A Note on Computationally Sound Proof in Group of Unknown Order

概要

論文の詳細を見る
Suppose we are given an Abelian group G of unknown order, such as RSA group (Z/nZ)^×, where the group operations in G can be efficiently computed.Let g, h be elements in G and let c=g^xh^r be a commitment to x (where the group operation is defined as the multiplication).In this paper we revisit a sound-proof-of-knowledge protocol for the representation problem in a group of unknown order - that is, a protocol in which the prover convinces the verifier that he knows the representation of c to base g, h in G.The proof of soundness for this protocol was initially provided in [5], but we have recently found it incomplete, although the protocol and its variants appear in many literatures, for instance PVSS [6], group signature [3, 4]and optimistic fair-exchange [2, 1].In this paper we fix a bug in [5]and prove this protocol indeed sound, trying to make the setting more general and fundamental.
一般社団法人電子情報通信学会の論文
2001-07-18