Filters








12,405 Hits in 3.9 sec

Strengthening Zero-Knowledge Protocols Using Signatures

Juan A. Garay, Philip MacKenzie, Ke Yang
2005 Journal of Cryptology  
an unbounded simulation sound concurrent zero-knowledge protocol.  ...  More precisely, our technique utilizes a signature scheme existentially unforgeable against adaptive chosen-message attacks, and transforms any Σ-protocol (which is honest-verifier zero-knowledge) into  ...  Zero-knowledge proofs and proofs of knowledge Here we provide definitions related to zero-knowledge proofs and proofs of knowledge.  ... 
doi:10.1007/s00145-005-0307-3 fatcat:xphatzr3yjd4rnrd5bqdsdvg3u

Strengthening Zero-Knowledge Protocols Using Signatures [chapter]

Juan A. Garay, Philip MacKenzie, Ke Yang
2003 Lecture Notes in Computer Science  
an unbounded simulation sound concurrent zero-knowledge protocol.  ...  More precisely, our technique utilizes a signature scheme existentially unforgeable against adaptive chosen-message attacks, and transforms any Σ-protocol (which is honest-verifier zero-knowledge) into  ...  Zero-knowledge proofs and proofs of knowledge Here we provide definitions related to zero-knowledge proofs and proofs of knowledge.  ... 
doi:10.1007/3-540-39200-9_11 fatcat:uuv7o5iz5nc4vmb4v7v3tmj4cm

Achieving Security Despite Compromise Using Zero-knowledge

Michael Backes, Martin P. Grochulla, Catalin Hritcu, Matteo Maffei
2009 2009 22nd IEEE Computer Security Foundations Symposium  
We use an enhanced type system for zero-knowledge to verify that the transformed protocols are secure despite compromise. Both the protocol transformation and the verification are fully automated.  ...  Our approach is general and can strengthen any protocol based on public-key cryptography, digital signatures, hashes, and symmetric-key cryptography.  ...  Finally, the signature output in the original protocol is replaced by the zero-knowledge proof ZK 2 and the zero-knowledge proof received from the user.  ... 
doi:10.1109/csf.2009.24 dblp:conf/csfw/BackesGHM09 fatcat:biuw53l4xbckbb77cdasy2pxe4

Post-quantum Security of Fiat-Shamir [chapter]

Dominique Unruh
2017 Lecture Notes in Computer Science  
We circumvent the impossibility results from Ambainis, Rosmanis, and Unruh (FOCS 2014) by strengthening the assumptions about the underlying sigma-protocol.  ...  In the search for efficient signature schemes, Fiat-Shamir [10] gave a construction for transforming many three-round identification schemes into signatures, using the random oracle.  ...  More precisely, we prove that it is zero-knowledge (using random-oracle programming techniques from [18] ), and that it is sound (i.e., a proof of knowledge, using a reduction to quantum search).  ... 
doi:10.1007/978-3-319-70694-8_3 fatcat:muyy3aadmnhqdpbp56jnjkrfui

Enhancing privacy of federated identity management protocols

Jan Camenisch, Thomas Gross, Dieter Sommer
2006 Proceedings of the 5th ACM workshop on Privacy in electronic society - WPES '06  
Being based on new, yet well-researched, signature schemes and cryptographic zero-knowledge proofs, these systems have the potential to improve the capabilities of FIM by superior privacy protection, user  ...  Unfortunately, anonymous credential systems and their semantics being based upon zero-knowledge proofs are incompatible with the XML Signature Standard which is the basis for the WS-Security and most FIM  ...  Generate a generator g of G. 2: return (p, q, g) Signature Generation The following algorithm is used to create a signature with the semantics of a zero-knowledge-proof-based protocol transferred to  ... 
doi:10.1145/1179601.1179613 dblp:conf/wpes/CamenischGS06 fatcat:okr3w5nhgrfwxkrnqxwuzhtljy

Efficient Deniable Authentication for Signatures [chapter]

Jean Monnerat, Sylvain Pasini, Serge Vaudenay
2009 Lecture Notes in Computer Science  
We introduce Offline Non-Transferable Authentication Protocol (ON-TAP) and we show that it can be built by using a classical signature scheme and a deniable zero-knowledge proof of knowledge.  ...  For that reason, we use a generic transform for Σ-protocols. Finally, we give examples to upgrade signature standards based on RSA or ElGamal into an ONTAP.  ...  A Σ-protocol is a special 3-move honest-verifier zero-knowledge proof of knowledge for a relation R.  ... 
doi:10.1007/978-3-642-01957-9_17 fatcat:dmzletltovepnpczt2vd35wkti

Anonymous Webs of Trust [chapter]

Michael Backes, Stefan Lorenz, Matteo Maffei, Kim Pecina
2010 Lecture Notes in Computer Science  
Our framework comprises a novel cryptographic protocol based on zero-knowledge proofs, a symbolic abstraction and formal verification of our protocol, and a prototypical implementation based on the OpenPGP  ...  This circumstance required us to develop a novel zero-knowledge proof. We will now give a short overview of this signature scheme.  ...  This is achieved by the zero-knowledge protocol (5) .  ... 
doi:10.1007/978-3-642-14527-8_8 fatcat:k2nx43uqpnh33fkkz6j4tsf5si

Transformation of Digital Signature Schemes into Designated Confirmer Signature Schemes [chapter]

Shafi Goldwasser, Erez Waisbard
2004 Lecture Notes in Computer Science  
(To achieve lower soundness probability the protocol may be repeated.) Theorem 9 Protocol I is a perfect zero-knowledge proof of knowledge of s. Protocol II: Strong WHPOK of Cramer-Shoup signatures.  ...  Protocol I: Zero-knowledge proof of knowledge of the ith root: On common input w, i, N such that w = s i mod N , and auxiliary secret input s to the prover. 1.  ...  Kipnis for their useful comments. We also like to thank the anonymous referees for their useful and detailed comments.  ... 
doi:10.1007/978-3-540-24638-1_5 fatcat:6kpb5tvyerh2nacnz334ipqvf4

Concurrently Non-malleable Black-Box Zero Knowledge in the Bare Public-Key Model [chapter]

Yi Deng, Giovanni Di Crescenzo, Dongdai Lin, Dengguo Feng
2009 Lecture Notes in Computer Science  
We consider a type of zero-knowledge protocols that are of interest for their practical applications within networks like the Internet: efficient zero-knowledge arguments of knowledge that remain secure  ...  We also show time-efficient instantiations of our protocol, in which the transformation from a 3-round honest-verifier zero-knowledge argument of knowledge to a 4-round concurrently non-malleable zero-knowledge  ...  The protocol (P , V ) also enjoys the extraction property (and therefore the concurrent non-malleability property).  ... 
doi:10.1007/978-3-642-03351-3_10 fatcat:wsviypogyjaefofgbotmswpqhm

Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model [article]

Yi Deng, Giovanni Di Crescenzo, Dongdai Lin
2006 arXiv   pre-print
We consider a type of zero-knowledge protocols that are of interest for their practical applications within networks like the Internet: efficient zero-knowledge arguments of knowledge that remain secure  ...  We also note a negative result with respect to further reducing the setup assumptions of our protocol to those in the (unauthenticated) BPK model, by showing that concurrently non-malleable zero-knowledge  ...  A zero-knowledge protocol is considered non-malleable if it is immune against such problem.  ... 
arXiv:cs/0609057v1 fatcat:hrtarujdlbezjphvbpmpgyb3fy

Simulatable Adaptive Oblivious Transfer [chapter]

Jan Camenisch, Gregory Neven, abhi shelat
2007 Lecture Notes in Computer Science  
This second construction uses novel techniques for building efficient simulatable protocols.  ...  Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model.  ...  Acknowledgements The authors would like to thank Xavier Boyen, Christian Cachin, Anna Lysyanskaya, Benny Pinkas, Alon Rosen and the anonymous referees for their useful comments and discussions.  ... 
doi:10.1007/978-3-540-72540-4_33 fatcat:oeuomhzoavbchlazx3cljg7c3i

Black-Box Reductions and Separations in Cryptography [chapter]

Marc Fischlin
2012 Lecture Notes in Computer Science  
Cryptographic constructions of one primitive or protocol from another one usually come with a reductionist security proof, in the sense that the reduction turns any adversary breaking the derived scheme  ...  The protocol first runs an initialization phase whose only purpose is to give the zero-knowledge simulator some freedom.  ...  Barak's Non-Black-Box Zero-Knowledge Proofs The second example is based on a non-black-box use of the adversary.  ... 
doi:10.1007/978-3-642-31410-0_26 fatcat:rhy4vdi22rgozoahecz64ugwpy

Constant-Round Concurrent Zero Knowledge in the Bounded Player Model [chapter]

Vipul Goyal, Abhishek Jain, Rafail Ostrovsky, Silas Richelson, Ivan Visconti
2013 Lecture Notes in Computer Science  
zero-knowledge result.  ...  Their protocol requires a super-constant number of rounds. In this work we show, constructively, that there exists a constant-round concurrent zero-knowledge argument in the bounded player model.  ...  Concurrent zero knowledge is much harder to achieve than zero knowledge.  ... 
doi:10.1007/978-3-642-42033-7_2 fatcat:touymnnphvbpvdbaxmwmqf5mxu

Efficient Threshold Zero-Knowledge with Applications to User-Centric Protocols [chapter]

Marcel Keller, Gert Læssøe Mikkelsen, Andy Rupp
2012 Lecture Notes in Computer Science  
This allows us to easily construct protocols that have arbitrary challenge spaces, which is more difficult to achieve with the general definition of zero-knowledge.  ...  While their model is based on zero-knowledge proofs of knowledge, our model extends the properties of Σ -protocols.  ...  Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. J. Cryptology 19(2), 169-209 (2006) 33.  ... 
doi:10.1007/978-3-642-32284-6_9 fatcat:o2jtj5wibvbjxeuonzjb7eyj54

Long-Term Security and Universal Composability

Jörn Müller-Quade, Dominique Unruh
2010 Journal of Cryptology  
Surprisingly, nontrivial zero knowledge protocols are possible based on a coin tossing functionality: We give a long-term secure composable zero knowledge protocol proving the knowledge of the factorisation  ...  We show that the usual set-up assumptions used for UC protocols (e.g., a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or general zero  ...  Using this extractable commitment we modify the zero knowledge protocol for graph-3-colourability of [16] .  ... 
doi:10.1007/s00145-010-9068-8 fatcat:loydtankxbgatpfhhpr3zykj54
« Previous Showing results 1 — 15 out of 12,405 results