Divertible Zero Knowledge Interactive Proofs and Commutative Random Self-Reducibility

In this paper, a new class of zero knowledge interactive proofs, a divertible zero knowledge interactive proof, is presented. Informally speaking, we call (A,B,C), a triplet of Turing machines, a divertible zero knowledge interactive proof, if (A,B) and (B,C) are zero knowledge interactive proofs and B converts (A,B) into (B,C) such that any evidence regarding the relationship between (A,B) and (B,C) is concealed. It is shown that any commutative random self-reducible problem, which is a variant of the random self-reducible problem introduced by Angluin et al., has a divertible perfect zero knowledge interactive proof. We also show that a specific class of the commutative random self-reducible problems have more practical divertible perfect zero knowledge interactive proofs. This class of zero knowledge interactive proofs has two sides; one positive, the other negative. On the positive side, divertible zero knowledge interactive proofs can be used to protect privacy in networked and computerized environments. Electronic checking and secret electronic balloting are described in this paper to illustrate this side. On the negative side, identification systems based on these zero knowledge interactive proofs are vulnerable to an abuse, which is, however, for the most part common to all logical identification schemes. This abuse and some measures to overcome it are also presented.

[1]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[2]  Kazuo Ohta,et al.  A Modification of the Fiat-Shamir Scheme , 1988, CRYPTO.

[3]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[4]  Adi Shamir,et al.  An Improvement of the Fiat-Shamir Identification and Signature Scheme , 1988, CRYPTO.

[5]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[6]  Silvio Micali,et al.  A "Paradoxical" Solution to the Signature Problem (Extended Abstract) , 1984, FOCS.

[7]  Hugo Krawczyk,et al.  On the existence of pseudorandom generators , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[8]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[9]  Nathan Linial,et al.  Collective coin flipping, robust voting schemes and minima of Banzhaf values , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[10]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[11]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[12]  Yvo Desmedt,et al.  SUBLIMINAL-FREE AUTHENTICATION AND SIGNATURE , 1988 .

[13]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[14]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[15]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[16]  K. Ohta Efficient identification and signature schemes , 1988 .

[17]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[18]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[19]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[20]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[21]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[22]  K. Ohta,et al.  Practical extension of Fiat-Shamir scheme , 1988 .

[23]  David Chaum,et al.  Blinding for Unanticipated Signatures , 1987, EUROCRYPT.