ABSTRACT
ZK (zero knowledge) proof of knowledge of discrete logarithm (and sometimes extended to ZK proof of equality of discrete logarithms) in cyclic groups with unknown orders are widely employed in various cryptographic applications. To the best of our knowledge the present implementations of these two proofs have some drawbacks. Firstly, they can only achieve statistical ZK, which is not only weaker in theory than perfect ZK but also difficult to formally prove in practice. Moreover, the drawback is not limited to theoretic problems like provability but sometimes deteriorate efficiency of ZK proof to an intolerable level as we will show in a case study. The first perfect ZK argument of the proof is proposed in this paper, which is formally provable and can always guarantee acceptable efficiency. It is especially suitable for applications with high requirement on privacy and complex secure protocols requiring concise and formal proof of ZK privacy.
- The nist special publication on computer security (sp 800--78 rev 1 of august 2007). 2007.Google Scholar
- D Aggarwal, I Damgård, J Nielsen, M Obremski, E Purwanto, J Ribeiro and M Simkin. Stronger leakage-resilient and non-malleable secret sharing schemes for general access structures. In Cryto '19, pages 510--539.Google Scholar
- N Asokan, M Schunter and M Waidner. Optimistic protocols for fair exchange. In ACM CCS '97, pages 6--17. Google ScholarDigital Library
- N Asokan, V Shoup and M Waidner. Optimistic fair exchange of digital signatures. In IEEE Journal on Selected Areas in Communications 18(4), pages 591--610, 2000. Google ScholarDigital Library
- G Ateniese, J Camenisch, M Joye and G Tsudik. A practical and provably secure coalition-resistant group signature scheme. In CRYPTO '00, pages 255--270. Google ScholarDigital Library
- F Bao. An efficient verifiable encryption scheme for encryption of discrete logarithms. In the Smart Card Research Conference '98, pages 213--220. Springer-Verlag. Google ScholarDigital Library
- F Bao, R Deng and W Mao. Efficient and practical fair exchange protocols with off-line ttp. In IEEE S&P '98, pages 77--85.Google Scholar
- O Blazy, C Chevalier and D Vergnaud. Non-interactive zero-knowledge proofs of non-membership. In CT-RSA'15, pages 145--164.Google Scholar
- D Boneh, B Bünz and B Fisch. Batching techniques for accumulators with applications to iops and stateless blockchains. In Crypto'19, pages 561--586.Google Scholar
- F Boudot. Efficient proofs that a committed number lies in an interval. In EUROCRYPT '00, pages 431--444. Google ScholarDigital Library
- F Boudot and J Traore. Efficient publicly verifiable secret sharing schemes with fast or delayed recovery. In ICICS '99, pages 87--102. Google ScholarDigital Library
- H Burk and A Pfitzmann. Digital payment systems enabling security and unobservability. In Computer and Security 9(8), pages 715--721, 1990. Google ScholarDigital Library
- J Camenisch and I Damgard. Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes. In ASIACRYPT '00, pages 331--345. Google ScholarDigital Library
- J Camenisch and A Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In EUROCRYPT '01, pages 93--118. Google ScholarDigital Library
- J Camenisch and M Michels. A group signature scheme with improved efficiency. In ASIACRYPT '98, pages 160--174. Google ScholarDigital Library
- J Camenisch and V Shoup. Practical verifiable encryption and decryption of discrete logarithms. In CRYPTO '03, pages 126--144.Google Scholar
- D Chaum, J Evertse and J Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generations. In EUROCRYPT '87, pages 127--141. Google ScholarDigital Library
- David Chaum and Torben Pedersen. Wallet databases with observers. In CRYPTO '92, pages 89--105. Google ScholarDigital Library
- I Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT '00, pages 431--444. Google ScholarDigital Library
- I Damgård and E Fujisaki. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT '02, pages 125--142. Google ScholarDigital Library
- I Damgård, M Jurik and J Nielsen. A generalization of paillier's public-key system with applications to electronic voting. International Journal of Information Security, 9(6):371--385, 2010. Google ScholarDigital Library
- A Fiat and A Shamir. How to prove yourself: practical solutions to identification and signature problems. In CRYPTO '86, pages 186--194. Google ScholarDigital Library
- P Fouque, G Poupard and J Stern. Sharing decryption in the context of voting or lotteries. In FC '00, pages 90--104. Google ScholarDigital Library
- G Fuchsbauer, C Hanser and D Slamanig. Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. Journal of Cryptology, 32(2):498--546, 2019. Google ScholarDigital Library
- E Fujisaki and T Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO '97, pages 16--30. Google ScholarDigital Library
- E Fujisaki and T Okamoto. A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In EUROCRYPT '98, pages 32--46.Google Scholar
- M Girault. Self-certified public keys. In EUROCRYPT '91, pages 490--497. Google ScholarDigital Library
- S Goldwasser, S Micali, and C Rackoff. The knowledge complexity of interactive proof systems. In SIAM Journal on Computing, pages 186 -- 208, 1989. Google ScholarDigital Library
- J Groth and Y Ishai. Sub-linear zero-knowledge argument for correctness of a shuffle. In EUROCRYPT '08, pages 379--396. Google ScholarDigital Library
- J Groth and S Lu. Verifiable shuffle of large size ciphertexts. In PKC '07, pages 377--392. Google ScholarDigital Library
- C Hazay, G Mikkelsen, T Rabin, T Toft and A Nicolosi. Efficient rsa key generation and threshold paillier in the two-party setting. Journal of Cryptology, 32(2):265--323, 2019. Google ScholarDigital Library
- M Luby. Pseudorandomness and cryptographic applications. Princeton University Press, 1996. Google ScholarDigital Library
- K Peng. Threshold distributed access control with public verification -- a practical application of pvss. International Journal of Information Security, 11(1):1592--1597, 2012. Google ScholarDigital Library
- G Poupard and J Stern. Security analysis of a practical on the fly authentication and signature generation. In EUROCRYPT '98, pages 422--436.Google Scholar
- G Poupard and J Stern. Fair encryption of rsa keys. In EUROCRYPT '00, pages 172--189. Google ScholarDigital Library
- R Wang, Y Li, H Xu, Y Feng and Y Zhang. Electronic scoring scheme based on real paillier encryption algorithms. IEEE Access, 7:128043--128053, 2019.Google ScholarCross Ref
- C Schnorr. Efficient signature generation by smart cards. Journal of Cryptology 4, pages 161--174, 1991. Google ScholarDigital Library
- A Shamir. How to share a secret. Communication of the ACM, 22(11):612--613, 1979. Google ScholarDigital Library
- V Shoup. Practical threshold signature. In IBM Research Report RZ 3121. IBM, 1999. Google ScholarDigital Library
- M Stadler. Publicly verifiable secret sharing. In EUROCRYPT '96, pages 190--199. Google ScholarDigital Library
- D Tan, H Nam and M Hieu. Blind multi-signature scheme based on factoring and discrete logarithm problem. Telkomnika, 17(5), 2019.Google Scholar
- S Vadhan. A study of statistical zero knowledge proofs. 1999. MIT Ph.D. Thesis. Google ScholarDigital Library
- D Wikstrom. A sender verifiable mix-net and a new proof of a shuffle. In ASIACRYPT '05, pages 273--292. Google ScholarDigital Library
- A Young and M Yung. Auto-recoverable auto-certifiable cryptosystems. In EUROCRYPT '98, pages 17--31. Google ScholarDigital Library
Index Terms
- Perfect ZK Argument of Knowledge of Discrete Logarithm in A Cyclic Group with Unknown Order
Recommendations
A UC-Secure Authenticated Contributory Group Key Exchange Protocol Based on Discrete Logarithm
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303Authenticated key exchange protocols allow parties to establish a common session key which in turn is fundamental to building secure channels. Authenticated group key exchange protocols allow parties to interact with each other and establish a common ...
A perfect zero-knowledge proof system for a problem equivalent to the discrete logarithm
An interactive proof system is called perfect zero-knowledge if the probability distribution generated by any probabilistic polynomial-time verifier interacting with the prover on input theorem , can be generated by another probabilistic polynomial-...
Zero-knowledge argument for simultaneous discrete logarithms
COCOON'10: Proceedings of the 16th annual international conference on Computing and combinatoricsIn Crypto'92, Chaum and Pedersen introduced a widely-used protocol (CP protocol for short) for proving the equality of two discrete logarithms (EQDL) with unconditional soundness, which plays a central role in DL-based cryptography. Somewhat ...
Comments