Complex Zero-Knowledge Proofs of Knowledge Are Easy to Use

  • Sébastien Canard
  • Iwen Coisel
  • Jacques Traoré
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)


Since 1985 and their introduction by Goldwasser, Micali and Rackoff, followed in 1988 by Feige, Fiat and Shamir, zero-knowledge proofs of knowledge have become a central tool in modern cryptography. Many articles use them as building blocks to construct more complex protocols, for which security is often hard to prove. The aim of this paper is to simplify analysis of many of these protocols, by providing the cryptographers with a theorem which will save them from stating explicit security proofs. Kiayias, Tsiounis and Yung made a first step in this direction at Eurocrypt’04, but they only addressed the case of so-called “triangular set of discrete-log relations”. By generalizing their result to any set of discrete-log relations, we greatly extend the range of protocols it can be applied to.


Signature Scheme Turing Machine Free Variable Discrete Logarithm Security Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Barić, N., Pfitzmann, B.: Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–484. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldwasser, S.: Verifiable Partial Key Escrow. In: ACM CCS 1997, pp. 78–91. ACM Press, New York (1997)CrossRefGoogle Scholar
  4. 4.
    Boudot, F.: Efficient Proofs that a Committed Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A.: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)Google Scholar
  6. 6.
    Camenisch, J., Michels, M.: A Group Signature Scheme Based on an RSA-Variant. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 160–174. Springer, Heidelberg (1998)Google Scholar
  7. 7.
    Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Canard, S., Gouget, A., Hufschmitt, E.: A Handy Muti-Coupon System. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 66–81. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Canard, S., Traoré, J.: On Fair E-cash Systems based on Group Signature Schemes. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 237–248. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy Come - Easy Go Divisible Cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Chaum, D., Pedersen, T.: Transferred Cash Grows in Size. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 390–407. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. ACM TISSEC 3(3), 161–185 (2000)CrossRefGoogle Scholar
  13. 13.
    Damgård, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 143–159. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge Proofs of Identity. Journal of Cryptology 1(2), 77–94 (1988)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  16. 16.
    Fujisaki, E., Okamoto, T.: Statistical Zero-Knowledge Protocols Solution to Identification and Signature Problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  17. 17.
    Gennaro, R., Rabin, T., Krawczyk, H.: RSA-Based Undeniable Signatures. Journal of Cryptology 13(4), 397–416 (2000)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19(4), 463–487 (2006)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Goldwasser, S., Micali, S., Rackoff, C.W.: The Knowledge Complexity of Interactive Proof Systems. SIAM Journal of Computing 18(1), 186–208 (1989)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable Signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004), Google Scholar
  21. 21.
    Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13(3), 361–396 (2000)MATHCrossRefGoogle Scholar
  22. 22.
    Schnorr, C.P.: Efficient Signature Generation for Smart Cards. Journal of Cryptology 4(3), 239–252 (1991)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Sébastien Canard
    • 1
  • Iwen Coisel
    • 1
  • Jacques Traoré
    • 1
  1. 1.Orange Labs, 42 rue des Coutures, 14000 CaenFrance

Personalised recommendations