Journal of Cryptology

, Volume 1, Issue 2, pp 77–94 | Cite as

Zero-knowledge proofs of identity

  • Uriel Feige
  • Amos Fiat
  • Adi Shamir


In this paper we extend the notion of interactive proofs of assertions to interactive proofs of knowledge. This leads to the definition of unrestricted input zero-knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions). We show the relevance of these notions to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. The advantages of thinking in terms of proofs of knowledge rather than proofs of assertions are demonstrated in two efficient variants of the scheme: unrestricted input zero-knowledge proofs of knowledge are used in the construction of a scheme which needs no directory; a version of the scheme based on parallel interactive proofs (which are not known to be zero knowledge) is proved secure by observing that the identification protocols are proofs of knowledge.

Key words

Proofs of knowledge Zero knowledge Digital identification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brassard, G., and C. Crepeau, Nontransitive Transfer of Confidence: A Perfect Zero Knowledge Interactive Protocol for SAT and Beyond,Proceedings of FOCS, 1986, pp. 187–195.Google Scholar
  2. 2.
    Chaum, D., Demonstrating that a Public Predicate Can Be Satisfied Without Revealing Any Information about How,Proceedings of CRYPTO 86, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987, pp. 195–199.Google Scholar
  3. 3.
    Chor, B., S. Goldwasser, S. Micali, and B. Awerbuch, Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults,Proceedings of FOCS, 1985, pp. pp. 383–395.Google Scholar
  4. 4.
    Feige, U., Interactive Proofs, M.Sc. Thesis, Weizmann Institute of Science, 1987.Google Scholar
  5. 5.
    Fiat, A., and A. Shamir, How To Prove Yourself: Practical Solutions to Identification and Signature Problems,Proceedings of CRYPTO 86, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987, pp. 186–194.Google Scholar
  6. 6.
    Galil, Z., S. Haber, and M. Yung, A Private Interactive Test of a Boolean Predicate and Minimum-Knowledge Public Key Cryptosystems,Proceedings of FOCS, 1985, pp. 360–371.Google Scholar
  7. 7.
    Goldreich, O., S. Micali, and A. Wigderson, Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design,Proceedings of FOCS, 1986, pp. 174–187.Google Scholar
  8. 8.
    Goldwasser, S., S. Micali, and C. Rackoff, Knowledge Complexity of Interactive Proof Systems,Proceedings of STOC, 1985, pp. 291–304.Google Scholar
  9. 9.
    Goldwasser, S., S. Micali, and R. Rivest, A Paradoxical Solution to the Signature Problem,Proceedings of FOCS, 1984, pp. 441–448.Google Scholar
  10. 10.
    Goldwasser, S., and M. Sipser, Arthur Merlin Games versus Interactive Proof Systems,Proceedings of STOC, 1986, pp. 59–68.Google Scholar
  11. 11.
    Halpern, J., and Y. Moses, Knowledge and Common Knowledge in a Distributed Environment,Proceedings of PODC, 1984, pp. 50–61.Google Scholar
  12. 12.
    Oren, Y., On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs,Proceedings of FOCS, 1987, pp. 462–471.Google Scholar
  13. 13.
    Pollard, J. M., and C. P. Schnorr, An Efficient Solution of the Congruencex 2+ky 2=m (modn),IEEE Transactions on Information Theory (1987), 702–709.Google Scholar
  14. 14.
    Rivest, R., A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,Communications of the Association for Computing Machinery,21 (1978), 120–126.MathSciNetGoogle Scholar
  15. 15.
    Rosenschein, S., Formal Theories of Knowledge in AI and Robotics,New Generation Computing,3 (1985), 345–357.zbMATHGoogle Scholar
  16. 16.
    Tompa, M., and H. Woll, Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information,Proceedings of FOCS, 1987, pp. 472–482.Google Scholar

Copyright information

© International Association for Cryptologic Research 1988

Authors and Affiliations

  • Uriel Feige
    • 1
  • Amos Fiat
    • 1
  • Adi Shamir
    • 1
  1. 1.Department of Applied MathematicsThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations