[1]Koblitz N. Elliptic curve cryptosystems[J]. Mathematics of Computation, 1987, 48(177): 203209[2]Miller V S. Uses of elliptic curves in cryptography[G] LNCS 218: Proc of Advances in Cryptology—CRYPTO85. Berlin: Springer,1986: 417426[3]Trusted Computing Group. TCG TPM specification 2.0[EBOL]. 2013[20161006]. http:www.trustedcom putinggroup.orgresourcestpm[4]ISOIEC 11889: 2015 Information technologytrusted platform module library[SOL]. 2015 [20161006]. http:www.iso.orgisohomestorecatalogue_tccatalogue_detail.htm?csnumber=66510[5]国家密码管理局. SM2椭圆曲线公钥密码算法[EBOL]. 2010 [20161006]. http:www.oscca.gov.cnNews201012News_1197.htm[6]Pohlig S, Hellman M. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance[J]. IEEE Trans on Information Theory, 1978, 24(1): 106110[7]Pollard J M. Monte Carlo methods for index computation mod p[J]. Mathematics of Computation, 1978, 32(143): 918924[8]Menezes B A, Okamoto T, Vanstone S A. Reducing elliptic curves logarithms to logarithms in a finite field[J]. IEEE Trans on Information Theory, 1993, 39(5): 16391646[9]Gaudry P, Hess F, Smart N P. Constructive and destructive facets of Weil descent on elliptic curves[J]. Journal of Cryptology, 2002, 15(1): 1946[10]Smart N P. The discrete logarithm problem on elliptic curves of trace one[J]. Journal of Cryptology, 1999, 12(3): 193196[11]Satoh T, Araki K. Fermat quotients and the polynomial time discrete logalgorithm for anomalous elliptic curves[J]. Commentarii Mathematici Universitatis Sancti Pauli, 1998, 1(1): 8192[12]Goldwasser S, Micali S, Rivest R L. A “paradoxical” solution to the signature problem[C] Proc of Symp on Foundations of Computer Science. Los Alamitos, CA: IEEE Computer Society, 1984: 441448[13]Goldwasser S, Micali S, Rivest R L. A digital signature scheme secure against adaptive chosenmessage attacks[J]. Siam Journal on Computing, 1988, 17(2): 281308[14]Menezes A, Smart N. Security of signature schemes in a multiuser setting[J]. Designs, Codes and Cryptography, 2004, 33(3): 261274[15]BlakeWilson S, Menezes A. Unknown keyshare attacks on the stationtostation (STS) protocol[C] Proc of Int Workshop on Practice and Theory in Public Key Cryptography. Berlin:Springer, 1999: 154170[16]Geiselmann W, Steinwandt R. A key substitution attack on SFLASH[J]. Journal of Discrete Mathematical Sciences & Cryptography, 2005 (2): 137141[17]Tan C H. Key substitution attacks on some provably secure signature schemes[J]. IEICE Trans on Fundamentals of Electronics Communications & Computer, 2004, 87(1): 226227[18]Nechaev V I. Complexity of a determinate algorithm for the discrete logarithm[J]. Mathematical Notes, 1994, 55(2): 165172[19]Bellare M, Rogaway P. Random oracles are practical: A paradigm for designing efficient protocols[C] Proc of ACM Conf on Computer & Communication Security. New York: ACM, 1993: 6273[20]Zhang Zhenfeng, Yang Kang, Zhang Jiang, et al. Security of the SM2 signature scheme against generalized key substitution attacks[G] LNCS 9497: Security Standardisation Research. Berlin: Springer, 2015: 140153[21]Xu Jing, Feng Dengguo. Comments on the SM2 key exchange protocol[M] Cryptology and Network Security. Berlin: Springer, 2011: 160171[22]Yang A, Nam J, Kim M, et al. Provablysecure (chinese government) SM2 and simplified SM2 key exchange protocols[JOL]. The Scientific World Journal, 2014: 825984 [20161020]. https:www.hindawi.comjournalstswj2014825984[23]Zhao Shijun, Xi Li, Zhang Qianying, et al. Security analysis of SM2 key exchange protocol in TPM2.0[J]. Security & Communication Networks, 2015, 8(3): 383395[24]Goldwasser S, Micali S. Probabilistic encryption[J]. Journal of Computer & System Sciences, 1984, 28(2): 270299[25]Dolev D, Dwork C, Naor M, et al. Nonmalleable cryptography[C] Proc of ACM Symp on Theory of Computing. New York: ACM, 1991: 542552[26]Bellare B M, Rogaway P. Optimal asymmetric encryption[C] Proc of Int Cryptology Conf on Advances in Cryptology—Eurocrypt 94. Berlin: Springer, 1994: 92111 [27]Zheng Y, Seberry J. Practical approaches to attaining security against adaptively chosen ciphertext attacks (extended abstract)[C] Proc of Int Cryptology Conf on Advances in Cryptology. Berlin: Springer, 1992: 292304[28]Abdalla B M, Bellare M, Rogaway P. DHAES: An encryption scheme based on the DiffieHellma problem, 1999007[ROL]. Cryptology ePrint Archive.[20161006]. http:eprinl.iacr.org[29]Cramer R, Shoup V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack[C] Proc of Int Cryptology Conf on Advances in Cryptology—Crypto98. Berlin: Springer, 1998: 1325
|