Zero-Knowledge Proof of Generalized Compact Knapsacks (or A Novel Identification/Signature Scheme)

  • Bo Qin
  • Qianhong Wu
  • Willy Susilo
  • Yi Mu
  • Yumin Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4158)


At FOCS 2002, a new generalized compact Knapsacks problem is introduced. It is shown that solving the generalized compact Knapsack problem on the average is at least as hard as the worst-case instance of various approximation problems over cyclic lattices. It is left as an open problem to construct a zero-knowledge proof of generalized compact Knapsack problem. In this paper, by investigating a new notion of one-way ensemble pair, we propose a generic construction of identification and achieve a signature with the Fiat-Shamir transformation. Following our generic construction, we implement a concrete scheme based on the random generalized compact Knapsack problem. Our scheme also implies the first efficient zero-knowledge proof of the generalized compact Knapsacks problem and results in a positive solution to the open problem at FOCS 2002.


Signature Scheme Knapsack Problem Random Instance Random Oracle Model Cyclic Lattice 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ajtai, M.: Generating hard instances of lattice problem. In: Proceedings 28th Annual ACM Symposium on Theory of Computing, pp. 99–108 (1996)Google Scholar
  2. 2.
    Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U.: Strengths and weaknesses of quantum computing. SIAM J.Comput. 26(5), 1510–1523 (1997)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  4. 4.
    Goldwasser, S., Tauman Kalai, Y.: On the (In)security of the Fiat-Shamir Paradigm. In: FOCS 2003, pp. 102–113. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  5. 5.
    Karp, R.M.: Reducibility among combinatorial problems. In: Miller, R.E., Thatcher, J.W. (eds.) Complexity of computer computation, pp. 85–103. Plenum, New York (1972)Google Scholar
  6. 6.
    Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. Journal of the ACM 32(1), 229–246 (1985)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Merkle, R.C., Hellman, M.E.: Hiding information and signatures in trapdoor Knapsacks. IEEE Transactions on Information Theory 24(5), 525–530 (1978)CrossRefGoogle Scholar
  8. 8.
    Micciancio, D.: Generalized compact knapsaks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions. In: FOCS 2002, pp. 356–365. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  9. 9.
    Odlyzko, A.M.: The Rise and Fall of Knapsack Cryptosystems, Cryptology and Computational Number Theory. In: Am. Math. Soc., Proc. Symp. Appl. Math., vol. 42, pp. 75–88 (1990)Google Scholar
  10. 10.
    Okamoto, T., Tanaka, K., Uchiyama, S.: Quantum Public-Key Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 147–165. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Pointcheval, D.: A new Identification Scheme Based on the Perceptrons Problem. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 319–328. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. J. Cryptology 13, 361–396 (2000)MATHCrossRefGoogle Scholar
  13. 13.
    Wu, Q., Chen, X., Wang, C., Wang, Y.: Shared-Key Signature and Its Application to Anonymous Authentication in Ad Hoc Group. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 330–341. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Regev, O.: New lattice based cryptographic constructions. In: ACM-STOC 2003, pp. 407–426. ACM Press, New York (2003)Google Scholar
  15. 15.
    Shamir, A.: A Fast Signature Scheme MIT/LCS/TM-107. MIT Laboratory for Computer Science, Cambridge (1978)Google Scholar
  16. 16.
    Shamir, A.: A Polynomial-Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem. IEEE Transactions on Information Theory 30, 699–704 (1984)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Shamir, A.: An efficient Identification Scheme Based on Permuted Kernels. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 606–609. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Shor, P.W.: Polynomial-time algorithm for prime factorization and discretelogarithms on a quantum computer. SIAM Journal of Computing 26, 1484–1509 (1997)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Stern, J.: Designing identification schemes with keys of short size. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 164–173. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Vandersypen, L.M.K., Steffen, M., Breyta, G., Yannoni, C.S., Sherwood, M.H., Chuang, I.L.: Experimental realization of shor’s quantum factoring algorithm using nuclear magnetic resonance. Nature 414, 883–887 (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Bo Qin
    • 1
    • 2
    • 3
  • Qianhong Wu
    • 2
  • Willy Susilo
    • 2
  • Yi Mu
    • 2
  • Yumin Wang
    • 1
  1. 1.National Key Laboratory of Integrated Service NetworksXidian UniversityXi’an CityP.R. China
  2. 2.Center for Information Security Research, School of Information Technology and Computer ScienceUniversity of WollongongWollongongAustralia
  3. 3.Department of Mathematics, School of ScienceXi’an University of TechnologyXi’an CityP.R. China

Personalised recommendations