Section: New Results

Implementatin of efficient ZK-Proofs of Knowledge

Participant : Joe-Kai Tsay.

Zero-knowledge proofs of knowledge (ZK-PoK) play an important role in many cryptographic applications. Direct anonymous attestation (DAA) and the identity mixer anonymous authentication system are first real world applications using ZK-PoK as building blocks. But although having been used for many years now, it remains challenging to design and implement sound ZK-PoK. In fact, the security of various protocols found in literature was flawed. For non-experts in the field it is often hard to design ZK-PoK, since a unified and easy to use theoretical framework on ZK-PoK is missing.

In [43] , Bangerter, Krenn, Sadeghi, Schneider and Tsay extend and improve a first unified and modular theoretical framework for ZK-PoK of Camenisch et al., presented at EUROCRYPT 2009, especially in terms of efficiency. Furthermore, an exact security and efficiency analysis for a new protocol and various protocols found in literature is conducted. The analysis yields novel - and perhaps surprising - results and insights. It reveals for instance that using a 2048 bit RSA modulus, as specified in the DAA standard, only guarantees an upper bound on the success probability of a malicious prover between 1/2⁴ and 1/2²⁴ . Also, based on that analysis it is shown how to select the most efficient protocol to prove a given proof goal. Finally, low-level support to a designer is provided by presenting a compiler realizing our framework and optimization techniques, allowing easy implementation of efficient and sound protocols.