Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Untraceable off-line cash in wallet with observers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Communications of the ACM
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Shared Generation of Authenticators and Signatures (Extended Abstract)
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Treshold Cryptosystems (invited talk)
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Multiplicative Non-abelian Sharing Schemes and their Application to Threshold Cryptography
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Practical Threshold RSA Signatures without a Trusted Dealer
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Signature schemes and applications to cryptographic protocol design
Signature schemes and applications to cryptographic protocol design
Strengthening Zero-Knowledge Protocols Using Signatures
Journal of Cryptology
Robust and Efficient Sharing of RSA Functions
Journal of Cryptology
Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
On the Theory and Practice of Personal Digital Signatures
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Unifying Zero-Knowledge Proofs of Knowledge
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Distributed provers with applications to undeniable signatures
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient multi-party computation over rings
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A signature scheme with efficient protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Share conversion, pseudorandom secret-sharing and applications to secure computation
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Simplified threshold RSA with adaptive and proactive security
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
In this paper, we investigate on threshold proofs, a framework for distributing the prover's side of interactive proofs of knowledge over multiple parties. Interactive proofs of knowledge (PoK) are widely used primitives of cryptographic protocols, including important user-centric protocols, such as identification schemes, electronic cash (e-cash), and anonymous credentials. We present a security model for threshold proofs of knowledge and develop threshold versions of well-known primitives such as range proofs, zero-knowledge proofs for preimages of homomorphisms (which generalizes PoKs of discrete logarithms, representations, p-th roots, etc.), as well as OR statements. These building blocks are proven secure in our model. Furthermore, we apply the developed primitives and techniques in the context of user-centric protocols. In particular, we construct distributed-user variants of Brands' e-cash system and the bilinear anonymous credential scheme by Camenisch and Lysyanskaya. Distributing the user party in such protocols has several practical advantages: First, the security of a user can be increased by sharing secrets and computations over multiple devices owned by the user. In this way, losing control of a single device does not result in a security breach. Second, this approach also allows groups of users to jointly control an application (e.g., a joint e-cash account), not giving a single user full control. The distributed versions of the protocols we propose in this paper are relatively efficient (when compared to a general MPC approach). In comparison to the original protocols only the prover's (or user's) side is modified while the other side stays untouched. In particular, it is oblivious to the other party whether it interacts with a distributed prover (or user) or one as defined in the original protocol.