Witness Hiding Proofs and Applications

Chen Lidong
1994 DAIMI Report Series  
<p>Witness hiding is a basic requirement for most cryptology protocols. The concept was proposed by Feige and Shamir several years ago. This thesis concentrates on witness hiding protocols and its applications.</p><p>The possibility to divert a witness hiding protocol parallelly had been an open problem for some time. The parallel divertibility is not only of theoretical significance but also a crucial point for the security of some applications, for example, electronic cash, digital
more » ... etc. It is proved, in this thesis, that with limited computational power, it is impossible to divert a witness hiding protocol parallelly to two independent verifiers with large probability.</p><p>The thesis explores the applications of witness hiding protocols in anonymous credentials, election schemes, and group signatures. In an anonymous credential system, one user may have many pseudonyms. The credentials issued on one of a user's pseudonyms can be transferred to other pseudonyms by the user without revealing the links between pseudonyms. Election, as a practical model, is formally defined. Two election schemes are proposed and discussed. Especially the voting scheme is parallelized with electronic cash system so that some new tool can be introduced. Group signature is a kind of digital signature for a group of people such that only members of the group can sign messages on behalf of the group and without revealing which member has signed. But the signer can be identified by either an authority or a certain number of group members who hold some kind of auxiliary information. The new group signature schemes, based on witness hiding proofs, have several advantages, compared with the original scheme proposed by Chaum and Heijst. The most important improvement is that the signers can be identified by a majority of group members, which had been a open problem in the literature. In this thesis, some theoretical results about bounds of secret keys and auxiliary information have been proved.</p>
doi:10.7146/dpb.v13i477.6950 fatcat:opvsf422kvhn3kkphqibux7o7y