The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Communication-efficient anonymous group identification
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Efficient generation of shared RSA keys
Journal of the ACM (JACM)
A practical solution to the (t, n) threshold untraceable signature with (k, l) verification scheme
UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Hi-index | 0.00 |
Fiat-Shamir's identification and signature scheme is efficient as well as provably secure, but it has a problem in that the transmitted information size and memory size cannot simultaneously be small. This paper proposes an identification and signature scheme which overcomes this problem. Our scheme is based on the difficulty of extracting the L-th roots mod n (e.g., L = 2 ~ 1020) when the factors of n are unknown. We define some variations of no transferable information and prove that the sequential version of our scheme is a zero knowledge interactive proof system and our parallel version satisfies these variations of no transferable information under some conditions. The speed of our scheme's typical implementation is at least one order of magnitude faster than that of the RSA scheme and is relatively slow in comparison with that of the Fiat-Shamir scheme.