# An efficient zero-knowledge scheme for the discrete logarithm based on smooth numbers

Conference paper

First Online:

## Abstract

*We present an interactive zero-knowledge proof for the discrete logarithm problem which is based on smooth numbers. The main feature of our proof is its communication complexity (number of messages exchanged, number of bits communicated) which is less than that of competing schemes*.

## Preview

Unable to display preview. Download preview PDF.

## References

- [AM86]L. M. Adleman and K. S. McCurley. Open problems in number theoretic complexity. In D. Johnson, T. Nishizeki, A. Nozaki, and H. Wilf, editors,
*Discrete Algorithms and Complexity, Proceedings of the Japan-US Joint Seminar*(*Perspective in Computing series, Vol. 15*), pp. 263–286. Academic Press Inc., Orlando, Florida, June 4–6, Kyoto, Japan 1986.Google Scholar - [BB88]G. Brassard and P. Bratley.
*Algorithmics — Theory & Practice*. Prentice Hall, 1988.Google Scholar - [BDB]M. Burmester, Y. Desmedt, and T. Beth. Efficient zero-knowledge identification schemes for smart cards. Accepted for publication in special issue on Safety and Security, The Computer Journal, February 1992, Vol. 35, No. 1, pp. 21–29.CrossRefGoogle Scholar
- [Bet88]T. Beth. A Fiat-Shamir-like authentication protocol for the El-Gamalscheme. In C. G. Günther, editor,
*Advances in Cryptology, Proc. of Eurocrypt '88*(*Lecture Notes in Computer Science 330*), pp. 77–84. Springer-Verlag, May 1988. Davos, Switzerland.Google Scholar - [BGG90]M. Bellare, O. Goldreich, and S. Goldwasser. Randomness in interactive proofs. In
*31th Annual Symp. on Foundations of Computer Science (FOCS)*, pp. 563–572. IEEE Computer Society Press, October 22–October 24, 1990. St. Louis, Missouri.Google Scholar - [BMO90]M. Bellare, S. Micali, and R. Ostrovsky. Perfect zero-knowledge in constant rounds. In
*Proceedings of the twenty second annual ACM Symp. Theory of Computing, STOC*, pp. 482–493, May 14–16, 1990.Google Scholar - [CEvdG88]D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In D. Chaum and W. L. Price, editors,
*Advances in Cryptology — Eurocrypt '87*(*Lecture Notes in Computer Science 304*), pp. 127–141. Springer-Verlag, Berlin, 1988. Amsterdam, The Netherlands, April 13–15, 1987.Google Scholar - [COS86]D. Coppersmith, A. Odlyzko, and R. Schroeppel. Discrete logarithms in
*GF(p). Algorithmica*, pp. 1–15, 1986.Google Scholar - [DH76]W. Diffie and M. E. Hellman. New directions in cryptography.
*IEEE Trans. Inform. Theory*, IT-22(6), pp. 644–654, November 1976.CrossRefGoogle Scholar - [E1G85]T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms.
*IEEE Trans. Inform. Theory*, 31, pp. 469–472, 1985.CrossRefGoogle Scholar - [FFS88]U. Feige, A. Fiat, and A. Shamir. Zero knowledge proofs of identity.
*Journal of Cryptology*, 1(2), pp. 77–94, 1988.Google Scholar - [FS87]A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. Odlyzko, editor,
*Advances in Cryptology, Proc. of Crypto '86*(*Lecture Notes in Computer Science 263*), pp. 186–194. Springer-Verlag, 1987. Santa Barbara, California, U. S. A., August 11–15.Google Scholar - [GMR89]S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems.
*Siam J. Comput.*, 18(1), pp. 186–208, February 1989.CrossRefGoogle Scholar - [GQ88]L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In C. G. Günther, editor,
*Advances in Cryptology, Proc. of Eurocrypt '88*(*Lecture Notes in Computer Science 330*), pp. 123–128. Springer-Verlag, May 1988. Davos, Switzerland.Google Scholar - [Jac85]N. Jacobson.
*Basic Algebra I*. W. H. Freeman and Company, New York, 1985.Google Scholar - [KMO89]J. Kilian, S. Micali, and R. Ostrovsky. Minimum resource zero-knowledge proofs. In
*30th Annual Symp. on Foundations of Computer Science (FOCS)*, pp. 474–479. IEEE Computer Society Press, October 30–November 1, 1989. Research Triangle Park, NC, U.S.A.Google Scholar - [Kon81]A. Konheim.
*Cryptography: A Primer*. John Wiley, Toronto, 1981.Google Scholar - [MO]J. L. Massey and J. K. Omura. A new multiplicative algorithm over finite fields and its applicability in public-key cryptography. Presented at Eurocrypt 83, Udine, Italy.Google Scholar
- [Odl84]A. M. Odlyzko. Discrete logs in a finite field and their cryptographic significance. In N. Cot T. Beth and I. Ingemarsson, editors,
*Advances in Cryptology, Proc. of Eurocrypt 84*(*Lecture Notes in Computer Science 209*), pp. 224–314. Springer-Verlag, 1984. Paris, France April 1984.Google Scholar - [PH78]S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over
*GF(p)*and its cryptographic significance.*IEEE Trans. Inform. Theory*, IT-24(1), pp. 106–110, January 1978.CrossRefGoogle Scholar - [Sch90]C. P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor,
*Advances in Cryptology — Crypto '89, Proceedings*(*Lecture Notes in Computer Science 435*), pp. 239–252. Springer-Verlag, 1990. Santa Barbara, California, U.S.A., August 20–24.Google Scholar - [Sha90]A. Shamir. IP=PSPACE. In
*31th Annual Symp. on Foundations of Computer Science (FOCS)*, pp. 11–15. IEEE Computer Society Press, October 22–October 24, 1990. St. Louis, Missouri.Google Scholar - [SS77]R. Solovay and V. Strassen. A fast Monte-Carlo test for primality.
*SIAM Journal on Computing*, 6(1), pp. 84–85, erratum (1978), ibid, 7,118, 1977.CrossRefGoogle Scholar - [TW87]M. Tompa and H. Woll. Random self-reducibility and zero-knowledge interactive proofs of possession of information. In
*The Computer Society of IEEE, 28th Annual Symp. on Foundations of Computer Science (FOCS)*, pp. 472–482. IEEE Computer Society Press, 1987. Los Angeles, California, U.S.A., October 12–14, 1987.Google Scholar

## Copyright information

© Springer-Verlag Berlin Heidelberg 1993