A “Paradoxical” Indentity-Based Signature Scheme Resulting from Zero-Knowledge

  • Louis Claude Guillou
  • Jean-Jacques Quisquater
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 403)

Abstract

At EUROCRYPT’88, we introduced an interactive zero-knowledge protocol (Guillou and Quisquater [13]) fitted to the authentication of tamper-resistant devices (e.g. smart cards, Guillou and Ugon [14]).

Each security device stores its secret authentication number, an RSA-like signature computed by an authority from the device identity. Any transaction between a tamper-resistant security device and a verifier is limited to a unique interaction: the device sends its identity and a random test number; then the verifier tells a random large question; and finally the device answers by a witness number. The transaction is successful when the test number is reconstructed from the witness number, the question and the identity according to numbers published by the authority and rules of redundancy possibly standardized.

This protocol allows a cooperation between users in such a way that a group of cooperative users looks like a new entity, having a shadowed identity the product of the individual shadowed identities, while each member reveals nothing about its secret.

In another scenario, the secret is partitioned between distinct devices sharing the same identity. A group of cooperative users looks like a unique user having a larger public exponent which is the greater common multiple of each individual exponent.

In this paper, additional features are introduced in order to provide: firstly, a mutual interactive authentication of both communicating entities and previously exchanged messages, and, secondly, a digital signature of messages, with a non-interactive zero-knowledge protocol. The problem of multiple signature is solved here in a very smart way due to the possibilities of cooperation between users.

The only secret key is the factors of the composite number chosen by the authority delivering one authentication number to each smart card. This key is not known by the user. At the user level, such a scheme may be considered as a keyless identity-based integrity scheme. This integrity has a new and important property: it cannot be misused, i.e. derived into a confidentiality scheme.

Keywords

cryptology factoring complexity randomization zero-knowledge interactive proofs identity-based system public key system integrity identification authentication digital signature 

References

  1. [1]
    Gilles Brassard, David Chaum and Claude Crépeau, Minimum disclosure proofs of knowledge, July 1987.Google Scholar
  2. [2]
    David Chaum, Security without identification: transaction systems to make Big Brother obsolete, Comm. of ACM, 28, Oct. 1985, pp. 1030–1044.CrossRefGoogle Scholar
  3. [3]
    Ivan Bjerre Damgård, Collision-free hash functions and public-key signature schemes, EUROCRYPT’ 87, to appear.Google Scholar
  4. [4]
    Yvo Desmedt and Jean-Jacques Quisquater, Public-key systems based on the difficulty of tampering, Advances in cryptology, Proceedings of CRYPTO’ 86, Lectures notes in computer science, No 263, Springer-Verlag, pp. 186–194.Google Scholar
  5. [5]
    Amos Fiat and Adi Shamir, How to prove yourself: practical solutions to identification and signature problems. Springer Verlag, Lecture notes in computer science, No 263, Advances in cryptology, Proceedings of CRYPTO’ 86, pp. 186–194, 1987.Google Scholar
  6. [6]
    Amos Fiat and Adi Shamir, Unforgeable proofs of identity, 5th SECURICOM, Paris, 1987, pp. 147–153.Google Scholar
  7. [7]
    Oded Goldreich, Shafi Goldwasser and Silvio Micali, How to construct random functions, 25th, IEEE symposium on foundations of computer science, 1984, pp. 464–479.Google Scholar
  8. [8]
    Shafi Goldwasser, Silvio Micali and Charles Rackoff, The knowledge of interactive proof systems, 17th ACM symposium on theory of computing, 1985, pp. 291–304.Google Scholar
  9. [9]
    Shafi Goldwasser, Silvio Micali and Ronald Rivest, A paradoxical signature scheme, 25th IEEE symposium on foundations of computer science, 1984, pp. 441–448.Google Scholar
  10. [10]
    Oded Goldreich, Silvio Micali and Avi Wigderson, Proofs that yields nothing but the validity of the proof, Workshop on probabilistic algorithms, Marseille, March 1986.Google Scholar
  11. [11]
    Louis C. Guillou and Jean-Jacques Quisquater, Efficient digital public-key signatures with shadow, Springer Verlag, Lecture notes in computer science, Advances in cryptology, Proceedings of CRYPTO’ 87, p.223.Google Scholar
  12. [12]
    Louis C. Guillou, Marc Davio and Jean-Jacques Quisquater, Public-key techniques, Cryptologia, to appear.Google Scholar
  13. [13]
    Louis C. Guillou and Jean-Jacques Quisquater, A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory, EURO CRYPT’ 88, to appear.Google Scholar
  14. [14]
    Louis C. Guillou and Michel Ugon, Smart card: a highly reliable and portable security device, CRYPTO’ 86, Lecture notes in computer science, No 263, Springer-Verlag, pp. 464–479.Google Scholar
  15. [15]
    Jean-Jacques Quisquater, Secret distribution of keys for public-key system, Springer Verlag, Lecture notes in computer science, No 293, Advances in cryptology, Proceedings of CRYPTO’ 87, pp. 203–208, 1987.Google Scholar
  16. [16]
    Ronald Rivest, Adi Shamir and Leonard Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. of ACM, 21, Feb. 1978, pp. 120–126.CrossRefMATHMathSciNetGoogle Scholar
  17. [17]
    Adi Shamir, Identity-based cryptosystems and signatures schemes, Springer Verlag, Lecture notes in computer science, No 196, Advances in cryptology, Proceedings of CRYPTO’ 84, pp. 47–53, 1985.Google Scholar
  18. [18]
    H. C. Williams, A modification of the RSA public-key cryptosystem, IEEE Trans. on Information Theory, IT-26, Nov. 1980, pp. 726–729.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Louis Claude Guillou
    • 1
  • Jean-Jacques Quisquater
    • 2
  1. 1.Centre Commun d’Etudes de Télédiffusion et TélécommunicationsCCETTCesson-Sevigné CédexFrance
  2. 2.Philips Research Laboratory BrusselsBrusselsBelgium

Personalised recommendations