On the security of a practical identification

Research output: Contribution to journalArticle

Abstract

We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali, and Rackoff to 2mth roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme is certainly not new, its security was apparently not fully understood. We prove that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation.

Original languageEnglish (US)
Pages (from-to)247-260
Number of pages14
JournalJournal of Cryptology
Volume12
Issue number4
DOIs
StatePublished - Jan 1 1999

Fingerprint

Communication
Identification Scheme
Communication Complexity
Factoring
Square root
Attack
Roots
Integer

Keywords

  • Identification scheme
  • Proof of security
  • Zero knowledge

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Applied Mathematics

Cite this

On the security of a practical identification. / Shoup, Victor.

In: Journal of Cryptology, Vol. 12, No. 4, 01.01.1999, p. 247-260.

Research output: Contribution to journalArticle

@article{df8012eca9ca4f9c839dedfc396ac5f9,
title = "On the security of a practical identification",
abstract = "We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali, and Rackoff to 2mth roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme is certainly not new, its security was apparently not fully understood. We prove that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation.",
keywords = "Identification scheme, Proof of security, Zero knowledge",
author = "Victor Shoup",
year = "1999",
month = "1",
day = "1",
doi = "10.1007/s001459900056",
language = "English (US)",
volume = "12",
pages = "247--260",
journal = "Journal of Cryptology",
issn = "0933-2790",
publisher = "Springer New York",
number = "4",

}

TY - JOUR

T1 - On the security of a practical identification

AU - Shoup, Victor

PY - 1999/1/1

Y1 - 1999/1/1

N2 - We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali, and Rackoff to 2mth roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme is certainly not new, its security was apparently not fully understood. We prove that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation.

AB - We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali, and Rackoff to 2mth roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme is certainly not new, its security was apparently not fully understood. We prove that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation.

KW - Identification scheme

KW - Proof of security

KW - Zero knowledge

UR - http://www.scopus.com/inward/record.url?scp=0004746654&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0004746654&partnerID=8YFLogxK

U2 - 10.1007/s001459900056

DO - 10.1007/s001459900056

M3 - Article

VL - 12

SP - 247

EP - 260

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -