Fast and Secure Immunization Against Adaptive Man-in-the-Middle Impersonation

We present a simple method for constructing identiication schemes resilient against impersonation and man-in-the-middle attacks. Though zero-knowledge or witness hiding protocols are known to withstand attacks of the rst kind, all such protocols previously proposed suuer from a weakness observed by Bengio et al. : a malicious veriier may simply act as a moderator between the prover and yet another ver-iier, thus enabling the malicious veriier to pass as the prover. We exhibit a general class of identiication schemes that can be ee-ciently and securely tranformed into identiication schemes withstanding an adaptive man-in-the-middle attacker. The complexity of the resulting (witness hiding) schemes is roughly twice that of the originals. Basically, any three-move, public coin identiication scheme that is zero knowledge against the honest veriier and that is secure against passive impersonation attacks, is eligible for our transformation. This indicates that we need only seemlingly weak cryptographic intractability assumptions to construct a practical identiication scheme resisting adative man-in-the-middle impersonation attacks. Moreover, the required primitive protocols can eeciently be constructed under the factoring or discrete logarithm assumptions.