Cryptography Reference
In-Depth Information
tifying information such as a birth certificate or passport. The following was
introduced in 1991 (see [242]). Again, we need Trent for this (zero-knowledge)
interactive proof of knowledge.
Schnorr Identification Protocol
Trent's Actions
: Trent selects each of the following parameters.
1.
A large prime
p
such that the DLP in
F
p
is intractable (say,
p
≥
2
1024
).
2.
A large prime divisor
q
of
p
−
1 (say,
q
≥
2
160
).
∈
F
p
such that ord
p
(
α
)=
q
(say,
α
=
β
(
p
−
1)
/q
where
β
is a primitive
root modulo
p
).
3.
α
A parameter
t
such that
q>
2
t
(usually
t
4.
≥
40).
5. A secure signature scheme embodying a secret digital-signing algorithm
sig
T
(
k
)
and a public digital-verifying algorithm ver
T
(
k
)
for verification of
Trent's signatures. (Typically sig
T
(
k
)
involves a cryptographic hash func-
tion for security(see page 170), but we will omit this here for increased
clarityof presentation.)
Then Trent creates a certificate for Alice as follows:
6. Trent establishes a bitstring containing information
I
A
that identifies Alice.
Then Alice selects a private random nonnegative exponent
e
≤
q
−
1 and
α
−
e
(mod
p
), which she sends to Trent. Upon receipt,
Trent generates a signature
s
= sig
T
(
k
)
(
I
A
,v
), therebyblinding
I
A
with
v
. Then he sends the certificate
C
(
A
)=(
I
A
,v,s
) to Alice.
she computes
v
≡
Three-Pass Identification Protocol
: Alice wishes to identifyherself to
Bob, who verifies her identitybyproving knowledge of
e
(without revealing
e
).
1. Alice selects a random
k
∈
Z
/q
Z
, called a
commitment
, and computes
α
k
(mod
p
)
.
γ
≡
Then she sends her certificate
C
(
A
) and
γ
, called the
witness
, to Bob.
2. Bob computes ver
T
(
k
)
((
I
A
,v,s
)) = 1, therebyverifing Trent's signature.
Then Bob selects a random natural number
r
2
t
, called the
challenge
,
≤
which he sends to Alice.
3. Alice computes
y
≡
k
+
er
(mod
q
), called the
response
, which she sends to
Bob.
α
y
v
r
(mod
p
), and if
δ
4. Bob computes
δ
γ
(mod
p
), called the
verifica-
tion
, he accepts Alice's identity. Otherwise, he rejects it.
≡
≡
Search WWH ::
Custom Search