Speaker:	Moti Yung (Columbia University)
Date/Time:	Tuesday 12.10.04, 14.00 h
Location:	CWI Amsterdam, Room Z009
Abstract:	We present a generic SZK protocol for proving knowledge of a witness to generalized discrete-log relations. This gives a framework that allows such proofs of relations over mixed sets of groups of unknown (and known) orders. The tool allows automatic construction of SZK proofs from descriptions of groups, variable constraints and relations. This primitive generalizes many previous instantiations that have appeared in the literature as ad-hoc SZK proofs (some of which had subtle mistakes in them (originally), and some are overly complex). The protocol is a powerful tool for building various cryptographic mechanisms. We demonstrate its power by presenting two new and efficient verifiable encryption protocols: one for full-domain hash RSA signatures, and one for the recent CL signatures.