Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes

  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 740)

Abstract

This paper presents a three-move interactive identification scheme and proves it to be as secure as the discrete logarithm problem. This provably secure scheme is almost as efficient as the Schnorr identification scheme, while the Schnorr scheme is not provably secure. This paper also presents another practical identification scheme which is proven to be as secure as the factoring problem and is almost as efficient as the Guillou-Quisquater identification scheme: the Guillou-Quisquater scheme is not provably secure. We also propose practical digital signature schemes based on these identification schemes. The signature schemes are almost as efficient as the Schnorr and Guillou-Quisquater signature schemes, while the security assumptions of our signature schemes are weaker than those of the Schnorr and Guillou-Quisquater. signature schemes. This paper also gives a theoretically generalized result: a three-move identification scheme can be constructed which is as secure as the random-self-reducible problem. Moreover, this paper proposes a variant which is proven to be as secure as the difficulty of solving both the discrete logarithm problem and the specific factoring problem simultaneously. Some other variants such as an identity-based variant and an elliptic curve variant are also proposed.

References

  1. [Bet]
    T. Beth, “Efficient Zero-Knowledge Identification Scheme for Smart Cards,” Proceedings of Eurocrypt’ 88, LNCS 330, Springer-Verlag, pp.77–86 (1988).Google Scholar
  2. [BGMW]
    E.F. Brickell, D.M. Gordon, K.S. McCurley, and D. Wilson, “Fast Exponentiation with Precomputation”, to appear in the Proceedings of Eurocrypt’ 92.Google Scholar
  3. [BM1]
    E.F. Brickell, and K.S. McCurley, “An Interactive Identification Scheme Based on Discrete Logarithms and Factoring,” Journal of Cryptology, Vol. 5, No. 1, pp.29–39 (1992).MATHGoogle Scholar
  4. [BM2]
    E.F. Brickell, and K.S. McCurley, “Interactive Identification and Digital Signatures,” AT&T Technical Journal, pp.73–86, November/December (1991).Google Scholar
  5. [BMO1]
    M. Bellare, S. Micali and R. Ostrovsky, “Perfect Zero-Knowledge in Constant Rounds,” Proceedings of STOC, pp.482–493 (1990).Google Scholar
  6. [BMO2]
    M. Bellare, S. Micali and R. Ostrovsky, “The (True) Complexity of Statistical Zero-Knowledge.” Proceedings of STOC, pp.494–502 (1990).Google Scholar
  7. [Cha]
    D. Chaum, “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Comm. of the ACM, 28,10, pp.1030–1044 (1985).CrossRefGoogle Scholar
  8. [CD]
    L. Chen, I. Damgård, “Security Bounds for Parallel Versions of Identification Protocols,” Manuscript (1992).Google Scholar
  9. [FeS1]
    U. Feige and A. Shamir, “Witness Indistinguishable and Witness Hiding Protocols,” Proceedings of STOC, pp.416–426 (1990).Google Scholar
  10. [FeS2]
    U. Feige and A. Shamir, “Zero Knowledge Proofs of Knowledge in Two Rounds,” Proceedings of Crypto’ 89, LNCS 435, Springer-Verlag, pp.526–544 (1990).CrossRefGoogle Scholar
  11. [FFS]
    U. Feige, A. Fiat and A. Shamir, “Zero Knowledge Proofs of Identity,” Proceedings of STOC, pp.210–217 (1987).Google Scholar
  12. [FiS]
    A. Fiat and A. Shamir, “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”, Proceedings of CRYPTO’ 86, LNCS 263, Springer-Verlag, pp.186–194 (1987).Google Scholar
  13. [GGM]
    O. Goldreich, S. Goldwasser, and S. Micali, “How to Construct Random Functions,” Journal of the ACM, Vol. 33, No. 4 (1986).Google Scholar
  14. [GK]
    O. Goldreich and H. Krawczyk “On the Composition of Zero-Knowledge Proof Systems,” Proceedings of ICALP, LNCS 443, Springer-Verlag, pp.268–282 (1990).Google Scholar
  15. [GMRa]
    S. Goldwasser, S. Micali and C. Rackoff, “The Knowledge Complexity of Interactive Proofs,” SIAM J. Comput., 18,1, pp.186–208 (1989).CrossRefMATHMathSciNetGoogle Scholar
  16. [GMRi]
    S. Goldwasser, S. Micali and R. Rivest, “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM J. Comput., 17,2, pp.281–308 (1988).CrossRefMATHMathSciNetGoogle Scholar
  17. [GQ]
    L.S. Guillou, and J.J. Quisquater, “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing both Transmission and Memory,” Proceedings of Eurocrypt’ 88, LNCS 330, Springer-Verlag, pp.123–128 (1988).Google Scholar
  18. [HMV]
    G. Harper, A.J. Menezes, S.A. Vanstone, “Public-Key Cryptosystems with Very Small Key Length”, to appear in the Proceedings of Eurocrypt’ 92.Google Scholar
  19. [Kob1]
    N. Koblitz, A Course in Number Theory and Cryptography, Berlin: Springer-Verlag, (1987).MATHGoogle Scholar
  20. [Kob2]
    N. Koblitz, “CM-Curves with Good Cryptographic Properties,” Proceedings of Crypto’ 91 (1992).Google Scholar
  21. [Kun]
    D.E. Knuth, The Art of Computer Programming, Vol. 2, 2nd Ed. Addison-Wesley (1981).Google Scholar
  22. [Mil]
    V. Miller, “Uses of Elliptic Curves in Cryptography,” Proceedings of Crypto’ 85, LNCS 218, Springer-Verlag, pp.417–426 (1986).Google Scholar
  23. [Miy]
    A. Miyaji, “On Ordinary Elliptic Curve Cryptosystems,” to appear in the Proceedings of Asiacrypt’ 91, LNCS, Springer-Verlag.Google Scholar
  24. [Mon]
    P.L. Montgomery, “Modular Multiplication without Trial Division,” Math. of Computation, Vol. 44, pp.519–521 (1985).CrossRefMATHGoogle Scholar
  25. [MOV]
    A.J. Menezes, T. Okamoto, S.A. Vanstone, “Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field”, Proceedings of STOC, pp.80–89 (1991).Google Scholar
  26. [OhO1]
    K. Ohta, and T. Okamoto, “A Modification of the Fiat-Shamir Scheme,” Proceedings of Crypto’ 88, LNCS 403, Springer-Verlag, pp.232–243 (1990).Google Scholar
  27. [OhO2]
    K. Ohta, and T. Okamoto, “A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme,” to appear in the Proceedings of Asiacrypt’ 91.Google Scholar
  28. [Oka]
    T. Okamoto, “A Single Public-Key Authentication Scheme for Multiple Users,” Systems and Computers in Japan, 18,10, pp.14–24 (1987), Previous version, Technical Report of IECE Japan, IN83–92 (1984).CrossRefMathSciNetGoogle Scholar
  29. [OkO]
    T. Okamoto, and K. Ohta, “Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducible.” Proceedings of Eurocrypt’ 89, LNCS 434, Springer-Verlag, pp.134–149 (1990).Google Scholar
  30. [PH]
    S.C. Pohlig, and M.E. Hellman, “An Improved Algorithm for Computing Logarithmsover GF (p) and Its Cryptographic Significance,” IEEE Trans. Inform. Theory, 24, pp.106–110 (1978)CrossRefMATHMathSciNetGoogle Scholar
  31. [RSA]
    R. Rivest, A. Shamir and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, Vol. 21, No. 2, pp.120–126 (1978).CrossRefMATHMathSciNetGoogle Scholar
  32. [Sch]
    C.P. Schnorr, “Efficient Signature Generation by Smart Cards,” Journal of Cryptology, Vol. 4, No. 3, pp.161–174 (1991).CrossRefMATHMathSciNetGoogle Scholar
  33. [Sha]
    A. Shamir, “Identity-Based Cryptosystems and Signature Scheme,” Proceedings of Crypto’ 84, LNCS 196. Springer-Verlag, pp.47–53 (1986).Google Scholar
  34. [SI]
    K. Sakurai, and T. Itoh, “On the Discrepancy between Serial and Parallel of Zero-Knowledge Protocols,” These proceedings.Google Scholar
  35. [TW]
    M. Tompa and H. Woll, “Random Self-Reducibility and Zero Knowledge Interactive Proofs of Possession of Information,” Proceedings of FOCS, pp.472–482 (1987).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  1. 1.NTT LaboratoriesNippon Telegraph and Telephone CorporationKanagawa-kenJapan

Personalised recommendations