C. Adams and S. Farrell, Internet X.509 Public Key Infrastructure: Certificate Management Protocols, RFC 2510, March (1999).
ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999.
M. Bellare, A. Boldyreva and S. Micali, Public-key encryption in a multi-user setting: security proofs and improvements, Advances in Cryptology-Eurocrypt 2000, LNCS Vol. 1807 (2000) pp. 259–274.
M. Bellare and P. Rogaway, Entity authentication and key distribution, Advances in Cryptology-Crypto '93, LNCS Vol. 773 (1993) pp. 232–249.
M. Bellare and P. Rogaway, Optimal asymmetric encryption-how to encrypt with RSA, Advances in Cryptology-Eurocrypt '94, LNCS Vol. 950 (1994) pp. 92–111.
M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin, Advances in Cryptology-Eurocrypt '96, LNCS Vol. 1070 (1996) pp. 399–416.
D. Bernstein, A secure public-key signature system with extremely fast verification, preprint (2002).
S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, Proceedings of the 6th IMA International Conference on Cryptography and Coding, LNCS Vol. 1355 (1997) pp. 30–45.
S. Blake-Wilson and A Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, Proceedings of PKC '99, LNCS Vol. 1560 (1999) pp. 154–170.
J. Boyar, K. Friedl and C. Lund, Practical zero-knowledge proofs: Giving hints and using deficiencies, Journal of Cryptology
, Vol. 4 (1991) pp. 185–206.Google Scholar
D. Brown, Generic groups, collision resistance, and ECDSA, preprint (2001).
J. Camenisch and M. Michels, Proving in zero-knowledge that a number is a product of two safe primes,Advances in Cryptology-Eurocrypt '99, LNCS Vol. 1592 (1999) pp. 107–122.
R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, Advances in Cryptology-Eurocrypt 2001, LNCS Vol. 2045 (2001) pp. 453–474.
R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Advances in Cryptology-Crypto '98, LNCS Vol. 1462 (1998) pp. 13–25.
W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography
, Vol. 2 (1992) pp. 107–125.Google Scholar
R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, Advances in Cryptology-Eurocrypt '99, LNCS Vol. 1592 (1999) pp. 123–139.
S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem, Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science (1984) pp. 441–448.
S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosenmessage attacks SIAM J. Computing
, Vol. 17 (1988) pp. 281–308.Google Scholar
J. van de Graaf and R. Peralta, A simple and secure way to show the validity of your public key, Advances in Cryptology-Crypto '87, LNCS Vol. 293 (1988) pp. 128–134.
J. Håstad, Solving simultaneous modular equations of low degree, SIAM Journal on Computing
, Vol. 17 (1988) pp. 336–341.Google Scholar
D. Johnson, A. Menezes and S. Vanstone, The elliptic curve digital signature algorithm (ECDSA), International J. Information Security
, Vol. 1 (2001) pp. 36–63.Google Scholar
M. Meyers, C. Adams, D. Solo and D. Kemp, Internet X.509 Certificate Request Message Format, RFC 2511, March (1999).
National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186–2 (2000).
P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces, Journal of Cryptology
, Vol. 15 (2002) pp. 151–176.Google Scholar
D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology
, Vol. 13 (2000) pp. 361–396.Google Scholar
M. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT Lab. for Computer Science, Technical Report LCS/TR-212, 1979
C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology
, Vol. 4 (1991) pp. 161–174.Google Scholar
V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-Eurocrypt '97, LNCS Vol. 1233 (1997) pp. 256–266.
V. Shoup, On formal models for secure key exchange, Cryptology ePrint Archive Report 1999/012, 1999. Available from http://eprint.iacr.org/1999/.
J. Stern, D. Pointcheval, J. Malone-Lee and N. P. Smart, Flaws in applying proof methodologies to signature schemes, Advances in Cryptology-CRYPTO 2002, LCNS Vol. 2442 (2002) pp. 93–110.
H. Williams, A modification of the RSA public-key encryption procedure, IEEE Transactions on Information Theory
, Vol. 26 (1980) pp. 726–729.Google Scholar