Zero Knowledge Proofs of Identity

In this paper we extend the notion of zero knowledge proofs of membership (which reveal one bit of information) to zero knowledge proofs of knowledge (which reveal no information whatsoever). After formally defining this notion, we show its relevance to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. In the last part of the paper we consider the question of sequential versus parallel executions of zero knowledge protocols, define a new notion of “transferable information”, and prove that the parallel version of our identification scheme (which is not known to be zero knowledge) is secure since it reveals no transferable information.

[1]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[4]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[5]  Claus-Peter Schnorr,et al.  An efficient solution of the congruence x2+ky2=mpmod{n} , 1987, IEEE Trans. Inf. Theory.

[6]  Silvio Micali,et al.  A "Paradoxical'"Solution to the Signature Problem (Abstract) , 1984, CRYPTO.

[7]  Moti Yung,et al.  A private interactive test of a boolean predicate a minimum-knowledge public-key cryptosystems , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[8]  David Chaum,et al.  Demonstrating That a Public Predicate Can Be Satisfied Without Revealing Any Information About How , 1986, CRYPTO.

[9]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[10]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[11]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[12]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[13]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.