Divertible protocols and atomic proxy cryptography

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


First, we introduce the notion of divertibility as a protocol property as opposed to the existing notion as a language property (see Okamoto, Ohta [OO90]). We give a definition of protocol divertibility that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta's definition in the case of interactive zero-knowledge proofs. Other important examples falling under the new definition are blind signature protocols. We propose a sufficiency criterion for divertibility that is satisfied by many existing protocols and which, surprisingly, generalizes to cover several protocols not normally associated with divertibility (e.g., Diffie-Hellman key exchange). Next, we introduce atomic proxy cryptography, in which an atomic proxy function, in conjunction with a public proxy key, converts ciphertexts (messages or signatures) for one key into ciphertexts for another. Proxy keys, once generated, may be made public and proxy functions applied in untrusted environments. We present atomic proxy functions for discrete-log-based encryption, identification, and signature schemes. It is not clear whether atomic proxy functions exist in general for all public-key cryptosystems. Finally, we discuss the relationship between divertibility and proxy cryptography.


Signature Scheme Signature Proxy Proxy Signature Scheme Communication Tape Interactive Turing Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BS98]
    Matt Blaze, Martin Strauss. Atomic Proxy Cryptography. AT&T Labs-Research TR98.5.1
  2. [Bleu97]
    Gerrit Bleumer. On Protocol Divertibility. AT&T Labs-Research TR97.34.2
  3. [BD91]
    Mike V. D. Burmester, Yvo Desmedt. All languages in NP have divertible zero-knowledge proofs and arguments under cryptographic assumptions. Eurocrypt '90 LNCS 473, Springer-Verlag 1991, 1–10.Google Scholar
  4. [CEG88]
    David Chaum, Jan-Hendrik Evertse, Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. Eurocrypt '87. LNCS 304, Springer-Verlag 1988, 127–141.Google Scholar
  5. [CPS95]
    Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler. Blind Signatures Based on the Discrete Logarithm Problem. Eurocrypt '94. LNCS 950, Springer-Verlag 1995, 428–432.Google Scholar
  6. [DeL84]
    John M. DeLaurentis. A Further Weakness in the Common Modulus Protocol for the RSA Cryptoalgorithm. Cryptologia 8/3 (1984) 253–259.MathSciNetGoogle Scholar
  7. [DH76]
    Whitfield Diffie, Martin E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory. 22/6 (1976) 644–654.MathSciNetCrossRefGoogle Scholar
  8. [ElG85]
    Taher ElGamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory. 31/4 (1985) 469–472.MathSciNetCrossRefGoogle Scholar
  9. [FFS88]
    Uriel Feige, Arnos Fiat, Adi Shamir. Zero-Knowledge Proofs of Identity. Journal of Cryptology 1/2 (1988) 77–94.MathSciNetCrossRefGoogle Scholar
  10. [FS87]
    Amos Fiat, Adi Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Crypto '86. LNCS 263, Springer-Verlag 1987, 186–194.Google Scholar
  11. [GMR89]
    Shafi Goldwasser, Silvio Micali, Charles Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM J. Computing. 18/1 (1989) 186–207.MathSciNetCrossRefGoogle Scholar
  12. [HMP95]
    Patrick Horster, Markus Michels, Holger Petersen. Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications. Asiacrypt '94. LNCS 917, Springer-Verlag 1995, 224–237.Google Scholar
  13. [Hug94]
    Eric Hughes. An encrypted key transmission protocol. Crypto '94 Rump Session presentation, August 1994.Google Scholar
  14. [ISS91]
    Toshija Itoh, Kouichi Sakurai, Hiroki Shizuya. Any Language in IP has a Divertible ZKIP. AsiaCrypt '91. Springer-Verlag 1993, 382–396.Google Scholar
  15. [MO97]
    Masahiro Mambo, Eiji Okamoto. Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Trans. Fund. Electronics Communications and Comp Sci. E80-A/1 (1997) 54–63.Google Scholar
  16. [MUO96]
    Masahiro Mambo, Keisuke Usuda, and Eiji Okamoto. Proxy signatures: delegation of the power to sign messages. IEICE Trans. Fund. of Electronic Communications and Comp Sci. E79-A/9 (1996) 1338–1354.Google Scholar
  17. [NIS91]
    NIST. A proposed federal information processing standard for digital signature standard (DSS). Draft Tech. Rep. FIPS PUB XXX, August 1991. Standards Publication (FIPSGoogle Scholar
  18. [OO90]
    Tatsuaki Okamoto, Kazuo Ohta. Divertible zero-knowledge interactive proofs and commutative random self-reducibility. Eurocrypt '89 LNCS 434, Springer-Verlag 1990, 134–149.Google Scholar
  19. [RSA78]
    Ronald L. Rivest, Adi Shamir, Leonhard Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. CACM 21/2 (1978) 120–126, reprinted: 26/1 (1983) 96–99.MathSciNetGoogle Scholar
  20. [Sim83]
    Gustavus J. Simmons. A ”Weak” Privacy Protocol Using the RSA Crypto Algorithm. Cryptologia 7/2 (1983) 180–182.Google Scholar
  21. [Sim84]
    Gustavus J. Simmons. The Prisoners' Problem and the Subliminal Channel. Crypto '83. Plenum Press, New York 1984, 51–67.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  1. 1.AT&T Labs - ResearchUSA

Personalised recommendations