C. Racko and D. R. Simon, \Non{interactive zero{knowledge proof of knowledge and chosen ciphertext attack," in Proc. CRYPTO'91, 1992.  Home/Search   Document Not in Database   Summary   Related Articles

....independently from x, or have Alice reject. Intuitively, this can be solved by having both parties supply a zero knowledge proof with their message that it is well formed. However, a formal proof of security requires that these proofs are proofs of knowledge. To this end, we use a public key model [23], where each party has registered a public key and a public source of randomness is available (see Section 4.3) 3 Tools 3.1 Oblivious Transfer A ubiquitous tool in secure computation is oblivious transfer. We use a oneout of two oblivious transfer also known as ANDOS ....

....zero knowledge proofs (NIZKP) 7, 14] that each player s message is well formed. The formal complication to this method is that standard NIZKP are not proofs of knowledge. Instead, we use the public key scenario for noninteractive proofs of knowledge, put forth by Simon and Racko [23], as follows. Each player has a public key P that is certi ed by some trusted center once and forever. The player convinces the center, via a standard zero knowledge proof of knowledge, that he knows the corresponding secret key S for P . Henceforth, the secret key is assumed available to the ....

C. Racko and D. R. Simon, \Non{interactive zero{knowledge proof of knowledge and chosen ciphertext attack," in Proc. CRYPTO'91, 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC