1994)
[Har94b] L. Harn, “New Digital Signature Scheme Based on Discrete Logarithms,” Electronics Letters, Vol. 30, pp. 396-398 (1994)
[HK89] L. Harn and T. Kiesler, “New Scheme for Digital Multisignature,” Electronics Letters, Vol. 25, No. 15, pp. 1002-1003 (1989)
[HS04a] J. Herranz and G. Sáez, “Distributed Ring Signatures for Identity-Based Scenarios,” http://eprint.iacr.org/2004/190/ (2004)
[HS04b] J. Herranz and G. Sáez, “New Identity-Based Ring Signature Schemes,” Proceedings of the 6th International Conference on Information and Communications Security (ICICS’04), Malaga, Spain, pp. 27-39 (2004)
[HS03] J. Herranz and G. Sáez, “Forking Lemmas for Ring Signature Schemes,” Proceedings of the 4th International Conference on Cryptology in India (INDOCRYPT’03), New Delhi, India, pp. 266-279 (2003)
[HC05] H.F. Huang and C.C. Chang, “Multisignatures with Distinguished Singing Authorities for Sequential and Broadcasting Architectures,” Computer Standards & Interfaces, Vol. 27, pp. 169-176 (2005)
[HCLH07] Z. Huang, K. Chen, X. Lin, and R. Huang, “Analysis and Improvements of Two Identity-Based Perfect Concurrent Signature Schemes,” Informatica, Vol. 18, No. 3, pp. 375-394 (2007)
[HLH08] Z. Huang, X. Lin, and R. Huang, “Certificateless Concurrent Signature Scheme,” Proceedings of the 9th International Conference for Young Computer Scientists (ICYCS’08), Zhang Jia Jie, Hunan, China, pp.2102-2107 (2008)
[HLY08] H. Huang, H.C. Lin, and S.M. Yen, “On the possibility of Constructing a Concurrent Signature Scheme from a Conditional Signature Scheme,” Proceedings of the 18th Cryptology and Information Security Conference’08 (CISC’08), Hualien , Taiwan, pp. 97-107, 2008.
[IT05] T. Isshiki and K. Tanaka, “An (n-t)-out-of-n Threshold Ring Signature Scheme,” Proceedings of the 10th Australasian Conference on Information Security and Privacy (ACISP’05), Brisbane, Australia, pp. 406-416 (2005)
[IN83] K. Itakura and K. Nakamura, “A Public-key Cryptosystem Suitable for Digital Multisignatures,” NEC Research and Development, Vol. 71, pp. 1-8 (1983)
[KZ06] A. Kiayias, and H.S. Zhou, “Concurrent Blind Signatures without Random Oracles,” Proceedings of the 5th International Conference on Security and Cryptography for Networks (CANS’06), Suzhou, China, pp. 49-62 (2006)
[KH90] T. Kiesler and L. Harn, “RSA Blocking and Multisignature Schemes with No Bit Expansion,” Electronics Letters, Vol. 26, No.18, pp. 1490-1491 (1990)
[Kob87] N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol. 48, pp. 203–209 (1987)
[KOSK06] Y. Komano, K. Ohta, A. Shimbo, and S. Kawamura, “Formal Security Model of Multisignatures,” Proceedings of the 9th Information Security conference (ISC'06), Samos Island, Greece, pp. 146-160 (2006)
[LWH05] K.C. Lee, H. Wei, T. Hwang, “Convertible Ring Signature,” IEE Proceedings of Communications, Vol. 152, No. 4, pp. 411-414 (2005)
[LHL08] Y. Li, D. He, and X. Lu, “Accountability of Perfect Concurrent Signature,” Proceedings of the 2nd International Conference on Computer and Electrical Engineering (ICCEE’08), Dubai, UAE, pp. 773-777 (2008)
[LHL94] C.M. Li, T. Hwang, and N.Y. Lee, “Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders,” Proceedings of Workshop on the Theory and Application of Cryptographic Techniques - Advances in Cryptology - EUROCRYPT’94, Perugia, Italy, pp. 194-204 (1994)
[LW04] J.K. Liu and D.S. Wong, “On the Security Models of (Threshold) Ring Signature Schemes,” Proceedings of the 7th International Conference on Information Security and Cryptology (ICISC’04), Seoul, Korea, pp. 204-217 (2004)
[LRCK09] J. Lv, K. Ren, X. Chen, K. Kim, “The Ring Authenticated Encryption Scheme - How to Provide a Clue Wisely,” Information Sciences, Vol. 179, No. 1-2, pp. 161-168 (2009)
[LRCK04] J. Lv, K. Ren, X. Chen, K. Kim, “Ring Authenticated Encryption: a New Type of Authenticated Encryption,” Proceedings of the 2004 Symposium on Cryptography and Information Security (SCIS'04), Sendai, Japan, pp. 1179-1184 (2004)
[LW03] J.Q. Lv and X.M. Wang, “Verifiable Ring Signature,” Proceedings of the 3rd International Workshop on Cryptology and Network Security (CANS’03), Miami, Florida, USA, pp. 663-665 (2003)
[MUO96a] M. Mambo, K. Usuda, and E. Okamoto, “Proxy Signature: Delegation of the Power to Sign Messages,” IEICE Transactions on Fundamentals of Electronic Communications and Computer Science, Vol. E79-A, No. 9, pp. 1338-1354 (1996)
[MUOb] M. Mambo, K. Usuda, and E. Okamoto, “Proxy Signature for Delegating Signing Operation,” Proceedings of the 3rd ACM Conference on Computer and Communications Security, New Dehli, India, pp. 48-57 (1996)
[Mau05] U. Maurer, “Abstract Models of Computation in Cryptography,” Proceedings of the 10th IMA International Conference On Cryptography and Coding, Cirencester, United Kingdom, pp. 1-12 (2005)
[Mil85] V. Miller, “Use of elliptic curves in cryptography,” Proceedings of the 2nd Annual International Cryptology Conference - Advances in Cryptology – CRYPTO’ 85, Santa Barbara, California, pp. 417-426 (1985)
[Naor02] M. Naor, “Deniable Ring Authentication,” Proceedings of the 22nd Annual International Cryptology Conference - Advances in Cryptology - CRYPTO’02, Santa Barbara, California, pp. 481-498 (2002)
[NIST08] National Institute of Standards and Technology, “Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,” NIST Special Publication 800-67, http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf (2008)
[NIST06] National Institute of Standards and Technology, “Recommendation for Key Management - Part 1: General (Revised),” NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf (2006)
[NIST01] National Institute of Standards and Technology, “Announcing the ADVANCED ENCRYPTION STANDARD (AES),” Federal Information Processing Standards Publication 197, http://csrc.nist.gov/publications/ fips/fips197/fips-197.pdf (2001)
[Ngu05a] K. Nguyen, “Asymmetric Concurrent Signatures,” Proceedings of the 8th Information and Communications Security Conference (ICISC’05), Seoul, Korea, pp.181-193 (2005)
[Ngu05b] L. Nguyen, “Accumulator from Bilinear Pairings and Application to ID-Based Ring Signatures and Group Membership Revocation,” Proceedings of Topics in Cryptology - CT-RSA 2005, San Francisco, CA, USA, pp. 275-292 (2005)
[OO91] K. Ohta and T. Okamoto, “A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme,” Proceedings of the 1st International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’91, Fujiyosida, Japan, pp. 139-148 (1991)
[Oka88] T. Okamoto, “A Digital Multisignature Scheme using Bijective Public-key Cryptosystem,” ACM Transactions on Computer Systems, Vol. 6, No. 4, pp. 432-441 (1988)
[PS00] D. Pointcheval and J. Stern, “Security Arguments for Digital Signature and Blind Signature,” Journal of Cryptology, Vol. 13, pp. 361-396 (2000)
[RSA78] R.L. Rivest, A. Shamir, and L. Adleman, “A method for Obtaining Digital Signatures and Public-key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp.120-126 (1978)
[RST01] R.L. Rivest, A. Shamir, and Y. Tauman, “How to Leak a Secret,” Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’01, Gold Coast, Australia, pp. 552-565 (2001)
[SOK00] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems Based on Pairing,” Proceedings of Symposium on Cryptography and Information Security (SCIS’00), Okinawa, Japan, pp. 26-28 (2000)
[Sch89] C.P. Schnorr, “Efficient Identification and Signatures for Smart Cards,” Proceedings of the 9th Annual International Cryptology Conference - Advances in Cryptology - Crypto’89, Santa Barbara, California, pp. 239-252 (1989)
[Sha84] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Proceedings of the 4th Annual International Cryptology Conference - Advances in Cryptology - CRYPTO’84, Santa Barbara, California, pp. 47-53 (1984)
[SLY08] C.T. Shieh, H.C. Lin, and S.M. Yen, “Fair Multi-Party Concurrent Signatures,” Proceedings of the 18th Cryptology and Information Security Conference’08 (CISC’08), Hualien , Taiwan, pp. 108-118 (2008)
[Sho97] V. Shoup. “Lower bounds for discrete logarithms and related problems,” Proceedings of International Conference on the Theory and Application of Cryptographic Techniques - Advances in Cryptology - EUROCRYPT’97, Konstanz, Germany, pp. 256-266 (1997)
[SM05] W. Susilo and Y. Mu, “Tripartite Concurrent Signatures,” Proceedings of the 20th IFIP International Information Security Conference (IFIP/SEC’05), Chiba, Japan, pp. 425-441 (2005)
[SM03] W. Susilo and Y. Mu, “Non-Interactive Deniable Ring Authentication,” Proceedings of the 6th International Conference on Information Security and Cryptology (ICISC’03), Seoul, Korea, pp. 386-401 (2003)
[SMZ04] W. Susilo, Y. Mu, and F. Zhang, “Perfect Concurrent Signatures Schemes,” Proceedings of the 6th Information and Communications Security Conference (ICISC’04), Malaga, Spain, pp.14-26 (2004)
[TSS06] D. Tonien, W. Susilo, and R. Safavi-Naini, “Multi-Party Concurrent Signatures,” Proceedings of the 9th International Conference on Information Security (ISC’06), Samos Island, Greece, pp.131-145 (2006)
[TW05] P.P. Tsang and V.K. Wei, “Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation,” Proceedings of the 1st International Conference on Information Security Practice and Experience (ISPEC’05), Singapore, pp. 48-60 (2005)
[TWCALW04] P.P. Tsang, V.K. Wei, T.K. Chan, M.H. Au, J.K. Liu, and D.S. Wong, “Separable Linkable Threshold Ring Signatures,” Proceedings of the 5th International Conference on Cryptology in India (INDOCRYPT’04), Chennai (Madras), India, pp. 384-398 (2004)
[WBZ06] G. Wang, F. Bao, and J. Zhou, “The Fairness of Perfect Concurrent Signatures,” Proceedings of the 8th International Conference on Information and Communications Security (ICISC’06), Raleigh, North Carolina, USA, pp.435-451 (2006)
[WLC98] C.T. Wang, C.H. Lin, and C.C. Chang, “Threshold Signature Schemes with Traceable Signers in Group Communications,” Computer Communications, Vol. 21, No. 8, pp. 771-776 (1998)
[WL06] C.H. Wang and C.Y. Liu, “A New Ring Signature Scheme with Signer-Admission Property,” Information Sciences, Vol. 177, No. 3, pp. 747-754 (2006)
[WZ09] H. Wang and F. Zhang, “Cryptanalysis of a Generalized Ring Signature Scheme,” IEEE Transactions on Dependable and Secure Computing, Vol., 6, No. 2, pp149-151 (2009)
[Wiki09] Wikipedia, “Standard Model,” http://en.wikipedia.org/wiki/ Standard_model (2009)
[WFLW03] D.S. Wong, K. Fung, J.K. Liu, and V.K. Wei, “On the RS-Code Construction of Ring Signature Schemes and a Threshold Setting of RST,” Proceedings of the 5th International Conference on Information and Communications Security (ICICS’03), Huhehaote City, Inner-Mongolia, China, pp. 34-46 (2003)
[WH02] T.S. Wu and C.L. Hsu, “ID-Based Multisignatures With Distinguished Signing Authorities for Sequential and Broadcasting Architectures,” Applied Mathematics and Computation, Vol. 131, No. 2-3, pp. 349-356 (2002)
[WHG01] T.C. Wu, C.C. Huang, and D.J. Guan, “Delegated Multisignature Scheme with Document Decomposition,” Journal of Systems and Software, Vol. 6, pp. 195-197 (2001)
[XQL08] H. Xiong, Z. Qin, and F. Li, “Identity-Based Threshold Ring Signature without Pairings,” Proceedings of the 6th International Conference on Communications, Circuits and Systems (ICCCAS’08), Xiamen, China, pp.537-541 (2008)
[Zha07] J. Zhang, “An Efficient Identity-Based Ring Signature Scheme and Its Extension,” Proceedings of International Conference on Computational Science and Its Applications (ICCSA’07), Kuala Lumpur, Malaysia, pp. 63-74 (2007)
[ZC07] J. Zhang and J. Cheng, “Another Efficient Identity-Based Ring Signature Scheme and Its Extension,” Proceedings of the 1st International Symposium on Data, Privacy, and E-Commerce (ISDPE’07), Chengdu, China, pp. 286-288 (2007)
[ZK02] F.G. Zhang and K. Kim, “ID-Based Blind Signature and Ring Signature from Pairings,” Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’02, Queenstown, New Zealand, pp. 533-547 (2002)
[ZW08] Y. Zhang and X. Wang, “Message Substitute Attack on Concurrent Signatures Protocol and Its Improvement,” Proceedings of 2008 International Symposium on Electronic Commerce and Security (ISECS’08), Guangzhou，China, pp.497-501 (2008)
[ZX08] J. Zhang and J. Xie, “A Novel Ring Signature Scheme with Mlti-Designated Verifiers,” Proceedings of the 7th IEEE Conference on Cybernetics and Intelligent Systems, London, UK, pp. 873-877 (2008)
[任01] 任文瑗，電子銀行持久性競爭優勢之研究－以全球貿易文件電子化作業為例，第一屆製商整合研討會論文集，雲林，台灣 (2001)。
[關貿09] 關貿網路，便捷貿e網服務，http://www.tradevan.com.tw/web/guest/62 (2009)。