Re: [Cfrg] Internet Drafts on J-PAKE and Schnorr signature
Vadym Fedyukovych <vf@unity.net> Wed, 22 May 2013 17:41 UTC
Return-Path: <vf@unity.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9625F21F9412 for <cfrg@ietfa.amsl.com>; Wed, 22 May 2013 10:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9igJYxHctf+E for <cfrg@ietfa.amsl.com>; Wed, 22 May 2013 10:40:58 -0700 (PDT)
Received: from vc.unity.net (140-242.trifle.net [195.24.140.242]) by ietfa.amsl.com (Postfix) with ESMTP id 0A3F021F9545 for <cfrg@irtf.org>; Wed, 22 May 2013 10:40:57 -0700 (PDT)
Received: from vf by vc.unity.net with local (Exim 4.80) (envelope-from <vf@unity.net>) id 1UfD1x-0006Cs-Vz; Wed, 22 May 2013 20:40:54 +0300
Date: Wed, 22 May 2013 20:40:53 +0300
From: Vadym Fedyukovych <vf@unity.net>
To: Feng Hao <feng.hao@newcastle.ac.uk>
Message-ID: <20130522174053.GA3193@vc.unity.net>
References: <F873D97FA10C994394C54ADD5C3F3DBD92FA6EC2A1@EXSAN03.campus.ncl.ac.uk> <F873D97FA10C994394C54ADD5C3F3DBD92FA6EC2A3@EXSAN03.campus.ncl.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Disposition: inline
In-Reply-To: <F873D97FA10C994394C54ADD5C3F3DBD92FA6EC2A3@EXSAN03.campus.ncl.ac.uk>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: vf@unity.net
X-SA-Exim-Scanned: No (on vc.unity.net); SAEximRunCond expanded to false
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Internet Drafts on J-PAKE and Schnorr signature
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2013 17:41:02 -0000
On Tue, May 21, 2013 at 08:33:43PM +0100, Feng Hao wrote:
> Hi,
>
> I just submitted two internet drafts for J-PAKE and Schnorr signature. The latter is a building block for the former, but I separated it out as the technique could be generally useful to other applications as well.
>
> I appreciate any comments or suggestions.
>
> Regards,
> Feng
"..is a zero-knowledge proof primitive"
"It has been proven secure assuming that
the verifier is honest and that the discrete logarithm problem is
intractable"
"3. Zero-knowledge: a prover leaks no more than one bit information
to the verifier: whether the prover knows the discrete logarithm."
Simulator algorithm is not mentioned in zero knowledge definition is section 3.
Extractor algorithm and formal definition of proof of knowledge is missing.
"Replay attack" considerations may need be updated.
Honest verifier zero knowledge is a property of simulated transcript
indistinguishable from all session transcripts with verifiers
that honestly follow the protocol and choose the challenge at random (not as a hash).
Goldreich, O., Micali, S., Wigderson, A.
Proofs that yield nothing but their validity or all languages in {NP} have zero-knowledge proof systems
J. ACM 38(1) (1991) 691--729
Bellare, M., Goldreich, O.
On Defining Proofs of Knowledge
It may be reasonable to also mention DAA, Idemix, U-Prove
that treat user attributes just like private keys.
Regards,
Vadym
> ...
> Filename: draft-hao-schnorr
> Revision: 00
> Title: Schnorr Signature: Non-interactive Zero Knowledge Proof for Discrete Logarithm
> Creation date: 2013-05-21
> Group: Individual Submission
> Number of pages: 11
> URL: http://www.ietf.org/internet-drafts/draft-hao-schnorr-00.txt
> Status: http://datatracker.ietf.org/doc/draft-hao-schnorr
> Htmlized: http://tools.ietf.org/html/draft-hao-schnorr-00
>
> Abstract:
> This document describes the Schnorr signature, a non-interactive
> variant of the three-pass Schnorr identification scheme. The Schnorr
> signature allows one to prove the knowledge of a discrete logarithm
> without leaking its value. It can serve as a useful building block
> for many cryptographic protocols to ensure the participants follow
> the protocol specification honestly.
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Internet Drafts on J-PAKE and Schnorr sign… Feng Hao
- Re: [Cfrg] Internet Drafts on J-PAKE and Schnorr … Vadym Fedyukovych