The search functionality is under construction.

The search functionality is under construction.

This paper proposes a bit-commitment scheme, *BC*(*f*(*X*_{1},*X*_{t}), and any given modulus, *n*, a prover, *P*, gives (*I*_{1},*I*_{t}) to a verifier,ν, and can convince ν that *P* knows (*x*_{1},*x*_{t}) which satisfies *f*(*x*_{1},*x*_{t}) *n*) and *I*_{i} = *BC*(*x*_{i}), (*i* = 1,*O*(|*n*|) times more efficient than the corresponding previous ones. The (knowledge) soundness of our protocol holds under a computational assumption, the intractability of a modified RSA problem (see Def. 3.2), while the (statistical) zero-knowledgeness of the protocol needs no computational assumption. The protocol can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.

- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E82-A No.1 pp.81-92

- Publication Date
- 1999/01/25

- Publicized

- Online ISSN

- DOI

- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)

- Category

The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.

Copy

Eiichiro FUJISAKI, Tatsuaki OKAMOTO, "Statistical Zero-Knowledge Protocols to Prove Modular Polynomial Relations" in IEICE TRANSACTIONS on Fundamentals,
vol. E82-A, no. 1, pp. 81-92, January 1999, doi: .

Abstract: This paper proposes a bit-commitment scheme, *BC*(*f*(*X*_{1},*X*_{t}), and any given modulus, *n*, a prover, *P*, gives (*I*_{1},*I*_{t}) to a verifier,ν, and can convince ν that *P* knows (*x*_{1},*x*_{t}) which satisfies *f*(*x*_{1},*x*_{t}) *n*) and *I*_{i} = *BC*(*x*_{i}), (*i* = 1,*O*(|*n*|) times more efficient than the corresponding previous ones. The (knowledge) soundness of our protocol holds under a computational assumption, the intractability of a modified RSA problem (see Def. 3.2), while the (statistical) zero-knowledgeness of the protocol needs no computational assumption. The protocol can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.

URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/e82-a_1_81/_p

Copy

@ARTICLE{e82-a_1_81,

author={Eiichiro FUJISAKI, Tatsuaki OKAMOTO, },

journal={IEICE TRANSACTIONS on Fundamentals},

title={Statistical Zero-Knowledge Protocols to Prove Modular Polynomial Relations},

year={1999},

volume={E82-A},

number={1},

pages={81-92},

abstract={This paper proposes a bit-commitment scheme, *BC*(*f*(*X*_{1},*X*_{t}), and any given modulus, *n*, a prover, *P*, gives (*I*_{1},*I*_{t}) to a verifier,ν, and can convince ν that *P* knows (*x*_{1},*x*_{t}) which satisfies *f*(*x*_{1},*x*_{t}) *n*) and *I*_{i} = *BC*(*x*_{i}), (*i* = 1,*O*(|*n*|) times more efficient than the corresponding previous ones. The (knowledge) soundness of our protocol holds under a computational assumption, the intractability of a modified RSA problem (see Def. 3.2), while the (statistical) zero-knowledgeness of the protocol needs no computational assumption. The protocol can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.

keywords={},

doi={},

ISSN={},

month={January},}

Copy

TY - JOUR

TI - Statistical Zero-Knowledge Protocols to Prove Modular Polynomial Relations

T2 - IEICE TRANSACTIONS on Fundamentals

SP - 81

EP - 92

AU - Eiichiro FUJISAKI

AU - Tatsuaki OKAMOTO

PY - 1999

DO -

JO - IEICE TRANSACTIONS on Fundamentals

SN -

VL - E82-A

IS - 1

JA - IEICE TRANSACTIONS on Fundamentals

Y1 - January 1999

AB - This paper proposes a bit-commitment scheme, *BC*(*f*(*X*_{1},*X*_{t}), and any given modulus, *n*, a prover, *P*, gives (*I*_{1},*I*_{t}) to a verifier,ν, and can convince ν that *P* knows (*x*_{1},*x*_{t}) which satisfies *f*(*x*_{1},*x*_{t}) *n*) and *I*_{i} = *BC*(*x*_{i}), (*i* = 1,*O*(|*n*|) times more efficient than the corresponding previous ones. The (knowledge) soundness of our protocol holds under a computational assumption, the intractability of a modified RSA problem (see Def. 3.2), while the (statistical) zero-knowledgeness of the protocol needs no computational assumption. The protocol can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.

ER -