Strengthening zero-knowledge protocols using signatures

Journal of Cryptology

Volumn 19, Issue 2, 2006, Pages 169-209

  Garay, Juan A ^a   MacKenzie, Philip ^b   Yang, Ke ^c  

^a LUCENT TECHNOLOGIES   (United States)

^b DOCOMO USA LABS   (United States)

^c GOOGLE INC   (United States)

Author keywords

Non malleability; Signatures; Simulation soundness; Zero knowledge

Indexed keywords

COMPUTER SIMULATION; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; THEOREM PROVING;

NON-MALLEABILITY; SIGNATURES; SIMULATION SOUNDNESS; ZERO KNOWLEDGE;

NETWORK PROTOCOLS;

EID: 32844472758     PISSN: 09332790     EISSN: None     Source Type: Journal    
DOI: 10.1007/s00145-005-0307-3     Document Type: Article

References (58)

1. B. Barak. How to go beyond the black-box simulation barrier. In Proc. 42nd IEEE Symp. on Foundations of Computer Science, pp. 106-115, 2001.
2. B. Barak. Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In Proc. 43rd IEEE Symp. on Foundations of Computer Science, pp. 345-355, 2002
3. B. Barak and Y. Lindell. Strict polynomial-time in simulation and extraction. In Proc. 34th ACM Symp. on Theory of Computing, pp. 484-493, 2002.
4. N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology - EUROCRYPT'97 (LNCS 1233), pp. 480-494, 1997.
5. M. Bellare, M. Fischlin, S. Goldwasser, and S. Micali. Identification protocols secure against reset attacks. In Advances in Cryptology - EUROCRYPT 2001 (LNCS 2045), pp. 495-511, 2001.
6. D. Boneh. The decision Diffie-Hellman problem. In Proc. Third Algorithmic Number Theory Symp. (LNCS 1423), pp. 48-63, 1998.
7. F. Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000 (LNCS 1807), pp. 431-444, 2000.
8. F. Boudot and J. Traoré. Efficient publicly verifiable secret sharing schemes with fast or delayed recovery. In Information and Communication Security, Second International Conference, ICICS'99, pp. 87-102.
9. J. Camenisch and M. Michels. Separability and efficiency for generic group signature schemes. In Advances in Cryptology - CRYPTO'99 (LNCS 1666), pages 414-430, 1999.
10. R. Canetti. Universally composable security: a new paradigm for cryptographic protocols. In Proc. 42nd IEEE Symp. on Foundations of Computer Science, pp. 136-145, 2001.
11. R. Canetti and M. Fischlin. Universally composable commitments. In Advances in Cryptology - CRYPTO 2001 (LNCS 2139), pp. 19-40, 2001.
12. R. Canetti, J. Kilian, E. Petrank, and A. Rosen. Concurrent zero-knowledge requires Ω̃(log n) rounds. In Proc. 33rd ACM Symp. on Theory of Computing, pp. 570-579, 2001.
13. R. Canetti, Y. Lindell, R. Ostrovsky, and A. Sahai. Universally composable two-party computation. In Proc. 34th ACM Symp. on Theory of Computing, pp. 494-503, 2002. Full version in ePrint archive, Report 2002/140. http://eprint.iacr.org/, 2002.
14. R. Canetti and T. Rabin. Universal composition with joint state. In Advances in Cryptology - CRYPTO 2003 (LNCS 2729), pages 265-281, 2003.
15. S. A. Cook. The complexity of theorem-proving procedures. In Proc. 3rd IEEE Symp. on Foundations of Computer Science, pp. 151-158, 1971.
16. R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology - CRYPTO'94 (LNCS 839), pages 174-187, 1994.
17. R. Cramer and V. Shoup. Signature scheme based on the strong RSA assumption. In ACM Trans. Inform. Syst. Security 3(3):161-185, 2000.
18. I. Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In Advances in Cryptology - EUROCRYPT 2000 (LNCS 1807), pp. 418-430, 2000.
19. I. Damgård and J. Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In Advances in Cryptology - CRYPTO 2002 (LNCS 2442), pp. 581-596, 2002. Full version in ePrint Archive, Report 2001/091. http://eprint.iacr.org/, 2001.
20. A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, and A. Sahai. Robust non-interactive zero knowledge. In Advances in Cryptology - CRYPTO 2001 (LNCS 2139), pp. 566-598, 2001.
21. A. De Santis and G. Persiano. Zero-knowledge proofs of knowledge without interaction. In Proc. 33rd IEEE Symp. on Foundations of Computer Science, pp. 427-436, 1992.
22. D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. SIAM J. Comput., 30(2):391-437, 2000.
23. Also in Proc. 23rd ACM Symp. on Theory of Computing, pp. 542-552, 1991.
24. C. Dwork, M. Naor, and A. Sahai. Concurrent zero-knowledge. In Proc. 30th ACM Symp. on Theory of Computing, pp. 409-418, 1998.
25. T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory, 31:469-472, 1985.
26. S. Even, O. Goldreich, and S. Micali. On-line/off-line digital signatures. J. Cryptology, 9(1):35-67 (1996).
27. U. Feige and A. Shamir. Witness indistinguishable and witness hiding protocols. In Proc. 22nd ACM Symp. on Theory of Computing, pp. 416-426, 1990.
28. FIPS 180-1. Secure hash standard. Federal Information Processing Standards Publication 180-1, U.S. Dept. of Commerce/NIST, National Technical Information Service, Springfield, Virginia, 1995.
29. FIPS 186. Digital signature standard. Federal Information Processing Standards Publication 186, U.S. Dept. of Commerce/NIST, National Technical Information Service, Springfield, Virginia, 1994.
30. E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology - CRYPTO'97 (LNCS 1294), pp. 16-30, 1997.
31. R. Gennaro, S. Halevi, and T. Rabin. Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology - EUROCRYPT'99 (LNCS 1592), pp. 123-139, 1999.
32. O. Goldreich and H. Krawczyk. On the composition of zero knowledge proof systems. SIAM J. Comput., 25(1):169-192, 1996.
33. O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proc. 19th ACM Symp. on Theory of Computing, pp. 218-229, 1987.
34. O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or All languages in NP have zero-knowledge proof systems. J. ACM, 38(3):691-729, 1991.
35. S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM J. Comput., 18(1):186-208, February 1989.
36. S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput., 17:281-308, 1988.
37. L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory. In Advances in Cryptology - EUROCRYPT'88 (LNCS 330), pp. 123-128, 1988
38. S. Jarecki and A. Lysyanskaya. Adaptively secure threshold cryptography: introducing concurrency, removing erasures. In Advances in Cryptology - EUROCRYPT 2000 (LNCS 1807), pp. 221-242, 2000.
39. M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Advances in Cryptology - EUROCRYPT'96 (LNCS 1070), pp. 143-154, 1996.
40. J. Katz. Efficient and non-malleable proofs of plaintext knowledge and applications. In Advances in Cryptology - EUROCRYPT 2003 (LNCS 2656), pp. 211-228, 2003.
41. J. Kilian and E. Petrank. Concurrent and resettable zero-knowledge in poly-logarithmic rounds. In Proc. 33rd ACM Symp. on Theory of Computing, pp. 560-569, 2001.
42. D. W. Kravilz. Digital signature algorithm. U.S. Patent 5,231,668, 27 July 1993.
43. L. A. Levin. Universal sorting problems. Problemy Peredachi Informatsii, 9:115-116, 1973.
44. In Russian. Engl. trans.: Probl. Inform. Transm. 9:265-266.
45. P. MacKenzie and M. Reiter. Two-party generation of DSA signatures. In Advances in Cryptology - CRYPTO 2001 (LNCS 2139), pp. 137-154, 2001.
46. P. MacKenzie, T. Shrimpton, and M. Jakobsson. Threshold password-authenticated key exchange. In Advances in Cryptology - CRYPTO 2002 (LNCS 2442), pp. 385-400, 2002.
47. P. MacKenzie and K. Yang. On simulation-sound trapdoor commitments. In Advances in Cryptology - EUROCRYPT 2004 (LNCS 3027), pp. 382-400, 2004.
48. M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. 22nd ACM Symp. on Theory of Computing, pp. 427-437, 1990.
49. T. Okamolo and S. Uchiyama. A new public-key cryptosystem as secure as factoring. In Advances in Cryptology - EUROCRYPT'98 (LNCS 1403), pp. 380-318, 1998.
50. P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Advances in Cryptology - EUROCRYPT'99 (LNCS 1592), pp. 223-238, 1999.
51. T. P. Pedersen. Non-interactive and informalion-theoretic secure verifiable secret sharing. In Advances in Cryptology - CRYPTO'91 (LNCS 576), pp. 129-140, 1991.
52. D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. J. Cryptology, 13(3):361-396, 2000.
53. M. Prabhakaran, A. Rosen, and A. Sahai. Concurrent zero knowledge with logarithmic round-complexity. ePrint archive, Report 2002/055. http://eprint.iacr.org/, 2002.
54. Also in Proc. 43rd IEEE Symp. on Foundations of Computer Science, pp. 366-375, 2002.
55. L. Reyzin. Zero-knowledge with public keys. Ph.D. Thesis, MIT, 2001.
56. J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proc. 22nd ACM Symp. on Theory of Computing, pp. 387-394, 1990.
57. A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In Proc. 40th IEEE Symp. on Foundations of Computer Science, pp. 543-553, 1999.
58. C. P. Schnorr. Efficient identification and signatures for smart cards. In Advances in Cryptology - EUROCRYPT'89 (LNCS 434), pp. 688-689, 1989.