Abstract
We present the first efficient statistical zero-knowledge protocols to prove statements such as:
-
- A committed number is a prime.
-
- A committed (or revealed) number is the product of two safe primes, i.e., primes p and q such that (p - 1)/2 and (q - 1)/2 are prime.
-
- A given integer has large multiplicative order modulo a composite number that consists of two safe prime factors.
The main building blocks of our protocols are statistical zero-knowledge proofs of knowledge that are of independent interest. We show how to prove the correct computation of a modular addition, a modular multiplication, and a modular exponentiation, where all values including the modulus are committed to but not publicly known. Apart from the validity of the equations, no other information about the modulus (e.g., a generator whose order equals the modulus) or any other operand is exposed. Our techniques can be generalized to prove that any multivariate modular polynomial equation is satisfied, where only commitments to the variables of the polynomial and to the modulus need to be known. This improves previous results, where the modulus is publicly known. We show how these building blocks allow to prove statements such as those listed earlier.
BRICS - Basic Research in Computer Science, Center of the Danish National Research Foundation.
Part of this work was done while this author was with Ubilab, UBS, Switzerland.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
E. Bach and J. Shallit. Factoring with cyclotomic polynomials. In 26th FOCS, IEEE, pp. 443–450, 1985.
J. Boyar, K. Friedl, and C. Lund. Practical zero-knowledge proofs: Giving hints and using defficiencies. Journal of Cryptology, 4(3):185–206, 1991.
S. Brands. Untraceable on-line cash in wallets with observers. In Advances in Cryptology — CRYPTO’ 93, volume 773 of LNCS, pp. 302–318, 1993.
S. Brands. Rapid demonstration of linear relations connected by boolean operators. In Advances in Cryptology — EUROCRYPT’ 97, volume 1233 of LNCS, pp. 318–333. Springer Verlag, 1997.
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2):156–189, Oct. 1988.
J. Camenisch and M. Michels. Proving in zero-knowledge that a number n is the product of two safe primes. Technical Report RS-98-29, BRICS, Departement of Computer Science, University of Åarhus, Nov. 1998.
J. Camenisch and M. Michels. A group signature scheme based on an RSA-variant. Tech. Rep. RS-98-27, BRICS, Departement of Computer Science, University of Åarhus, Nov. 1998. Preliminary version appeared in Advances in Cryptology — ASIACRYPT’ 98, volume 1514 of LNCS, pages 160–174. Springer Verlag, 1998.
J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In Advances in Cryptology — CRYPTO’ 97, volume 1296 of LNCS, pp. 410–424. Springer Verlag, 1997.
J. Camenisch and M. Stadler. Proof systems for general statements about discrete logarithms. Technical Report TR 260, Institute for Theoretical Computer Science, ETH Zürich, Mar. 1997.
J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zürich, 1998. Diss. ETH No. 12520.
A. Chan, Y. Frankel, and Y. Tsiounis. Easy come — easy go divisible cash. In Advances in Cryptology — EUROCRYPT’ 98, volume 1403 of LNCS, pp. 561–575. Springer Verlag, 1998. Revised version available as GTE Technical Report.
D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology — EUROCRYPT’ 87, volume 304 of LNCS, pp. 127–141. Springer-Verlag, 1988.
D. Chaum, J.-H. Evertse, J. van de Graaf, and R. Peralta. Demonstrating possession of a discrete logarithm without revealing it. In Advances in Cryptology — CRYPTO’ 86, volume 263 of LNCS, pp. 200–212. Springer-Verlag, 1987.
D. Chaum and T. P. Pedersen. Wallet databases with observers. In Advances in Cryptology — CRYPTO’ 92, volume 740 of LNCS, pp. 89–105. Springer-Verlag, 1993.
H. Cohen. A Course in Computational Algebraic Number Theory. Number 138 in Graduate Texts in Mathematics. Springer-Verlag, Berlin, 1993.
R. Cramer and I. Damgård. Zero-knowledge proof for finite field arithmetic, or: Can zero-knowledge be for free? In Advances in Cryptology — CRYPTO’ 98, volume 1642 of LNCS, pp. 424–441, Berlin, 1998. Springer Verlag.
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology — CRYPTO’ 94, volume 839 of LNCS, pp. 174–187. Springer Verlag, 1994.
E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology — CRYPTO’ 97, volume 1294 of LNCS, pp. 16–30. Springer Verlag, 1997.
E. Fujisaki and T. Okamoto. A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In Advances in Cryptology — EUROCRYPT’ 98, volume 1403 of LNCS, pp. 32–46. Springer Verlag, 1998.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Advances in Cryptology — CRYPT0’ 96, volume 1109 of LNCS, pp. 157–172, Berlin, 1996. IACR, Springer Verlag.
R. Gennaro, H. Krawczyk, and T. Rabin. RSA-based undeniable signatures. In Advances in Cryptology — CRYPTO’ 97, volume 1296 of LNCS, pp. 132–149. Springer Verlag, 1997.
R. Gennaro, D. Micciancio, and T. Rabin. An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products. In 5rd ACM Conference on Computer and Communicatons Security, 1998.
O. Goldreich, S. Micali, and A. Wigderson. How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design. In Advances in Cryptology — CRYPTO’ 86, volume 263 of LNCS, pp. 171–185. Springer-Verlag, 1987.
J. Gordon. Strong RSA keys. Electronics Letters, 20(12):514–516, 1984.
K. Koyama, U. Maurer, T. Okamoto, and S. Vanstone. New public-key schemes based on elliptic curves over the ring Zn. In Advances in Cryptology — CRYPTO’ 91, volume 576 of LNCS, pp. 252–266. Springer-Verlag, 1992.
E. Kranakis. Primality and Cryptography. Wiley-Teubner Series in Computer Science, 1986.
D. J. Lehmann. On primality tests. SIAM Journal of Computing, 11(2):374–375, May 1982.
M. Liskov and B. Silverman. A Statisical limited-knowledge proof for secure RSA keys. manuscript, (1998).
W. Mao. Verifable Partial Sharing of Integer Factors. to appear in Proc. SAC’ 98, 1998.
G. L. Miller. Riemann’s hypothesis and tests for primality. Journal of Computer and System Sciences, 13:300–317, 1976.
T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology — CRYPTO’ 91, volume 576 of LNCS, pp. 129–140. Springer Verlag, 1992.
J. M. Pollard. Theorems on factorization and primality testing. Proc. Cambridge Philosophical Society, 76:521–528, 1974.
M. O. Rabin. Probabilistic algorithm for testing primality. Journal of Number Theory, 12:128–138, 1980.
A. de Santis, L. di Crescenzo, G. Persiano, M. Yung. On Monotone Formula Closure of SZK. 35th FOCS, IEEE, pp. 454–465, 1994.
C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.
R. Solovay and V. Strassen. A fast monte-carlo test for primality. SIAM Journal on Computing, 6(1):84–85, Mar. 1977.
J. van de Graaf and R. Peralta. A simple and secure way to show the validity of your public key. In Advances in Cryptology — CRYPTO’ 87, volume 293 of LNCS, pp. 128–134. Springer-Verlag, 1988.
H. C. Williams. A p + 1 method of factoring. Mathematics of Computation, 39(159):225–234, 1982.
X9.31-1998 Digital Signatures using reversible public key cryptography for the financial services industry (rDSA). American National Standard, Working Draft, 59 pages, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Camenisch, J., Michels, M. (1999). Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes. In: Stern, J. (eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol 1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_8
Download citation
DOI: https://doi.org/10.1007/3-540-48910-X_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65889-4
Online ISBN: 978-3-540-48910-8
eBook Packages: Springer Book Archive