Article

Strengthening zero-knowledge protocols using signatures

Authors:

Philip MacKenzie,

Ke YangAuthors Info & Claims

EUROCRYPT'03: Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques

Pages 177 - 194

Published: 04 May 2003 Publication History

Abstract

Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, unbounded simulation soundness, non-malleability, and universal composability. In this paper, we show a novel technique to convert a large class of existing honest-verifier zero-knowledge protocols into ones with these stronger properties in the common reference string model. More precisely, our technique utilizes a signature scheme existentially unforgeable against adaptive chosen-message attacks, and transforms any Σ-protocol (which is honest-verifier zero-knowledge) into an unbounded simulation sound concurrent zero-knowledge protocol. We also introduce Ω-protocols, a variant of Σ-protocols for which our technique further achieves the properties of non-malleability and/or universal composability.

In addition to its conceptual simplicity, a main advantage of this new technique over previous ones is that it avoids the Cook-Levin theorem, which tends to be rather inefficient. Indeed, our technique allows for very efficient instantiation based on the security of some efficient signature schemes and standard number-theoretic assumptions. For instance, one instantiation of our technique yields a universally composable zero-knowledge protocol under the Strong RSA assumption, incurring an overhead of a small constant number of exponentiations, plus the generation of two signatures.

References

[1]

B. Barak. How to Go Beyond the Black-box Simulation Barrier. In 42nd IEEE Symp. on Foundations of Computer Sci., 106-115, 2001.

Digital Library

[2]

B. Barak. Constant-Round Coin-Tossing With a Man in the Middle or Realizing the Shared Random String Model. In 43rd IEEE Symp. on Foundations of Computer Sci., 345-355, 2002.

Digital Library

[3]

N. Baric and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology - EUROCRYPT '97 (LNCS 1233), 480-494, 1997.

Digital Library

[4]

D. Boneh. The decision Diffie-Hellman problem. In Proceedings of the Third Algorithmic Number Theory Symp. (LNCS 1423), 48-63, 1998.

Digital Library

[5]

R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd IEEE Symp. on Foundations of Computer Sci., 136-145, 2001.

Digital Library

[6]

R. Canetti and M. Fischlin. Universally composable commitments. In Advances in Cryptology - CRYPTO 2001 (LNCS 2139), 19-40, 2001.

Digital Library

[7]

R. Canetti, J. Kilian, E. Petrank and A. Rosen. Concurrent zero-knowledge requires Ω(log n)rounds. In 33rd ACM Symp. on Theory of Computing, 570-579, 2001.

Digital Library

[8]

R. Canetti, Y. Lindell, R. Ostrovsky and A. Sahai. Universally composable two-party computation. In 34th ACM Symp. on Theory of Computing, 494-503, 2002. Full version in ePrint archive, Report 2002/140. http://eprint.iacr.org/, 2002.

Digital Library

[9]

R. Canetti and T. Rabin. Universal Composition with Joint State In ePrint archive, Report 2002/047, http://eprint.iacr.org/, 2002.

[10]

S. A. Cook. The complexity of theorem-proving procedures. In 3rd IEEE Symp. on Foundations of Computer Sci., 151-158, 1971.

Digital Library

[11]

R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology - CRYPTO '94 (LNCS 839), pages 174-187, 1994.

Digital Library

[12]

R. Cramer and V. Shoup. Signature scheme based on the strong RSA assumption. In ACM Trans. on Information and System Security 3(3):161-185, 2000.

Digital Library

[13]

I. Damgård. Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In Advances in Cryptology - EUROCRYPT 2000 (LNCS 1807), 418-430, 2000.

Digital Library

[14]

I. Damgård and J. Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In Advances in Cryptology - CRYPTO 2002 (LNCS 2442), 581-596, 2002. Full version in ePrint Archive, report 2001/091. http://eprint.iacr.org/, 2001.

Digital Library

[15]

A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano and A. Sahai. Robust non-interactive zero knowledge. In Advances in Cryptology - CRYPTO 2001 (LNCS 2139), 566-598, 2001.

Digital Library

[16]

D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. SIAM J. on Comput., 30(2):391-437, 2000. Also in 23rd ACM Symp. on Theory of Computing, 542-552, 1991.

Digital Library

[17]

C. Dwork, M. Naor and A. Sahai. Concurrent zero-knowledge. In 30th ACM Symp. on Theory of Computing, 409-418, 1998.

Digital Library

[18]

C. Dwork and A. Sahai. Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints. In Advances in Cryptology - CRYPTO '98 (LNCS 1462), 442-457, 1998.

Digital Library

[19]

T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Information Theory, 31:469-472, 1985.

Digital Library

[20]

S. Even, O. Goldreich, and S. Micali. On-line/Off-line digital signatures. J. Cryptology 9(1):35-67 (1996).

Digital Library

[21]

U. Feige and A. Shamir. Witness Indistinguishable and Witness Hiding Protocols. In 22nd ACM Symp. on Theory of Computing, 416-426, 1990.

Digital Library

[22]

FIPS 186. Digital signature standard. Federal Information Processing Standards Publication 186, U.S. Dept. of Commerce/NIST, National Technical Information Service, Springfield, Virginia, 1994.

[23]

O. Goldreich, S. Micali and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In 19th ACM Symp. on Theory of Computing, 218-229, 1987.

Digital Library

[24]

O. Goldreich, S. Micali and A. Wigderson. Proofs that yield nothing but their validity or All languages in NP have zero-knowledge proof systems. J. ACM, 38(3):691- 729, 1991.

Digital Library

[25]

S. Goldwasser, S. Micali and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM J. Comput., 18(1):186-208, February 1989.

Digital Library

[26]

S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput., 17:281-308, 1988.

Digital Library

[27]

S. Jarecki and A. Lysyanskaya. Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures. In Advances in Cryptology - EUROCRYPT '00 (LNCS 1807), 221-242, 2000.

Digital Library

[28]

J. Katz. Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications. In ePrint Archive, Report 2002/027, http://eprint.iacr.org/, 2002.

[29]

J. Kilian and E. Petrank. Concurrent and resettable zero-knowledge in polylogarithmic rounds. In 33rd ACM Symp. on Theory of Computing, 560-569, 2001.

Digital Library

[30]

D. W. Kravitz. Digital signature algorithm. U.S. Patent 5,231,668, 27 July 1993.

[31]

L. A. Levin. Universal sorting problems. Problemy Peredaci Informacii, 9:115-116, 1973. In Russian. Engl. trans.: Problems of Information Transmission 9:265-266.

[32]

P. MacKenzie, T. Shrimpton, and M. Jakobsson. Threshold password-authenticated key exchange. In Advances in Cryptology - CRYPTO 2002 (LNCS 2442), 385-400, 2002.

Digital Library

[33]

M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In 22nd ACM Symp. on Theory of Computing, 427-437, 1990.

Digital Library

[34]

T. Okamoto and S. Uchiyama. A new public-key cryptosystem as secure as factoring. In Advances in Cryptology - EUROCRYPT '98 (LNCS 1403), 380-318, 1998.

[35]

P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Advances in Cryptology - EUROCRYPT '99 (LNCS 1592), 223-238, 1999.

Digital Library

[36]

T. P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In Advances in Cryptology - CRYPTO '91 (LNCS 576), 129-140, 1991.

Digital Library

[37]

M. Prabhakaran, A. Rosen and A. Sahai. Concurrent zero knowledge with logarithmic round-complexity, In ePrint Archive, Report 2002/055, http://eprint.iacr.org/, 2002. Also in 43rd IEEE Symp. on Foundations of Computer Sci., 366-375, 2002.

Digital Library

[38]

L. Reyzin. Zero-knowledge with public keys. Ph.D. Thesis, MIT, 2001.

Digital Library

[39]

J. Rompel. One-way functions are necessary and sufficient for secure signatures. In 22nd ACM Symp. on Theory of Computing, 387-394, 1990.

Digital Library

[40]

A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In 40th IEEE Symp. on Foundations of Computer Sci., 543- 553, 1999.

Digital Library

Cited By

Derler DSlamanig D(2019)Key-homomorphic signaturesDesigns, Codes and Cryptography10.1007/s10623-018-0535-987:6(1373-1413)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1007/s10623-018-0535-9
Fujisaki E(2018)All-But-Many EncryptionJournal of Cryptology10.1007/s00145-017-9256-x31:1(226-275)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s00145-017-9256-x
Libert BMouhartem FPeters TYung MChen XWang XHuang X(2016)Practical "Signatures with Efficient Protocols" from Simple AssumptionsProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897898(511-522)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897898
Show More Cited By

Index Terms

Strengthening zero-knowledge protocols using signatures

Index terms have been assigned to the content through auto-classification.

Recommendations

Strengthening Zero-Knowledge Protocols Using Signatures

Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, simulation soundness, non-malleability, and universal composability. In this paper we show a novel technique to convert a large class of ...
Quantum protocols for zero-knowledge systems

Zero-knowledge proof system is an important protocol that can be used as a basic block for construction of other more complex cryptographic protocols. An intrinsic characteristic of a zero-knowledge systems is the assumption that is impossible for the ...
Zero-knowledge protocols for the mceliece encryption
ACISP'12: Proceedings of the 17th Australasian conference on Information Security and Privacy

We present two zero-knowledge protocols for the code-based McEliece public key encryption scheme in the standard model. Consider a prover who encrypted a plaintext m into a ciphertext c under the public key pk. The first protocol is a proof of plaintext ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT'03: Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques

May 2003

649 pages

ISBN:3540140395

Editor:
Eli Biham
Technion-Israel Institute of Technology, Computer Science Department, Haifa, Israel

Sponsors

IACR: International Association for Cryptologic Research

In-Cooperation

Institute of Mathematics and Cryptology
Military University of Technology

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 May 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
4
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Derler DSlamanig D(2019)Key-homomorphic signaturesDesigns, Codes and Cryptography10.1007/s10623-018-0535-987:6(1373-1413)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1007/s10623-018-0535-9
Fujisaki E(2018)All-But-Many EncryptionJournal of Cryptology10.1007/s00145-017-9256-x31:1(226-275)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s00145-017-9256-x
Libert BMouhartem FPeters TYung MChen XWang XHuang X(2016)Practical "Signatures with Efficient Protocols" from Simple AssumptionsProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897898(511-522)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897898
Ghosh EOhrimenko OPapadopoulos DTamassia RTriandopoulos N(2016)Zero-Knowledge Accumulators and Set AlgebraProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_3(67-100)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_3
Abe MCamenisch JDubovitskaya MNishimaki RGroß THansen M(2013)Universally composable adaptive oblivious transfer (with access control) from standard assumptionsProceedings of the 2013 ACM workshop on Digital identity management10.1145/2517881.2517883(1-12)Online publication date: 8-Nov-2013
https://dl.acm.org/doi/10.1145/2517881.2517883
Dachman-Soled DMalkin TRaykova MVenkitasubramaniam M(2013)Adaptive and Concurrent Secure Computation from New Adaptive, Non-malleable CommitmentsPart I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 826910.1007/978-3-642-42033-7_17(316-336)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/978-3-642-42033-7_17
Camenisch JLysyanskaya ANeven GYu TDanezis GGligor V(2012)Practical yet universally composable two-server password-authenticated secret sharingProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382252(525-536)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382252
Fujisaki E(2012)New constructions of efficient simulation-sound commitments using encryption and their applicationsProceedings of the 12th conference on Topics in Cryptology10.1007/978-3-642-27954-6_9(136-155)Online publication date: 27-Feb-2012
https://dl.acm.org/doi/10.1007/978-3-642-27954-6_9
Lindell YPinkas B(2011)Secure two-party computation via cut-and-choose oblivious transferProceedings of the 8th conference on Theory of cryptography10.5555/1987260.1987287(329-346)Online publication date: 28-Mar-2011
https://dl.acm.org/doi/10.5555/1987260.1987287
Bagherzandi AJarecki SSaxena NLu YChen YDanezis GShmatikov V(2011)Password-protected secret sharingProceedings of the 18th ACM conference on Computer and communications security10.1145/2046707.2046758(433-444)Online publication date: 17-Oct-2011
https://dl.acm.org/doi/10.1145/2046707.2046758
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents