SZK Proofs for Generalized Discrete-Log Relation Sets and Applications
|Speaker:||Moti Yung (Columbia University)|
|Date/Time: ||Tuesday 12.10.04, 14.00 h|
|Location:||CWI Amsterdam, Room Z009|
We present a generic SZK protocol for proving knowledge of a witness
to generalized discrete-log relations. This gives a framework that
allows such proofs of relations over mixed sets of groups of unknown
(and known) orders. The tool allows automatic construction of SZK
proofs from descriptions of groups, variable constraints and
This primitive generalizes many previous instantiations that have
appeared in the literature as ad-hoc SZK proofs (some of which had
subtle mistakes in them (originally), and some are overly complex).
The protocol is a powerful tool for building various cryptographic
mechanisms. We demonstrate its power by presenting two new and
efficient verifiable encryption protocols: one for full-domain hash
RSA signatures, and one for the recent CL signatures.