How to Prove Yourself: Practical Solutions to Identification and Signature Problems

  title={How to Prove Yourself: Practical Solutions to Identification and Signature Problems},
  author={Amos Fiat and Adi Shamir},
In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack if factoring is difficult, and typical implementations require only 1% to 4% of the number of modular multiplications required by the RSA scheme. Due to their simplicity, security and speed, these schemes are ideally suited… Expand
An identity-based single-sign-on scheme for computer networks
  • Jian Ren
  • Computer Science
  • Secur. Commun. Networks
  • 2009
This paper presents a scheme to achieve secure user identification and authentication to multiple security-protected systems simultaneously through a single operation based on the well-known RSA cryptosystem, the discrete logarithm problem and the subset-sum NP-complete problem. Expand
Security Analysis of a Practical "on the fly" Authentication and Signature Generation
An interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the general problem of computing discrete logarithms modulo any number, short identity-based keys, very short transmission and minimal on-line computation are studied. Expand
Provably-Secure Identiflcation Schemes based on Conjugacy and DDH Problems
This thesis deals with a technique, called an identification scheme or entity authentication scheme, which allows one party to gain assurances that the identity of another is as declared, thereby preventing impersonation. Expand
Secure Human Identification Protocols
This paper provides definitions of what they believe to be reasonable goals for secure human identification and demonstrates that existing solutions do not meet these reasonable definitions and provides solutions which demonstrate the feasibility of the security conditions attached to these definitions, but which are impractical for use by humans. Expand
On the Security of a Practical Identification Scheme
  • V. Shoup
  • Mathematics, Computer Science
  • 1996
It is proved that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation. Expand
Efficient and provably secure identification scheme without random oracles
The research on the identification scheme is an important and active area in computer and communication security. A series of identification schemes were proposed to improve the efficiency andExpand
Code-Based Identification and Signature Schemes in Software
In this paper we present efficient implementations of several code-based identification schemes, namely the Stern scheme, the Veron scheme and the Cayrel-Veron-El Yousfi scheme. We also explain howExpand
Cryptographic authentication protocols for smart cards
This quick evolution of cryptology reflects the revolution of digital information, e.g., mobile phone and MPEG television, and the link between smart cards and cryptology is very strong: smart cards efficiently confine keys and algorithms. Expand
Cryptanalysis of Two Identification Schemes
This paper cryptanalyze two identification schemes and shows that they are not secure against impersonation under passive attack, and proposes a fix for one of the schemes to upgrade their security to secure under passive, active and concurrent attacks. Expand
A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory
This paper proposes a new scheme which requires the storage of only one authentication number in each security microprocessor and the check ofonly one witness number, and the needed computations are only 2 or 3 more than for the scheme of Fiat-Shamir. Expand


Identity-Based Cryptosystems and Signature Schemes
A novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other’s signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Expand
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge. Expand
How To Construct Randolli Functions
This paper develops a constructive theory of randomness for functions based on computational complexity. We present a deterministic polynomial-time algorithm that transforms pairs (g,r), where g isExpand
The knowledge complexity of interactive proof-systems
Permission to copy without fee all or part of this material is granted provided that the copies arc not made or distributed for direct commercial advantage. rhe ACM copyright notice and the title ofExpand
How to construct random functions
A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented that has applications in cryptography, random constructions, and complexity theory. Expand
A Secure Protocol for the Oblivious Transfer, presented at Eurocrypt
  • 25th Symposium on Foundations of Computer Science, October
  • 1984