Conference PaperPDF Available

How To Prove Yourself: Practical Solutions to Identification and Signature Problems

Authors:

Abstract

In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack ff factoring is difficult, and typical implementations require only 1% to 4% of the number of modular multiplications required by the RSA scheme. Due to their simplicity, security and speed, these schemes are ideally suited for microprocessor-based devices such as smart cards, personal computers, and remote control system.q.
... Using blockchain as a transparent platform, it records commitments and computational evidence for tracking and auditing. Noninteractive zk-proofs based on modified ZK-protocols [25] allow local computation, with smart contracts verifying data consistency and computation validity. The scheme builds on the architecture from [26] and secure MPC protocols from [27], incorporating parity-checking methods for comprehensive auditability. ...
Conference Paper
Under the rapid development of big data and cloud computing, emerging applications have seen significant improvements in efficiency and service quality. Nevertheless, the conflict between data sharing and privacy preservation remains a major obstacle to the advancement of big data technology. Addressing this issue, this study introduces a solution tailored to the big data environment, which achieves privacy protection and auditability in data sharing and processing. This approach separates data ownership, usage, and validation to mitigate privacy breaches and improper computing behaviors. Leveraging blockchain technology, a transparent governance platform is constructed to identify and track illegal data and computing activities. Furthermore, the solution integrates non-interactive zero-knowledge proofs for publicly verifying data consistency and computing validity on the blockchain. Experimental analysis on computational latency, communication costs, and encryption parameters confirms the feasibility and efficacy of this approach.
Article
Bulletproofs (Bünz et al., in: 2018 IEEE symposium on security and privacy, IEEE Computer Society Press, pp 315–334, 2018) are a celebrated ZK proof system that allows for short and efficient proofs, and have been implemented and deployed in several real-world systems. In practice, they are most often implemented in their non-interactive version obtained using the Fiat–Shamir transform. A security proof for this setting is necessary for ruling out malleability attacks. These attacks can lead to very severe vulnerabilities, as they allow an adversary to forge proofs re-using or modifying parts of the proofs provided by the honest parties. An earlier version of this work (Ganesh et al., in: EUROCRYPT 2022, Part II. LNCS, vol 13276, Springer, Cham, pp 397–426, 2022) provided evidence for non-malleability of Fiat–Shamir Bulletproofs. This was done by proving simulation-extractability, which implies non-malleability, in the algebraic group model. In this work, we generalize the former result and prove simulation-extractability in the programmable random oracle model, removing the need for the algebraic group model. Along the way, we establish a generic chain of reductions for Fiat–Shamir-transformed multi-round public-coin proofs to be simulation-extractable in the (programmable) random oracle model, which may be of independent interest.
Article
Full-text available
Voting plays a vital role in democratic societies. Adopting electronic voting can effectively increase voter participation and significantly reduce the financial burden on the organizers. In recent years, with the prevalence of blockchain technology, numerous blockchain-based electronic voting schemes have emerged. Compared with traditional electronic voting schemes, they have more favorable security features. However, existing schemes generally suffer from inefficient voting procedures, limited functionality, and dependence on specific blockchain platforms, making them challenging to deploy in diverse voting scenarios. This paper proposes an efficient and versatile electronic voting scheme on blockchain that addresses these problems using our proposed smart contract-based aggregated blind signature, zero-knowledge proofs, and threshold encryption scheme. In the paper, the scheme’s various features, including security, are analyzed in detail, and the scheme is deployed and tested on the Hyperledger Fabric and Ethereum blockchain platform. The experiment results demonstrate that the voting scheme satisfies the security requirement, and it has outstanding advantages in performance.
Article
At CRYPTO ’94, Cramer, Damgård, and Schoenmakers introduced a general technique for constructing honest-verifier zero-knowledge proofs of partial knowledge (PPK), where a prover Alice wants to prove to a verifier Bob she knows τ{\tau } witnesses for τ{\tau } claims out of k{k} claims without revealing the indices of those τ{\tau } claims. Their solution starts from a base honest-verifier zero-knowledge proof of knowledge Σ\Sigma and requires to run in parallel k{k} execution of the base protocol, giving a complexity of O(kγ(Σ))O({k}\gamma (\Sigma )), where γ(Σ)\gamma (\Sigma ) is the communication complexity of the base protocol. However, modern practical scenarios require communication-efficient zero-knowledge proofs tailored to handle partial knowledge in specific application-dependent formats. In this paper, we propose a technique to compose a large class of Σ\Sigma -protocols for atomic statements into Σ\Sigma -protocols for PPK over formulae in conjunctive normal form (CNF) that overlap, in the sense that there is a common subset of literals among all clauses of the formula. In such formulae, the statement is expressed as a conjunction of m clauses, each of which consists of a disjunction of k{k} literals (i.e., each literal is an atomic statement) and \ell literals are shared among clauses. The prover, for a threshold parameter τk{\tau }\le {k}, proves knowledge of at least τ{\tau } witnesses for τ{\tau } distinct literals in each clause. At the core of our protocol, there is a new technique to compose Σ\Sigma -protocols for regular CNF relations (i.e., when τ=1 {\tau }=1) that exploits the overlap among clauses and that we then generalize to formulae where τ>1{\tau }>1 providing improvements over state-of-the-art constructions.
Conference Paper
In this paper we introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other’s signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party. The scheme assumes the existence of trusted key generation centers, whose sole purpose is to give each user a personalized smart card when he first joins the network. The information embedded in this card enables the user to sign and encrypt the messages he sends and to decrypt and verify the messages he receives in a totally independent way, regardless of the identity of the other party. Previously issued cards do not have to be updated when new users join the network, and the various centers do not have to coordinate their activities or even to keep a user list. The centers can be closed after all the cards are issued, and the network can continue to function in a completely decentralized way for an indefinite period.
Article
Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian. In this paper a computational complexity theory of the 'knowledge' contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.
Conference Paper
In this paper we demonstrate the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff. These are probabilistic and interactive proofs that, for the members x of a language L, efficiently demonstrate membership in the language without conveying any additional knowledge. So far, zero-knowledge proofs were known only for some number theoretic languages in NP ∩ Co-NP.
Identity-Based Cryptosystems and Signature Schemes
  • Shamir