Perfect ZK Argument of Knowledge of Discrete Logarithm in A Cyclic Group with Unknown Order

ZK (zero knowledge) proof of knowledge of discrete logarithm (and sometimes extended to ZK proof of equality of discrete logarithms) in cyclic groups with unknown orders are widely employed in various cryptographic applications. To the best of our knowledge the present implementations of these two proofs have some drawbacks. Firstly, they can only achieve statistical ZK, which is not only weaker in theory than perfect ZK but also difficult to formally prove in practice. Moreover, the drawback is not limited to theoretic problems like provability but sometimes deteriorate efficiency of ZK proof to an intolerable level as we will show in a case study. The first perfect ZK argument of the proof is proposed in this paper, which is formally provable and can always guarantee acceptable efficiency. It is especially suitable for applications with high requirement on privacy and complex secure protocols requiring concise and formal proof of ZK privacy.

[1]  Yuval Ishai,et al.  Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle , 2008, EUROCRYPT.

[2]  Kun Peng Threshold distributed access control with public verification: a practical application of PVSS , 2011, International Journal of Information Security.

[3]  Jacques Stern,et al.  Fair Encryption of RSA Keys , 2000, EUROCRYPT.

[4]  Jacques Traoré,et al.  Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery , 1999, ICICS.

[5]  Duc Nguyen Tan,et al.  Blind multi-signature scheme based on factoring and discrete logarithm problem , 2019 .

[6]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[7]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials , 2018, Journal of Cryptology.

[10]  Jacques Stern,et al.  Security Analysis of a Practical "on the fly" Authentication and Signature Generation , 1998, EUROCRYPT.

[11]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[12]  Tatsuaki Okamoto,et al.  A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications , 1998, EUROCRYPT.

[13]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[14]  Olivier Blazy,et al.  Non-Interactive Zero-Knowledge Proofs of Non-Membership , 2015, CT-RSA.

[15]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[16]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[17]  Ivan Damgård,et al.  Stronger Leakage-Resilient and Non-Malleable Secret-Sharing Schemes for General Access Structures , 2019, IACR Cryptol. ePrint Arch..

[18]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[19]  S. Goldwasser,et al.  A Study of Statistical Zero-Knowledge Proofs , 2021 .

[20]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[21]  Moti Yung,et al.  Auto-Recoverable Auto-Certifiable Cryptosystems , 1998, EUROCRYPT.

[22]  Li Ya-Nan,et al.  Electronic Scoring Scheme Based on Real Paillier Encryption Algorithms , 2019, IEEE Access.

[23]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[24]  Andreas Pfitzmann,et al.  Digital payment systems enabling security and unobservability , 1989, Comput. Secur..

[25]  Douglas Wikström,et al.  A Sender Verifiable Mix-Net and a New Proof of a Shuffle , 2005, ASIACRYPT.

[26]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[27]  Jens Groth,et al.  Verifiable Shuffle of Large Size Ciphertexts , 2007, Public Key Cryptography.

[28]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[29]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[30]  Ivan Damgård,et al.  A generalization of Paillier’s public-key system with applications to electronic voting , 2010, International Journal of Information Security.

[31]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[32]  Feng Bao An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms , 1998, CARDIS.

[33]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[34]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[35]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[36]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[37]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[38]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[39]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.