On Σ-protocols
نویسنده
چکیده
Let p be a prime, q a prime divisor in p−1, and g an element of order q in Z∗ p . Suppose a prover P has chosen w in Zq at random and has published h = gw mod p. A verifier V who gets p, q, g, h can check that p, q are prime, and that g, h have order q. Since there is only one subgroup of order q in Z∗ p , this automatically means that h ∈< g >, i.e. there exists w such that h = gw. But this does not necessarily mean that P knows such a w. The following protocol suggested by Schnorr gives a very efficient way to convince V about this:
منابع مشابه
Generic yet Practical (Statistical) Zero-Knowledge from any Public-Coin HVZK
In this work, we present a generic yet practical transformation from any public-coin honestverifier zero-knowledge (HVZK) protocols to normal zero-knowledge (ZK) arguments. By “generic”, we mean that the transformation is applicable to any public-coin HVZK protocol under any one-way function (OWF) admitting Σ-protocols. By “practical” we mean that the transformation does not go through general ...
متن کاملHysteresis in modeling of poroelastic systems: quasistatic equilibrium.
The behavior of hysteretic, coupled elastic and fluid systems is modeled. The emphasis is on quasistatic equilibrium in response to prescribed chemical potential (μ) protocols and prescribed stress (σ) protocols. Hysteresis arises in these models either from the presence of hysterons or from the presence of self-trapping internal fields. This latter mechanism is modeled in finite element calcul...
متن کاملGeneric yet Practical ZK Arguments from any Public-Coin HVZK
In this work, we present a generic yet practical transformation from any public-coin honest-verifier zero-knowledge (HVZK) protocols to normal zero-knowledge (ZK) arguments. By “generic”, we mean that the transformation is applicable to any public-coin HVZK protocol under any one-way function (OWF) admitting Σ-protocols. By “practical” we mean that the transformation does not go through general...
متن کاملEfficiency Limitations for Σ-Protocols for Group Homomorphisms
Efficient zero-knowledge proofs of knowledge for group homomorphisms are essential for numerous systems in applied cryptography. Especially, Σ-protocols for proving knowledge of discrete logarithms in known and hidden order groups are of prime importance. Yet, while these proofs can be performed very efficiently within groups of known order, for hidden order groups the respective proofs are far...
متن کاملAdaptive Proofs have Straightline Extractors
The concept of adaptive security for proofs of knowledge was recently studied by Bernhard et al. They formalised adaptive security in the ROM and showed that the non-interactive version of the Schnorr protocol obtained using the Fiat-Shamir transformation is not adaptively secure unless the one-more discrete logarithm problem is easy. Their only construction for adaptively secure protocols used...
متن کامل*-σ-biderivations on *-rings
Bresar in 1993 proved that each biderivation on a noncommutative prime ring is a multiple of a commutatot. A result of it is a characterization of commuting additive mappings, because each commuting additive map give rise to a biderivation. Then in 1995, he investigated biderivations, generalized biderivations and sigma-biderivations on a prime ring and generalized the results of derivations fo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008