Proof Systems for General Statements about Discrete Logarithms
نویسندگان
چکیده
Proof systems for knowledge of discrete logarithms are an important primitive in cryptography. We identify the basic underlying techniques, generalize these techniques to prove linear relations among discrete logarithms, and propose a notation for describing complex and general statements about knowledge of discrete logarithms. This notation leads directly to a method for constructing eecient proof systems of knowledge.
منابع مشابه
Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols
A perfect zero-knowledge interactive protocol allows a prover to convince a veri er of the validity of a statement in a way that does not give the veri er any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verier. An important measure of e ciency for these protocols is the number of rounds in the interaction. In ...
متن کاملBatch Proofs of Partial Knowledge
We present a practical attack on the soundness of Peng and Bao’s ‘batch zero-knowledge proof and verification’ protocol for proving knowledge and equality of one-out-of-n pairs of discrete logarithms. Fixing the protocol seems to require a commitment scheme with a nonstandard, mercurial-esque binding property: the prover commits to just n− 1 values, but later opens the commitment to n values wi...
متن کاملComputing Discrete Logarithms with the General Number Field Sieve
The diiculty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ((15], 17], 21], 29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastest known method to compute discrete logs mod p 18]. With the rst implementation of the GNFS for discrete ...
متن کاملEfficient Proofs of Knowledge of Discrete Logarithms and Representations in Groups with Hidden Order
For many one-way homomorphisms used in cryptography, there exist efficient zero-knowledge proofs of knowledge of a preimage. Examples of such homomorphisms are the ones underlying the Schnorr or the Guillou-Quisquater identification protocols. In this paper we present, for the first time, efficient zero-knowledge proofs of knowledge for exponentiation ψ(x1) . = h1 1 and multi-exponentiation hom...
متن کاملID-based Signcryption Scheme with (t, n) Shared Unsigncryption
An identity-based signcryption scheme with (t, n) shared unsigncryption is proposed, which is the integration of the signcryption scheme, the (t, n) threshold scheme and zero knowledge proof for the equality of two discrete logarithms based on the bilinear map. In this scheme, any third party can verify the validity of the signature, but only more than t members in the recipient group can coope...
متن کامل