關(guan)鍵詞：數(shu)字(zi)簽名(ming)技術；數(shu)字(zi)簽名(ming)算法標準；帶屬(shu)性的(de)數(shu)字(zi)簽名(ming)；公(gong)鑰(yao)密碼

內(nei)容目錄：

1　數字簽名原理

2　數字簽名技(ji)術發展歷程

3　具備附加屬性(xing)的數字簽名技術

4　數(shu)字簽(qian)名算法標準

5　結　語

人(ren)類在很長時間都(dou)是以手(shou)寫簽(qian)(qian)(qian)(qian)名(ming)(ming)、印章或(huo)指模等來確(que)認(ren)(ren)作(zuo)品(pin)、文(wen)件(jian)等的(de)(de)(de)(de)(de)真(zhen)實(shi)性，包(bao)括(kuo)認(ren)(ren)定(ding)作(zuo)品(pin)的(de)(de)(de)(de)(de)創作(zuo)者(zhe)、文(wen)件(jian)簽(qian)(qian)(qian)(qian)署者(zhe)的(de)(de)(de)(de)(de)身份，推(tui)定(ding)作(zuo)品(pin)的(de)(de)(de)(de)(de)真(zhen)偽或(huo)者(zhe)文(wen)件(jian)內(nei)容的(de)(de)(de)(de)(de)真(zhen)實(shi)性。數(shu)字(zi)(zi)(zi)簽(qian)(qian)(qian)(qian)名(ming)(ming)技術用于在數(shu)字(zi)(zi)(zi)社(she)會中(zhong)實(shi)現類似(si)于手(shou)寫簽(qian)(qian)(qian)(qian)名(ming)(ming)或(huo)者(zhe)印章的(de)(de)(de)(de)(de)功(gong)能，即(ji)(ji)實(shi)現對數(shu)字(zi)(zi)(zi)文(wen)檔進行簽(qian)(qian)(qian)(qian)名(ming)(ming)。數(shu)字(zi)(zi)(zi)簽(qian)(qian)(qian)(qian)名(ming)(ming)技術實(shi)際(ji)上能夠提(ti)供(gong)比手(shou)寫簽(qian)(qian)(qian)(qian)名(ming)(ming)或(huo)印章更(geng)多(duo)的(de)(de)(de)(de)(de)安全保障。一(yi)個(ge)有效(xiao)的(de)(de)(de)(de)(de)數(shu)字(zi)(zi)(zi)簽(qian)(qian)(qian)(qian)名(ming)(ming)能夠確(que)保簽(qian)(qian)(qian)(qian)名(ming)(ming)確(que)實(shi)由認(ren)(ren)定(ding)的(de)(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)名(ming)(ming)人(ren)完成，即(ji)(ji)簽(qian)(qian)(qian)(qian)名(ming)(ming)人(ren)身份的(de)(de)(de)(de)(de)真(zhen)實(shi)性（authentication）；被簽(qian)(qian)(qian)(qian)名(ming)(ming)的(de)(de)(de)(de)(de)數(shu)字(zi)(zi)(zi)內(nei)容在簽(qian)(qian)(qian)(qian)名(ming)(ming)后(hou)沒有發生(sheng)任何的(de)(de)(de)(de)(de)改(gai)變，即(ji)(ji)被簽(qian)(qian)(qian)(qian)名(ming)(ming)數(shu)據（也稱簽(qian)(qian)(qian)(qian)名(ming)(ming)消息(xi)或(huo)簡稱消息(xi)）的(de)(de)(de)(de)(de)完整性（integrity）；接收人(ren)一(yi)旦獲得(de)簽(qian)(qian)(qian)(qian)名(ming)(ming)人(ren)的(de)(de)(de)(de)(de)（包(bao)括(kuo)被簽(qian)(qian)(qian)(qian)名(ming)(ming)數(shu)據的(de)(de)(de)(de)(de)） 有效(xiao)簽(qian)(qian)(qian)(qian)名(ming)(ming)后(hou)，簽(qian)(qian)(qian)(qian)名(ming)(ming)人(ren)無法(fa)否認(ren)(ren)其(qi)簽(qian)(qian)(qian)(qian)名(ming)(ming)行為，即(ji)(ji)不可(ke)抵賴性（non-repudiation）。

本文(wen)中的(de)(de)(de)(de)數字(zi)簽(qian)(qian)名(ming)(ming)(ming)技(ji)術特(te)指(zhi)(zhi)采(cai)用(yong)非對(dui)稱(cheng)密碼(ma)機制來實現的(de)(de)(de)(de)簽(qian)(qian)名(ming)(ming)(ming)技(ji)術。一個(ge)簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)具(ju)有一對(dui)密鑰(yao)，包(bao)括一個(ge)公鑰(yao)和一個(ge)私鑰(yao)。簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)公開其(qi)公鑰(yao)，簽(qian)(qian)名(ming)(ming)(ming)驗(yan)(yan)(yan)證人(ren)(ren)（簡稱(cheng)驗(yan)(yan)(yan)簽(qian)(qian)人(ren)(ren)）需要(yao)在驗(yan)(yan)(yan)證簽(qian)(qian)名(ming)(ming)(ming)前(qian)獲取簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)的(de)(de)(de)(de)真(zhen)實公鑰(yao)。如果(guo)驗(yan)(yan)(yan)簽(qian)(qian)人(ren)(ren)需驗(yan)(yan)(yan)證多個(ge)簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)的(de)(de)(de)(de)簽(qian)(qian)名(ming)(ming)(ming)，則(ze)必須預先(xian)知道每個(ge)簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)和其(qi)公鑰(yao)的(de)(de)(de)(de)對(dui)應關系(xi)。在滿足(zu)以(yi)(yi)上前(qian)提的(de)(de)(de)(de)情況(kuang)下，簽(qian)(qian)名(ming)(ming)(ming)人(ren)(ren)就(jiu)可(ke)以(yi)(yi)使用(yong)其(qi)私鑰(yao)對(dui)任意消(xiao)息(xi)(xi)(xi)進行(xing)簽(qian)(qian)名(ming)(ming)(ming)操作，生成簽(qian)(qian)名(ming)(ming)(ming)值；任意知道公鑰(yao)的(de)(de)(de)(de)驗(yan)(yan)(yan)簽(qian)(qian)人(ren)(ren)都可(ke)以(yi)(yi)通過驗(yan)(yan)(yan)簽(qian)(qian)操作驗(yan)(yan)(yan)證對(dui)消(xiao)息(xi)(xi)(xi)的(de)(de)(de)(de)簽(qian)(qian)名(ming)(ming)(ming)值相對(dui)于某(mou)公鑰(yao)是否有效。若待(dai)簽(qian)(qian)名(ming)(ming)(ming)消(xiao)息(xi)(xi)(xi)過大時(shi)，可(ke)以(yi)(yi)先(xian)采(cai)用(yong)雜湊算(suan)法生成消(xiao)息(xi)(xi)(xi)的(de)(de)(de)(de)摘要(yao)（類似于數據的(de)(de)(de)(de)指(zhi)(zhi)紋）后再對(dui)摘要(yao)進行(xing)數字(zi)簽(qian)(qian)名(ming)(ming)(ming)。

為了(le)實(shi)現真實(shi)性(xing)、完整性(xing)和不可(ke)抵賴性(xing)功能(neng)，數字簽(qian)名(ming)機(ji)制需要滿足一(yi)定的(de)安(an)全(quan)(quan)(quan)需求。簡單地講，安(an)全(quan)(quan)(quan)的(de)數字簽(qian)名(ming)機(ji)制要求：1）在(zai)沒有私(si)鑰的(de)情(qing)況下(xia)，生成某個消息(xi)的(de)有效簽(qian)名(ming)在(zai)計算上是(shi)不可(ke)行的(de)；2）根據(ju)公鑰和消息(xi)/ 簽(qian)名(ming)對(dui)， 計算出(chu)簽(qian)名(ming)私(si)鑰是(shi)不可(ke)行的(de)。更加嚴格的(de)數字簽(qian)名(ming)機(ji)制安(an)全(quan)(quan)(quan)定義是(shi)在(zai)選(xuan)擇(ze)消息(xi)攻擊下(xia)具有不可(ke)偽造(zao)性(xing)（Existential Unforgeability under Adaptive Chosen Message Attack: EUF-CMA），即攻擊者(zhe)可(ke)任(ren)意選(xuan)擇(ze)多(duo)項式(shi)個消息(xi)請簽(qian)名(ming)人生成并獲(huo)得對(dui)應的(de)簽(qian)名(ming)，仍然(ran)(ran)無(wu)法(fa)生成一(yi)個新(xin)消息(xi)的(de)合法(fa)簽(qian)名(ming)。更高安(an)全(quan)(quan)(quan)性(xing)的(de)定義是(shi)選(xuan)擇(ze)消息(xi)攻擊強(qiang)不可(ke)偽造(zao)性(xing)（Strong Existential Unforgeability under Adaptive Chosen Message Attack: SUF-CMA），即攻擊者(zhe)可(ke)任(ren)意選(xuan)擇(ze)多(duo)項式(shi)個消息(xi)請簽(qian)名(ming)人生成并獲(huo)得對(dui)應的(de)簽(qian)名(ming)，仍然(ran)(ran)無(wu)法(fa)生成一(yi)個新(xin)消息(xi)的(de)合法(fa)簽(qian)名(ming)或者(zhe)一(yi)個已簽(qian)名(ming)消息(xi)的(de)新(xin)合法(fa)簽(qian)名(ming)。

從 Whitfield Diffie 和 Martin Hellman 在(zai) 1976 年發(fa)(fa)表歷史性(xing)的(de)論(lun)(lun)文《密碼(ma)學的(de)新方向》提出數(shu)字(zi)(zi)簽名(ming)的(de)概(gai)念到(dao)今天，數(shu)字(zi)(zi)簽名(ming)技術經(jing)過(guo)了(le)四十多年的(de)發(fa)(fa)展。這四十多年中(zhong)，數(shu)字(zi)(zi)簽名(ming)技術在(zai)理論(lun)(lun)研究上經(jing)歷了(le)從一個可(ke)能的(de)數(shu)學概(gai)念，發(fa)(fa)展到(dao)基(ji)于(yu)計算復(fu)雜性(xing)問(wen)題(ti)的(de)具體實現(xian)、到(dao)扎(zha)實的(de)安(an)全(quan)模(mo)型定義、到(dao)安(an)全(quan)性(xing)可(ke)證明的(de)高效構造、再到(dao)滿足各類(lei)差異化需(xu)求(qiu)的(de)特性(xing)簽名(ming)技術。數(shu)字(zi)(zi)簽名(ming)技術在(zai)應用(yong)上從小規模(mo)的(de)商業和個人數(shu)據(ju)保護開始，伴隨著互聯網和電子商務的(de)發(fa)(fa)展，到(dao)今天已經(jing)發(fa)(fa)展成為(wei)數(shu)字(zi)(zi)社會的(de)安(an)全(quan)基(ji)石之一。

作(zuo)(zuo)(zuo)為一個相對全(quan)面的(de)概覽(lan)，下面列(lie)出數字簽(qian)名技術(shu)發展過程(cheng)中的(de)一些重(zhong)(zhong)要學術(shu)工作(zuo)(zuo)(zuo)和重(zhong)(zhong)大(da)事件(jian)。這個列(lie)表(biao)無(wu)意(yi)列(lie)出過去四十年(nian)所有重(zhong)(zhong)要的(de)工作(zuo)(zuo)(zuo)和事件(jian)。未(wei)出現在列(lie)表(biao)中的(de)學術(shu)工作(zuo)(zuo)(zuo)或相關事件(jian)并不表(biao)示其重(zhong)(zhong)要性比(bi)列(lie)出的(de)低。

（1）1976 年(nian) Whitfield Diffie 和 Martin Hellman 在《密碼學的(de)新方向》一文中提出數字簽名的(de)概念。

（2）1978 年(nian) Ronald Rivest, Adi Shamir和Len Adleman發表RSA數字簽(qian)名算法。

（3）1978 年 Michael O. Rabin 發表一(yi)次數字簽(qian)名(ming)（one-time digital signature）算(suan)法Rabin。

（4）1979 年 Ralph Merkle 發(fa) 表 Merkle 數(shu)字(zi)簽名算(suan)法(fa)(fa)(fa)。該算(suan)法(fa)(fa)(fa)也是一種一次(ci)數(shu)字(zi)簽名算(suan)法(fa)(fa)(fa)，但和 Rabin 算(suan)法(fa)(fa)(fa)有重要區別。該算(suan)法(fa)(fa)(fa)成為一類基(ji)于(yu)雜湊的數(shu)字(zi)簽名（hash-based digital signature）算(suan)法(fa)(fa)(fa)（例如 XMSS）的基(ji)礎(chu)。這(zhe)類算(suan)法(fa)(fa)(fa)在后量子計(ji)算(suan)時代可能(neng)依然安全。算(suan)法(fa)(fa)(fa)中的Merkle 樹(shu)(shu)具有眾多應(ying)用(yong)，如區塊鏈(lian)使用(yong) Merkle 樹(shu)(shu)存儲交易記錄。

（5）1984 年 Taher Elgamal 發表基于(yu)離散對(dui)數問題的 Elgamal 數字(zi)簽(qian)名算法。

（6）1984 年 Adi Shamir 提出(chu)基(ji)于身(shen)份(fen)的(de)密(mi)碼技術(shu)（Identity-Based Cryptography: IBC）并給出(chu)第一個基(ji)于身(shen)份(fen)的(de)數(shu)字簽名算法（Identity- Based Signature: IBS）。基(ji)于身(shen)份(fen)的(de)密(mi)碼也稱基(ji)于標識的(de)密(mi)碼。

（7）1984 年 Shafi Goldwasser, Silvio Micali 和 Ronald Rivest 給出了數(shu)字簽名機制安全模型(xing)的(de)嚴(yan)格(ge)定義(yi)（選擇消息攻擊下不可偽造模型(xing)：EUF-CMA）。這個(ge)模型(xing)后(hou)來被(bei)廣泛(fan)接受，用于分析(xi)各種數(shu)字簽名算法的(de)安全性(xing)。

（8）1986 年 Amos Fiat和 Adi Shamir發表Fiat-Shamir變換(huan)。該(gai)變換(huan)可將(jiang)一(yi)大類身份認證方案轉化為數字簽名算法。

（9）1989 年 Claus Schnorr 發(fa)表(biao)Schnorr 數字簽名算法。該算法的安全(quan)性可以(yi)基于離(li)散對數問(wen)題(ti)在隨機諭示模(mo)型下獲得證明。2011 年發(fa)表(biao)的 EdDSA 數字簽名算法也是以(yi) Schnorr 算法為基礎(chu)。

（10）1989 年 Lotus Notes 1.0發布(bu)采用RSA算法的數字(zi)簽(qian)名功能。這是第一款大規模應用的商業軟件(jian)支持數字(zi)簽(qian)名技(ji)術(shu)。

（11）1991年NIST發布(bu)數(shu)字簽(qian)名(ming)算(suan)法DSA。該算(suan)法是Elgamal數(shu)字簽(qian)名(ming)算(suan)法的(de)(de)(de)變形， 在1994年作為 FIPS 186 中(zhong)的(de)(de)(de)數(shu)字簽(qian)名(ming)標準DSS發布(bu)。DSA和橢圓曲線上的(de)(de)(de)ECDSA算(suan)法的(de)(de)(de)安全性分析一直是個挑戰(zhan)。2000年Daniel R. L. Brown在一般(ban)群模型(xing)下分析了ECDSA算(suan)法的(de)(de)(de)安全性。

（12）1991年Phil R Zimmermann 發 布(bu) PGP 1.0，支持RSA數字(zi)簽名(ming)算法。

（13）1991年(nian)Marc Girault 提出自(zi)認證(zheng)密(mi)鑰(yao)的(de)概(gai)念并設計一個(ge)基于自(zi)認證(zheng)密(mi)鑰(yao)的(de)身(shen)份認證(zheng)協(xie)議。1998 年(nian) Guillaume Poupard 和 Jacques Stern 利(li)用 Fiat-Shamir 變換將該(gai)身(shen)份認證(zheng)協(xie)議轉換為(wei) GPS 數字簽(qian)名算法并證(zheng)明了其安全性(xing)。

（14）1993 年 RSA 發布包括 RSA 數(shu)字簽名(ming)(ming)算(suan)法的 PKCS #1 版本 1.5，通過規定消息編碼(ma)方式改進 RSA 數(shu)字簽名(ming)(ming)算(suan)法的安(an)全性。

（15）1995 年 Netscape 發布支持數字簽名(ming)算法的 SSL 2.0，支持 RSA 和(he) DSS 簽名(ming)算法。

（16）1996 年 Mihir Bellare 和(he) Phillip Rogaway 提出安全性可證明的(de) RSA-PSS 簽(qian)名算法。

（17）1996 年(nian) David Pointcheval 和 Jacques Stern 提出分(fen)叉引理（forking lemma）。基于分(fen)叉引理可分(fen)析一大類數字(zi)簽名(ming)算法的安全性， 包括 Schnorr簽名(ming)算法。

（18）1996 年 Paul C. Kocher 發表側(ce)信道攻(gong)擊技術(shu)(shu)，展示采用時間攻(gong)擊技術(shu)(shu)攻(gong)擊 RSA、DSS 等算法的不安全實現(xian)以獲(huo)取私鑰 [24]。該工作(zuo)開啟了密碼側(ce)信道攻(gong)防技術(shu)(shu)的研究領域。

（19）1999 年(nian) Rosario Gennaro, Shai Halevi 和(he) Tal Rabin與Ronald Cramer和(he)Victor Shoup 分別構造了(le)不依賴隨機諭示模型的(de) RSA 簽名算法。

（20）2001 年(nian) Dan Boneh, Ben Lynn 和(he)Hovav Shacham 發表采用雙線性對構(gou)造的短簽名算法 BLS。

（21）2002 年 Jae Choon Cha 與 Jung Hee Cheon 以及 Florian Hess 分別發表采用(yong)雙(shuang)線性對構造的基于標識的數(shu)字簽名算法 Cha-Cheon- IBS和 Hess-IBS。

（22）2003 年(nian) Sattam S. Al-Riyami 和Kenneth G. Paterson 提出無(wu)證(zheng)書(shu)(shu)(shu)密碼的(de)(de)(de)概念，并設計(ji)(ji)無(wu)證(zheng)書(shu)(shu)(shu)的(de)(de)(de)數(shu)字(zi)簽(qian)名(ming)算(suan)(suan)法。雖(sui)然 Al- Riyami-Paterson 無(wu)證(zheng)書(shu)(shu)(shu)簽(qian)名(ming)算(suan)(suan)法后來被證(zheng)明不(bu)安全，但該工(gong)作(zuo)開啟(qi)了相關領域的(de)(de)(de)研究工(gong)作(zuo)。例如(ru)，2018 年(nian) Zhaohui Cheng 和 Liqun Chen 統一(yi)了基于 Girault 的(de)(de)(de)自認證(zheng)密鑰的(de)(de)(de)數(shu)字(zi)簽(qian)名(ming)機(ji)制(zhi)和Al-Riyami-Paterson 無(wu)證(zheng)書(shu)(shu)(shu)數(shu)字(zi)簽(qian)名(ming)機(ji)制(zhi)的(de)(de)(de)安全模型(xing)，并設計(ji)(ji)安全、高效的(de)(de)(de)無(wu)證(zheng)書(shu)(shu)(shu)簽(qian)名(ming)算(suan)(suan)法。

（23）2008 年 Craig Gentry, Chris Peikert 和Vinod Vaikuntanathan 基于(yu)等工(gong)作發表了第一個安全性可證(zheng)明的基于(yu)格的數(shu)字(zi)(zi)簽名(ming)算法GPV。后續更多格基數(shu)字(zi)(zi)簽名(ming)算法被(bei)提(ti)出，如BLISS、Dilithium等。

（24）2017 年 NIST 開始(shi)后量(liang)子公鑰算(suan)(suan)法(fa)標準化工作(zuo)，全球征集相關算(suan)(suan)法(fa)，包括數字簽名(ming)算(suan)(suan)法(fa)。

伴隨著(zhu)通用數字(zi)簽名技(ji)術(shu)的(de)(de)發展，針對一(yi)些(xie)特殊需(xu)求，特別是(shi)電子現金、電子選舉等領域的(de)(de)應用以及隱私保護與簽名公(gong)平性(xing)需(xu)求的(de)(de)增(zeng)強，眾多具(ju)有附加屬性(xing)的(de)(de)數字(zi)簽名技(ji)術(shu)的(de)(de)概(gai)念和(he)算法構造被提出(chu)。下面列(lie)出(chu)一(yi)些(xie)典型(xing)的(de)(de)具(ju)有附加屬性(xing)的(de)(de)數字(zi)簽名技(ji)術(shu)。本文無意(yi)列(lie)出(chu)所有特性(xing)數字(zi)簽名技(ji)術(shu)，讀者(zhe)可以參考更多的(de)(de)綜述資料如(ru) [38,39]。

（1）盲(mang)簽名(ming)(ming)(ming) （blind signature）：1982 年David Chaum 提出盲(mang)簽名(ming)(ming)(ming)的概念。盲(mang)簽名(ming)(ming)(ming)機制(zhi)允許簽名(ming)(ming)(ming)人對盲(mang)化(hua)過的消(xiao)息(xi)(xi)（簽名(ming)(ming)(ming)人在不(bu)知(zhi)道消(xiao)息(xi)(xi)內容的情況下）生(sheng)成消(xiao)息(xi)(xi)簽名(ming)(ming)(ming)。簽名(ming)(ming)(ming)的有效性可以在消(xiao)息(xi)(xi)去(qu)盲(mang)化(hua)后被公開驗證。盲(mang)簽名(ming)(ming)(ming)機制(zhi)可用(yong)于電(dian)子選舉、電(dian)子現金等應(ying)用(yong)。

（2）多(duo)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（multi-signature）：1983 年(nian) K. Itakura 和 K. Nakamura 提出多(duo)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)(de)概念。多(duo)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機制允許(xu)多(duo)個簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人對(dui)消(xiao)息進(jin)行(xing)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)且生成(cheng)的(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)比各個簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人獨立簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)生成(cheng)的(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)值集合(he)(he)更(geng)簡短。多(duo)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機制可(ke)(ke)用(yong)于區塊鏈等對(dui)多(duo)方簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)有需求(qiu)且對(dui)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)長度敏(min)感(gan)的(de)(de)(de)(de)應用(yong)。和多(duo)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機制緊密相關的(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)壓縮(suo)機制還有聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（aggregate signature）。聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)可(ke)(ke)以將(jiang)多(duo)個簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)壓縮(suo)為一個簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)。聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)進(jin)一步可(ke)(ke)分為通用(yong)聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)如 [42] 和順(shun)序聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)如 [43] 等。順(shun)序聚(ju)(ju)合(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)中簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)和聚(ju)(ju)合(he)(he)操作(zuo)根據已(yi)經(jing)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)(de)消(xiao)息集、已(yi)經(jing)聚(ju)(ju)合(he)(he)的(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)以及待簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)新(xin)消(xiao)息，利用(yong)私鑰進(jin)行(xing)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)并完成(cheng)聚(ju)(ju)合(he)(he)操作(zuo)。

（3）門限簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)（threshold signature）：1987 年 Yvo Desmedt 提(ti)出門限簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)的概(gai)念。門限簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)機(ji)制允許(xu)n個簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)人中的任意 k 個簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)人對消息生成簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)，但少于 k 個簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)人參(can)與則無法生成有效簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)。門限簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)機(ji)制可以構建強(qiang)健的簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)系統，防止部分(fen)簽(qian)(qian)名(ming)(ming)(ming)(ming)(ming)人的不法行為。

（4）不(bu)(bu)可否(fou)(fou)認簽(qian)(qian)(qian)名(ming)(ming)(ming)（undeniable signature）：1989 年 David Chaum 和(he) Hans van Antwerpen 提 出不(bu)(bu)可否(fou)(fou)認簽(qian)(qian)(qian)名(ming)(ming)(ming)的(de)(de)概念。不(bu)(bu)可否(fou)(fou)認簽(qian)(qian)(qian)名(ming)(ming)(ming)機制(zhi)允許(xu)簽(qian)(qian)(qian)名(ming)(ming)(ming)人(ren)生成一個簽(qian)(qian)(qian)名(ming)(ming)(ming)并(bing)且確(que)保(bao)沒(mei)有(you)簽(qian)(qian)(qian)名(ming)(ming)(ming)人(ren)的(de)(de)允許(xu)（不(bu)(bu)參與驗證(zheng)過程(cheng)），驗證(zheng)人(ren)無法驗證(zheng)簽(qian)(qian)(qian)名(ming)(ming)(ming)的(de)(de)有(you)效性；同時(shi)不(bu)(bu)可否(fou)(fou)認機制(zhi)能(neng)夠防止(zhi)簽(qian)(qian)(qian)名(ming)(ming)(ming)人(ren)（以不(bu)(bu)可忽略的(de)(de)概率）否(fou)(fou)認某個真實簽(qian)(qian)(qian)名(ming)(ming)(ming)。不(bu)(bu)可否(fou)(fou)認簽(qian)(qian)(qian)名(ming)(ming)(ming)機制(zhi)可以防止(zhi)簽(qian)(qian)(qian)名(ming)(ming)(ming)數(shu)據被(bei)濫用(yong)。

（5）失(shi)敗(bai)-中止簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)（fail-stop signature）：1991 年(nian) Birgit Pfitzmann 提出失(shi)敗(bai)-中止簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)的(de)(de)概念。失(shi)敗(bai)-中止簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)機(ji)制除了滿足普通簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)機(ji)制的(de)(de)安全要(yao)(yao)求(qiu)外，額外要(yao)(yao)求(qiu)：1）如(ru)果偽造(zao)(zao)者(zhe)要(yao)(yao)偽造(zao)(zao)一個(ge)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)則(ze)(ze)需(xu)要(yao)(yao)完成指(zhi)數(shu)級的(de)(de)工作量， 2）如(ru)果偽造(zao)(zao)者(zhe)成功偽造(zao)(zao)了某人(ren)（被冒充人(ren)）對一個(ge)消息的(de)(de)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)，則(ze)(ze)被冒充人(ren)可(ke)以有效地(di)證明這個(ge)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)是偽造(zao)(zao)的(de)(de)。失(shi)敗(bai)-中止簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)機(ji)制可(ke)以應用于(yu)需(xu)要(yao)(yao)對簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)人(ren)提供更高保護的(de)(de)場景。

（6）群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（group signature）：1991 年David Chaum 和 Eugene van Heyst 提出群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)(de)(de)(de)概。群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)允(yun)許多個(ge)(ge)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)(ren)形成(cheng)(cheng)(cheng)(cheng)一個(ge)(ge)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)(ren)群(qun)(qun)(qun)組(zu)(zu)，群(qun)(qun)(qun)組(zu)(zu)中(zhong)的(de)(de)(de)(de)(de)(de)任意(yi)一個(ge)(ge)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)可(ke)代表(biao)整個(ge)(ge)群(qun)(qun)(qun)組(zu)(zu)匿(ni)名(ming)(ming)(ming)(ming)地生成(cheng)(cheng)(cheng)(cheng)某(mou)個(ge)(ge)消息的(de)(de)(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（“匿(ni)名(ming)(ming)(ming)(ming)”表(biao)示(shi)驗簽(qian)(qian)(qian)(qian)(qian)人(ren)(ren)無法判斷生成(cheng)(cheng)(cheng)(cheng)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)(de)(de)(de)具體群(qun)(qun)(qun)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)的(de)(de)(de)(de)(de)(de)身(shen)份(fen)）。群(qun)(qun)(qun)組(zu)(zu)有個(ge)(ge)管理員(yuan)(yuan)(yuan)負責維護群(qun)(qun)(qun)組(zu)(zu)中(zhong)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)的(de)(de)(de)(de)(de)(de)群(qun)(qun)(qun)組(zu)(zu)資(zi)格，并(bing)在必要時識別生成(cheng)(cheng)(cheng)(cheng)某(mou)個(ge)(ge)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)(ren)身(shen)份(fen)。群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)的(de)(de)(de)(de)(de)(de)變體如可(ke)追蹤(zong)群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（traceable group signature）允(yun)許授(shou)權方追蹤(zong)某(mou)個(ge)(ge)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)的(de)(de)(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)而不暴露(lu)其(qi)他成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)的(de)(de)(de)(de)(de)(de)身(shen)份(fen)信息及其(qi)生成(cheng)(cheng)(cheng)(cheng)的(de)(de)(de)(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)；可(ke)追責的(de)(de)(de)(de)(de)(de)追蹤(zong)群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（accountable tracing signature）可(ke)限制(zhi)群(qun)(qun)(qun)組(zu)(zu)管理員(yuan)(yuan)(yuan)濫用追蹤(zong)群(qun)(qun)(qun)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)(yuan)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)(de)(de)(de)能力(li)。群(qun)(qun)(qun)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)可(ke)用于有隱私保護需求的(de)(de)(de)(de)(de)(de)諸多簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)應用。

（7）指(zhi)(zhi)(zhi)定(ding)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（designated confirmer signature）: 1994 年 David Chaum 提出指(zhi)(zhi)(zhi)定(ding)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)概念。指(zhi)(zhi)(zhi)定(ding)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)(zhi)引入(ru)半(ban)可(ke)信第三(san)方的(de)(de)角(jiao)色：證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)（confirmer），其和驗(yan)證(zheng)(zheng)(zheng)人(ren)(ren)執行交換式協(xie)議判(pan)斷(duan)某(mou)個簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)是否(fou)有效(xiao)，且(qie)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)可(ke)以將一(yi)個有效(xiao)的(de)(de)指(zhi)(zhi)(zhi)定(ding)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)轉(zhuan)換為普通簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（任意具有簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)(ren)公(gong)鑰的(de)(de)實(shi)體都可(ke)驗(yan)證(zheng)(zheng)(zheng)普通簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)合法性）。指(zhi)(zhi)(zhi)定(ding)證(zheng)(zheng)(zheng)實(shi)人(ren)(ren)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)(zhi)解決了(le)不(bu)可(ke)否(fou)認簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機制(zhi)(zhi)中簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)(ren)可(ke)能(neng)不(bu)參與簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)驗(yan)證(zheng)(zheng)(zheng)過程(cheng)導致簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)接收人(ren)(ren)利益受(shou)損的(de)(de)問題。

（8）代理(li)(li)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)（proxy signature）：1996 年Masahiro Mambo, Keisuke Usuda 和 Eiji Okamoto 提出代理(li)(li)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)的(de)概(gai)念。代理(li)(li)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)機制允許原簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)人在不將(jiang)其簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)私鑰轉移的(de)情況下將(jiang)其簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)能力(li)轉移給(gei)指定的(de)代理(li)(li)人，由代理(li)(li)人代為簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)。代理(li)(li)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)機制有許多應用(yong)，例如在分布式環境中簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)人可(ke)將(jiang)其簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)能力(li)委托給(gei)信(xin)任的(de)某(mou)個系統部件。

（9）指(zhi)定(ding)(ding)驗(yan)簽(qian)(qian)(qian)(qian)(qian)人簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)（designated verifier signature）：1996 年 Jakobsson Markus, Kazue Sako 和 Russell Impagliazzo 提出指(zhi)定(ding)(ding)驗(yan)簽(qian)(qian)(qian)(qian)(qian)人簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)的概念。指(zhi)定(ding)(ding)驗(yan)簽(qian)(qian)(qian)(qian)(qian)人簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)機制允許簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)人在生成簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)時指(zhi)定(ding)(ding)可以驗(yan)證(zheng)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)的驗(yan)證(zheng)人，非指(zhi)定(ding)(ding)的其(qi)他人無(wu)法驗(yan)證(zheng)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)的有效性。指(zhi)定(ding)(ding)驗(yan)簽(qian)(qian)(qian)(qian)(qian)人簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)機制和不可否認簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)不同(tong)，其(qi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)驗(yan)證(zheng)過程(cheng)無(wu)需簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)人參與。指(zhi)定(ding)(ding)驗(yan)簽(qian)(qian)(qian)(qian)(qian)人簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)機制可以提供(gong)一定(ding)(ding)的隱私保(bao)護能力。

（10）簽(qian)(qian)密(mi)（signcryption）：1997 年Yuliang Zheng 提出(chu)簽(qian)(qian)密(mi)的(de)概念。簽(qian)(qian)密(mi)機制允(yun)許(xu)以(yi)盡量(liang)小的(de)開(kai)銷(xiao)同(tong)時完成消息加(jia)密(mi)和(he)簽(qian)(qian)名的(de)功能。簽(qian)(qian)密(mi)機制可以(yi)用于同(tong)時有加(jia)密(mi)和(he)簽(qian)(qian)名需求的(de)場(chang)景， 減少計算和(he)帶寬的(de)需求。

（11）環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（ring signature）：2001 年Ron Rivest, Adi Shamir 和(he) Yael Tauman 提(ti)出(chu)環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)概(gai)念。環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機(ji)制(zhi)(zhi)和(he)群簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)類(lei)似，環(huan)(huan)(huan)(huan)(huan)上任意成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)可以匿名(ming)(ming)(ming)(ming)(ming)(ming)(ming)地代表整個(ge)環(huan)(huan)(huan)(huan)(huan)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)完成(cheng)(cheng)(cheng)(cheng)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)操作(zuo)。和(he)群簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)不同的(de)是，環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機(ji)制(zhi)(zhi)沒有(you)環(huan)(huan)(huan)(huan)(huan)成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)管(guan)理機(ji)制(zhi)(zhi)，因(yin)此也就沒有(you)環(huan)(huan)(huan)(huan)(huan)管(guan)理員(yuan)(yuan)，進(jin)而沒有(you)機(ji)制(zhi)(zhi)能(neng)夠(gou)確認某(mou)(mou)個(ge)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)具(ju)(ju)體(ti)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)的(de)身(shen)(shen)份(fen)。這意味著環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)比(bi)群簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)在(zai)(zai)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)隱(yin)私保護(hu)方面更徹底。環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機(ji)制(zhi)(zhi)有(you)諸多變體(ti)，如門限環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（threshold ring signature）結合(he)環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)和(he)門限簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)功能(neng)，既(ji)保護(hu)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)的(de)隱(yin)私又防止小部分(fen)環(huan)(huan)(huan)(huan)(huan)中成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)濫用簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)能(neng)力；可關(guan)聯環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（linkable ring signature）可以確定(ding)兩(liang)個(ge)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)是否是同一個(ge)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)生(sheng)成(cheng)(cheng)(cheng)(cheng)（但不能(neng)確定(ding)具(ju)(ju)體(ti)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)的(de)身(shen)(shen)份(fen)）；可追蹤(zong)環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（traceable ring signature）可以確定(ding)生(sheng)成(cheng)(cheng)(cheng)(cheng)了兩(liang)次或以上簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)的(de)某(mou)(mou)個(ge)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)人(ren)(ren)(ren)的(de)身(shen)(shen)份(fen)。和(he)環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)相近的(de)還有(you)網簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)（mesh signature），該機(ji)制(zhi)(zhi)允許在(zai)(zai)無公鑰的(de)情況下，將(jiang)某(mou)(mou)人(ren)(ren)(ren)變成(cheng)(cheng)(cheng)(cheng)環(huan)(huan)(huan)(huan)(huan)上成(cheng)(cheng)(cheng)(cheng)員(yuan)(yuan)。環(huan)(huan)(huan)(huan)(huan)簽(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)(ming)機(ji)制(zhi)(zhi)有(you)眾多應用，包括隱(yin)私保護(hu)、電子現金(jin)、電子選(xuan)舉等。

（12）具(ju)(ju)有(you)高(gao)(gao)效(xiao)協(xie)議(yi)(yi)(yi)的(de)簽(qian)(qian)(qian)(qian)名(ming)（signature with efficient protocols）：2001 年(nian) Jan Camenisch 和Anna Lysyanskaya 提出具(ju)(ju)有(you)高(gao)(gao)效(xiao)協(xie)議(yi)(yi)(yi)的(de)簽(qian)(qian)(qian)(qian)名(ming)機制。具(ju)(ju)有(you)高(gao)(gao)效(xiao)協(xie)議(yi)(yi)(yi)的(de)簽(qian)(qian)(qian)(qian)名(ming)機制允許簽(qian)(qian)(qian)(qian)名(ming)擁(yong)(yong)有(you)者(zhe)和簽(qian)(qian)(qian)(qian)名(ming)人采用(yong)(yong)安全兩方計算機制高(gao)(gao)效(xiao)地完成簽(qian)(qian)(qian)(qian)名(ming)操(cao)作（簽(qian)(qian)(qian)(qian)名(ming)人不知道(dao)被(bei)簽(qian)(qian)(qian)(qian)名(ming)消(xiao)息(xi)的(de)內容）；允許簽(qian)(qian)(qian)(qian)名(ming)擁(yong)(yong)有(you)者(zhe)采用(yong)(yong)零知識(shi)證(zheng)(zheng)明(ming)機制高(gao)(gao)效(xiao)證(zheng)(zheng)明(ming)其擁(yong)(yong)有(you)一個有(you)效(xiao)的(de)消(xiao)息(xi)簽(qian)(qian)(qian)(qian)名(ming)（驗(yan)證(zheng)(zheng)人可(ke)(ke)完成驗(yan)證(zheng)(zheng)過程但不知道(dao)簽(qian)(qian)(qian)(qian)名(ming)擁(yong)(yong)有(you)者(zhe)的(de)消(xiao)息(xi)簽(qian)(qian)(qian)(qian)名(ming)值）。具(ju)(ju)有(you)高(gao)(gao)效(xiao)協(xie)議(yi)(yi)(yi)的(de) CL 類簽(qian)(qian)(qian)(qian)名(ming)機制可(ke)(ke)應用(yong)(yong)在多種具(ju)(ju)有(you)隱私保護需求的(de)場景中(zhong)，例如(ru)在可(ke)(ke)信平(ping)臺模塊 TPM 中(zhong)實(shi)現直(zhi)接匿名(ming)證(zheng)(zheng)明(ming) DAA[60]。

（13）同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（homomorphic signature）：2002年(nian)Robert Johnson, David Molnar, Dawn Song 和(he)(he) David Wagner 系統性(xing)地提出同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)概(gai)念和(he)(he)潛在(zai)(zai)(zai)應(ying)用。同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)機(ji)(ji)制(zhi)允許(xu)(xu)任(ren)意人(ren)在(zai)(zai)(zai)沒有(you)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)私(si)鑰的(de)(de)(de)情(qing)況下計(ji)算出兩組簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)進(jin)行聯合(he)操作后(hou)的(de)(de)(de)結果數據(ju)(ju)的(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)值(zhi)(zhi)，或(huo)者一(yi)個(ge)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)集合(he)的(de)(de)(de)任(ren)意消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)子(zi)集的(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)值(zhi)(zhi)等。這樣(yang)的(de)(de)(de)功(gong)能也稱(cheng)為可(ke)(ke)修(xiu)(xiu)訂(ding)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（redactable signature）。同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)機(ji)(ji)制(zhi)進(jin)一(yi)步可(ke)(ke)以(yi)分為線性(xing)同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)如、多(duo)項式函數同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)如 [64]、全同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)。與(yu)同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)機(ji)(ji)制(zhi)相關的(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)機(ji)(ji)制(zhi)還(huan)有(you)增量(liang)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（incremental signature），可(ke)(ke)傳遞簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（transitive signature）等。同(tong)(tong)態(tai)(tai)(tai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)具(ju)有(you)眾多(duo)應(ying)用，如電子(zi)選舉等。允許(xu)(xu)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)后(hou)再修(xiu)(xiu)改(gai)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)的(de)(de)(de)機(ji)(ji)制(zhi)還(huan)有(you)：可(ke)(ke)凈(jing)化簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（sanitizable signature）允許(xu)(xu)經授(shou)權的(de)(de)(de)半(ban)信任(ren)第三方在(zai)(zai)(zai)無(wu)需(xu)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)人(ren)協助的(de)(de)(de)情(qing)況下對簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)進(jin)行受控地修(xiu)(xiu)改(gai)；只附(fu)加簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（append-only signature）允許(xu)(xu)任(ren)意一(yi)方在(zai)(zai)(zai)獲(huo)得消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)A和(he)(he)其簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)情(qing)況下， 獲(huo)得消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi) A 附(fu)加消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi) B 后(hou)新消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)的(de)(de)(de)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)；空(kong)白簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（blank digital signature）允許(xu)(xu)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)發(fa)起人(ren)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)一(yi)個(ge)模板(ban)（模板(ban)包括確(que)定(ding)的(de)(de)(de)數據(ju)(ju)域(yu)和(he)(he)有(you)多(duo)重(zhong)選擇的(de)(de)(de)可(ke)(ke)修(xiu)(xiu)改(gai)數據(ju)(ju)域(yu)）， 簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)發(fa)起人(ren)允許(xu)(xu)一(yi)個(ge)代理(li)人(ren)對簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)過的(de)(de)(de)模板(ban)中可(ke)(ke)修(xiu)(xiu)改(gai)數據(ju)(ju)域(yu)選擇一(yi)個(ge)特定(ding)值(zhi)(zhi)并形成完整消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)和(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)，驗簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)人(ren)使(shi)用簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)發(fa)起人(ren)和(he)(he)代理(li)人(ren)的(de)(de)(de)公鑰驗證完整消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)和(he)(he)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)有(you)效性(xing)；多(duo)變簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)（protean signature）允許(xu)(xu)同(tong)(tong)時(shi)(shi)刪除和(he)(he)修(xiu)(xiu)改(gai)被(bei)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)（即同(tong)(tong)時(shi)(shi)實現可(ke)(ke)修(xiu)(xiu)訂(ding)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)和(he)(he)可(ke)(ke)凈(jing)化簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)的(de)(de)(de)功(gong)能）。這類簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)機(ji)(ji)制(zhi)為消(xiao)(xiao)息(xi)(xi)(xi)(xi)(xi)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)應(ying)用提供(gong)了(le)更多(duo)靈活(huo)性(xing)。ISO/IEC 正在(zai)(zai)(zai)開展可(ke)(ke)修(xiu)(xiu)訂(ding)簽(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)(ming)(ming)算法的(de)(de)(de)標(biao)準化工(gong)作 。

（14）可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（verifiably-encrypted- signature）：2003 年 Dan Boneh, Craig Gentry, Ben Lynn 和 Hovav Shacham 提(ti)出可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)概念(nian)。為了提(ti)高簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)過程的(de)(de)公平(ping)性(xing)(xing)，可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)允許簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)生(sheng)成(cheng)消息簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)后，使用一個(ge)(ge)受信任的(de)(de)仲(zhong)裁方(fang)的(de)(de)公鑰加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)值，同時能生(sheng)成(cheng)一個(ge)(ge)證(zheng)(zheng)明(ming)(ming)來表(biao)明(ming)(ming)密(mi)文(wen)(wen)中(zhong)包含了一個(ge)(ge)有效簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)。簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)雙方(fang)相互(hu)交換(huan)可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)并證(zheng)(zheng)明(ming)(ming)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)正(zheng)確(que)性(xing)(xing)后，披露各自的(de)(de)普通簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)。如(ru)果一方(fang)不披露其普通簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)，另外(wai)一方(fang)可(ke)(ke)以向仲(zhong)裁方(fang)提(ti)交已收到的(de)(de)對方(fang)的(de)(de)可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)，仲(zhong)裁方(fang)可(ke)(ke)以據此還原對方(fang)的(de)(de)普通簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)。可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)進一步發展為對換(huan)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（commuting signature）允許簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人(ren)在同時加(jia)(jia)(jia)(jia)(jia)密(mi)了消息和簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)情況下生(sheng)成(cheng)明(ming)(ming)文(wen)(wen)有效性(xing)(xing)的(de)(de)證(zheng)(zheng)明(ming)(ming)，還允許在密(mi)文(wen)(wen)消息上生(sheng)成(cheng)可(ke)(ke)驗證(zheng)(zheng)加(jia)(jia)(jia)(jia)(jia)密(mi)簽(qian)(qian)(qian)(qian)(qian)名(ming)(ming)(ming)(ming)。

（15）并行(xing)簽(qian)名(ming)(ming)（concurrent signature）：2004 年 Liqun Chen, Caroline Kudla 和 Kenneth Paterson 提出并行(xing)簽(qian)名(ming)(ming)的(de)(de)概念。并行(xing)簽(qian)名(ming)(ming)機制是提高兩方簽(qian)名(ming)(ming)過(guo)(guo)程公(gong)(gong)平性的(de)(de)另一(yi)(yi)(yi)(yi)種嘗試，它(ta)允許簽(qian)名(ming)(ming)雙方在第三方的(de)(de)幫助下同時完成對兩個消(xiao)息(xi)(xi)（或同一(yi)(yi)(yi)(yi)消(xiao)息(xi)(xi)）的(de)(de)確認（commitment，即(ji)生成簽(qian)名(ming)(ming)）。完成確認的(de)(de)過(guo)(guo)程是通過(guo)(guo)簽(qian)名(ming)(ming)一(yi)(yi)(yi)(yi)方釋(shi)放(fang)一(yi)(yi)(yi)(yi)個秘(mi)密(mi)（keystone）來完成的(de)(de)。在未釋(shi)放(fang)keystone 前(qian)，簽(qian)名(ming)(ming)雙方對消(xiao)息(xi)(xi)的(de)(de)簽(qian)名(ming)(ming)都(dou)是不完整(zheng)的(de)(de)（驗證方無法根據公(gong)(gong)開信息(xi)(xi)判斷(duan)簽(qian)名(ming)(ming)的(de)(de)有效性）；當任(ren)意一(yi)(yi)(yi)(yi)簽(qian)名(ming)(ming)方釋(shi)放(fang)了 keystone 時，則(ze)雙方對消(xiao)息(xi)(xi)的(de)(de)簽(qian)名(ming)(ming)都(dou)完成了。

（16）匿名(ming)(ming)(ming)(ming)簽名(ming)(ming)(ming)(ming) （anonymous signature）: 2006 年 Guomin Yang, Duncan S. Wong, Xiaotie Deng 和Huaxiong Wang 提出匿名(ming)(ming)(ming)(ming)簽名(ming)(ming)(ming)(ming)的(de)概(gai)念(nian)，即在無簽名(ming)(ming)(ming)(ming)消(xiao)息的(de)情(qing)況(kuang)下，無法判(pan)斷某個簽名(ming)(ming)(ming)(ming)的(de)簽名(ming)(ming)(ming)(ming)人。匿名(ming)(ming)(ming)(ming)簽名(ming)(ming)(ming)(ming)技術可在一些(xie)不明文傳遞簽名(ming)(ming)(ming)(ming)消(xiao)息的(de)情(qing)況(kuang)下提高簽名(ming)(ming)(ming)(ming)人的(de)隱私保護能力。

（17）基(ji)于知(zhi)(zhi)識(shi)(shi)簽(qian)(qian)名(ming)(ming)（signature of knowledge）: 2006 年 Melissa Chase 和 Anna Lysyanskaya 提(ti)出(chu)基(ji)于知(zhi)(zhi)識(shi)(shi)簽(qian)(qian)名(ming)(ming)的(de)概念。基(ji)于知(zhi)(zhi)識(shi)(shi)簽(qian)(qian)名(ming)(ming)機制(zhi)允許簽(qian)(qian)名(ming)(ming)人在擁有某(mou)個聲(sheng)明(ming) x 屬于某(mou)個語言(yan)(yan) L 的(de)證據(ju)的(de)前提(ti)下生成(cheng)(cheng)某(mou)個消息(xi)的(de)簽(qian)(qian)名(ming)(ming)［即驗簽(qian)(qian)者(zhe)可以確(que)認合法(fa)簽(qian)(qian)名(ming)(ming)的(de)生成(cheng)(cheng)人知(zhi)(zhi)道斷言(yan)(yan)（predicate）xL的(de)證據(ju)］。基(ji)于知(zhi)(zhi)識(shi)(shi)簽(qian)(qian)名(ming)(ming)有許多應用，包(bao)括(kuo)隱(yin)私保(bao)護(hu)，構(gou)造群簽(qian)(qian)名(ming)(ming)、環簽(qian)(qian)名(ming)(ming)等。

（18）結構保(bao)留簽(qian)名(ming)（structure-preserving signature）：2010 年Masayuki Abe, Georg Fuchsbauer, Jens Groth 和 Miyako Ohkubo 提出結構保(bao)留簽(qian)名(ming)的(de)(de)概念。結構保(bao)留簽(qian)名(ming)機制要(yao)求驗簽(qian)密鑰、簽(qian)名(ming)和消息處于雙線性(xing)對使(shi)(shi)用的(de)(de)群中，且(qie)驗證(zheng)簽(qian)名(ming)有效性(xing)的(de)(de)斷言僅使(shi)(shi)用以驗簽(qian)密鑰、簽(qian)名(ming)和

消息為輸入的雙線性對運算。結(jie)構保留簽(qian)名作(zuo)為一(yi)個基礎功能(neng)模塊可以在眾多應用(yong)中發(fa)揮作(zuo)用(yong)，如高效盲簽(qian)名、群(qun)簽(qian)名、代理簽(qian)名等。

（19）基(ji)于(yu)屬(shu)(shu)(shu)性的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（attribute-based signature）：2011年 Hemanta K. Maji, Manoj Prabhakaran 和 Mike Rosulek提出(chu)基(ji)于(yu)屬(shu)(shu)(shu)性的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)概(gai)念(nian)。基(ji)于(yu)屬(shu)(shu)(shu)性的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)允許一個(ge)從權威機(ji)(ji)構獲得一系(xi)列屬(shu)(shu)(shu)性的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人能夠創建依賴于(yu)其(qi)屬(shu)(shu)(shu)性的(de)(de)(de)某(mou)個(ge)斷(duan)言的(de)(de)(de)消息(xi)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)，即驗簽(qian)(qian)(qian)人根據消息(xi)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)的(de)(de)(de)合法性可以判斷(duan)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人是否具(ju)有一系(xi)列屬(shu)(shu)(shu)性的(de)(de)(de)組合。相關(guan)的(de)(de)(de)概(gai)念(nian)還有基(ji)于(yu)策(ce)略的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)（policy-based signature）。基(ji)于(yu)策(ce)略的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)機(ji)(ji)制中簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)人只有在滿足權威機(ji)(ji)構指定的(de)(de)(de)策(ce)略的(de)(de)(de)情況下才生成對(dui)消息(xi)的(de)(de)(de)簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)，且簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)不泄露(lu)策(ce)略信息(xi)。這類簽(qian)(qian)(qian)名(ming)(ming)(ming)(ming)可以簡(jian)潔地實現細(xi)粒度(du)的(de)(de)(de)身份認(ren)證、策(ce)略控(kong)制等(deng)。

（20）功能(neng)簽(qian)(qian)名(ming)(ming) （functional signature）: 2014 年 Elette Boyle, Shafi Goldwasser 和 Ioana Ivan 提出功能(neng)簽(qian)(qian)名(ming)(ming)的(de)概念。功能(neng)簽(qian)(qian)名(ming)(ming)機(ji)制(zhi)中除(chu)了有一個主簽(qian)(qian)名(ming)(ming)密(mi)(mi)鑰(yao)(yao)可以(yi)簽(qian)(qian)名(ming)(ming)任意消息外， 還有函(han)數(shu)(shu)簽(qian)(qian)名(ming)(ming)密(mi)(mi)鑰(yao)(yao)。對(dui)應某個函(han)數(shu)(shu) f 的(de)函(han)數(shu)(shu)簽(qian)(qian)名(ming)(ming)密(mi)(mi)鑰(yao)(yao)只能(neng)用于對(dui)函(han)數(shu)(shu)計(ji)算結果數(shu)(shu)據 f(m) 生成簽(qian)(qian)名(ming)(ming)。功能(neng)簽(qian)(qian)名(ming)(ming)可用于構建單(dan)輪代理機(ji)制(zhi)，允(yun)許客(ke)戶(hu)(hu)方將函(han)數(shu)(shu)計(ji)算外包給服務(wu)方，而(er)客(ke)戶(hu)(hu)方可以(yi)驗證計(ji)算的(de)正確性。

伴隨(sui)著(zhu)數(shu)字(zi)簽(qian)(qian)(qian)名(ming)技術應(ying)用(yong)(yong)的(de)發(fa)展(zhan)，數(shu)字(zi)簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)標準也逐(zhu)(zhu)步形成(cheng)(cheng)(cheng)。1991 年(nian)(nian)美(mei)國 NIST 公(gong)布(bu)DSA 數(shu)字(zi)簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)并(bing)在 1994 年(nian)(nian)正(zheng)式將 DSA 納(na)入FIPS 186 中(zhong)(zhong)成(cheng)(cheng)(cheng)為(wei)數(shu)字(zi)簽(qian)(qian)(qian)名(ming)標準 DSS。基于(yu)橢圓曲線的(de) DSA 算(suan)(suan)(suan)(suan)(suan)法(fa)（ECDSA）在 1995 年(nian)(nian)被(bei)提(ti)交到 IEEE P1363 工作組(zu)并(bing)在 2000 年(nian)(nian)被(bei)納(na)入 FIPS 186-280。為(wei)了(le)加強 RSA 算(suan)(suan)(suan)(suan)(suan)法(fa)的(de)安(an)全(quan)性(xing)，RSA 公(gong)司(si)(si)在 1993 年(nian)(nian)發(fa)布(bu) PKCS #1 版本1.5，其中(zhong)(zhong)包(bao)括了(le)使(shi)(shi)用(yong)(yong)消息填充機制(zhi)（EMSA-PKCS1-v1_5）的(de)RSA 簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)（RSASSA-PKCS1-v1_5）。該版本在 1998 年(nian)(nian)被(bei)重新發(fa)布(bu)為(wei) RFC 2313。這兩(liang)(liang)個簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)成(cheng)(cheng)(cheng)為(wei)了(le)產業界(jie)的(de)事實標準，例如互聯網廣(guang)泛使(shi)(shi)用(yong)(yong)的(de) SSL/TLS 協議（在 2018 年(nian)(nian) TLS1.3 發(fa)布(bu)以(yi)前）只(zhi)支持以(yi)上兩(liang)(liang)種簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)。伴隨(sui)可證明(ming)安(an)全(quan)性(xing)的(de)理念逐(zhu)(zhu)步被(bei)業界(jie)接受，2002 年(nian)(nian)RSA 公(gong)司(si)(si)發(fa)布(bu) PKCS #1 版本 2.2，納(na)入了(le)簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa) RSA-PSS，該版本在 2016 年(nian)(nian)被(bei)重新發(fa)布(bu)為(wei)RFC 8017。Schnorr 算(suan)(suan)(suan)(suan)(suan)法(fa)也具有安(an)全(quan)性(xing)易于(yu)證明(ming)的(de)優勢。Daniel J. Bernstein 等根據(ju) Schnorr 算(suan)(suan)(suan)(suan)(suan)法(fa)在愛德華橢圓曲線上（Edwards-curve）設計了(le)數(shu)字(zi)簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa) EdDSA 并(bing)在 2017 年(nian)(nian)發(fa)布(bu) RFC8032 Edwards-Curve Digital Signature Algorithm (EdDSA) 。2018 年(nian)(nian)新制(zhi)定的(de) TLS 協議 1.3 版目前只(zhi)支持以(yi)下數(shu)字(zi)簽(qian)(qian)(qian)名(ming)算(suan)(suan)(suan)(suan)(suan)法(fa)：RSASSA-PKCS1-v1_5、RSA-PSS、ECDSA、EdDSA。

除美(mei)國(guo)(guo)(guo)外(wai)，俄(e)羅(luo)斯在(zai)(zai)(zai)1994年發(fa)布(bu)數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa)標準(zhun)(zhun) GOST R 34.10-94，并在(zai)(zai)(zai)2001年發(fa)布(bu)橢圓(yuan)曲(qu)線數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa)標準(zhun)(zhun)GOST R34.10- 2001。GOST R34.10-2001在(zai)(zai)(zai)2012年更新為 GOST R34.10-2012。韓國(guo)(guo)(guo)在(zai)(zai)(zai)1998年發(fa)表韓國(guo)(guo)(guo)基于證書的數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa) KCDSA 和 EC- KCDA，對應(ying)標準(zhun)(zhun)發(fa)布(bu)于[88,89]。德國(guo)(guo)(guo)在(zai)(zai)(zai) 2005 年發(fa)布(bu)德國(guo)(guo)(guo)橢圓(yuan)曲(qu)線數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa)標準(zhun)(zhun) EC- GDSA。中國(guo)(guo)(guo)在(zai)(zai)(zai) 2012 年發(fa)布(bu) SM2 橢圓(yuan)曲(qu)線數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa)標準(zhun)(zhun)，在(zai)(zai)(zai) 2016 年發(fa)布(bu) SM9 標識(shi)密碼數(shu)(shu)字(zi)簽名算(suan)法(fa)(fa)標準(zhun)(zhun)。

作為(wei)重要(yao)的國際標準(zhun)化組織，ISO/IEC發布了一系列的數字簽名算法標準(zhun)。標準(zhun)系列包(bao)括(kuo)：

（1）帶消(xiao)息(xi)恢復的數字(zi)簽(qian)名(ming)算法標準系(xi)列ISO/IEC 9796，包括(kuo)基(ji)于(yu)大(da)數分解(jie)的 9796-2、基(ji)于(yu)離散(san)對(dui)數的 9796-3。

（2）帶附錄的(de)數(shu)字簽名算法標(biao)準系列(lie) ISO/ IEC 14888，包括基于(yu)大數(shu)分解(jie)的(de) 14888-2、基于(yu)離散對(dui)數(shu)的(de)14888-3。

（3）匿名(ming)簽名(ming)算(suan)法(fa)標準系列(lie) ISO/IEC 20008，包括(kuo)基于(yu)群(qun)公鑰簽名(ming)的 20008-2。

（4）盲簽名(ming)算法標準系列 ISO/IEC 18370，包括(kuo)基于離散對數的(de) 18370-2。

（5）可修訂的簽(qian)名算法系列 ISO/IEC 23264，包括基于非對稱技術的可修訂簽(qian)名23264-2（正(zheng)在制(zhi)定中）。

ISO/IEC14888 系列標準包含著(zhu)一系列廣泛使用的通用數字簽名算法(fa)：

（1）14888-2 收錄了7個基(ji)(ji)于(yu)大數分(fen)解的數字簽名算(suan)法(fa)，包(bao)括：RSA、RW（Rabin-Williams）、 GQ1、GQ2、GPS1、GPS2、ESIGN。其中RSA和 RW 算(suan)法(fa)使用 PSS 消息編碼，GQ1是基(ji)(ji)于(yu)標識的簽名算(suan)法(fa)。

（2）14888-3 收(shou)錄了 14 個(ge)基于離散對數的數字簽名算法，其中(zhong)：

①基于(yu)素(su)域上(shang)離散對數的簽名算法(fa)有：DSA、KCDSA、SDSA（Schnorr-DSA）、Pointcheval/ Vaudenay 算法(fa)；

②基于橢圓曲線上離散對(dui)數的(de)簽名算(suan)法有 EC-DSA（美國(guo)）、EC-KCDSA（韓(han)國(guo)）、EC-GDSA（ 德(de)國(guo)）、EC-RDSA（俄(e)羅(luo)斯 GOSTR34.10-2012）、EC-SDSA（Schnorr 簽名算(suan)法）、EC-FSDA（完整Schnorr 簽名算(suan)法）、SM2（中國(guo)）；

③采用雙(shuang)線性對的(de)基于標識的(de)簽名(ming)算法有IBS1（Cha-Cheon-IBS）、IBS2（Hess-IBS）、Chinese IBS（SM9）。

這里順帶(dai)提(ti)及另外一(yi)個和數字簽名密(mi)(mi)(mi)切相關的(de)技(ji)術：不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)（non-repudiation）技(ji)術。ISO/IEC 制(zhi)(zhi)(zhi)定了系列的(de)不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)技(ji)術標準 ISO/ IEC13888，包(bao)括(kuo)：基(ji)(ji)于(yu)(yu)對(dui)稱(cheng)(cheng)密(mi)(mi)(mi)鑰機(ji)制(zhi)(zhi)(zhi)的(de) 13888-2、基(ji)(ji)于(yu)(yu)非對(dui)稱(cheng)(cheng)密(mi)(mi)(mi)鑰機(ji)制(zhi)(zhi)(zhi)的(de) 13888-3。13888-2 標準包(bao)括(kuo)基(ji)(ji)于(yu)(yu)對(dui)稱(cheng)(cheng)密(mi)(mi)(mi)碼的(de)不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)、源不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)、投(tou)遞(di)不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)、時間(jian)戳令牌(pai)機(ji)制(zhi)(zhi)(zhi)；13888-3 標準包(bao)括(kuo)基(ji)(ji)于(yu)(yu)非對(dui)稱(cheng)(cheng)密(mi)(mi)(mi)鑰的(de)源不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)、投(tou)遞(di)不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)、提(ti)交不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)以及傳輸不(bu)(bu)可(ke)(ke)(ke)否(fou)(fou)(fou)(fou)(fou)認(ren)(ren)機(ji)制(zhi)(zhi)(zhi)。

數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)在數(shu)字(zi)(zi)(zi)社會中起(qi)到(dao)重(zhong)要(yao)作用。本文對數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)過去四十多年的(de)(de)(de)(de)發(fa)展做了(le)一(yi)(yi)個(ge)綜述，以(yi)(yi)便(bian)(bian)讀者(zhe)可以(yi)(yi)對這一(yi)(yi)重(zhong)要(yao)技(ji)(ji)術(shu)(shu)有一(yi)(yi)個(ge)相(xiang)對全面的(de)(de)(de)(de)了(le)解。文章回顧了(le)數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)發(fa)展歷程中的(de)(de)(de)(de)一(yi)(yi)些(xie)(xie)重(zhong)要(yao)的(de)(de)(de)(de)學術(shu)(shu)工作和重(zhong)大事件(jian)。數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)發(fa)展至(zhi)今已經相(xiang)當成熟，除了(le)滿足(zu)基本的(de)(de)(de)(de)安(an)全性(xing)要(yao)求外，出(chu)現(xian)了(le)眾(zhong)(zhong)多具有附加屬(shu)性(xing)的(de)(de)(de)(de)數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)。本文以(yi)(yi)列表的(de)(de)(de)(de)形式概述了(le)歷史上(shang)出(chu)現(xian)的(de)(de)(de)(de)眾(zhong)(zhong)多特殊數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)的(de)(de)(de)(de)概念和工作。文章最后匯總了(le)一(yi)(yi)些(xie)(xie)重(zhong)要(yao)的(de)(de)(de)(de)數(shu)字(zi)(zi)(zi)簽名技(ji)(ji)術(shu)(shu)標(biao)準，以(yi)(yi)便(bian)(bian)工程技(ji)(ji)術(shu)(shu)人員參考。

引用本文：程(cheng)朝(chao)輝.數字簽名技術概(gai)覽[J].信息安全與(yu)通信保密,2020(7):48-62.