A Note on Computationally Sound Proof in Group of Unknown Order

Presentation	2001/7/18 A Note on Computationally Sound Proof in Group of Unknown Order Damagard IVAN, Eiichiro FUJISAKI,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Suppose we are given an Abelian group G of unknown order, such as RSA group (Z/nZ)^×, where the group operations in G can be efficiently computed.Let g, h be elements in G and let c=g^xh^r be a commitment to x (where the group operation is defined as the multiplication).In this paper we revisit a sound-proof-of-knowledge protocol for the representation problem in a group of unknown order - that is, a protocol in which the prover convinces the verifier that he knows the representation of c to base g, h in G.The proof of soundness for this protocol was initially provided in [5], but we have recently found it incomplete, although the protocol and its variants appear in many literatures, for instance PVSS [6], group signature [3, 4]and optimistic fair-exchange [2, 1].In this paper we fix a bug in [5]and prove this protocol indeed sound, trying to make the setting more general and fundamental.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Computationally sound proof / argument / zero-knowledge
Paper #	ISEC2001-24
Date of Issue

Paper Information
Registration To	Information Security (ISEC)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	A Note on Computationally Sound Proof in Group of Unknown Order
Sub Title (in English)
Keyword(1)	Computationally sound proof
Keyword(2)	argument
Keyword(3)	zero-knowledge
1st Author's Name	Damagard IVAN
1st Author's Affiliation	Aarhus University()
2nd Author's Name	Eiichiro FUJISAKI
2nd Author's Affiliation	NTT Laboratories
Date	2001/7/18
Paper #	ISEC2001-24
Volume (vol)	vol.101
Number (no)	214
Page	pp.pp.-
#Pages	8
Date of Issue