It is often the case in applications of cryptographic protocols that one party would like to determine a practical upper-bound on the physical distance to the other party. For instance, when a person conducts a cryptographic identification protocol at an entrance to a building, the access control computer in the building would like to be ensured that the person giving the responses is no more than a few meters away.
The “distance bounding” technique we introduce solves this problem by timing the delay between sending out a challenge bit and receiving back the corresponding response bit. It can be integrated into common identification protocols. The technique can also be applied in the three-party setting of “wallets with observers” in such a way that the intermediary party can prevent the other two from exchanging information, or even developing common coinflips.
KeywordsSignature Scheme Commitment Scheme Probabilistic Encryption Subliminal Channel Mafia Fraud
- 2.Beth, T. and Desmedt, Y., “Identification tokens-or: solving the chess grandmaster problem,” Crypto’ 90, Lecture Notes in Computer Science, Springer-Verlag (1991), pages 169–176.Google Scholar
- 3.Brands, S., “An efficient off-line electronic cash system based on the representation problem,” C.W.I. Technical Report CS-T9323, april 1993, The Netherlands.Google Scholar
- 6.Chaum, D., “Achieving electronic privacy,” Scientific American, Aug. 1992. pages 96–101.Google Scholar
- 7.Chaum, D. and Pedersen, T., “Wallet Databases with Observers,” Proceedings of Crypto’ 92, Abstracts, Santa Barbara, August 1992, pp. 3.1–3.6.Google Scholar
- 8.Cramer, R. and Pedersen, T., “Improved privacy in wallets with observers,” in: these proceedings.Google Scholar
- 9.Desmedt, Y., “Major security problems with the ‘unforgeable’ (Feige)-Fiat-Shamir proofs of identity and how to overcome them,” SecuriCom’ 88, SEDEP Paris, (1988), pages 15–17.Google Scholar
- 10.Desmedt, Y., Goutier, C., and Bengio, S., “Special uses and abuses of the Fiat-Shamir passport protocol,” Crypto’ 87, LNCS 293, Springer-Verlag (1988), pages 16–20.Google Scholar
- 12.Fiat, A. and Shamir, A., “How to prove yourself: practical solutions to identification and signature problems,” Crypto’ 86, Springer-Verlag, (1987), pages 186–194.Google Scholar
- 14.Guillou, L. and Quisquater, J.-J., “A ‘paradoxical’ identity-based signature scheme resulting from zero-knowledge,” Crypto’ 88, Springer-Verlag, pages 216–231.Google Scholar
- 15.Okamoto, T., “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” Proceeding of Crypto’ 92, pages (1-15)–(1-25).Google Scholar
- 16.Okamoto, T. and Ohta, K., “Divertible zero knowledge interactive proofs and commutative random self-reducibility,” Eurocrypt’ 89, Springer-Verlag, pages 134–149.Google Scholar
- 18.Simmons, G., “The prisoner’s problem and the subliminal channel.” Crypto’ 83, Santa Barbera (1983), Plenum, New York, pages 51–67.Google Scholar