Efficiency limitations of Σ-protocols for group homomorphisms revisited

Authors:
Björn Terelius;Douglas Wikström
Affiliations:
KTH Royal Institute of Technology, Stockholm, Sweden;KTH Royal Institute of Technology, Stockholm, Sweden
Venue:
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Year:
2012

Citing 12
Cited 0

A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
The knowledge complexity of interactive proof systems

SIAM Journal on Computing
An interactive identification scheme based on discrete logarithms and factoring

Journal of Cryptology - Eurocrypt '90
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On Defining Proofs of Knowledge

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
On the Amortized Complexity of Zero-Knowledge Protocols

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Designated confirmer signatures revisited

TCC'07 Proceedings of the 4th conference on Theory of cryptography
Efficiency limitations for Σ-protocols for group homomorphisms

TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an efficient proof of knowledge of discrete logarithm

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the problem of constructing efficient proofs of knowledge of preimages of general group homomorphisms. We simplify and extend the recent negative results of Bangerter et al. (TCC 2010) to constant round (from three-message) generic protocols over concrete (instead of generic) groups, i.e., we prove lower bounds on both the soundness error and the knowledge error of such protocols. We also give a precise characterization of what can be extracted from the prover in the direct (common) generalization of the Guillou-Quisquater and Schnorr protocols to the setting of general group homomorphisms. Then we consider some settings in which these bounds can be circumvented. For groups with no subgroups of small order we present: (1) a three-move honest verifier zero-knowledge argument under some set-up assumptions and the standard discrete logarithm assumption, and (2) a Σ-proof of both the order of the group and the preimage. The former may be viewed as an offline/online protocol, where all slow cut-andchoose protocols can be moved to an offline phase.