Abstract
We describe a modification of an interactive identification scheme of Schnorr intended for use by smart cards. Schnorr's original scheme had its security based on the difficulty of computing discrete logarithms in a subgroup of GF(p) given some side information. We prove that our modification will be witness hiding, which is a more rigid security condition than Schnorr proved for his scheme, if factoring a large integer with some side information is computationally infeasible. In addition, even if the large integer can be factored, then our scheme is still as secure as Schnorr's scheme. For this enhanced security we require only slightly more communication and about a factor of a 3.6 increase in computational power, but the requirements remain quite modest, so that the scheme is well suited for use in smart cards.
Article PDF
Similar content being viewed by others
References
T. Beth, Efficient zero-knowledge identification scheme for smart cards, Advances in Cryptology—Proceedings of Eurocrypt '88, Lecture Notes in Computer Science, vol. 330, Springer-Verlag, Berlin, 1989, pp. 77–84.
E. F. Brickell and K. S. McCurley, An interactive identification scheme based on discrete logarithms and factoring, Advances in Cryptology—Proceedings of Eurocrypt '90 (to appear).
D. Chaum, J.-H. Evertse, J. van de Graaf, and R. Peralta, Demonstrating possession of a discrete logarithm without revealing it, Advances in Cryptology—Proceedings of Eurocrypt '86, Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987, pp. 200–212.
D. Chaum, J.-H. Evertse, and J. van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, Advances in Cryptology—Proceedings of Eurocrypt '87, Lecture Notes in Computer Science, vol. 304, Springer-Verlag, Berlin, 1988, pp. 127–141.
Y. Desmedt, C. Goutier, and S. Bengio, Special uses and abuses of the Fiat-Shamir passport protocol, Advances in Cryptology Proceedings of Crypto '87, Lecture Notes in Computer Science, vol. 293, Springer-Verlag, Berlin, 1988, pp. 21–39.
U. Feige, A. Fiat, and A. Shamir, Zero-knowledge proofs of identify, Journal of Cryptology 1 (1988), 77–94.
U. Feige and A. Shamir, Witness indistinguishable and witness hiding protocols, Proceedings of the 22nd ACM Symposium on Theory of Computing, Association for Computing Machinery, New York, 1990, pp. 416–424.
S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing 18, No. 1 (1989), 186–208.
D. E. Knuth, The Art of Computer Programming, Vol. 2: Seminumerical Algorithms, 2nd ed., Addison-Wesley, Reading, MA, 1981.
B. LaMacchia and A. Odlyzko, Computation of discrete logarithms in prime finite fields, Advances in Cryptology—Proceedings of Crypto '90, Lecture Notes in Computer Science (to appear).
A. K. Lenstra and M. S. Manasse, Factoring by electronic mail, Advances in Cryptology—Proceedings of Eurocrypt '89, Lecture Notes in Computer Science, vol. 434, Springer-Verlag, Berlin, 1990, pp. 355–371.
A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The number field sieve, Proceedings of the 22nd ACM Symposium on Theory of Computing, Association for Computing Machinery, New York, 1990, pp. 564–572.
K. S. McCurley, A key distribution system equivalent to factoring, Journal of Cryptology 1 (1988), 95–105.
K. S. McCurley, The discrete logarithm problem, Cryptology and Computational Number Theory, Proceedings of Symposia in Applied Mathematics, vol. 42, American Mathematical Society, Providence, 1990, pp. 49–74.
J. M. Pollard, Monte Carlo methods for index computation mod p, Mathematics of Computation 32 (1978), 918–924.
C. Pomerance, Factoring, Cryptology and Computational Number Theory, Proceedings of Symposia in Applied Mathematics, vol. 42, American Mathematical Society, Providence, RI, 1990, pp. 27–48.
C. P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology—Proceedings of Crypto '89, Lecture Notes in Computer Science, vol. 435, Springer-Verlag, Berlin, 1990, pp. 239–252.
M. Tompa and H. Woll, Random self-reducibility and zero knowledge interactive proofs of possession of information, Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, IEEE, Washington, D.C., 1987, pp. 472–482.
S. S. Wagstaff, Jr., Greatest of the least primes in arithmetic progressions having a given modulus, Mathematics of Computation 33 (1979), 1073–1080.
Author information
Authors and Affiliations
Additional information
A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp. 63–71. This work was performed under U.S. Department of Energy contract number DE-AC04-76DP00789.
Rights and permissions
About this article
Cite this article
Brickell, E.F., McCurley, K.S. An interactive identification scheme based on discrete logarithms and factoring. J. Cryptology 5, 29–39 (1992). https://doi.org/10.1007/BF00191319
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00191319