Efficiency Limitations for Σ-Protocols for Group Homomorphisms

  • Endre Bangerter
  • Jan Camenisch
  • Stephan Krenn
Conference paper

DOI: 10.1007/978-3-642-11799-2_33

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5978)
Cite this paper as:
Bangerter E., Camenisch J., Krenn S. (2010) Efficiency Limitations for Σ-Protocols for Group Homomorphisms. In: Micciancio D. (eds) Theory of Cryptography. TCC 2010. Lecture Notes in Computer Science, vol 5978. Springer, Berlin, Heidelberg


Efficient zero-knowledge proofs of knowledge for group homomorphisms are essential for numerous systems in applied cryptography. Especially, Σ-protocols for proving knowledge of discrete logarithms in known and hidden order groups are of prime importance. Yet, while these proofs can be performed very efficiently within groups of known order, for hidden order groups the respective proofs are far less efficient.

This paper shows strong evidence that this efficiency gap cannot be bridged. Namely, while there are efficient protocols allowing a prover to cheat only with negligibly small probability in the case of known order groups, we provide strong evidence that for hidden order groups this probability is bounded below by 1/2 for all efficient Σ-protocols not using common reference strings or the like.

We prove our results for a comprehensive class of Σ-protocols in the generic group model, and further strengthen them by investigating certain instantiations in the plain model.


Generic Group Model Σ-Protocols Proofs of Knowledge Error Bounds 

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Endre Bangerter
    • 1
  • Jan Camenisch
    • 2
  • Stephan Krenn
    • 1
    • 3
  1. 1.Bern University of Applied SciencesBiel-BienneSwitzerland
  2. 2.IBM ResearchZurichSwitzerland
  3. 3.University of FribourgFribourgSwitzerland

Personalised recommendations