A New Identification Scheme Based on the Bilinear Diffie-Hellman Problem

  • Myungsun Kim
  • Kwangjo Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


We construct an interactive identification scheme based on the bilinear Diffie-Hellman problem and analyze its security. This scheme is practical in terms of key size, communication complexity, and availability of identity-variance provided that an algorithm of computing the Weil-pairing is feasible. We prove that this scheme is secure against active attacks as well as passive attacks if the bilinear Diffie-Hellman problem is intractable. Our proof is based on the fact that the computational Diffie-Hellman problem is hard in the additive group of points of an elliptic curve over a finite field, on the other hand, the decisional Diffie-Hellman problem is easy in the multiplicative group of the finite field mapped by a bilinear map. Finally, this scheme is compared with other identification schemes.


Gap-problems Identification scheme Bilinear Diffie-Hellman problem Weil-pairing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Bellare and P. Rogaway, “Random Oracles are Practical: A Paradigm for Designing Efficient Protocols”, ACM Conference on Computer and Communications Security, pp. 62–73, 1993.Google Scholar
  2. 2.
    D. Boneh and M. Franklin, “ID-based encryption from the Weil-pairing”, Advances in Cryptology-Crypto’ 2001, LNCS 2139, Springer-Verlag, pp. 213–229, 2001.CrossRefGoogle Scholar
  3. 3.
    D. Boneh, H. Shacham, and B. Lynn, “Short signatures from the Weil-pairing”, Advances in Cryptology-Asiacrypt’ 2001, LNCS 2248, Springer-Verlag, pp. 514–532, 2001.CrossRefGoogle Scholar
  4. 4.
    I. Blake, G. Seroussi and N. Smart, “Elliptic curves in cryptography”, Cambridge University Prress, LNS 265, 1999.Google Scholar
  5. 5.
    J.-S. Coron, “On the security of full domain hash”, Advances in Cryptology-Crypto’ 2000, LNCS 1880, Springer-Verlag, pp. 229–235, 2000.CrossRefGoogle Scholar
  6. 6.
    U. Feige, A. Fiat, and A. Shamir, “Zero-knowledge proofs of identity”, J. Cryptology, 1: 77–94, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    A. Fiat and A. Shamir, “How to prove yourself: pratical solutions to identification and signature problems”, Advances in Cryptology — Crypto’ 86, LNCS 263, Springer-Verlag, pp. 186–194, 1987.Google Scholar
  8. 8.
    O. Goldreich and H. Krawczyk, “On the composition of zero-knowledge proof systems”, In Proceedings of the 17th ICALP, LNCS 443, Springer-Verlag, pp. 268–282, 1990.Google Scholar
  9. 9.
    S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of interactive proof systems”, SIAM J. Comput., 18: 186–208, 1989.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    L. Guillou and J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory”, Advances in Cryptology — Eurocrypt’ 88, LNCS 330, Springer-Verlag, pp. 123–128, 1989.CrossRefGoogle Scholar
  11. 11.
    A. Joux and K. Nguyen, “Seperating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups”, available from
  12. 12.
    A. J. Menezes, “Elliptic curve public key cryptosystems”, Kluwer Academic Publishers, 1993.Google Scholar
  13. 13.
    A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, IEEE Trans. Inform. Theory, 39(1993), pp. 1639–1646.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    V. Miller, “Short programs for functions on curves”, unpublished manuscript, 1986.Google Scholar
  15. 15.
    T. Okamoto, “Provably secure and practical identification schemes and corresponding signature schemes”, Advances in Cryptology — Crypto’ 92, LNCS 740, Springer-Verlag, pp. 31–53, 1993.Google Scholar
  16. 16.
    T. Okamoto and D. Pointcheval, “The gap-problem: a new class of problems for the security of cryptographic schemes”, PKC 2001, LNCS 1992, Springer-Verlag, pp. 104–118, 2001.Google Scholar
  17. 17.
    K. Ohta and T. Okamoto, “A modification of the Fiat-Shamir scheme”, Advances in Cryptology-Crypto’ 88, LNCS 403, Springer-Verlag, pp. 232–243, 1990.Google Scholar
  18. 18.
    C. Popescu, “An identification scheme based on the elliptic curve discrete logarithm problem”, IEEE High Performance Computing in the Asia-Pacific Region, Volume: 2, pp. 624–625, 2000.CrossRefGoogle Scholar
  19. 19.
    A.D. Santis, S. Micali, and G. Persiano, “Non-interactive zero-knowledge proof systems”, Advances in Cryptology — Crypto’ 87, LNCS 293, pp. 52–72, 1988.Google Scholar
  20. 20.
    C. Schnorr, “Security of 2t-root identification and signatures”, Advances in Cryptology — Crypto’ 96, LNCS 1109, Springer-Verlag, pp. 143–156, 1996.CrossRefGoogle Scholar
  21. 21.
    V. Shoup, “On the security of a practical identification scheme”, J. Cryptology 12: 247–260, 1999.zbMATHCrossRefGoogle Scholar
  22. 22.
    J. H. Silverman, “The arithmetic of elliptic curves”, Springer-Verlag, GTM 106, 1986.Google Scholar
  23. 23.
    D.R. Stinson, “Cryptography: Theory and Practice”, CRC Press, Boca Raton, Florida, pp. 236, 1995.zbMATHGoogle Scholar
  24. 24.
    T. Yamanaka, R. Sakai, and M. Kasahara, “Fast computation of pairings over elliptic curves”, Proc. of SCIS 2002, pp. 709–714, Jan. 29–Feb. 1, 2002, Shirahama, Japan.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Myungsun Kim
    • 1
  • Kwangjo Kim
    • 1
  1. 1.International Research center for Information Security (IRIS)Information and Communications Univ. (ICU)DaejonKorea

Personalised recommendations