Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
An interactive identification scheme based on discrete logarithms and factoring
Journal of Cryptology - Eurocrypt '90
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
On the Amortized Complexity of Zero-Knowledge Protocols
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Designated confirmer signatures revisited
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Efficiency limitations for Σ-protocols for group homomorphisms
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an efficient proof of knowledge of discrete logarithm
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Hi-index | 0.00 |
We study the problem of constructing efficient proofs of knowledge of preimages of general group homomorphisms. We simplify and extend the recent negative results of Bangerter et al. (TCC 2010) to constant round (from three-message) generic protocols over concrete (instead of generic) groups, i.e., we prove lower bounds on both the soundness error and the knowledge error of such protocols. We also give a precise characterization of what can be extracted from the prover in the direct (common) generalization of the Guillou-Quisquater and Schnorr protocols to the setting of general group homomorphisms. Then we consider some settings in which these bounds can be circumvented. For groups with no subgroups of small order we present: (1) a three-move honest verifier zero-knowledge argument under some set-up assumptions and the standard discrete logarithm assumption, and (2) a Σ-proof of both the order of the group and the preimage. The former may be viewed as an offline/online protocol, where all slow cut-andchoose protocols can be moved to an offline phase.