Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes
- Jan CamenischAffiliated withBRICS Department of Computer Science, University of Aarhus
- , Markus MichelsAffiliated withEntrust Technologies Europe
- A committed number is a prime.
- A committed (or revealed) number is the product of two safe primes, i.e., primes p and q such that (p - 1)/2 and (q - 1)/2 are prime.
- A given integer has large multiplicative order modulo a composite number that consists of two safe prime factors.
The main building blocks of our protocols are statistical zero-knowledge proofs of knowledge that are of independent interest. We show how to prove the correct computation of a modular addition, a modular multiplication, and a modular exponentiation, where all values including the modulus are committed to but not publicly known. Apart from the validity of the equations, no other information about the modulus (e.g., a generator whose order equals the modulus) or any other operand is exposed. Our techniques can be generalized to prove that any multivariate modular polynomial equation is satisfied, where only commitments to the variables of the polynomial and to the modulus need to be known. This improves previous results, where the modulus is publicly known. We show how these building blocks allow to prove statements such as those listed earlier.
- Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes
- Book Title
- Advances in Cryptology — EUROCRYPT ’99
- Book Subtitle
- International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, May 2–6, 1999 Proceedings
- pp 107-122
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
- Jacques Stern (4)
- Editor Affiliations
- 4. Ecole Normale Supérieure
- Author Affiliations
- 5. BRICS Department of Computer Science, University of Aarhus, Ny Munkegade, DK — 8000, Århus C, Denmark
- 6. Entrust Technologies Europe, r3 security engineering ag, Glatt Tower, CH — 8301, Glattzentrum, Switzerland
To view the rest of this content please follow the download PDF link above.