Markus Michels scite author profile

This paper presents the first efficient statistical zero-knowledge protocols to prove statements such as:• A committed number is a pseudo-prime.• A committed (or revealed) number is the product of two safe primes, i.e., primes p and q such that (p − 1)/2 and (q − 1)/2 are primes as well.• A given value is of large order modulo a composite number that consists of two safe prime factors.So far, no methods other than inefficient circuit-based proofs are known for proving such properties. Proving the second property is for instance necessary in many recent cryptographic schemes that rely on both the hardness of computing discrete logarithms and of difficulty computing roots modulo a composite. The main building blocks of our protocols are statistical zero-knowledge proofs that are of independent interest. Mainly, we show how to prove the correct computation of a modular addition, a modular multiplication, or a modular exponentiation, where all values including the modulus are committed but not publicly known. Apart from the validity of the computation, no other information about the modulus (e.g., a generator which order equals the modulus) or any other operand is given. Our technique can be generalized to prove in zeroknowledge that any multivariate polynomial equation modulo a certain modulus is satisfied, where only commitments to the variables of the polynomial and a commitment to the modulus must be known. This improves previous results, where the modulus is publicly known.We show how a prover can use these building blocks to convince a verifier that a committed number is prime. This finally leads to efficient protocols for *

show abstract

Confirmer Signature Schemes Secure against Adaptive Adversaries

Camenisch

Michels²

2000

109

View full text Add to dashboard Cite

The main difference between confirmer signatures and ordinary digital signatures is that a confirmer signature can be verified only with the assistance of a semitrusted third party, the confirmer. Additionally, the confirmer can selectively convert single confirmer signatures into ordinary signatures. This paper points out that previous models for confirmer signature schemes are too restricted to address the case where several signers share the same confirmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We define a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signature scheme and public key encryption scheme. We also exhibit a concrete instance thereof.

show abstract

Separability and Efficiency for Generic Group Signature Schemes

Camenisch

Michels²

1999

130

View full text Add to dashboard Cite

A cryptographic protocol possesses separability if the participants can choose their keys independently of each other. This is advantageous from a key-management as well as from a security point of view. This paper focuses on separability in group signature schemes. Such schemes allow a group member to sign messages anonymously on the group's behalf. However, in case of this anonymity's misuse, a trustee can reveal the originator of a signature. We provide a generic fully separable group signature scheme and present an efficient instantiation thereof. The scheme is suited for large groups; the size of the group's public key and the length of signatures do not depend on the number of group member. Its efficiency is comparable to the most efficient schemes that do not offer separability and is an order of magnitude more efficient than a previous scheme that provides partial separability. As a side result, we provide efficient proofs of the equality of two discrete logarithms from different groups and, more general, of the validity of polynomial relations in Zamong discrete logarithms from different groups.

show abstract

A Group Signature Scheme with Improved Efficiency (Extended Abstract)

Camenisch

Michels²

2000

119

View full text Add to dashboard Cite

The concept of group signatures allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature's originator can be revealed by a designated entity. In this paper we propose a new group signature scheme that is well suited for large groups, i.e., the length of the group's public key and of signatures do not depend on the size of the group. Our solution based on a variation of the RSA problem is more efficient than previous ones satisfying these requirements.

show abstract

Generic constructions for secure and efficient confirmer signature schemes

Michels

Stadler

1998

View full text Add to dashboard Cite

Abstract. In contrast to ordinary digital signatures, the verification of undeniable signatures and of confirmer signatures requires the cooperation of the signer or of a designated confirmer, respectively. Various schemes have been proposed so fax, from practical solutions based on specific number-theoretic assumptions to theoretical constructions using basic cryptographic primitives. To motivate the necessity of new and provably secure constructions for confirmer signatures, we first describe a flaw in a previous realization by Okamoto. We then present two generic constructions for designing provably secure and efficient confirmer variants of many well-known signature schemes, including the schemes by Schnorr, Fiat and Shamir, E1Gamal, and the RSA scheme. The constructions employ a new tool called confirmer commitment schemes. In this concept the ability to open the committed value is delegated to a designated confirmer. We present an efficient realization based on the Decision-Diffie-Hellman assumption.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Markus Michels

Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes

Confirmer Signature Schemes Secure against Adaptive Adversaries

Separability and Efficiency for Generic Group Signature Schemes

A Group Signature Scheme with Improved Efficiency (Extended Abstract)

Generic constructions for secure and efficient confirmer signature schemes

Contact Info

Product

Resources

About