[1]

N. Asokan, V. Shoup, M. Waidner, Optimistic fair exchange of digital signatures.

*IEEE J. Sel. Areas Commun.*
**18**(4), 593–610 (2000)

CrossRef[2]

F. Bao, R. Deng, W. Mao, Efficient and practical fair exchange protocols with offline TTP, in *Proceedings of IEEE Security & Privacy*, ed. by P. Karger, L. Gong (1998), pp. 77–85

[3]

P. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order, in *Proceedings of SAC 2005*, ed. by B. Preneel, S. Tavares. LNCS, vol. 3897 (Springer, Berlin, 2006), pp. 319–331

[4]

M. Bellare, C. Namprempre, G. Neven, Security proofs for identity-based identification and signature schemes, in

*Proceedings of Eurocrypt 2004*, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 268–286

CrossRef[5]

M. Bellare, C. Namprempre, G. Neven, Unrestricted aggregate signatures, in *Proceedings of ICALP 2007*, ed. by L. Arge, C. Cachin, T. Jurdziński, A. Tarlecki. LNCS, vol. 4596 (Springer, Berlin, 2007), pp. 411–422

[6]

M. Bellare, T. Ristenpart, Simulation without the artificial abort: Simplified proof and improved concrete security for Waters’ IBE scheme, in

*Proceedings of Eurocrypt 2009*, ed. by A. Joux. LNCS, vol. 5479 (Springer, Berlin, 2009), pp. 407–424

CrossRef[7]

A. Boldyreva, Threshold signature, multisignature and blind signature schemes based on the gap-Diffie–Hellman-group signature scheme, in *Proceedings of PKC 2003*, ed. by Y. Desmedt. LNCS, vol. 2567 (Springer, Berlin, 2003), pp. 31–46

[8]

A. Boldyreva, A. Palacio, B. Warinschi, Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003/096 (2003).

http://eprint.iacr.org/
[9]

D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in

*Proceedings of Eurocrypt 2004*, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 223–238

CrossRef[10]

D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing.

*SIAM J. Comput.*
**32**(3), 586–615 (2003). Extended abstract in

*Proceedings of Crypto 2001*
MathSciNetMATHCrossRef[11]

D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in

*Proceedings of Eurocrypt 2003*, ed. by E. Biham. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 416–432

CrossRef[12]

D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing.

*J. Cryptol.*
**17**(4), 297–319 (2004). Extended abstract in

*Proceedings of Asiacrypt 2001*
MathSciNetMATHCrossRef[13]

R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited.

*J. ACM*
**51**(4), 557–594 (2004)

MathSciNetMATHCrossRef[14]

S. Chatterjee, A. Menezes, On cryptographic protocols employing asymmetric pairings—the role of

*ψ* revisited. Cryptology ePrint Archive, Report 2009/480 (2009).

http://eprint.iacr.org/
[15]

S. Chatterjee, P. Sarkar, Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model, in *Proceedings of ICISC 2005*, ed. by D. Won, S. Kim. LNCS, vol. 3935 (Springer, Berlin, 2005), pp. 424–440

[16]

J.-S. Coron, D. Naccache, Boneh et al.’s

*k*-element aggregate extraction assumption is equivalent to the Diffie–Hellman assumption, in

*Proceedings of Asiacrypt 2003*, ed. by C.S. Laih. LNCS, vol. 2894 (Springer, Berlin, 2003), pp. 392–397

CrossRef[17]

S. Galbraith, Pairings, in

*Advances in Elliptic Curve Cryptography*, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 183–213. Chapter IX

CrossRef[18]

D. Galindo, J. Herranz, E. Kiltz, On the generic construction of identity-based signatures with additional properties, in

*Proceedings of Asiacrypt 2006*, ed. by X. Lai, K. Chen. LNCS, vol. 4284 (Springer, Berlin, 2006), pp. 178–193

CrossRef[19]

C. Gentry, A. Silverberg, Hierarchical ID-based cryptography, in

*Proceedings of Asiacrypt 2002*, ed. by Y. Zheng. LNCS, vol. 2501 (Springer, Berlin, 2002), pp. 548–566

CrossRef[20]

S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks.

*SIAM J. Comput.*
**17**(2), 281–308 (1988)

MathSciNetMATHCrossRef[21]

J. Groth, R. Ostrovsky, A. Sahai, Perfect non-interactive zero knowledge for NP, in

*Proceedings of Eurocrypt 2006*, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 339–358

CrossRef[22]

R. Hayashi, T. Okamoto, K. Tanaka, An RSA family of trap-door permutations with a common domain and its applications, in *Proceedings of PKC 2004*, ed. by F. Bao, R.H. Deng, J. Zhou. LNCS, vol. 2947 (Springer, Berlin, 2004), pp. 291–304

[23]

F. Hess, On the security of the verifiably encrypted signature scheme of Boneh, Gentry, Lynn and Shacham.

*Inf. Process. Lett.*
**89**(3), 111–114 (2004)

MathSciNetMATHCrossRef[24]

K. Itakura, K. Nakamura, A public-key cryptosystem suitable for digital multisignatures. *NEC J. Res. Dev.*
**71**, 1–8 (1983)

[25]

S. Kent, C. Lynn, K. Seo, Secure border gateway protocol (secure-BGP).

*IEEE J. Sel. Areas Commun.*
**18**(4), 582–592 (2000)

CrossRef[26]

N. Koblitz, A. Menezes, Pairing-based cryptography at high security levels, in

*Proceedings of Cryptography and Coding 2005*, ed. by N. Smart. LNCS, vol. 3796 (Springer, Berlin, 2005), pp. 13–36

CrossRef[27]

S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, B. Waters, Sequential aggregate signatures and multisignatures without random oracles, in

*Proceedings of Eurocrypt 2006*, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 465–485

CrossRef[28]

A. Lysyanskaya, S. Micali, L. Reyzin, H. Shacham, Sequential aggregate signatures from trapdoor permutations, in

*Proceedings of Eurocrypt 2004*, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 74–90

CrossRef[29]

M. Mambo, K. Usuda, E. Okamoto, Proxy signatures for delegating signing operation, in *Proceedings of CCS 1996*, ed. by L. Gong, J. Stearn (ACM, New York, 1996), pp. 48–57

[30]

A. Menezes, T. Okamoto, P. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field.

*IEEE Trans. Inf. Theory*
**39**(5), 1639–1646 (1993)

MathSciNetMATHCrossRef[31]

S. Micali, K. Ohta, L. Reyzin, Accountable-subgroup multisignatures (extended abstract), in *Proceedings of CCS 2001*, ed. by P. Samarati (ACM, New York, 2001), pp. 245–254

[32]

E. Mykletun, M. Narasimha, G. Tsudik, Signature bouquets: Immutability for aggregated/condensed signatures, in *Proceedings of ESORICS 2004*, ed. by P. Ryan, P. Samarati. LNCS, vol. 3193 (Springer, Berlin, 2004), pp. 160–176

[33]

D. Naccache, Secure and practical identity-based encryption. Cryptology ePrint Archive, Report 2005/369 (2005).

http://eprint.iacr.org/
[34]

G. Neven, Efficient sequential aggregate signed data, in

*Proceedings of Eurocrypt 2008*, ed. by N. Smart. LNCS, vol. 4965 (Springer, Berlin, 2008), pp. 52–69

CrossRef[35]

D. Nicol, S. Smith, M. Zhao, Evaluation of efficient security for BGP route announcements using parallel simulation.

*Simul. Model. Pract. Theory*
**12**, 187–216 (2004)

CrossRef[36]

K. Ohta, T. Okamoto, Multisignature schemes secure against active insider attacks. *IEICE Trans. Fundam.*
**E82-A**(1), 21–31 (1999)

[37]

T. Okamoto, A digital multisignature scheme using bijective public-key cryptosystems.

*ACM Trans. Comput. Syst.*
**6**(4), 432–441 (1988)

CrossRef[38]

K. Paterson, Cryptography from pairings, in

*Advances in Elliptic Curve Cryptography*, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 215–251. Chapter X

CrossRef[39]

K. Paterson, J. Schuldt, Efficient identity-based signatures secure in the standard model, in *Proceedings of ACISP 2006*, ed. by L. Batten, R. Safavi-Naini. LNCS, vol. 4058 (Springer, Berlin, 2006), pp. 207–222

[40]

Y. Rekhter, T. Li, S. Hares, A Border Gateway Protocol 4 (BGP-4). RFC 4271 (draft standard), Jan. 2006

[41]

T. Ristenpart, S. Yilek, The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks, in

*Proceedings of Eurocrypt 2007*, ed. by M. Naor. LNCS, vol. 4515 (Springer, Berlin, 2007), pp. 228–245

CrossRef[42]

M. Rückert, D. Schröder, Security of verifiably encrypted signatures and a construction without random oracles, in

*Proceedings of Pairing 2009*, ed. by H. Shacham, B. Waters. LNCS, vol. 5671 (Springer, Berlin, 2009), pp. 17–34

CrossRef[43]

H. Shacham, *New paradigms in signature schemes*. Ph.D. thesis, Stanford University, 2005

[44]

B. Waters, Efficient identity-based encryption without random oracles, in

*Proceedings of Eurocrypt 2005*, ed. by R. Cramer. LNCS, vol. 3494 (Springer, Berlin, 2005), pp. 114–127

CrossRef