BGN Authentication and Its Extension to Convey Message Commitments

  • Yuen-Yan Chan
  • Jin Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3982)


We instantiate the cryptosystem proposed by Boneh, Goh, and Nissim in TCC’05 [5] into an entity authentication scheme, in which an entity is authenticated by an interactive zero-knowledge proof on its private key. Completeness and soundness of our scheme is supported by the indistinguishability of BGN ciphertexts of sums and products, which essentially relies on the semantic security of the BGN cryptosystem. We further extend our scheme so that the authentication conveys Pedersen commitments on a message, while the BGN authentication serves the ‘proving you know how to open’ functionality for the commitment. Our message commitment scheme is both statistically hiding and computationally binding provided the subgroup decision problem is hard.


Authentication Scheme Security Parameter Commitment Scheme Interactive Proof Entity Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adida, B., Wikstrom, D.: Obfuscated ciphertext mixing. Cryptology ePrint Archive, Report 2005/394 (November 2005),
  2. 2.
    Vanstone, S.A., Menezes, A., van Oorschot, P.C.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)Google Scholar
  3. 3.
    Beaver, D.: Adaptive zero knowledge and computational equivocation (extended abstract). In: STOC, pp. 629–638 (1996)Google Scholar
  4. 4.
    Blum, M.: Coin flipping by telephone. In: IEEE Spring COMPCOM, pp. 133–137 (1982)Google Scholar
  5. 5.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-dnf formulas on ciphertexts. In: Theory of Cryptography Conference, TCC, Feburary 2005, pp. 325–341 (2005)Google Scholar
  6. 6.
    C.C.I.T.T.: Recommendation X.509. The Directory-Authentication (1988)Google Scholar
  7. 7.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)Google Scholar
  9. 9.
    Chase, M., Healy, A., Lysyanskaya, A., Malkin, T., Reyzin, L.: Mercurial commitments with applications to zero-knowledge sets. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 422–439. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Courtois, N.: Efficient zero-knowledge authentication based on a linear algebra problem minRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Nielsen, J.B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. Technical report, BRICS Report Series RS-01-41 (October 2001)Google Scholar
  12. 12.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology 1(2), 77–94 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  16. 16.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    The Open Group. Unix.,
  18. 18.
    Haller, N.M.: The s/key one-time password system. In: Symposium on Network and Distributed System Security, pp. 151–157 (1994)Google Scholar
  19. 19.
    International Organization for Standardization. ISO/IEC 9798-2 (July 1999)Google Scholar
  20. 20.
    Lamport, L.: Password authentification with insecure communication. Commun. ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Liskov, M., Lysyanskaya, A., Micali, S., Reyzin, L., Smith, A.: Mutually independent commitments. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 385–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptology 4(2), 151–158 (1991)zbMATHCrossRefGoogle Scholar
  23. 23.
    Naor, M.: Deniable ring authentication. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 481–498. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)zbMATHCrossRefGoogle Scholar
  25. 25.
    Needham, R.M., Schroeder, M.D.: Authentication revisited. Operating Systems Review 21(1), 7 (1987)CrossRefGoogle Scholar
  26. 26.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  27. 27.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  28. 28.
    Steiner, J.G., Neuman, B.C., Schiller, J.I.: Kerberos: An authentication service for open network systems. In: USENIX Winter, pp. 191–202 (1988)Google Scholar
  29. 29.
    Groth, J., et al.: Perfect non-interactive zero knowledge for np. Cryptology ePrint Archive, Report 2005/290 (August 2005),
  30. 30.
    Wei, V.K.: Signature from a new subgroup assumption. Cryptology ePrint Archive, Report 2005/429 (November 2005),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yuen-Yan Chan
    • 1
  • Jin Li
    • 1
    • 2
  1. 1.Department of Information EngineeringChinese University of Hong KongShatin, N.T.Hong Kong
  2. 2.School of Mathematics and Computational ScienceSun Yat-Sen UniversityGuangzhouP.R. China

Personalised recommendations