Ivan Damgard, E#cient Concurrent Zero-Knowledge in the Auxiliary String Model Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
An Efficient System for Non-transferable Anonymous.. - Camenisch, Lysyanskaya (2001) (4 citations) (Correct)
....and to arbitrary modular relations. Concurrent Executions It is important that we use protocols that are concurrent zero knowledge. They are characterized by remaining zero knowledge even if several instances of the same protocol are run arbitrarily interleaved. In the public key model, Damgard [Dam00] shows a general technique for making the so called # protocols (these include all the proofs of knowledge used here) 7 composable under concurrent composition without incurring a penalty in communication or round complexity. All the proofs of knowledge we use in this paper incorporate this ....
Ivan Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In Bart Preneel, editor, Advances in Cryptology --- EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 431--444. Springer Verlag, 2000.
A Signature Scheme with Efficient Protocols - Camenisch, Lysyanskaya (2002) (2 citations) (Correct)
....while hiding all details. 6 Protocols for the Signature Scheme In the sequel, we rely on honest verifier zero knowledge proofs of knowledge of representation protocols; they can be converted into a general zeroknowledge proof using standard techniques based on trapdoor commitment schemes (cf. [17]) 6.1 Protocol for Signing a Committed Value Informally, in a protocol for signing a committed value, we have a signer with public key PK, and the corresponding secret key SK, and a user who queries the signer for a signature. The common input to the protocol is a commitment C for which the ....
I. Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In B. Preneel, editor, Advances in Cryptology --- EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 431--444. Springer Verlag, 2000.
An Identity Escrow Scheme with Appointed Verifiers - Camenisch, Lysyanskaya (2001) (5 citations) (Correct)
....a proof protocol can be described by just pointing out its aim while hiding all details. It is important that we use protocols that are concurrent zero knowledge. They are characterized by remaining zero knowledge even if several instances of the same protocol are run arbitrarily interleaved [24, 25]. Damgard [24] shows that so called # protocols (this includes all the PK s discussed above) can easily be made concurrent zero knowledge in many practical scenarios, including the public key model. We assume throughout that the latter technique is used with all PK s. 4.2 Proving that a ....
....can be described by just pointing out its aim while hiding all details. It is important that we use protocols that are concurrent zero knowledge. They are characterized by remaining zero knowledge even if several instances of the same protocol are run arbitrarily interleaved [24, 25] Damgard [24] shows that so called # protocols (this includes all the PK s discussed above) can easily be made concurrent zero knowledge in many practical scenarios, including the public key model. We assume throughout that the latter technique is used with all PK s. 4.2 Proving that a Commitment Contains a ....
[Article contains additional citation context not shown here]
I. Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT 2000, vol. 1807 of LNCS, pp. 431--444. Springer Verlag, 2000.
Practical Forward Secure Group Signature Schemes - Song (24 citations) (Correct)
....of knowledge of the discrete logarithm: Let G = #g# denote a group of prime order q and y # G. We use PK (#) y = g # (m) to denote the signature of knowledge of log g y in group G. This protocol was designed by [29, 15] and shown to be zero knowledge in the auxiliary string model [19]. Signature of knowledge of the discrete logarithm in QRn : Let n = pq, where p = 2p # 1, q = 2q # 1, and p, q, p # and q # are all primes. Let g be the generator of QRn , and y # QRn . We use PK (#) y = g # (m) to denote the signature of knowledge of log g y in group QRn [22] In ....
I. Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In B. Preneel, editor, Advances in Cryptology - EUROCRYPT 2000, pages 431--444, Berlin, 2000. Springer-Verlag. Lecture Notes in Computer Science Volume 1807.
Perfect Hiding and Perfect Binding Universally Composable .. - Damgård, Nielsen (2001) (6 citations) Self-citation (Damgard) (Correct)
....for which a = A(x, w, r a ) and z = Z(x, w, r a , e) Special Soundness There exists a PPT algorithm extract, which given x, a, e, z) and (a, e # , z # ) where e #= e # , B(x, a, e, z) 1, and B(x, a, e # , z # ) 1, outputs w # extract(x, a, e, z, e # , z # ) such that (x, w) # R. In [Dam00] it is shown how to use # protocols in a concurrent setting. This is done by letting the first message be a commitment to a and then letting the third message be (a, r, z) where (a, r) is an opening of the commitment and z is computed as usual. If the commitment scheme used is a trapdoor ....
Ivan Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In Bart Preneel, editor, Advances in Cryptology - EuroCrypt 2000, pages 418--430, Berlin, 2000. Springer-Verlag. Lecture Notes in Computer Science Volume 1807. 42
Testing Disjointness of Private Datasets - Aggelos Kiayias And (2005) (2 citations) (Correct)
No context found.
Ivan Damgard, E#cient Concurrent Zero-Knowledge in the Auxiliary String Model
Provably Secure Substitution of Cryptographic Tools - Lea Kissner Leak (2006) (Correct)
No context found.
I. Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT, 2000. http://www.daimi.au.dk/ ~ ivan/papers/concurrent.ps.
A Handy Multi-Coupon System - Sebastien Canard Aline (2006) (Correct)
No context found.
Ivan Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In Preneel [35], pages 418--430.
Testing Disjointness of Private Datasets - Aggelos Kiayias And (2005) (2 citations) (Correct)
No context found.
Ivan Damgard, E#cient Concurrent Zero-Knowledge in the Auxiliary String Model
Testing Disjointness of Private Datasets - Kiayias, Mitrofanova (2005) (2 citations) (Correct)
No context found.
Ivan Damgard, E#cient Concurrent Zero-Knowledge in the Auxiliary String Model
On Protocol Security in the Cryptographic Model - Nielsen (2003) (1 citation) (Correct)
No context found.
Ivan Damgard. E#cient concurrent zero-knowledge in the auxiliary string model. In Bart Preneel, editor, Advances in Cryptology - EuroCrypt 2000, pages 418-- 430, Berlin, 2000. Springer-Verlag. Lecture Notes in Computer Science Volume 1807.
Concurrent/Resettable Zero-Knowledge with Concurrent Soundness in.. - Zhao (2003) (Correct)
No context found.
I. Damgard. E#cient Concurrent Zero-Knowledge in the Auxiliary String Model. In B. Preneel (Ed.): Advances in Cryptology-Proceedings of EUROCRYPT 2000.
Practical Verifiable Encryption and Decryption of Discrete.. - Camenisch, Shoup (2003) (17 citations) (Correct)
No context found.
I. Damgard, E#cient concurrent zero-knowledge in the auxiliary string model, Advances in Cryptology --- EUROCRYPT
Multi-trapdoor Commitments and their Applications to Proofs of.. - Gennaro (2004) (3 citations) (Correct)
No context found.
I. Damgard. E#cient Concurrent Zero-Knowledge in the Auxiliary String Model. Proc. of EUROCYPT'00 (LNCS 1807), pp.174--187, Springer 2000. 25
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC