Paper 2005/343

Zero-Knowledge Blind Identification For Smart Cards Using Bilinear Pairings

Amitabh Saxena, Serguey Priymak, and Ben Soh

Abstract

Identification protocols based on the Computational Diffie Hellman Problem (CDHP) generally assume the intractability of the underlying Decisional Diffie Hellman Problem (DDHP). Due to this, the security of all such schemes in a pairing based scenario is doubtful. In this paper, we propose a two-round zero-knowledge identification protocol using bilinear pairings. Our proposed protocol has two contrasting features to traditional identification schemes: (1) The scheme requires the verifier to toss his coins before the prover. (2) The coin tosses of the verifier are secret while the coin tosses of the prover are not. As a consequence, we obtain a \emph{blind} identification scheme with complete zero knowledge. Traditionally in an identification scheme, a passive adversary watching the communication gains information intended only for the verifier. For instance, from watching the transcript in the Fiat-Shamir zero knowledge identification scheme, an adversary also learns the outcome of the protocol (i.e. whether the identification succeeds or not). The blinding property of our scheme eliminates this disadvantage while still ensuring zero knowledge. Finally, as a natural extension of our scheme, we present the concept of `all or none' group identification protocol that can be used to authenticate together an arbitrary number of users in a batch such that if the identification fails, it is impossible for the users to know which one cheated. We also prove the security of our scheme and give some interesting applications including anonymous seller credit card payments. The cryptographic primitives can be efficiently encapsulated in smart cards designed for Elliptic Curve Cryptography (ECC). The private key must be included in a tamperproof device inside the smart card.

Note: none