Abstract
In Crypto’92, Chaum and Pedersen introduced a widely-used protocol (CP protocol for short) for proving the equality of two discrete logarithms (EQDL) with unconditional soundness, which plays a central role in DL-based cryptography. Somewhat surprisingly, the CP protocol has never been improved for nearly two decades since its advent. We note that the CP protocol is usually used as a non-interactive proof by using the Fiat-Shamir heuristic, which inevitably relies on the random oracle model (ROM) and assumes that the adversary is computationally bounded. In this paper, we present an EQDL protocol in the ROM which saves ≈40% of the computational cost and ≈33% of the prover’s uploading bandwidth. Our idea can be naturally extended for simultaneously showing the equality of n discrete logarithms with O(1)-size commitment, in contrast to the n-element adaption of the CP protocol which requires O(n)-size. This improvement benefits a variety of interesting cryptosystems, ranging from signatures and anonymous credential systems, to verifiable secret sharing and threshold cryptosystems. As an example, we present a signature scheme that only takes one (offline) exponentiation to sign, without utilizing pairing, relying on the standard decisional Diffie-Hellman assumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
Katz, J., Wang, N.: Efficiency Improvements for Signature Schemes with Tight Security Reductions. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Computer and Communications Security, pp. 155–164. ACM, New York (2003)
Chevallier-Mames, B.: An Efficient CDH-based Signature Scheme with a Tight Security Reduction. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 511–526. Springer, Heidelberg (2005)
Stadler, M.: Publicly Verifiable Secret Sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)
Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)
Shoup, V., Gennaro, R.: Securing Threshold Cryptosystems against Chosen Ciphertext Attack. J. Cryptology 15(2), 75–96 (2002)
Ateniese, G.: Verifiable Encryption of Digital Signatures and Applications. ACM Transactions on Information and System Security (TISSEC) 7(1), 1–20 (2004)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym Systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)
Camenisch, J., Maurer, U.M., Stadler, M.: Digital Payment Systems with Passive Anonymity-Revoking Trustees. Journal of Computer Security 5(1), 69–90 (1997)
Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-Authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)
Chow, S.S.M., Liu, J.K., Wong, D.S.: Robust Receipt-Free Election System with Ballot Secrecy and Verifiability. In: NDSS, The Internet Society (2008)
Bellare, M., Neven, G.: Multi-Signatures in the Plain Public-Key Model and A General Forking Lemma. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) Computer and Communications Security, pp. 390–399. ACM, New York (2006)
Ma, C., Weng, J., Li, Y., Deng, R.H.: Efficient Discrete Logarithm based Multi-Signature Scheme in the Plain Public Key Model. Des. Codes Cryptography 54(2), 121–133 (2010)
Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Computer and Communications Security, pp. 62–73 (1993)
Goldreich, O.: Foundations of Cryptography. Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001)
Dimitrov, V.S., Jullien, G.A., Miller, W.C.: Complexity and Fast Algorithms for Multiexponentiations. IEEE Trans. Computers 49(2), 141–147 (2000)
Möller, B.: Algorithms for Multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 165–180. Springer, Heidelberg (2001)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2001)
Avanzi, R.M.: On Multi-Exponentiation in Cryptography. Cryptology ePrint Archive, Report 2002/154 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chow, S.S.M., Ma, C., Weng, J. (2010). Zero-Knowledge Argument for Simultaneous Discrete Logarithms. In: Thai, M.T., Sahni, S. (eds) Computing and Combinatorics. COCOON 2010. Lecture Notes in Computer Science, vol 6196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14031-0_55
Download citation
DOI: https://doi.org/10.1007/978-3-642-14031-0_55
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14030-3
Online ISBN: 978-3-642-14031-0
eBook Packages: Computer ScienceComputer Science (R0)