Efficient Designated-Verifier Non-interactive Zero-Knowledge Proofs of Knowledge

Chaidos, Pyrros; Couteau, Geoffroy

doi:10.1007/978-3-319-78372-7_7

Cited by 23 publications

(41 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While our scheme is the first NIKVAC in the standard model without pairings, we observe (this is in fact the starting point of our work) that there is a relatively natural construction of a NIKVAC which is obtained by starting with the (interactive) scheme of [13], and replacing the underlying zero-knowledge proof system by the designated-verifier non-interactive zero-knowledge proof system of [11]. While this observation is interesting in itself, the security analysis of the resulting construction does not present major technical difficulties (although it is not entirely straightforward).…”

Section: Our Contributionmentioning

confidence: 88%

“…While this observation is interesting in itself, the security analysis of the resulting construction does not present major technical difficulties (although it is not entirely straightforward). In this work, we refine this approach, adopting a different strategy to better exploit the structural properties of the proof system of [11]. Our optimized approach provides strong efficiency improvements (which we detail in Section 1.6) over the previous alternative.…”

Section: Our Contributionmentioning

confidence: 99%

“…This situation recently changed with the introduction in [11] of the first DVNIZK proof system which allows to provide proofs of knowledge of a witness, for a wide variety of algebraic statements, where soundness is unbounded (it holds even if the prover is given arbitrary access to a verification oracle). Furthermore, the framework of [11] allows for efficient DVNIZK proofs, directly proportional to the size of the algebraic statement to be proven. A natural approach toward building a NIKVAC scheme is therefore to rely on the KVAC scheme of [13], and to replace the underlying zero-knowledge proofs by appropriate DVNIZK, using the framework of [11].…”

Section: Our Approachmentioning

confidence: 99%

“…Furthermore, the framework of [11] allows for efficient DVNIZK proofs, directly proportional to the size of the algebraic statement to be proven. A natural approach toward building a NIKVAC scheme is therefore to rely on the KVAC scheme of [13], and to replace the underlying zero-knowledge proofs by appropriate DVNIZK, using the framework of [11]. However, while this approach should lead to a secure NIKVAC, it misses the opportunity to exploit the specific structure of the scheme of [11] to get improved efficiency guarantees.…”

Section: Our Approachmentioning

confidence: 99%

See 3 more Smart Citations

Non-interactive Keyed-Verification Anonymous Credentials

Couteau

Reichle

2019

Public-Key Cryptography – PKC 2019

Self Cite

View full text Add to dashboard Cite

Anonymous credential (AC) schemes are protocols which allow for authentication of authorized users without compromising their privacy. Of particular interest are noninteractive anonymous credential (NIAC) schemes, where the authentication process only requires the user to send a single message that still conceals its identity. Unfortunately, all known NIAC schemes in the standard model require pairing based cryptography, which limits them to a restricted set of specific assumptions and requires expensive pairing computations. The notion of keyed-verification anonymous credential (KVAC) was introduced in (Chase et al., CCS'14) as an alternative to standard anonymous credential schemes allowing for more efficient instantiations; yet, making existing KVAC non-interactive either requires pairing-based cryptography, or the Fiat-Shamir heuristic. In this work, we construct the first non-interactive keyed-verification anonymous credential (NIKVAC) system in the standard model, without pairings. Our scheme is efficient, attribute-based, supports multi-show unlinkability, and anonymity revocation. We achieve this by building upon a combination of algebraic MAC with the recent designated-verifier non-interactive zero-knowledge (DVNIZK) proof of knowledge of (Couteau and Chaidos, Eurocrypt'18). Toward our goal of building NIKVAC, we revisit the security analysis of a MAC scheme introduced in (Chase et al., CCS'14), strengthening its guarantees, and we introduce the notion of oblivious non-interactive zero-knowledge proof system, where the prover can generate non-interactive proofs for statements that he cannot check by himself, having only a part of the corresponding witness, and where the proof can be checked efficiently given the missing part of the witness. We provide an efficient construction of an oblivious DVNIZK, building upon the specific properties of the DVNIZK proof system of (Couteau and Chaidos, Eurocrypt'18).

show abstract

Section: Our Contributionmentioning

confidence: 88%

Section: Our Contributionmentioning

confidence: 99%

Section: Our Approachmentioning

confidence: 99%

Section: Our Approachmentioning

confidence: 99%

See 2 more Smart Citations

Non-interactive Keyed-Verification Anonymous Credentials

Couteau

Reichle

2019

Public-Key Cryptography – PKC 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…These schemes guarantee that only designated verifier could convince the validity of the signature, but could not prevent the attackers from guessing the passwords for encrypting the credential (i.e., private key) by verifying the correctness of signature. Furthermore, Π PBC is also not a simple application of the Designated-Verifier Non-Interactive Zero-Knowledge proof (DV-NIZK) [22], and could be instantiated with standard Fait-Shamir transformation [28] over common elliptic curves [1]. Our scheme only leverage the idea that, it is infeasible for the attackers to check the proof when they do not know the complete statement to be proved.…”

Section: A High Level Descriptionmentioning

confidence: 99%

Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities

Zhang¹,

Wang²,

Yang³

2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Shared credential is currently the most widespread form of end user authentication with its convenience, but it is also criticized for being vulnerable to credential database theft and phishing attacks. While several alternative mechanisms are proposed to offer strong authentication with cryptographic challenge-response protocols, they are cumbersome to use due to the need of tamper-resistant hardware modules at user end. In this paper, we propose the first strong authentication mechanism without the reliance on tamper-resistant hardware at user end. A user authenticates with a password-based credential via generating designated-verifiable authentication tokens. Our scheme is resistant to offline dictionary attacks in spite that the attacker can steal the password-protected credentials, and thus can be implemented on general-purpose devices. More specifically, we first introduce and formalize the notion of Password-Based Credential (PBC), which models the resistance of offline attacks and the unforageability of authentication tokens even if attackers can see authentication tokens and capture password-wrapped credentials of honest users. We then present a highly-efficient construction of PBC using a "randomize-thenprove" approach, and prove its security. The construction does not involve bilinear-pairings, and can be implemented with common cryptographic libraries for many platforms. We also present a technique to transform the PBC scheme to be publiclyverifiable, and present an application of PBC in federated identity systems to provide holder-of-key assertion mechanisms. Compared with current certificate-based approaches, it is more convenient and user-friendly, and can be used with the federation systems that employ privacy-preserving measures (e.g., Sign-in with Apple). We also implement the PBC scheme and evaluate its performance for different applications over various network environment. When PBC is used as a strong authentication mechanism for end users, it saves 26%-36% of time than the approach based on ECDSA with a tamper-resistant hardware module. As for its application in federation, it could even save more time when the user proves its possession of key to a Relying Party.

show abstract

Designated-Verifier Pseudorandom Generators, and Their Applications

Couteau

Hofheinz

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Efficient Designated-Verifier Non-interactive Zero-Knowledge Proofs of Knowledge

Cited by 23 publications

References 45 publications

Non-interactive Keyed-Verification Anonymous Credentials

Non-interactive Keyed-Verification Anonymous Credentials

Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities

Designated-Verifier Pseudorandom Generators, and Their Applications

Contact Info

Product

Resources

About