Fast and Secure Immunization Against Adaptive Man-in-the-Middle Impersonation

We present a simple method for constructing identification schemes resilient against impersonation and man-in-the-middle attacks. Though zero-knowledge or witness hiding protocols are known to withstand attacks of the first kind, all such protocols previously proposed suffer from a weakness observed by Bengio et al.: a malicious verifier may simply act as a moderator between the prover and yet another verifier, thus enabling the malicious verifier to pass as the prover. We exhibit a general class of identification schemes that can be efficiently and securely tranformed into identification schemes withstanding an adaptive man-in-the-middle attacker. The complexity of the resulting (witness hiding) schemes is roughly twice that of the originals. Basically, any three-move, public coin identification scheme that is zero knowledge against the honest verifier and that is secure against passive impersonation attacks, is eligible for our transformation. This indicates that we need only seemlingly weak cryptographic intractability assumptions to construct a practical identification scheme resisting adative man-in-the-middle impersonation attacks. Moreover, the required primitive protocols can efficiently be constructed under the factoring or discrete logarithm assumptions.

[1]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[2]  Ivan Damgård,et al.  Secure Signature Schemes Based on Interactive Protocols See Back Inner Page for a List of Recent Publications in the Brics Report Series. Copies May Be Obtained by Contacting: Secure Signature Schemes Based on Interactive Protocols , 1995 .

[3]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[4]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[5]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[6]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[9]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[10]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[11]  Martín Abadi,et al.  On Generating Solved Instances of Computational Problems , 1988, CRYPTO.

[12]  M. Bellare,et al.  On Deening Proofs of Knowledge , 1992 .

[13]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[14]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[15]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..