A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Journal of the ACM (JACM)
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Practical forward secure group signature schemes
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Fast RSA-Type Cryptosystem Modulo pkq
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Security of Signed ElGamal Encryption
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Note on Security Proofs in the Generic Model
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Exact Security of ECIES in the Generic Group Model
Proceedings of the 8th IMA International Conference on Cryptography and Coding
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
The random oracle methodology, revisited
Journal of the ACM (JACM)
Proceedings of the 11th ACM conference on Computer and communications security
On The Complexity Of Matrix Group Problems I
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
Breaking RSA Generically Is Equivalent to Factoring
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the Portability of Generalized Schnorr Proofs
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Unifying Zero-Knowledge Proofs of Knowledge
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
On the Amortized Complexity of Zero-Knowledge Protocols
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
On the security of a practical identification scheme
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Proving in zero-knowledge that a number is the product of two safe primes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Perfect NIZK with adaptive soundness
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Separable linkable threshold ring signatures
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Distributed paillier cryptosystem without trusted dealer
WISA'10 Proceedings of the 11th international conference on Information security applications
Optimal structure-preserving signatures in asymmetric bilinear groups
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Efficiency limitations of Σ-protocols for group homomorphisms revisited
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Hi-index | 0.00 |
Efficient zero-knowledge proofs of knowledge for group homomorphisms are essential for numerous systems in applied cryptography. Especially, Σ-protocols for proving knowledge of discrete logarithms in known and hidden order groups are of prime importance. Yet, while these proofs can be performed very efficiently within groups of known order, for hidden order groups the respective proofs are far less efficient. This paper shows strong evidence that this efficiency gap cannot be bridged. Namely, while there are efficient protocols allowing a prover to cheat only with negligibly small probability in the case of known order groups, we provide strong evidence that for hidden order groups this probability is bounded below by 1/2 for all efficient Σ-protocols not using common reference strings or the like. We prove our results for a comprehensive class of Σ-protocols in the generic group model, and further strengthen them by investigating certain instantiations in the plain model.