zbMATH — the first resource for mathematics

Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. (English) Zbl 0767.94006
Advances in cryptology, Proc. Conf., CRYPTO ’91, Santa Barbara/CA (USA) 1991, Lect. Notes Comput. Sci. 576, 433-444 (1992).
Summary: The zero-knowledge proof of knowledge, first defined by U. Feige, A. Fiat and A. Shamir [J. Cryptology 1, No. 2, 77–94 (1988; Zbl 0659.94006)], was used by Z. Galil, S. Haber and M. Yung [Symmetric public-key cryptosystems, Crypto 1985, Lect. Notes Comput. Math. 218, 128–137 (1986; doi:10.1007/3-540-39799-X_12)] as a means of constructing (out of a trapdoor function) an interactive public-key cryptosystem provably secure against chosen ciphertext attack. We introduce a revised setting which permits the definition of a non- interactive analogue, the non-interactive zero-knowledge proof of knowledge, and show how it may be constructed in that setting from a non- interactive zero-knowledge proof system for NP (of the type introduced by M. Blum, P. Feldman and S. Micali [Non-interactive zero knowledge and its applications, Proc. 20th ACM Symposium on Theory of Computing, STOC 1988, 103–112 (1988; doi:10.1145/62212.62222)]). We give a formalization of chosen ciphertext attrack in our model which is stronger than the “lunchtime attack” considered by M. Naor and M. Yung [Public-key cryptosystems provably secure against chosen ciphertext attacks, Proc. 22nd ACM Symp. on Theory of Computing, STOC 1990, 427–437 (1990; doi:10.1145/100216.100273)], and prove a non-interactive public-key cryptosystem based on non-interactive zero-knowledge proof of knowledge to be secure against it.
For the entire collection see Zbl 0753.00024.

94A60 Cryptography
68P25 Data encryption (aspects in computer science)