STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Practical forward secure group signature schemes
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Two-Party Generation of DSA Signatures
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof Systems
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
How to Prove That a Committed Number Is Prime
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient Revocation in Group Signatures
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Group Blind Digital Signatures: A Scalable Solution to Electronic Cash
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Untraceable Secret Credentials: Trust Establishment with Privacy
PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
Proceedings of the 11th ACM conference on Computer and communications security
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Quasi-efficient revocation of group signatures
FC'02 Proceedings of the 6th international conference on Financial cryptography
Analysis of one popular group signature scheme
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
On the security of nominative signatures
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Group signatures with separate and distributed authorities
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Short linkable ring signatures for e-voting, e-cash and attestation
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Tracing-by-linking group signatures
ISC'05 Proceedings of the 8th international conference on Information Security
Separable linkable threshold ring signatures
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Cryptanalysis of an efficient proof of knowledge of discrete logarithm
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Fair E-Cash: Be Compact, Spend Faster
ISC '09 Proceedings of the 12th International Conference on Information Security
Get shorty via group signatures without encryption
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Automatic generation of sigma-protocols
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Efficient proofs of attributes in pairing-based anonymous credential system
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Anonymous credentials from (indexed) aggregate signatures
Proceedings of the 7th ACM workshop on Digital identity management
Efficiency limitations for Σ-protocols for group homomorphisms
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Authenticating strangers in Online Social Networks
International Journal of Security and Networks
Unlinkable priced oblivious transfer with rechargeable wallets
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Multiple denominations in e-cash with compact transaction data
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Structure preserving CCA secure encryption and applications
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A framework for practical universally composable zero-knowledge protocols
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Efficient RSA key generation and threshold paillier in the two-party setting
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Private client-side profiling with random forests and hidden markov models
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Practical yet universally composable two-server password-authenticated secret sharing
Proceedings of the 2012 ACM conference on Computer and communications security
Efficient structure-preserving signature scheme from standard assumptions
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Optimally private access control
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Anonymously sharing Flickr pictures with facebook friends
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
ZQL: a compiler for privacy-preserving data processing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.01 |
The notion of Zero Knowledge Proofs (of knowledge) [ZKP] is central to cryptography; it provides a set of security properties that proved indispensable in concrete protocol design. These properties are defined for any given input and also for any auxiliary verifier private state, as they are aimed at any use of the protocol as a subroutine in a bigger application. Many times, however, moving the theoretical notion to practical designs has been quite problematic. This is due to the fact that the most efficient protocols fail to provide the above ZKP properties for all possible inputs and verifier states. This situation has created various problems to protocol designers who have often either introduced imperfect protocols with mistakes or with lack of security arguments, or they have been forced to use much less efficient protocols in order to achieve the required properties. In this work we address this issue by introducing the notion of "protocol portability," a property that identifies input and verifier state distributions under which a protocol becomes a ZKP when called as a subroutine in a sequential execution of a larger application. We then concentrate on the very efficient and heavily employed "Generalized Schnorr Proofs" (GSP) and identify the portability of such protocols. We also point to previous protocol weaknesses and errors that have been made in numerous applications throughout the years, due to employment of GSP instances while lacking the notion of portability (primarily in the case of unknown order groups). This demonstrates that cryptographic application designers who care about efficiency need to consider our notion carefully. We provide a compact specification language for GSP protocols that protocol designers can employ. Our specification language is consistent with the ad-hoc notation that is currently widely used and it offers automatic derivation of the proof protocol while dictating its portability (i.e., the proper initial state and inputs) and its security guarantees. Finally, as a second alternative to designers wishing to use GSPs, we present a modification of GSP protocols that is unconditionally portable (i.e., ZKP) and is still quite efficient. Our constructions are the first such protocols proven secure in the standard model (as opposed to the random oracle model).