The main applications of our result are non-malleable trapdoor commtiments and a compiler} that takes any proof of knowledge and transforms it into one which is secure against a concurrent man-in-the-middle attack. Such a proof of knowledge immediately yields concurrently secure identification protocols.
When using our number-theoretic istantiations, the non-malleable commitment and the compiler are very efficient (require no more than four exponentiations). The latter also maintains the round complexity of the original proof of knowledge; it works in the common reference string model, which in any case is necessary to prove security of proofs of knowledge under this kind of attacks. Compared to previously known efficient solutions, ours is a factor of two faster.Category / Keywords: cryptographic protocols / zero-knowledge, concurrency, authentication Publication Info: Preliminary version in Crypto 2004 Date: received 7 Oct 2003, last revised 26 Nov 2004 Contact author: rosario at watson ibm com Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Version: 20041126:223434 (All versions of this report) Discussion forum: Show discussion | Start new discussion