• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3733-3755
• /
• 2019

E-cash has its merits comparing with other payment modes. However, there are two problems, which are how to achieve practical/complete tracing and how to achieve it in compact E-cash. First, the bank and the TTP (i.e., trusted third party) have different duties and powers in the reality. Therefore, double-spending tracing is bank's task, while unconditional tracing is TTP's task. In addition, it is desirable to provide lost-coin tracing before they are spent by anyone else. Second, compact E-cash is an efficient scheme, but tracing the coins from double-spender without TTP results in poor efficiency. To solve the problems, we present a compact E-cash scheme. For this purpose, we design an embedded structure of knowledge proof based on a new pseudorandom function and improve the computation complexity from O(k) to O(1). Double-spending tracing needs leaking dishonest users' secret knowledge, but preserving the anonymity of honest users needs zero-knowledge property, and our special knowledge proof achieves it with complete proofs. Moreover, the design is also useful for other applications, where both keeping zero-knowledge and leaking information are necessary.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.5
• /
• pp.833-840
• /
• 2015

In this paper, we are interested in a generalization of zero-knowledge interactive protocols between prover and verifier, especially to show that the product of an encrypted polynomial and a random polynomial, but published by a secure commitment scheme was correctly computed by the prover. To this end, we provide a generalized protocol for proving that the resulting polynomial is correctly computed by an encrypted polynomial and another committed polynomial. Further we show that the protocol is also secure in the random oracle model. We expect that our generalized protocol can play a role of building blocks in implementing secure multi-party computation including private set operations.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.29-31
• /
• 1994

In digital signature schemes derived from the zero-knowledge proof techniques, some authors often claims that the length of hash-values for their schemes could be as short as 64 or 72 bits for the security level of 2$^{-64}$ or 2$^{-72}$ . This letter shows that signature schemes with such short hash values cannot achieve the security levels as stated, due to the birthday attack by the signer.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.67-75
• /
• 2021

As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.675-686
• /
• 2021

According to the recent revision of Privacy Policy and the emerging importance of personal information, cooperations must verify customer identity (Know Your Costomer, KYC) while processing and managing this information so that it does not violate the Privacy Policy. One of the solution of this problem is zero-knowledge proof (ZKP). The use of the ZKP enables to verify the identity without exposing the identity information directly, thereby reducing the burden on the management of personal information while fulfilling the obligation of the cooperations to verify the identity. The ZKP could be employed to many other applications. In this paper, we analyze the ZKP technique and its applications currently being actively studied.

• Bulletin of the Korean Mathematical Society
• /
• v.46 no.4
• /
• pp.771-787
• /
• 2009

We use an idea of linear representations of the symmetric group to reduce the number of communication rounds in the verification protocol, proposed in Crypto 2005 by Peng et al., of a shuffling. We assume Paillier encryption scheme with which we can apply some known zero-knowledge proofs following the same line of approaches of Peng et al. Incidence matrices of 1-subsets and 2-subsets of a finite set is intensively used for the implementation, and the idea of $\lambda$-designs is employed for the improvement of the computational complexity.

• Journal of Korea Multimedia Society
• /
• v.7 no.12
• /
• pp.1708-1718
• /
• 2004

In this paper, we are concerned with a digital fingerprinting scheme for multi-purchase where a buyer wants to buy more than a digital content. If we apply previous schemes to multi-purchase protocol, the number of execution of registration step and decryption key should be increased in proportion to that of digital contents to be purchased in order to keep unlinkability. More worse, most of fingerprinting schemes in the literature are based on either secure multi-party computation or general zero-knowledge proofs with very high computational complexity. These high complexities complicate materialization of fingerprinting protocol more and more. In this paper, we propose a multi-purchase fingerprinting scheme with lower computational complexity. In the proposed scheme, a buyer executes just one-time registration step regardless of the number of contents to be purchased. The number of decryption key is constant and independent of the number of contents to be purchased. We can also reduce the computational costs of buyers by introducing a concept of proxy-based fingerprinting protocol.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.3
• /
• pp.25-32
• /
• 2022

DID(Decentralized Identity Identification) is a system in which users voluntarily manage their identity, etc., and control the scope and subject of submission of identity information based on a block chain. In the era of the 4th industrial revolution, where the importance of protecting personal information is increasing day by day, DID will surely be positioned as the industrial center of the Internet and e-business. However, when managing personal information, DID is highly likely to cause a large amount of personal information leakage due to electronic infringement, such as hacking and invasion of privacy caused by the concentration of user's identity information on global service users. Therefore, there are a number of challenges to be solved before DID settles into a stable standardization. Therefore, in this paper, we try to examine what problems exist in order to positively apply the development of DID technology, and analyze the improvement plan to become a stable service in the future.

• Journal of the Korean Mathematical Society
• /
• v.59 no.3
• /
• pp.621-634
• /
• 2022

The scaled inverse of a nonzero element a(x) ∈ ℤ[x]/f(x), where f(x) is an irreducible polynomial over ℤ, is the element b(x) ∈ ℤ[x]/f(x) such that a(x)b(x) = c (mod f(x)) for the smallest possible positive integer scale c. In this paper, we investigate the scaled inverse of (xⁱ - x^j) modulo cyclotomic polynomial of the form Φ_p^s (x) or Φ_p^sq^t (x), where p, q are primes with p < q and s, t are positive integers. Our main results are that the coefficient size of the scaled inverse of (xⁱ - x^j) is bounded by p - 1 with the scale p modulo Φ_p^s (x), and is bounded by q - 1 with the scale not greater than q modulo Φ_p^sq^t (x). Previously, the analogous result on cyclotomic polynomials of the form Φ_2ⁿ (x) gave rise to many lattice-based cryptosystems, especially, zero-knowledge proofs. Our result provides more flexible choice of cyclotomic polynomials in such cryptosystems. Along the way of proving the theorems, we also prove several properties of {x^k}_k∈ℤ in ℤ[x]/Φ_pq(x) which might be of independent interest.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.10
• /
• pp.3607-3623
• /
• 2014

The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.