Identification Protocols Secure against Reset Attacks

  • Mihir Bellare
  • Marc Fischlin
  • Shafi Goldwasser
  • Silvio Micali
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2045)

Abstract

We provide identification protocols that are secure even when the adversary can reset the internal state and/or randomization source of the user identifying itself, and when executed in an asynchronous environment like the Internet that gives the adversary concurrent access to instances of the user. These protocols are suitable for use by devices (like smartcards) which when under adversary control may not be able to reliably maintain their internal state between invocations.

Keywords

Signature Scheme Protocol Secure Commitment Scheme Deniable Authentication Random Tape 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Bellare, R. Canetti, AND H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols,” Proceedings of the 30th Annual Symposium on the Theory of Computing, ACM, 1998.Google Scholar
  2. 2.
    M. Bellare, A. Desai, D. Pointcheval AND P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology-CRYPTO '98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  3. 3.
    M. Bellare, M. Fischlin, S. Goldwasser AND S. Micali, “Identification protocols secure against reset attacks,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.
  4. 4.
    M. Bellare AND O. Goldreich, “On defining proofs of knowledge,” Advances in Cryptology-CRYPTO '92, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992.Google Scholar
  5. 5.
    M. Bellare, D. Pointcheval AND P. Rogaway, “Authenticated key exchange secure against dictionary attack,” Advances in Cryptology-EUROCRYPT '00, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.Google Scholar
  6. 6.
    M. Bellare AND P. Rogaway, “Entity authentication and key distribution”, Advances in Cryptology-CRYPTO '93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed., Springer-Verlag, 1993.Google Scholar
  7. 7.
    G. Brassard, D. Chaum AND C. Crépeau, “Minimum Disclosure Proofs of Knowledge,” Journal of Computer and Systems Science, Vol. 37, No. 2, 1988, pp. 156–189.MATHCrossRefGoogle Scholar
  8. 8.
    R. Canetti, S. Goldwasser, O. Goldreich AND S. Micali, “Resettable zeroknowledge,” Proceedings of the 32nd Annual Symposium on the Theory of Computing, ACM, 2000.Google Scholar
  9. 9.
    D. Dolev, C. Dwork AND M. Naor, “Non-malleable cryptography”, SIAM J. on Computing, 2001. Preliminary version in STOC 91.Google Scholar
  10. 10.
    C. Dwork, M. Naor AND A. Sahai, “Concurrent zero-knowledge,” Proceedings of the 30th Annual Symposium on the Theory of Computing, ACM, 1998.Google Scholar
  11. 11.
    U. Feige, A. Fiat AND A. Shamir, “Zero-knowledge proofs of identity,” J. of Cryptology, Vol. 1, 1988, pp. 77–94.MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    U. Feige AND A. Shamir, “Witness indistinguishable and witness hiding protocols,” Proceedings of the 22nd Annual Symposium on the Theory of Computing, ACM, 1990.Google Scholar
  13. 13.
    A. Fiat AND A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” Advances in Cryptology-CRYPTO '86, Lecture Notes in Computer Science Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.Google Scholar
  14. 14.
    O. Goldreich, S. Goldwasser AND S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.CrossRefMathSciNetGoogle Scholar
  15. 15.
    S. Goldwasser, S. Micali AND C. Rackoff, “The knowledge complexity of interactive proof systems,” SIAM J. on Computing, Vol. 18, No. 1, pp. 186–208, February 1989.MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    S. Goldwasser, S. Micali AND R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, Vol. 17, No. 2, April 1988, pp. 281–308.MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    L.C. Guillou AND J.-J. Quisquater, “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing Both Transmission and Memory,” Advances in Cryptology-EUROCRYPT '88, Lecture Notes in Computer Science Vol. 330, C. Gunther ed., Springer-Verlag, 1988.Google Scholar
  18. 18.
    T. Okamoto, “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” Advances in Cryptology-CRYPTO '92, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992.Google Scholar
  19. 19.
    H. Ong AND C.P. Schnorr, “Fast Signature Generation with a Fiat-Shamir Identification Scheme” Advances in Cryptology-EUROCRYPT '90, Lecture Notes in Computer Science Vol. 473, I. Damgård ed., Springer-Verlag, 1990.Google Scholar
  20. 20.
    C.P. Schnorr, “Efficient Signature Generation by Smart Cards,” J. of Cryptology, Vol. 4, 1991, pp. 161–174.MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    C.P. Schnorr, “Security of 2t-Root Identification and Signatures” Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.Google Scholar
  22. 22.
    V. Shoup, “On the Security of a Practical Identification Scheme,” J. of Cryptology, Vol. 12, 1999, pp. 247–260.MATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Marc Fischlin
    • 2
  • Shafi Goldwasser
    • 3
  • Silvio Micali
    • 3
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA
  2. 2.Dept. of Mathematics (AG 7.2)Johann Wolfgang Goethe-UniversityFrankfurt/MainGermany
  3. 3.MIT Laboratory for Computer ScienceCambridgeUSA

Personalised recommendations