SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS full report
Active In SP
Joined: Apr 2010
06-06-2010, 10:22 PM
SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS.docx (Size: 29.74 KB / Downloads: 58)
SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO
Brijesh Kumar Chaurasia
Computer Science and Engineering Department, IITM, India
A Group Signature schemes as a digital signature
scheme comprises the following:
Today incerasing number of applications demand a
committed bandwidth and high speed for their
transmission but still there is already an urgent need of
secure data transmission . My paper simply define the
group signature and zero knowledge proofs protocols and
applying these protocols we can prevent misuse of group
signatures and the technique of group signatures can be
used more effectively.
Group Signature, introduced by David Chaum and
Eugene Van Heyst, CWI Centre for Mathematics and
Computer Science, Netherlands. A series of
improvements and enhancements followed [1,2,3,4,5].
Group Signature is a technique which allows only the
members of a Group to sign a message without revealing
the identity of signer but a group authority can verify the
signer of a group. In Toto Group Signatures are a
"generalization" of credential mechanism and
membership (authentication) schemes, in which a group a
group member can convince a verifier that he belongs to a
certain group, without revealing his identity,
In short Group Signature is characterized by the
Only members of the group can sign message.
The receiver of the signature can verify that it is a
valid signature from the group.
The receiver of the signature cannot determine which
member of the group is the signer.
In the case of a dispute, the signature can be opened
1. Setup, 2. Join, 3. Sign, 4. Verify, 5. Open.
1. Setup: An interactive setup protocol between the
membership manager, the group members, and the
revocation manager. On input of a security parameter 1?
this probabilistic algorithm outputs the initial group public
key P and the secret key S for the group manager.
The membership manager is responsible for the system
setup and for adding group members while revocation
manager has the ability to revoke the anonymity of the
2. Join: An interactive protocol between the group
manager and a user that result in the user becoming a new
3. Sign: An interactive protocol between the group
member and a user whereby a group signature on a user
supplied message is computed by the group member.
Verify: An algorithm for establishing the validity of
a group signature given a group public key and a
Open: An algorithm that, given a signed message
and a group secret key, determines the identity of the
A secure group signature schemes must satisfy
the following prosperities:
1. Correctness: Signatures produced by a group
member using sign must be accepted by verify.
to reveal the identity of the signer.
2. Anonymity: Given a signature, identifying the actual
signer is computationally difficult for everyone but the
3. Unlinkability: Deciding whether two different
signatures have been computed by the same group
member is computationally hard.
4. No framing: Even if the group manager and some of
the group members collude, they cannot sign on behalf of
non-involved group member.
5. Traceability: The group manager can always
established the identity of the member who issued a valid
6. Coalition-resistance: A colluding subset of group
members cannot generate a valid signature that cannot be
A group signature allows any member of a group to sign
on behalf of the group. Group signatures are publicly
verifiable and can be verified with respect to a single
group public key. Only a designated group manager can
revoke the anonymity of the group signature and find out
the identity of the group member who issued a given
signature. Furthermore, group signatures are unlikable,
which makes it computationally hard to establish whether
or not multiple signatures are produced by the same
group member. At the same time, no one, including the
group manager, can misattribute a valid group signature.
A group signature scheme could for instance be used in
many specialized applications, such as voting and
binding. A group signature scheme could be used by an
employee of a large company to sign documents on
behalf of company. A further application of a group
signature scheme is electronic cash. In this case several
banks issue coins, but it is impossible for shops to find
out which bank issued a coin that is obtained from a
customer. Central bank plays the role of the group
manager, with all the other banks issuing coins as group
2. ZERO KNOWLEDGE
Zero-knowledge protocols allow identification, key
exchange and other basic cryptographic operations to be
implemented without leaking any secret information
during the conversation and with smaller computational
requirements than using comparable public key protocols.
Thus Zero-knowledge protocols seem very attractive
especially in smart card and embedded applications.
There is quite a lot written about Zero-knowledge
protocols in theory, but not so much practical down-to-
earth material is available even though Zero-knowledge
techniques have been used in many applications.
3. ZERO-KNOWLEDGE PROTOCOL
Zero-Knowledge protocols ,as their name says, are
cryptographic protocols which di not reveal the
information or secret itselfs during the protocols ,or any
eavesdropper. They have some very interesting properties,
e.g. as the secret itself (e.g. your identity) is not
transferred t the verification part, they cannot try to
masquerade as you to any third party.
Although Zero-Knowledge protocols looks a bit unusual,
must usual cryptographics problems can be solved by
using them, as well as with pulic key cryptography. For
some application, like key exchange (For later normal
cheap and some application, likes key exchange (for later
normal cheap and fast symmetric encryption on the
communication link ) r proving mutual identities, zero-
Knowledge protocols can in many occasions be a very
good and Suitable solution.
4. ZERO-KNOWLEDGE TERMINOLOGY
The secret means some piece of information, be it a
password, the private key of a public key cryptosystem, a
solution to some mathematical problem or a set of
credentials. With Zero-Knowledge protocols, the prover
can convince the verifier that she is in possession of the
knowledge, the secret ,without revealing the secret itself,
unlike e.g. normal username-password queries.
Accreditation means the building of confidence in each
iteration of the protocol. If in one step of a Zero-
Knowledge protocol, the chance f an impostor being able
to provide the answer is 1 in 2, The chances of her passing
an entire conversation are 2^- (number of accreditation
Often the prover will offer a problem (i,e particular
numeric values for a generic hard-to-solve mathematical
problem, e.g. factoring extremely large numbers, which
will ask for one of the 2 or or more possible solution to
the hard mathematical problem, she is ables to provide
any of the solution ask for. If she doesâ„¢t know the real
solution, she can not provide all of the possible solutions,
and if the verifier asks for one of the Cut-and0choose
protocols work in the way, that one failure means the
failure of the whole protocol (i.e. that the prover is not
legitimate), but you can keep working on the protocol as
long as you want, if the prover is legitimate. After you
reach the level of confidence you need without being cut
off, the protocol is successful.
The notion of Zero-Knowledge was set forward by
Goldwasser, Micali and Rackoff. Essentially, a Zero-
Knowledge protocol allows a prover to convince a verifier
of an assertion without disclosing any information to the
verifier beyond the validity of that assertion. In the
context of [6,8], all Zero -Knowledge protocol will
necessary protocol will necessarily disclose more than the
validity of the assertion: the fact the prover knows why
this assertion is valid is also disclosed. (In the context of
interactive proofs, the fact that the prover has this
knowledge is implied by her unbounded computing
power). Nevertheless, this additional piece of information
revealed when the proverâ„¢s computing power is limited
makes it possible to design protocols that actually reveal
less than would be possible for any (interesting)
interactive proofs in which the prover has unbounded
computing power: these are the proofs of Zero-
Knowledge discussed at the end of the previous section.
A protocol is perfect Zero-knowledge  if the verifier
does not learn any-thing at all from the interaction beyond
the validity of the assertion involved and --if relevantâ€
the fact that the prover knows why it is valid. In order to
define this notion more formally, on has to consider the
view of what the verifier sees during his interaction with
the prover. This consists of the outcome of his random
coin tosses as well as of everything that the prover tells
him during the interaction. Because of the probabilistic
nature of interactive protocols (including random choices
made by the prover), a probability distribution is defined
on the verifier. A protocol is perfect Zero-knowledge if ,
to each polynomial-time verifier, there corresponds a
polynomial-time simulator capable of producing a view
taken from exactly the same probability distribution
without ever talking to the prover. Intuitively, the
existence of this simulator shows that the verifier does not
learn anything from the interaction since the prover does
not tell him anything that he could not have produced by
himself (probabilistically speaking).
Using this Zero Knowledge proofs protocol in group
signature we can identify that who is signer and without
reveal that signature. If this concept is works that another
advantage that a Zero-Knowledge protocol allows a
prover to convince a verifier of an assertion without
disclosing any information to the verifier beyond the
validity of that assertion
In this paper there are two folds: To simplify and unify
the proofs for the protocols for the Zero-knowledge
property and to apply these in group signature theory.
Using these, we believe that the misuse of group
signatures can be minimized and the technique of group
signatures can be used more efficiently.
 D. Chaum, and E. van Heijt, Group signature, Advances in
Cryptology - Eurocrypt â„¢91, springer-Verlag(1991) 257-
 J. Camenish. Efficient and generalized group signatures.
In W. Fumy, editor, Advanced in Cryptology -
EUROCRYPT â„¢97, volume 1233 of Lecture Notes in
computer science, pages 465-479. springer Verlag, 1997.
 L.chen and T. P. Pedersen. New group signatures
schemes. In A De. Santis, editor, Advanced in
Cryptology - EUROCRYPT â„¢94, volume 950 of Lecture
Notes in computer science, pages 171-181. Springer
 S. J. kim, S. J. Park, and D. H. Won. Convertible group
signatures. In K. Kim and T. Matsumoto, editors,
Advanced in Cryptology - ASIACRYPT â„¢96, volume 1163 of
Lecture Notes in computer science, pages 311-321. springer
 H. Petersen. How to convert any digital signature scheme
into a group signature scheme. In M. Lomas and S.
Vaudenay, editors, Security Protocols Workshop,
 Goldwasser, Micalie, Racoff. The Knowledge complixity
of interactive proof system, 1985.
 Goldreich., Micali, and Wigderson. How to Prove All
NP-Statements in Zero-Knowledge and a Methodology of
Cryptographic Protocol Design, 1986.
D. M. Gorden and K. S. McCurely. Massively parallel
computation of discrete logarithms, Advances in cryptology â€œ
CRYPTO Ëœ92, p.g. 312-323, Springer Verlag , [GMR86],1993.
Brijesh Kumar Chaurasia,Reader, CSE,IITM,
Profile:M.Tech. (Computer Science) from Devi
Ahilya Vishwa ,Vidhialaya, Indore (M.P.).Area
of Expertise and Interest: Web Mining, Data
Mining, Search Engine Technology ,OOAD with
Cryptography.Experience detailsresently I am
working as a Reader in Computer Science and
Engineering, IITM, Gwalior (M.P.).Five Years
experience as a Lecturer in ITM Universe,
Sithouli,Gwalior (M. P.),1.5 years experience in
design and development of Sunâ„¢s applications
using J2EE under Windows environment
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion