How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Arthur-Merlin games: a randomized proof system, and a hierarchy of complexity class
Journal of Computer and System Sciences - 17th Annual ACM Symposium in the Theory of Computing, May 6-8, 1985
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Zero-knowledge proofs of identity
Journal of Cryptology
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
On Generating Solved Instances of Computational Problems
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Zero Knowledge Proofs of Knowledge in Two Rounds
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Escure Signature Schemes based on Interactive Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Isolated proofs of knowledge and isolated zero knowledge
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A note on the cramer-damgård identification scheme
WINE'05 Proceedings of the First international conference on Internet and Network Economics
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Unclonable group identification
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
We present a simple method for constructing identification schemes resilient against impersonation and man-in-the-middle attacks. Though zero-knowledge or witness hiding protocols are known to withstand attacks of the first kind, all such protocols previously proposed suffer from a weakness observed by Bengio et al.: a malicious verifier may simply act as a moderator between the prover and yet another verifier, thus enabling the malicious verifier to pass as the prover. We exhibit a general class of identification schemes that can be efficiently and securely tranformed into identification schemes withstanding an adaptive man-in-the-middle attacker. The complexity of the resulting (witness hiding) schemes is roughly twice that of the originals. Basically, any three-move, public coin identification scheme that is zero knowledge against the honest verifier and that is secure against passive impersonation attacks, is eligible for our transformation. This indicates that we need only seemlingly weak cryptographic intractability assumptions to construct a practical identification scheme resisting adative man-in-the-middle impersonation attacks. Moreover, the required primitive protocols can efficiently be constructed under the factoring or discrete logarithm assumptions.