Practical and Proven Zero-Knowledge Constant Round Variants of GQ and Schnorr

SUMMARY In 1992 Burmester studied how to adapt the Guillou-Quisquater identiication scheme to a proven zero-knowledge proof without signiicantly increasing the communication complexity and computational overhead. He proposed an almost constant round version of Guillou-Quisquater. Di Crescenzo and Persiano presented a 4-move constant round zero-knowledge interactive proof of membership for the corresponding language. A straightforward adaptation of the ideas of Bellare-Micali-Ostrovsky will also give a constant round protocol. However, these protocols signiicantly increase the communication and computational complexity of the scheme. In this paper we present constant round variants of the protocols of Guillou-Quisquater and Schnorr with the same (order-wise) communication and computational complexity as the original schemes. Note that in our schemes the probability that a dishonest prover will fool a honest veriier may be exponentially small, while it can only be one over a superpolynomial in Burmester's scheme. Our protocols are perfect zero-knowledge under no cryptographic assumptions.

[1]  Shai Halevi,et al.  Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver , 1995, Journal of Cryptology.

[2]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[3]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[4]  Jacques Stern,et al.  Designing Identification Schemes with Keys of Short Size , 1994, CRYPTO.

[5]  Giovanni Di Crescenzo,et al.  Round-Optimal Perfect Zero-Knowledge Proofs , 1994, Inf. Process. Lett..

[6]  Mike Burmester,et al.  An Almost-Constant Round Interactive Zero-Knowledge Proof , 1992, Inf. Process. Lett..

[7]  Yvo Desmedt,et al.  Efficient Zero-Knowledge Identification Schemes for Smart Cards , 1992, Comput. J..

[8]  Gilles Brassard,et al.  Subquadratic zero-knowledge , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[9]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[10]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[11]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[12]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[13]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[14]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[15]  Kazuo Ohta,et al.  A Modification of the Fiat-Shamir Scheme , 1988, CRYPTO.

[16]  Gilles Brassard,et al.  Algorithmics: theory & practice , 1988 .

[17]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[18]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[19]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[20]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[21]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[22]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.