Advances in Cryptology — EUROCRYPT ’88

Volume 330 of the series Lecture Notes in Computer Science pp 123-128


A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory

  • Louis C. GuillouAffiliated withCentre Commun d’Etudes de Télédiffusion et Télécommunications CCETT
  • , Jean-Jacques QuisquaterAffiliated withPhilips Research Laboratory Brussels


Zero-knowledge interactive proofs are very promising for the problems related to the verification of identity. After their (mainly theoretical) introduction by S. Goldwasser, S. Micali and C. Rackoff (1985), A. Fiat and A. Shamir (1986) proposed a first practical solution: the scheme of Fiat-Shamir is a trade-off between the number of authentication numbers stored in each security microprocessor and the number of witness numbers to be checked at each verification.

This paper proposes a new scheme which requires the storage of only one authentication number in each security microprocessor and the check of only one witness number. The needed computations are only 2 or 3 more than for the scheme of Fiat-Shamir.