Abstract
The Guillou-Quisquater (GQ) and Schnorr identification schemes are amongst the most efficient and best-known Fiat-Shamir follow-ons, but the question of whether they can be proven secure against impersonation under active attack has remained open. This paper provides such a proof for GQ based on the assumed security of RSA under one more inversion, an extension of the usual one-wayness assumption that was introduced in [5]. It also provides such a proof for the Schnorr scheme based on a corresponding discrete-log related assumption. These are the first security proofs for these schemes under assumptions related to the underlying one-way functions. Both results extend to establish security against impersonation under concurrent attack.
Chapter PDF
Similar content being viewed by others
References
M. Abdalla, J. An, M. Bellare and C. Namprempre. From identification to signatures via the Fiat-Shamir Transform: Minimizing assumptions for security and forward-security. Advances in Cryptology — EUROCRYPT’ 02, Lecture Notes in Computer Science Vol. 2332, L. Knudsen ed., Springer-Verlag, 2002.
N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. Advances in Cryptology — EUROCRYPT’ 97, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed., Springer-Verlag, 1997.
M. Bellare, M. Fischlin, S. Goldwasser and S. Micali. Identification protocols secure against reset attacks. Advances in Cryptology — EUROCRYPT’ 01, Lecture Notes in Computer Science Vol. 2045, B. Pfitzmann ed., Springer-Verlag, 2001.
M. Bellare and S. Miner. A forward-secure digital signature scheme. Advances in Cryptology — CRYPTO’ 99, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
M. Bellare, C. Namprempre, D. Pointcheval and M. Semanko. The one-more-RSA inversion problems and the security of Chaum’s blind signature scheme. Available as IACR eprint archive Report 2001/002, http://www.eprint.iacr.org/2001/002/. Preliminary version, entitled “The power of RSA inversion oracles and the security of Chaum’s RSA-based blind signature scheme,” in Financial Cryptography '01, Lecture Notes in Computer Science Vol. 2339, P. Syverson ed., Springer-Verlag, 2001.
M. Bellare and G. Neven. Transitive signatures based on factoring and RSA. Manuscript, May 2002.
M. Bellare and A. Palacio. GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. Full version of this paper, available via http://www-cse.ucsd.edu/uers/mihir.
M. Bellare, D. Pointcheval and P. Rogaway. Authenticated key exchange secure against dictionary attacks. Advances in Cryptology — EUROCRYPT’ 00, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.
M. Bellare and P. Rogaway. Entity authentication and key distribution. Advances in Cryptology — CRYPTO’ 93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed., Springer-Verlag, 1993.
R. Canetti, S. Goldwasser, O. Goldreich and S. Micali. Resettable zeroknowledge. Proceedings of the 32nd Annual Symposium on the Theory of Computing, ACM, 2000.
R. Canetti and H. Krawczyk. Universally composable notions of key-exchange and secure channels. Advances in Cryptology — EUROCRYPT’ 02, Lecture Notes in Computer Science Vol. 2332, L. Knudsen ed., Springer-Verlag, 2002.
D. Chaum. Blind signatures for untraceable payments. Advances in Cryptology — CRYPTO’ 82, Lecture Notes in Computer Science, Plenum Press, New York and London, 1983, Aug. 1982.
R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. In 5th ACM Conference on Computer and Communications Security, pages 46–51, Singapore, Nov. 1999. ACM Press.
U. Feige, A. Fiat and A. Shamir. Zero knowledge proofs of identity. Journal of Cryptology, 1(2):77–94, 1988.
U. Feige and A. Shamir. Witness indistinguishable and witness hiding protocols. Proceedings of the 22nd Annual Symposium on the Theory of Computing, ACM, 1990.
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology — CRYPTO’ 86, Lecture Notes in Computer Science Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.
E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. Advances in Cryptology — CRYPTO’ 97, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed., Springer-Verlag, 1997.
R. Gennaro, S. Halevi, and T. Rabin. Secure hash-and-sign signatures without the random oracle. Advances in Cryptology — EUROCRYPT’ 99, Lecture Notes in Computer Science Vol. 1592, J. Stern ed., Springer-Verlag, 1999.
S. Goldwasser, S. Micali and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal of Computing, 18(1):186–208, February 1989.
L. Guillou and J. J. Quisquater. A “paradoxical” identity-based signature scheme resulting from zero-knowledge. Advances in Cryptology — CRYPTO’ 88, Lecture Notes in Computer Science Vol. 403, S. Goldwasser ed., Springer-Verlag, 1988.
S. Micali and R. Rivest. Transitive signature schemes. Topics in Cryptology — CT-RSA '02, Lecture Notes in Computer Science Vol. 2271, B. Preneel ed., Springer-Verlag, 2002.
T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology — CRYPTO’ 92, Lecture Notes in Computer Science Vol. 740, E. Brickell ed., Springer-Verlag, 1992.
H. Ong and C. P. Schnorr. Fast signature generation with a Fiat Shamir-like scheme. Advances in Cryptology — EUROCRYPT’ 90, Lecture Notes in Computer Science Vol. 473, I. Damgøard ed., Springer-Verlag, 1990.
D. Pointcheval. New public key cryptosystems based on the dependent-RSA problems. Advances in Cryptology — EUROCRYPT’ 99, Lecture Notes in Computer Science Vol. 1592, J. Stern ed., Springer-Verlag, 1999.
D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3):361–396, 2000.
C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.
C. P. Schnorr. Security of the 2t-root identification and signatures. Advances in Cryptology — CRYPTO’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
V. Shoup. On the security of a practical identification scheme. Journal of Cryptology, 12:247–260, 1999.
V. Shoup. On formal models for secure key exchange (version 4). IACR eprint archive Report 1999/012, http://www.eprint.iacr.org/1999/012/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Palacio, A. (2002). GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_11
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive