Cryptanalysis of an Efficient Proof of Knowledge of Discrete Logarithm

  • Sébastien Kunz-Jacques
  • Gwenaëlle Martinet
  • Guillaume Poupard
  • Jacques Stern
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)

Abstract

At PKC 2005, Bangerter, Camenisch and Maurer proposed an efficient protocol to prove knowledge of discrete logarithms in groups of unknown order. We describe an attack that enables the verifier to recover the full secret with essentially no computing power beyond what is required to run the protocol and after only a few iterations of it. We also describe variants of the attack that apply when some additional simple checks are performed by the prover.

Keywords

Public key cryptanalysis discrete logarithm proof of knowledge 

References

  1. 1.
    Bangerter, E., Camenisch, J., Maurer, U.: Efficient Proofs of Knowledge of Discrete Logarithms and Representations in Groups with Hidden Order. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 154–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Beth, T.: Efficient Zero-Knowledge Identification Scheme for Smart Cards. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 77–86. Springer, Heidelberg (1988)Google Scholar
  3. 3.
    Camenisch, J., Michels, M.: Proving in Zero-Knowledge That a Number Is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Chaum, D., Evertse, J.-H., van de Graaf, J.: An Improved Protocol for Demonstrating Possession of Discrete Logarithms and some Generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)Google Scholar
  5. 5.
    Chaum, D., Evertse, J.-H., van de Graaf, J., Peralta, R.: Demonstrating Possession of a Discrete Logarithm without Revealing it. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 200–212. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  6. 6.
    NESSIE consortium. Portfolio of recommanded cryptographic primitives (2003), Available from http://www.cryptonessie.org
  7. 7.
    Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocol, PhD thesis, University of Amsterdam (1997)Google Scholar
  8. 8.
    Cramer, R., Damgård, I.: Zero-Knowledge Proofs for Finite Field Arithmetic or: Can Zero-Knowledge Be for Free. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998)Google Scholar
  9. 9.
    Damgård, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Girault, M.: Self-Certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1992)Google Scholar
  13. 13.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM journal of computing 18(1), 186–208 (1989)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Pohlig, S.C., Hellman, M.E.: An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance. IEEE Transactions on Information Theory IT 24(1), 106–110 (1978)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Pollard, J.M.: Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation 32(143), 918–924 (1978)MathSciNetMATHGoogle Scholar
  16. 16.
    Poupard, G., Stern, J.: Security Analysis of a Practical ”on the fly” Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Schnorr, C.-P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    van Oorschot, P.C., Wiener, M.J.: On Diffie-Hellman Key Agreement with Short Exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sébastien Kunz-Jacques
    • 1
    • 2
  • Gwenaëlle Martinet
    • 1
  • Guillaume Poupard
    • 1
  • Jacques Stern
    • 2
  1. 1.DCSSI Crypto LabParis 07 SPFrance
  2. 2.Département d’informatiqueÉcole normale supérieureParisFrance

Personalised recommendations