Skip to main content
SpringerLink
Log in

Zero-Knowledge Argument for Simultaneous Discrete Logarithms

  • Published:
Algorithmica Aims and scope Submit manuscript

Abstract

In Crypto 1992, Chaum and Pedersen introduced a protocol (CP protocol for short) for proving the equality of two discrete logarithms (EQDL) with unconditional soundness, which is widely used nowadays and plays a central role in DL-based cryptography. Somewhat surprisingly, the CP protocol has never been improved for nearly two decades since its advent. We note that the CP protocol is usually used as a non-interactive proof by using the Fiat-Shamir heuristic, which inevitably relies on the random oracle model (ROM) and assumes that the adversary is computationally bounded. In this paper, we present an EQDL protocol in the ROM which saves approximately 40% of the computational cost and approximately 33% of the prover’s outgoing message size when instantiated with the same security parameter. The catch is that our security guarantee only holds for computationally bounded adversaries. Our idea can be naturally extended for simultaneously showing the equality of n discrete logarithms with O(1)-size commitment, in contrast to the n-element adaption of the CP protocol which requires O(n)-size. This improvement benefits a variety of interesting cryptosystems, ranging from signatures and anonymous credential systems, to verifiable secret sharing and threshold cryptosystems. As an example, we present a signature scheme that only takes one (offline) exponentiation to sign, without utilizing pairing, relying on the standard decisional Diffie-Hellman assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Ateniese, G.: Verifiable encryption of digital signatures and applications. ACM Trans. Inform. Syst. Secur. (TISSEC) 7(1), 1–20 (2004)

    Article  Google Scholar 

  2. Avanzi, R.M.: On multi-exponentiation in cryptography. Cryptology ePrint Archive, Report 2002/154 (2002)

  3. Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, October 30–November 3, 2006, pp. 390–399. ACM, New York (2006)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, Fairfax, Virginia, USA, 3–5 November 1993, pp. 62–73 (1993)

    Chapter  Google Scholar 

  5. Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. J. Crypt. (2011). doi:10.1007/s00145-010-9082-x

    Google Scholar 

  6. Camenisch, J., Maurer, U.M., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. J. Comput. Secur. 5(1), 69–90 (1997)

    Google Scholar 

  7. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) Advances in Cryptology—CRYPTO’92, 12th Annual International Cryptology Conference Proceedings, Santa Barbara, California, USA, 16–20 August 1992. Lecture Notes in Computer Science, vol. 740, pp. 89–105. Springer, Berlin (1992)

    Google Scholar 

  8. Chevallier-Mames, B.: An efficient CDH-based signature scheme with a tight security reduction. In: Shoup, V. (ed.) Advances in Cryptology—CRYPTO 2005: 25th Annual International Cryptology Conference Proceedings, Santa Barbara, California, USA, 14–18 August 2005. Lecture Notes in Computer Science, vol. 3621, pp. 511–526. Springer, Berlin (2005)

    Google Scholar 

  9. Chow, S.S.M., Liu, J.K., Wong, D.S.: Robust receipt-free election system with ballot secrecy and verifiability. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10–13 February 2008, pp. 81–94. The Internet Society, Reston (2008)

    Google Scholar 

  10. Chow, S.S.M., Ma, C., Weng, J.: Zero-knowledge argument for simultaneous discrete logarithms. In: Thai, M.T., Sahni, S. (eds.) Computing and Combinatorics, 16th Annual International Conference, Proceedings COCOON 2010, Nha Trang, Vietnam, 19–21 July 2010. Lecture Notes in Computer Science, vol. 6196, pp. 520–529. Springer, Berlin (2010)

    Google Scholar 

  11. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) Advances in Cryptology—EUROCRYPT’97, International Conference on the Theory and Application of Cryptographic Techniques, Proceeding, Konstanz, Germany, 11–15 May 1997. Lecture Notes in Computer Science, vol. 1233, pp. 103–118. Springer, Berlin (1997)

    Google Scholar 

  12. Dimitrov, V.S., Jullien, G.A., Miller, W.C.: Complexity and fast algorithms for multiexponentiations. IEEE Trans. Comput. 49(2), 141–147 (2000)

    Article  MathSciNet  Google Scholar 

  13. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) Advances in Cryptology—CRYPTO’86, Proceedings, Santa Barbara, California, USA, 1986. Lecture Notes in Computer Science, vol. 263, pp. 186–194. Springer, Berlin (1986)

    Google Scholar 

  14. Goh, E.-J., Jarecki, S.: A signature scheme as secure as the Diffie-Hellman problem. In: Biham, E. (ed.) Advances in Cryptology—EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings, Warsaw, Poland, 4–8 May 2003. Lecture Notes in Computer Science, vol. 2656, pp. 401–415. Springer, Berlin (2003)

    Google Scholar 

  15. Goh, E.-J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptol. 20(4), 493–514 (2007). Journal version of [17] and [14]

    Article  MathSciNet  MATH  Google Scholar 

  16. Jakobsson, M., Schnorr, C.-P.: Efficient oblivious proofs of correct exponentiation. In: Preneel, B. (ed.) Secure Information Networks: Communications and Multimedia Security, IFIP TC6/TC11 Joint Working Conference on Communications and Multimedia Security (CMS’99), 20–21 September 1999, Leuven, Belgium. IFIP Conference Proceedings, vol. 152, pp. 71–86. Kluwer, Dordrecht (1999)

    Google Scholar 

  17. Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, USA, 27–30 October 2003, pp. 155–164. ACM, New York (2003)

    Chapter  Google Scholar 

  18. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym Systems. In: Heys, H.M., Adams, C.M. (eds.) Selected Areas in Cryptography, 6th Annual International Workshop, SAC’99, Proceedings, Kingston, Ontario, Canada, 9–10 August 1999. Lecture Notes in Computer Science, vol. 1758, pp. 184–199. Springer, Berlin (1999)

    Chapter  Google Scholar 

  19. Ma, C., Weng, J., Li, Y., Deng, R.H.: Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr. 54(2), 121–133 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  20. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2001)

    Google Scholar 

  21. Möller, B.: Algorithms for multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) Selected Areas in Cryptography, 8th Annual International Workshop, Revised Papers, SAC 2001, Toronto, Ontario, Canada, 16–17 August 2001. Lecture Notes in Computer Science, vol. 2259, pp. 165–180. Springer, Berlin (2001)

    Google Scholar 

  22. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)

    Article  MATH  Google Scholar 

  23. Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) Advances in Cryptology—EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Proceeding, Bruges, Belgium, 14–18 May 2000. Lecture Notes in Computer Science, vol. 1807, pp. 207–220. Springer, Berlin (2000)

    Google Scholar 

  24. Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75–96 (2002)

    MathSciNet  MATH  Google Scholar 

  25. Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) Advances in Cryptology—EUROCRYPT’96, International Conference on the Theory and Application of Cryptographic Techniques, Proceeding, Saragossa, Spain, 12–16 May 1996. Lecture Notes in Computer Science, vol. 1070, pp. 190–199. Springer, Berlin (1996)

    Google Scholar 

Download references

Acknowledgements

Part of this work was done while the first author was a Ph.D. student in Courant Institute of Mathematical Sciences, New York University, and while the second and the third authors were postdoctoral fellows in School of Information Systems, Singapore Management University. We would like to express our gratitude to the anonymous reviewers for their helpful comments which improve a few aspects of our paper. Thanks also go to Dong Zheng who helped in the initial stage of this research. This work is partially supported by the Office of Research, Singapore Management University. It is also supported by the National Science Foundation of China under Grant Nos. 60903178, 61070217, 61005049 and 61133014, the Fundamental Research Funds for the Central Universities under Grant No. 21610204, and the Guangdong Provincial Science and Technology Project under Grand No. 2010A032000002.

Author information

Authors and Affiliations

  1. Department of Combinatorics and Optimization, and Centre for Applied Cryptographic Research, University of Waterloo, Waterloo, Ontario, Canada, N2L3G1

    Sherman S. M. Chow

  2. School of Computer, South China Normal University, Guangzhou, 510631, China

    Changshe Ma

  3. Department of Computer Science, Jinan University, Guangzhou, 510632, China

    Jian Weng

  4. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

    Jian Weng

  5. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Jian Weng

  6. Emergency Technology Research Center of Risk Evaluation and Prewarning on Public Network Security, Guangdong, 510632, China

    Jian Weng

Authors
  1. Sherman S. M. Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Changshe Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jian Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Weng.

Additional information

This is the full version of [10] which appeared in the 16th International Conference on Computing and Combinatorics (COCOON’10).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chow, S.S.M., Ma, C. & Weng, J. Zero-Knowledge Argument for Simultaneous Discrete Logarithms. Algorithmica 64, 246–266 (2012). https://doi.org/10.1007/s00453-011-9593-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00453-011-9593-3

Keywords

Search

Navigation