A hidden cryptographic assumption in no-transferable indentification schemes

Extended abstract of ASIACRYPT'96
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)


A 4-move perfect zero-knowledge argument for quadratic residuosity is discussed and the identification scheme based on this protocol is shown to be no-transferable. Note that the soundness of all known previous no-transferable protocols require no computational assumption, while our proposed protocol assumes a restriction of the power of cheating provers. Furthermore, a new notion of practical soundness is introduced and the relationship between practical soundness and no-transferable is investigated. An important consequence is that perfect zero-knowledge arguments does not always satisfy no-transferable nor practical soundness.


Interactive Proof Overwhelming Probability Coin Toss Probabilistic Polynomial Time Interactive Proof System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AABFH88]
    Abadi,A., Allender,E., Broder,A., Feigenbaum,J., and Hemachandra,L.A., “On generating solved instances of computational problems,” in Advances in Cryptology — Crypto'88, LNCS 403, Springer-Verlag, Berlin (1987).Google Scholar
  2. [BCC88]
    Brassard, G., Chaum, D., and Crépeau, C., “Minimum Disclosure Proofs of Knowledge,” JCSS, Vol.37, No.2, pp.156–189 (1988).Google Scholar
  3. [BCLL91]
    Brassard,G., Crepeau, C., Laplante, S., and Leger, C., “Computationally convincing proofs of knowledge,” Proc. of the 8th STACS, (1991).Google Scholar
  4. [BCY89]
    Brassard, G., Crépeau, C., and Yung, M., “Everything in NP Can Be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds,” Proc. of 16th ICALP'89, LNCS 372, Springer-Verlag, pp.123–136, Berlin (1989).Google Scholar
  5. [BFL89]
    Boyar, J., Friedl, K., and Lund, C., “Practical zero-knowledge proofs:/ Giving hints and using deficiencies,” J. of Cryptology, Vol.4, pp.185–206 (1991).Google Scholar
  6. [BG92]
    Bellare, M., and Goldreich,O., “On defining Proofs of Knowledge,” in Advances in Cryptology — Crypto'92, LNCS 740, Springer-Verlag, Berlin (1993).Google Scholar
  7. [BLP93]
    Boyar, J., Lund,C., and Peralta,R., “On the communication complexity of zero-knowledge proofs,” J. Cryptology, Vol.6, pp.65–85 (1993).Google Scholar
  8. [BM92]
    Brickell, E. F. and McCurley, K.S “An Interactive Identification Scheme Based on Discrete Logarithms and Factoring,” J. of Cryptology, Vol.5, pp.29–40 (1992).Google Scholar
  9. [BMO90]
    Bellare, M., Micali, S., and Ostrovsky, R., “Perfect Zero-Knowledge in Constant Rounds,” ACM STOC, pp.482–493 (May 1990).Google Scholar
  10. [CD92]
    Chen,L., and Damgård, Y., “Security bounds for parallel versions of identification protocols,” in Advances in Cryptology — Eurocrypt'92, LNCS 658, pp.461–466, Springer-Verlag, Berlin (1993).Google Scholar
  11. [DDP94]
    De Santis, A., Di Crescenzo,G. and Persioano G., “The knowledge complexity of quadratic residuosity languages,” TCS, 132, pp. 291–317 (1991).CrossRefGoogle Scholar
  12. [DP94]
    Di Crescenzo,G. and Persioano G., “Round-optimal perfect zero-knowledge proofs,” IPL 50, pp.93–99 (1994).CrossRefGoogle Scholar
  13. [FFS87]
    Feige, U., Fiat, A., and Shamir, A., “Zero-Knowledge Proofs of Identity,” Journal of Cryptology, Vol.1, pp.77–94 (1988); preliminary version in Proc. of 19th STOC, pp.210–217 (1987).Google Scholar
  14. [FiS86]
    Fiat, A. and Shamir, A., “How to Prove Yourself,” Advances in Cryptology — Crypto'86, LNCS 263, Springer-Verlag, Berlin, pp.186–199 (1987).Google Scholar
  15. [For87]
    Fortnow, L., “The Complexity of Perfect Zero-Knowledge,” Proc. of 19th STOC,pp.204–209 (1987).Google Scholar
  16. [FS89]
    Feige, U. and Shamir, A., “Zero-Knowledge Proofs of Knowledge in Two Rounds,” in Advances in Cryptology — Crypto'89, LNCS 435, pp.526–544, Springer-Verlag, Berlin (1990).Google Scholar
  17. [FS90]
    Feige, U. and Shamir, A., “Witness Indistinguishable and Witness Hiding Protocols,” ACM STOC, pp.416–426 (May 1990).Google Scholar
  18. [GHY86]
    Galil, Z., Haber, S., and Yung, M., “Minimum-knowledge interactive proofs for decision problems,” SIAM Journal of Comp., Vol.18, No.4, pp.711–739, (1989).CrossRefGoogle Scholar
  19. [GK90]
    Goldreich, O. and Krawczyk, H., “On the Composition of Zero-Knowledge Proof Systems,” in the Proceedings of ICALP'90, LNCS 443, pp.268–282, Springer-Verlag, Berlin (1990).Google Scholar
  20. [GMR85]
    Goldwasser, S., Micali, S., and Rackoff, C., “The Knowledge Complexity of Interactive Proof Systems,” SIAM Journal of Comp., Vol.18, No.1, pp.186–208, (1989); preliminary version in Proc. of 17th STOC, pp. 291–304 (1985).CrossRefGoogle Scholar
  21. [GMW86]
    Goldreich, O., Micali, S., and Wigderson, A., “Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proofs,” Proc. of 27th FOCS, pp.174–187, (1986).Google Scholar
  22. [IS91]
    Itoh, T. and Sakurai, K., “On the Complexity of Constant Round ZKIP of Possession of Knowledge,” Advances in Cryptology — Asiacrypt'91, LNCS 739, Springer-Verlag, Berlin, (1993).Google Scholar
  23. [OhOk88]
    Ohta, K. and T.Okamoto, “A modification of the Fiat-Shamir scheme,” in Advances in Cryptology — Crypto'88, LNCS 403, pp.31–53, Springer-Verlag, Berlin (1990).Google Scholar
  24. [Oka92]
    Okamoto,T., “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” in Advances in Cryptology — Crypto'92, LNCS 740, pp.31–53, Springer-Verlag, Berlin (1993).Google Scholar
  25. [OO90]
    Okamoto,T. and Ohta, K., “How to utilize the randomness of zero-knowledge proofs,” in Advances in Cryptology — Crypto'90, LNCS 537, pp.456–475, Springer-Verlag, Berlin (1991).Google Scholar
  26. [Sak95]
    Sakurai, K. “On separating proofs of knowledge from proofs of membership of languages and its application to secure identification scheme,” Proc. of COCOON'95, LNCS 959, pp.496–509, Springer-Verlag, Berlin (1995).Google Scholar
  27. [SI93]
    Sakurai, K. and Itoh, T., “On the discrepancy between the serial and the parallel of zero-knowledge protocols” Advances in Cryptology — Crypto'92, LNCS 740, Springer-Verlag, Berlin, (1993).Google Scholar
  28. [SK90]
    Saitoh, T. and Kurosawa, K., “4-Move Perfect ZKIP of Knowledge with No Assumption,” IEICE Tech. Rept., ISEC90-21 (1990).Google Scholar
  29. [SKS91]
    Saitoh, T., Kurosawa, K., and Sakurai, K., “4-Move Perfect ZKIP of Knowledge with No Assumption,” Advances in Cryptology — Asiacrypt'91, LNCS 739, Springer-Verlag, Berlin, (1993).Google Scholar
  30. [TW87]
    Tompa, M. and Woll, H., “Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information,” Proc. of 28th FOCS, pp.472–482 (1987).Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • Kouichi Sakurai
    • 1
  1. 1.Department of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations