IACR News item: 03 June 2012
Marcel Keller, Gert Læssøe Mikkelsen, Andy Rupp
ePrint Reportinteractive proofs of knowledge over multiple parties. Interactive proofs of knowledge (PoK) are widely used
primitives of cryptographic protocols, including important user-centric protocols, such as identification schemes,
electronic cash (e-cash), and anonymous credentials.
We present a security model for threshold proofs of knowledge and develop threshold versions of well-known
primitives such as range proofs, zero-knowledge proofs for preimages of homomorphisms (which generalizes PoKs
of discrete logarithms, representations, p-th roots, etc.), as well as OR statements. These building blocks are proven
secure in our model.
Furthermore, we apply the developed primitives and techniques in the context of user-centric protocols. In particular,
we construct distributed-user variants of Brands\' e-cash system and the bilinear anonymous credential scheme by
Camenisch and Lysyanskaya. Distributing the user party in such protocols has several practical advantages: First, the
security of a user can be increased by sharing secrets and computations over multiple devices owned by the user. In
this way, losing control of a single device does not result in a security breach. Second, this approach also allows
groups of users to jointly control an application (e.g., a joint e-cash account), not giving a single user full control.
The distributed versions of the protocols we propose in this paper are relatively efficient (when compared to a general
MPC approach). In comparison to the original protocols only the prover\'s (or user\'s) side is modified while the other
side stays untouched. In particular, it is oblivious to the other party whether it interacts with a distributed prover (or
user) or one as defined in the original protocol.
Additional news items may be found on the IACR news page.