A “paradoxical” identity-based signature scheme resulting from zero-knowledge

Authors:
L. C. Guillou;J. J. Quisquater
Affiliations:
-;-
Venue:
CRYPTO '88 Proceedings on Advances in cryptology
Year:
1990

Citing 12
Cited 12

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
The knowledge complexity of interactive proof-systems

STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Public-key systems based on the difficulty of tampering (Is there a difference between DES and RSA?)

Proceedings on Advances in cryptology---CRYPTO '86
How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
Smart card, a highly reliable and portable security device

Proceedings on Advances in cryptology---CRYPTO '86
Minimum disclosure proofs of knowledge

Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Secret Distribution of Keys for Public-Key Systems

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Efficient Digital Public-Key Signature with Shadow (Abstract)

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
How To Construct Randolli Functions

SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984

Threshold cryptosystems

CRYPTO '89 Proceedings on Advances in cryptology
Accountability in Electronic Commerce Protocols

IEEE Transactions on Software Engineering
New blind signatures equivalent to factorization (extended abstract)

Proceedings of the 4th ACM conference on Computer and communications security
On the fly signatures based on factoring

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Efficient verifiable encryption (and fair exchange) of digital signatures

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
An identity-based society oriented signature scheme with anonymous signers

Information Processing Letters
SCALPS: Smart Card for Limited Payment Systems

IEEE Micro
Proxy signature schemes based on factoring

Information Processing Letters
Playing Lottery on the Internet

ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Robust ID-based threshold signcryption scheme from pairings

InfoSecu '04 Proceedings of the 3rd international conference on Information security
How to Use Merkle-Damgård -- On the Security Relations between Signature Schemes and Their Inner Hash Functions

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

At EUROCRYPT'88, we introduced an interactive zero-knowledge protocol (Guillou and Quisquater [13]) fitted to the authentication of tamper-resistant devices (e.g. smart cards, Guillou and Ugon [14]).Each security device stores its secret authentication number, an RSA-like signature computed by an authority from the device identity. Any transaction between a tamper-resistant security device and a verifier is limited to a unique interaction: the device sends its identity and a random test number, then the verifier tells a random large question; and finally the device answers by a witness number. The transaction is successful when the test number is reconstructed from the witness number, the question and the identity according to numbers published by the authority and rules of redundancy possibly standardized.This protocol allows a cooperation between users in such a way that a group of cooperative users looks like a new entity, having a shadowed identity the product of the individual shadowed identities, while each member reveals nothing about its secret.In another scenario, the secret is partitioned between distinct devices sharing the same identity. A group of cooperative users looks like a unique user having a larger public exponent which is the greater common multiple of each individual exponent.In this paper, additional features are introduced in order to provide: firstly, a mutual interactive authentication of both communicating entities and previously exchanged messages, and, secondly, a digital signature of messages, with a non-interactive zero-knowledge protocol. The problem of multiple signature is solved here in a very smart way due to the possibilities of cooperation between users.The only secret key is the factors of the composite number chosen by the authority delivering one authentication number to each smart card. This key is not known by the user. At the user level, such a scheme may be considered as a keyless identity-based integrity scheme. This integrity has anew and important property: it cannot be misused, i.e. derived into a confidentiality scheme.