Paper 2008/471

Automatic Generation of Sound Zero-Knowledge Protocols

Endre Bangerter, Jan Camenisch, Stephan Krenn, Ahmad-Reza Sadeghi, and Thomas Schneider


Efficient zero-knowledge proofs of knowledge (ZK-PoK) are basic building blocks of many practical cryptographic applications such as identification schemes, group signatures, and secure multiparty computation. Currently, first applications that essentially rely on ZK-POKs are being deployed in the real world. The most prominent example is Direct Anonymous Attestation (DAA), which was adopted by the Trusted Computing Group (TCG) and implemented as one of the functionalities of the cryptographic chip Trusted Platform Module (TPM). Implementing systems using ZK-PoK turns out to be challenging, since ZK-PoK are, loosely speaking, significantly more complex than standard crypto primitives, such as encryption and signature schemes. As a result, implementation cycles of ZK-PoK are time-consuming and error-prone, in particular for developers with minor or no cryptographic skills. To overcome these challenges, we have designed and implemented a compiler with corresponding languages that given a high-level ZK-PoK protocol specification automatically generates a sound implementation of this. The output is given in form of $\Sigma$-protocols, which are the most efficient protocols for ZK-PoK currently known. Our compiler translates ZK-PoK protocol specifications, written in a high-level protocol description language, into Java code or \LaTeX\ documentation of the protocol. The compiler is based on a unified theoretical framework that encompasses a large number of existing ZK-PoK techniques. Within this framework we present a new efficient ZK-PoK protocol for exponentiation homomorphisms in hidden order groups. Our protocol overcomes several limitations of the existing proof techniques.

Available format(s)
Publication info
Published elsewhere. This paper will be presented at EuroCrypt 2009 poster session.
Zero-KnowledgeProtocol CompilerLanguage Design
Contact author(s)
stephan krenn @ bfh ch
2009-02-16: last of 2 revisions
2008-11-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Endre Bangerter and Jan Camenisch and Stephan Krenn and Ahmad-Reza Sadeghi and Thomas Schneider},
      title = {Automatic Generation of Sound Zero-Knowledge Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2008/471},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.