Automatic Generation of Sound Zero-Knowledge Protocols

Efficient zero-knowledge proofs of knowledge (ZK-PoK) are basic building blocks of many practical cryptographic applications such as identification schemes, group signatures, and secure multiparty computation. Currently, first applications that critically rely on ZK-PoKs are being deployed in the real world. The most prominent example is Direct Anonymous Attestation (DAA), which was adopted by the Trusted Computing Group (TCG) and implemented as one of the functionalities of the cryptographic chip Trusted Platform Module (TPM). Implementing systems using ZK-PoK turns out to be challenging, since ZK-PoK are, loosely speaking, significantly more complex than standard crypto primitives, such as encryption and signature schemes. As a result, implementation cycles of ZK-PoK are time-consuming and error-prone, in particular for developers with minor or no cryptographic skills. In this paper we report on our ongoing and future research vision with the goal to bring ZK-PoK to practice by automatically generating sound ZK-PoK protocols and make them accessible to crypto and security engineers. To this end we are developing protocols and compilers that support and automate the design and generation of secure and efficient implementation of ZK-PoK protocols.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[3]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[4]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[5]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[6]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[7]  Jacques Stern,et al.  Proofs of Knowledge for Non-monotone Discrete-Log Formulae and Applications , 2002, ISC.

[8]  Michael K. Reiter,et al.  Automatic generation of two-party computations , 2003, CCS '03.

[9]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[10]  Manuel Barbosa,et al.  First Steps Toward a Cryptography-Aware Language and Compiler , 2005, IACR Cryptol. ePrint Arch..

[11]  Tatsuaki Okamoto,et al.  An Efficient Divisible Electronic Cash Scheme , 1995, CRYPTO.

[12]  Ahmad-Reza Sadeghi,et al.  Sokrates - A Compiler Framework for Zero-Knowledge Protocols , 2005 .

[13]  Dionysios S. Kalogerias,et al.  A Proofs A . 1 Proof of Theorem 1 ( Sufficient number of samples ) Lemmas , .

[14]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[15]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[16]  Manuel Barbosa,et al.  Compiler Assisted Elliptic Curve Cryptography , 2007, IACR Cryptol. ePrint Arch..

[17]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[18]  J. Camenisch,et al.  Proof systems for general statements about discrete logarithms , 1997 .

[19]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[20]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[21]  Stefan Brands,et al.  Rapid Demonstration of Linear Relations Connected by Boolean Operators , 1997, EUROCRYPT.

[22]  Ahmad-Reza Sadeghi,et al.  Complementing zero-knowledge watermark detection: Proving properties of embedded information without revealing it , 2005, Multimedia Systems.

[23]  Ueli Maurer,et al.  Efficient Proofs of Knowledge of Discrete Logarithms and Representations in Groups with Hidden Order , 2005, Public Key Cryptography.

[24]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[25]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[26]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[27]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[28]  Ivan Visconti,et al.  Efficient Zero Knowledge on the Internet , 2006, ICALP.

[29]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[30]  Yehuda Lindell,et al.  Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries , 2008, SCN.

[31]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[32]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[33]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[34]  Endre Bangerter,et al.  Efficient zero knowledge proofs of knowledge for homomorphisms , 2005 .

[35]  Giuseppe Ateniese Verifiable encryption of digital signatures and applications , 2004, TSEC.

[36]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[37]  Moni Naor,et al.  Low Communication 2-Prover Zero-Knowledge Proofs for NP , 1992, CRYPTO.

[38]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[39]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[40]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[41]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[42]  Manuel Barbosa,et al.  On the Automatic Construction of Indistinguishable Operations , 2005, IACR Cryptol. ePrint Arch..

[43]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[44]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[45]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[46]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[47]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[48]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[49]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[50]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[51]  Erez Petrank,et al.  Simulatable Commitments and Efficient Concurrent Zero-Knowledge , 2003, EUROCRYPT.