Cryptology ePrint Archive: Report 2009/595

Efficiency Limitations for $\Sigma$-Protocols for Group Homomorphisms

Endre Bangerter and Jan Camenisch and Stephan Krenn

Abstract: Efficient zero-knowledge proofs of knowledge for group homomorphisms are essential for numerous systems in applied cryptography. Especially, $\Sigma$-protocols for proving knowledge of discrete logarithms in known and hidden order groups are of prime importance. Yet, while these proofs can be performed very efficiently within groups of known order, for hidden order groups the respective proofs are far less efficient.

This paper shows strong evidence that this efficiency gap cannot be bridged. Namely, whilst there are efficient protocols allowing a prover to cheat only with negligibly small probability in the case of known order groups, we provide strong evidence that for hidden order groups this probability is bounded below by $1/2$ for all efficient $\Sigma$-protocols not using common reference strings or the like.

We prove our results for a comprehensive class of $\Sigma$-protocols in the generic group model, and further strengthen them by investigating certain instantiations in the plain model.

Category / Keywords: cryptographic protocols / Generic Group Model; $\Sigma$-Protocols; Proofs of Knowledge; Error Bounds;

Publication Info: Extended abstract appears in TCC 2010.

Date: received 3 Dec 2009, last revised 4 Dec 2009

Contact author: stephan krenn at bfh ch

Available formats: PDF | BibTeX Citation

Version: 20091204:162333 (All versions of this report)

Discussion forum: Show discussion | Start new discussion