How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Complexity and Fast Algorithms for Multiexponentiations
IEEE Transactions on Computers
Digital payment systems with passive anonymity-revoking trustees
Journal of Computer Security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
Algorithms for Multi-exponentiation
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
Verifiable encryption of digital signatures and applications
ACM Transactions on Information and System Security (TISSEC)
Multi-signatures in the plain public-Key model and a general forking lemma
Proceedings of the 13th ACM conference on Computer and communications security
Foundations of Cryptography: Volume 1
Foundations of Cryptography: Volume 1
Efficient discrete logarithm based multi-signature scheme in the plain public key model
Designs, Codes and Cryptography
Publicly verifiable secret sharing
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Practical threshold signatures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An efficient CDH-based signature scheme with a tight security reduction
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Hi-index | 0.00 |
In Crypto'92, Chaum and Pedersen introduced a widely-used protocol (CP protocol for short) for proving the equality of two discrete logarithms (EQDL) with unconditional soundness, which plays a central role in DL-based cryptography. Somewhat surprisingly, the CP protocol has never been improved for nearly two decades since its advent. We note that the CP protocol is usually used as a non-interactive proof by using the Fiat-Shamir heuristic, which inevitably relies on the random oracle model (ROM) and assumes that the adversary is computationally bounded. In this paper, we present an EQDL protocol in the ROM which saves ≅40% of the computational cost and ≅33% of the prover's uploading bandwidth. Our idea can be naturally extended for simultaneously showing the equality of n discrete logarithms with O(1)-size commitment, in contrast to the n-element adaption of the CP protocol which requires O(n)-size. This improvement benefits a variety of interesting cryptosystems, ranging from signatures and anonymous credential systems, to verifiable secret sharing and threshold cryptosystems. As an example, we present a signature scheme that only takes one (offline) exponentiation to sign, without utilizing pairing, relying on the standard decisional Diffie-Hellman assumption.