Zero-knowledge proofs of identity

Abstract

In this paper we extend the notion of interactive proofs of assertions to interactive proofs of knowledge. This leads to the definition of unrestricted input zero-knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions). We show the relevance of these notions to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. The advantages of thinking in terms of proofs of knowledge rather than proofs of assertions are demonstrated in two efficient variants of the scheme: unrestricted input zero-knowledge proofs of knowledge are used in the construction of a scheme which needs no directory; a version of the scheme based on parallel interactive proofs (which are not known to be zero knowledge) is proved secure by observing that the identification protocols are proofs of knowledge.

References

  1. 1.

    Brassard, G., and C. Crepeau, Nontransitive Transfer of Confidence: A Perfect Zero Knowledge Interactive Protocol for SAT and Beyond,Proceedings of FOCS, 1986, pp. 187–195.

  2. 2.

    Chaum, D., Demonstrating that a Public Predicate Can Be Satisfied Without Revealing Any Information about How,Proceedings of CRYPTO 86, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987, pp. 195–199.

    Google Scholar 

  3. 3.

    Chor, B., S. Goldwasser, S. Micali, and B. Awerbuch, Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults,Proceedings of FOCS, 1985, pp. pp. 383–395.

  4. 4.

    Feige, U., Interactive Proofs, M.Sc. Thesis, Weizmann Institute of Science, 1987.

  5. 5.

    Fiat, A., and A. Shamir, How To Prove Yourself: Practical Solutions to Identification and Signature Problems,Proceedings of CRYPTO 86, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987, pp. 186–194.

    Google Scholar 

  6. 6.

    Galil, Z., S. Haber, and M. Yung, A Private Interactive Test of a Boolean Predicate and Minimum-Knowledge Public Key Cryptosystems,Proceedings of FOCS, 1985, pp. 360–371.

  7. 7.

    Goldreich, O., S. Micali, and A. Wigderson, Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design,Proceedings of FOCS, 1986, pp. 174–187.

  8. 8.

    Goldwasser, S., S. Micali, and C. Rackoff, Knowledge Complexity of Interactive Proof Systems,Proceedings of STOC, 1985, pp. 291–304.

  9. 9.

    Goldwasser, S., S. Micali, and R. Rivest, A Paradoxical Solution to the Signature Problem,Proceedings of FOCS, 1984, pp. 441–448.

  10. 10.

    Goldwasser, S., and M. Sipser, Arthur Merlin Games versus Interactive Proof Systems,Proceedings of STOC, 1986, pp. 59–68.

  11. 11.

    Halpern, J., and Y. Moses, Knowledge and Common Knowledge in a Distributed Environment,Proceedings of PODC, 1984, pp. 50–61.

  12. 12.

    Oren, Y., On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs,Proceedings of FOCS, 1987, pp. 462–471.

  13. 13.

    Pollard, J. M., and C. P. Schnorr, An Efficient Solution of the Congruencex 2+ky 2=m (modn),IEEE Transactions on Information Theory (1987), 702–709.

  14. 14.

    Rivest, R., A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,Communications of the Association for Computing Machinery,21 (1978), 120–126.

    MathSciNet  Google Scholar 

  15. 15.

    Rosenschein, S., Formal Theories of Knowledge in AI and Robotics,New Generation Computing,3 (1985), 345–357.

    MATH  Google Scholar 

  16. 16.

    Tompa, M., and H. Woll, Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information,Proceedings of FOCS, 1987, pp. 472–482.

Download references

Author information

Affiliations

Authors

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Feige, U., Fiat, A. & Shamir, A. Zero-knowledge proofs of identity. J. Cryptology 1, 77–94 (1988). https://doi.org/10.1007/BF02351717

Download citation

Key words

  • Proofs of knowledge
  • Zero knowledge
  • Digital identification