[3] RIVEST R L, SHAMIR A, ADLEMAN L.A method for obtaining digital signatures and public key cryptosystems［J］.Communications of the Association for Computer Machinery, 1978, 21(2):120-126.

[5] ELGAMAL T.A public key cryptosystem and a signature scheme based on discrete logarithms［J］.IEEE Transactions on Information Theory, 1985, 31(4):469-472.

[6] SCHNORR C P.Efficient identification and signatures for smart cards［C］//Proceedings of CRYPTO89, Berlin:Springer, 1989:239-252.

[8] CHAUM D, VAN H E.Group signatures［C］//Advances in Cryptology:EUROCRYPT91, Berlin:Springer, 1991:257-265.

[9] RIVEST R L, SHAMIR A, TAUMAN Y.How to leak a secret［C］//Proceedings ASIACRYPT01, Berlin:Springer, 2001:552-565.

[11] BONCH D, GENTRY C, LYNN B, et al.Aggregate and verifiably encrypted signatures from bilinear maps［J］.Lecture Notes in Computer Science, 2002, 2656(1):416-432.

[12] CHAUM D.Blind signature systems［C］//Proceedings CRYPTO83, Berlin:Springer, 1983:153-156.