A modification of the Fiat-Shamir scheme

Authors:
K. Ohta;T. Okamoto
Affiliations:
-;-
Venue:
CRYPTO '88 Proceedings on Advances in cryptology
Year:
1990

Citing 8
Cited 3

The knowledge complexity of interactive proof-systems

STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Zero knowledge proofs of identity

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Secure Audio Teleconference

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science

Communication-efficient anonymous group identification

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Efficient generation of shared RSA keys

Journal of the ACM (JACM)
A practical solution to the (t, n) threshold untraceable signature with (k, l) verification scheme

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Fiat-Shamir's identification and signature scheme is efficient as well as provably secure, but it has a problem in that the transmitted information size and memory size cannot simultaneously be small. This paper proposes an identification and signature scheme which overcomes this problem. Our scheme is based on the difficulty of extracting the L-th roots mod n (e.g., L = 2 ~ 1020) when the factors of n are unknown. We define some variations of no transferable information and prove that the sequential version of our scheme is a zero knowledge interactive proof system and our parallel version satisfies these variations of no transferable information under some conditions. The speed of our scheme's typical implementation is at least one order of magnitude faster than that of the RSA scheme and is relatively slow in comparison with that of the Fiat-Shamir scheme.