Abstract
Consider a polynomial-time prover holding a set of secrets. We describe how the prover can rapidly demonstrate any satisfiable boolean formula for which the atomic propositions are relations that are linear in the secrets, without revealing more information about the secrets than what is conveyed by the formula itself. Our protocols support many proof modes, and are as secure as the Discrete Logarithm assumption or the RSA/factoring assumption.
Chapter PDF
References
M. Bellare and O. Goldreich. On defining proofs of knowledge. In E. F. Brickell, editor, Advances in Cryptology—CRYPTO’ 92, volume 740 of Lecture Notes in Computer Science, pages 390–420. Springer-Verlag, 1992.
M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: The case of hashing and signing. In Y. G. Desmedt, editor, Advances in Cryptology—CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 216–233. Springer-Verlag, 1994.
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73, Fairfax, 1993. ACM Press.
J. Benaloh and J. Leichter. Generalized secret sharing and monotone functions. In S. Goldwasser, editor, Advances in Cryptology—CRYPTO’ 88, volume 403 of Lecture Notes in Computer Science, pages 27–35. Springer-Verlag, 1988.
M. Blum, A. De Santis, S. Micali, and G. Persiano. Noninteractive zero-knowledge. SIAM J. Computing, 20(6):1084–1118, December 1991.
S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, Centrum voor Wiskunde en Informatica, April 1993.
S. Brands. Untraceable off-line cash in wallets with observers. In D. R. Stinson, editor, Advances in Cryptology—CRYPTO’ 93, volume 773 of Lecture Notes in Computer Science, pages 302–318. Springer-Verlag, 1994.
S. Brands. More on restrictive blind issuing of secret-key certificates in parallel mode. Technical Report CS-R9534, Centrum voor Wiskunde en Informatica, March 1995.
S. Brands. Restrictive blind issuing of secret-key certificates in parallel mode. Technical Report CS-R9523, Centrum voor Wiskunde en Informatica, March 1995.
S. Brands. Restrictive blinding of secret-key certificates. In L. C. Guillou and J.-J. Quisquater, editors, Advances in Cryptology—EUROCRYPT’ 95, volume 921 of Lecture Notes in Computer Science, pages 231–247. Springer-Verlag, 1995.
E. F. Brickell, D. Chaum, I. B. Damgård, and J. van de Graaf. Gradual and verifiable release of a secret. In C. Pomerance, editor, Advances in Cryptology—CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 156–166. Springer-Verlag, 1988.
E. F. Brickell and K. S. McCurley. An interactive identification scheme based on discrete logarithms and factoring. Journal of Cryptology, 5(1):29–39, 1992.
D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. Technical report, University of Karlsruhe, February 1991. Interner Bericht 1/91.
D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. In J. Feigenbaum, editor, Advances in Cryptology—CRYPTO’ 91, volume 576 of Lecture Notes in Computer Science, pages 470–484. Springer-Verlag, 1992.
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Y. G. Desmedt, editor, Advances in Cryptology—CRYPTO’ 94, Lecture Notes in Computer Science, pages 174–187. Springer-Verlag, 1994.
I. B. Damgård. Practical and provably secure release of a secret. In T. Helleseth, editor, Advances in Cryptology—EUROCRYPT’ 93, volume 765 of Lecture Notes in Computer Science, pages 200–217. Springer-Verlag, 1994.
A. De Santis, G. D. Crescenzo, G. Persiano, and M. Yung. On monotone formula closure of SZK. In Proc. 35th IEEE Symp. on Foundations of Comp. Science, pages 454–465, Santa Fe, 1994. IEEE Transactions on Information Theory.
U. Feige and A. Shamir. Zero-knowledge proofs of knowledge in two rounds. In G. Brassard, editor, Advances in Cryptology—CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 526–544. Springer-Verlag, 1990.
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. Odlyzko, editor, Advances in Cryptology—CRYPTO’ 86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer-Verlag, 1987.
L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory. In C. Günther, editor, Advances in Cryptology—EUROCRYPT’ 88, Lecture Notes in Computer Science, pages 123–128. Springer-Verlag, 1988.
J. Håstad, A. Schrift, and A. Shamir. The discrete logarithm modulo a composite hides o(n) bits. JCSS, 47(3):376–404, 1993.
M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In U. Maurer, editor, Advances in Cryptology—EUROCRYPT’ 96, volume 1070 of Lecture Notes in Computer Science, pages 143–154. Springer-Verlag, 1996.
D. E. Knuth. Seminumerical Algorithms, volume 2 of The Art of Computer Programming, pages 441–462. Addison-Wesley Publishing Company, 2 edition, 1981. ISBN 0-201-03822-6.
D. Naccache, D. M’Raïhi, S. Vaudenay, and D. Raphaeli. Can D.S.A. be improved? — complexity trade-offs with the digital signature standard. In A. D. Santis, editor, Advances in Cryptology—EUROCRYPT’ 94, volume 950 of Lecture Notes in Computer Science, pages 77–85. Springer-Verlag, 1995.
K. Ohta and T. Okamoto. A modification of the Fiat-Shamir scheme. In S. Goldwasser, editor, Advances in Cryptology—CRYPTO’ 88, volume 403 of Lecture Notes in Computer Science, pages 232–243. Springer-Verlag, 1988.
T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. In E. F. Brickell, editor, Advances in Cryptology—CRYPTO’ 92, volume 740 of Lecture Notes in Computer Science, pages 31–53. Springer-Verlag, 1992.
T. Okamoto and K. Ohta. Divertible zero knowledge interactive proofs and communtative random self-reducibility. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology—EUROCRYPT’ 89, volume 434 of Lecture Notes in Computer Science, pages 134–149. Springer-Verlag, 1989.
B. Pfitzmann. ZKP in ℤρ or \( \mathbb{Z}_{2^\sigma } \). Unpublished manuscript, April 1991.
D. Pointcheval and J. Stern. Provably secure blind signature schemes. In K. Kim and T. Matsumoto, editors, Advances in Cryptology—ASIACRYPT’ 96, 1163, pages 252–265. Springer-Verlag, 1996.
D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. Maurer, editor, Advances in Cryptology—EUROCRYPT’ 96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.
C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4:161–174, 1991.
D. R. Stinson. Cryptography; theory and practice. CRC Press, 1 edition, 1995. ISBN 0-8493-8521-0.
M. Tompa and H. Woll. Random self-reducibility and zero knowledge interactive proofs of possession of information. Technical Report RC 13207 (#59069), IBM, October 1987.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brands, S. (1997). Rapid Demonstration of Linear Relations Connected by Boolean Operators. In: Fumy, W. (eds) Advances in Cryptology — EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69053-0_22
Download citation
DOI: https://doi.org/10.1007/3-540-69053-0_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62975-7
Online ISBN: 978-3-540-69053-5
eBook Packages: Springer Book Archive