A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory
Zero-knowledge interactive proofs are very promising for the problems related to the verification of identity. After their (mainly theoretical) introduction by S. Goldwasser, S. Micali and C. Rackoff (1985), A. Fiat and A. Shamir (1986) proposed a first practical solution: the scheme of Fiat-Shamir is a trade-off between the number of authentication numbers stored in each security microprocessor and the number of witness numbers to be checked at each verification.
This paper proposes a new scheme which requires the storage of only one authentication number in each security microprocessor and the check of only one witness number. The needed computations are only 2 or 3 more than for the scheme of Fiat-Shamir.
KeywordsHash Function Signature Scheme Security Device Honest User Philips Research Laboratory
- 1.Gilles Brassard, David Chaum and Claude Crépreau, Minimum disclosure proofs of knowledge, July 1987.Google Scholar
- 2.Amos Fiat and Adi Shamir, How to prove yourself: practical solutions to identification and signature problems. Springer-Verlag, Lecture notes in computer science, No 263, Advances in cryptology, Proceedings of CRYPTO’ 86, pp. 186–194, 1987.Google Scholar
- 3.Shafi Goldwasser, S. Micali and C. Rackoff, The knowledge of interactive proof systems, 17th ACM symposium on theory of computing, 1985, pp. 291–304.Google Scholar
- 4.Oded Goldreich, Silvio Micali and Avi Wigderson, Proofs that yields nothing but the validity of the proof, Workshop on probabilistic algorithms, Marseille, March 1986.Google Scholar
- 5.Adi Shamir, Identity-based cryptosystems and signatures schemes, Springer-Verlag, Lecture notes in computer science, No 196, Advances in cryptology, Proceedings of CRYPTO’ 84, pp. 47–53, 1985.Google Scholar