A Note on the Cramer-Damgård Identification Scheme
نویسندگان
چکیده
In light of the recent work of Micali and Reyzin on showing the subtleties and complexities of the soundness notions of zeroknowledge (ZK) protocols when the verifier has his public-key, we reinvestigate the Cramer-Damg̊ard intended-verifier identification scheme and show two man-in-the-middle attacks in some reasonable settings: one simple replaying attack and one ingenious interleaving attack. Our attacks are independent of the underlying hardness assumptions assumed.
منابع مشابه
Cramer-Damgård Signatures Revisited: Efficient Flat-Tree Signatures Based on Factoring
At Crypto 96 Cramer and Damg̊ard proposed an efficient, tree-based, signature scheme that is provably secure against adaptive chosen message attacks under the assumption that inverting RSA is computationally infeasible. In this paper we show how to modify their basic construction in order to achieve a scheme that is provably secure under the assumption that factoring large composites of a certai...
متن کاملOn Electronic Payment Systems
This note is an introduction to the area of electronic cash (eCash) schemes. The note presents an informal definition of security of an eCash scheme and presents two examples of eCash schemes, each along with an informal analysis of its security.
متن کاملA Composite Finite Difference Scheme for Subsonic Transonic Flows (RESEARCH NOTE).
This paper presents a simple and computationally-efficient algorithm for solving steady two-dimensional subsonic and transonic compressible flow over an airfoil. This work uses an interactive viscous-inviscid solution by incorporating the viscous effects in a thin shear-layer. Boundary-layer approximation reduces the Navier-Stokes equations to a parabolic set of coupled, non-linear partial diff...
متن کاملLinear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions
We present a novel method for constructing linear secret sharing schemes (LSSS) from linear error correcting codes and linear universal hash functions in a blackbox way. The main advantage of this new construction is that the privacy property of the resulting secret sharing scheme essentially becomes independent of the code we use, only depending on its rate. This allows us to fully harness the...
متن کاملSupporting Non-membership Proofs with Bilinear-map Accumulators
In this short note, we present an extension of Nguyen’s bilinear-map based accumulator scheme [8] to support non-membership witnesses and corresponding non-membership proofs, i.e., cryptographic proofs that an element has not been accumulated to a given set. This complements the non-membership proofs developed by Li et al. [7] for the RSA accumulator [2, 3, 5], making the functionality of the b...
متن کامل