International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Automatic Generation of Sound Zero-Knowledge Protocols

Endre Bangerter
Jan Camenisch
Stephan Krenn
Ahmad-Reza Sadeghi
Thomas Schneider
Search ePrint
Search Google
Abstract: Efficient zero-knowledge proofs of knowledge (ZK-PoK) are basic building blocks of many practical cryptographic applications such as identification schemes, group signatures, and secure multiparty computation. Currently, first applications that essentially rely on ZK-POKs are being deployed in the real world. The most prominent example is Direct Anonymous Attestation (DAA), which was adopted by the Trusted Computing Group (TCG) and implemented as one of the functionalities of the cryptographic chip Trusted Platform Module (TPM). Implementing systems using ZK-PoK turns out to be challenging, since ZK-PoK are, loosely speaking, significantly more complex than standard crypto primitives, such as encryption and signature schemes. As a result, implementation cycles of ZK-PoK are time-consuming and error-prone, in particular for developers with minor or no cryptographic skills. To overcome these challenges, we have designed and implemented a compiler with corresponding languages that given a high-level ZK-PoK protocol specification automatically generates a sound implementation of this. The output is given in form of $\Sigma$-protocols, which are the most efficient protocols for ZK-PoK currently known. Our compiler translates ZK-PoK protocol specifications, written in a high-level protocol description language, into Java code or \LaTeX\ documentation of the protocol. The compiler is based on a unified theoretical framework that encompasses a large number of existing ZK-PoK techniques. Within this framework we present a new efficient ZK-PoK protocol for exponentiation homomorphisms in hidden order groups. Our protocol overcomes several limitations of the existing proof techniques.
  title={Automatic Generation of Sound Zero-Knowledge Protocols},
  booktitle={IACR Eprint archive},
  keywords={implementation / Zero-Knowledge, Protocol Compiler, Language Design},
  note={This paper will be presented at EuroCrypt 2009 poster session. 14291 received 5 Nov 2008, last revised 16 Feb 2009},
  author={Endre Bangerter and Jan Camenisch and Stephan Krenn and Ahmad-Reza Sadeghi and Thomas Schneider},