TY - GEN
T1 - Proof-of-knowledge of representation of committed value and its applications
AU - Au, Man Ho Allen
AU - Susilo, Willy
AU - Mu, Yi
PY - 2010/12/13
Y1 - 2010/12/13
N2 - We present a zero-knowledge argument system of representation of a committed value. Specifically, for commitments C = Commit1(y), D = Commit2(x), of value y and a tuple x = x1,..., xL), respectively, our argument system allows one to demonstrate the knowledge of (x,y) such that x is a representation of y to bases h1, ..., hL. That is, y = h1x1⋯hLxL. Our argument system is zero-knowledge and hence, it does not reveal anything such as x or y. We note that applications of our argument system are enormous. In particular, we show how round-optimal cryptography systems, where privacy is of a great concern, can be achieved. We select three interesting applications with the aim to demonstrate the significance our argument system. First, we present a concrete instantiation of two-move concurrently-secure blind signature without interactive assumptions. Second, we present the first compact e-cash with concurrently-secure withdrawal protocol. Finally, we construct two-move traceable signature with concurrently-secure join. On the side note, we present a framing attack against the original traceable signature scheme within the original model.
AB - We present a zero-knowledge argument system of representation of a committed value. Specifically, for commitments C = Commit1(y), D = Commit2(x), of value y and a tuple x = x1,..., xL), respectively, our argument system allows one to demonstrate the knowledge of (x,y) such that x is a representation of y to bases h1, ..., hL. That is, y = h1x1⋯hLxL. Our argument system is zero-knowledge and hence, it does not reveal anything such as x or y. We note that applications of our argument system are enormous. In particular, we show how round-optimal cryptography systems, where privacy is of a great concern, can be achieved. We select three interesting applications with the aim to demonstrate the significance our argument system. First, we present a concrete instantiation of two-move concurrently-secure blind signature without interactive assumptions. Second, we present the first compact e-cash with concurrently-secure withdrawal protocol. Finally, we construct two-move traceable signature with concurrently-secure join. On the side note, we present a framing attack against the original traceable signature scheme within the original model.
UR - http://www.scopus.com/inward/record.url?scp=78649900374&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-14081-5_22
DO - 10.1007/978-3-642-14081-5_22
M3 - Conference article published in proceeding or book
SN - 3642140807
SN - 9783642140808
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 352
EP - 369
BT - Information Security and Privacy - 15th Australasian Conference, ACISP 2010, Proceedings
T2 - 15th Australasian Conference on Information Security and Privacy, ACISP 2010
Y2 - 5 July 2010 through 7 July 2010
ER -