SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS

Brijesh Kumar Chaurasia Computer Science and Engineering Department, IITM, India ABSTRACT
Today incerasing number of applications demand a committed bandwidth and high speed for their transmission but still there is already an urgent need of secure data transmission . My paper simply define the group signature and zero knowledge proofs protocols and applying these protocols we can prevent misuse of group signatures and the technique of group signatures can be used more effectively.

A Group Signature schemes as a digital signature scheme comprises the following:

1. Setup, 2. Join, 3. Sign, 4. Verify, 5. Open. 1. Setup: An interactive setup protocol between the membership manager, the group members, and the revocation manager. On input of a security parameter 1? this probabilistic algorithm outputs the initial group public key P and the secret key S for the group manager. The membership manager is responsible for the system setup and for adding group members while revocation manager has the ability to revoke the anonymity of the signatures. 2. Join: An interactive protocol between the group manager and a user that result in the user becoming a new group member. 3. Sign: An interactive protocol between the group member and a user whereby a group signature on a user supplied message is computed by the group member. Verify: An algorithm for establishing the validity of a group signature given a group public key and a signed message. 4. Open: An algorithm that, given a signed message and a group secret key, determines the identity of the signer.

1. INTRODUCTION
Group Signature, introduced by David Chaum and Eugene Van Heyst, CWI Centre for Mathematics and Computer Science, Netherlands. A series of improvements and enhancements followed [1,2,3,4,5]. Group Signature is a technique which allows only the members of a Group to sign a message without revealing the identity of signer but a group authority can verify the signer of a group. In Toto Group Signatures are a "generalization" of credential mechanism and membership (authentication) schemes, in which a group a group member can convince a verifier that he belongs to a certain group, without revealing his identity,

In short Group Signature is characterized by the following points:

Only members of the group can sign message. The receiver of the signature can verify that it is a valid signature from the group. The receiver of the signature cannot determine which member of the group is the signer. In the case of a dispute, the signature can be opened to reveal the identity of the signer.

A secure group signature schemes must satisfy 5. the following prosperities:

1. Correctness: Signatures produced by a group member using sign must be accepted by verify.

2. Anonymity: Given a signature, identifying the actual signer is computationally difficult for everyone but the group member. 3. Unlinkability: Deciding whether two different signatures have been computed by the same group member is computationally hard. 4. No framing: Even if the group manager and some of the group members collude, they cannot sign on behalf of non-involved group member. 5. Traceability: The group manager can always established the identity of the member who issued a valid signature. 6. Coalition-resistance: A colluding subset of group members cannot generate a valid signature that cannot be traced. A group signature allows any member of a group to sign on behalf of the group. Group signatures are publicly verifiable and can be verified with respect to a single group public key. Only a designated group manager can revoke the anonymity of the group signature and find out the identity of the group member who issued a given signature. Furthermore, group signatures are unlikable, which makes it computationally hard to establish whether or not multiple signatures are produced by the same group member. At the same time, no one, including the group manager, can misattribute a valid group signature. A group signature scheme could for instance be used in many specialized applications, such as voting and binding. A group signature scheme could be used by an employee of a large company to sign documents on behalf of company. A further application of a group signature scheme is electronic cash. In this case several banks issue coins, but it is impossible for shops to find out which bank issued a coin that is obtained from a customer. Central bank plays the role of the group manager, with all the other banks issuing coins as group members.

requirements than using comparable public key protocols. Thus Zero-knowledge protocols seem very attractive especially in smart card and embedded applications. There is quite a lot written about Zero-knowledge protocols in theory, but not so much practical down-toearth material is available even though Zero-knowledge techniques have been used in many applications.

3. ZERO-KNOWLEDGE PROTOCOL BASIC

Zero-Knowledge protocols ,as their name says, are cryptographic protocols which di not reveal the information or secret itselfs during the protocols ,or any eavesdropper. They have some very interesting properties, e.g. as the secret itself (e.g. your identity) is not transferred t the verification part, they cannot try to masquerade as you to any third party. Although Zero-Knowledge protocols looks a bit unusual, must usual cryptographics problems can be solved by using them, as well as with pulic key cryptography. For some application, like key exchange (For later normal cheap and some application, likes key exchange (for later normal cheap and fast symmetric encryption on the communication link ) r proving mutual identities, zeroKnowledge protocols can in many occasions be a very good and Suitable solution.

4. ZERO-KNOWLEDGE TERMINOLOGY
The secret means some piece of information, be it a password, the private key of a public key cryptosystem, a solution to some mathematical problem or a set of credentials. With Zero-Knowledge protocols, the prover can convince the verifier that she is in possession of the knowledge, the secret ,without revealing the secret itself, unlike e.g. normal username-password queries. Accreditation means the building of confidence in each iteration of the protocol. If in one step of a ZeroKnowledge protocol, the chance f an impostor being able to provide the answer is 1 in 2, The chances of her passing an entire conversation are 2^- (number of accreditation rounds). Often the prover will offer a problem (i,e particular numeric values for a generic hard-to-solve mathematical

2. ZERO KNOWLEDGE
Zero-knowledge protocols allow identification, key exchange and other basic cryptographic operations to be implemented without leaking any secret information during the conversation and with smaller computational

problem, e.g. factoring extremely large numbers, which will ask for one of the 2 or or more possible solution to the hard mathematical problem, she is ables to provide any of the solution ask for. If she doest know the real solution, she can not provide all of the possible solutions, and if the verifier asks for one of the Cut-and0choose protocols work in the way, that one failure means the failure of the whole protocol (i.e. that the prover is not legitimate), but you can keep working on the protocol as long as you want, if the prover is legitimate. After you reach the level of confidence you need without being cut off, the protocol is successful. The notion of Zero-Knowledge was set forward by Goldwasser, Micali and Rackoff[6]. Essentially, a ZeroKnowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion. In the context of [6,8], all Zero -Knowledge protocol will necessary protocol will necessarily disclose more than the validity of the assertion: the fact the prover knows why this assertion is valid is also disclosed. (In the context of interactive proofs, the fact that the prover has this knowledge is implied by her unbounded computing power). Nevertheless, this additional piece of information revealed when the provers computing power is limited makes it possible to design protocols that actually reveal less than would be possible for any (interesting) interactive proofs in which the prover has unbounded computing power: these are the proofs of ZeroKnowledge discussed at the end of the previous section. A protocol is perfect Zero-knowledge [7] if the verifier does not learn any-thing at all from the interaction beyond the validity of the assertion involved and --if relevant the fact that the prover knows why it is valid. In order to define this notion more formally, on has to consider the view of what the verifier sees during his interaction with the prover. This consists of the outcome of his random coin tosses as well as of everything that the prover tells him during the interaction. Because of the probabilistic nature of interactive protocols (including random choices made by the prover), a probability distribution is defined on the verifier. A protocol is perfect Zero-knowledge if , to each polynomial-time verifier, there corresponds a polynomial-time simulator capable of producing a view taken from exactly the same probability distribution without ever talking to the prover. Intuitively, the existence of this simulator shows that the verifier does not

learn anything from the interaction since the prover does not tell him anything that he could not have produced by himself (probabilistically speaking). Using this Zero Knowledge proofs protocol in group signature we can identify that who is signer and without reveal that signature. If this concept is works that another advantage that a Zero-Knowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion

5. CONCLUSION
In this paper there are two folds: To simplify and unify the proofs for the protocols for the Zero-knowledge property and to apply these in group signature theory. Using these, we believe that the misuse of group signatures can be minimized and the technique of group signatures can be used more efficiently.

6. REFERENCES
[1] D. Chaum, and E. van Heijt, Group signature, Advances in Cryptology - Eurocrypt 91, springer-Verlag(1991) 257265. [2] J. Camenish. Efficient and generalized group signatures. In W. Fumy, editor, Advanced in Cryptology EUROCRYPT 97, volume 1233 of Lecture Notes in computer science, pages 465-479. springer Verlag, 1997. [3] L.chen and T. P. Pedersen. New group signatures schemes. In A De. Santis, editor, Advanced in Cryptology - EUROCRYPT 94, volume 950 of Lecture Notes in computer science, pages 171-181. Springer Verlag, 1995. [4] S. J. kim, S. J. Park, and D. H. Won. Convertible group signatures. In K. Kim and T. Matsumoto, editors, Advanced in Cryptology - ASIACRYPT 96, volume 1163 of Lecture Notes in computer science, pages 311-321. springer Verlag, 1996. [5] H. Petersen. How to convert any digital signature scheme into a group signature scheme. In M. Lomas and S. Vaudenay, editors, Security Protocols Workshop, Paris,1997. [6] Goldwasser, Micalie, Racoff. The Knowledge complixity of interactive proof system, 1985. [7] Goldreich., Micali, and Wigderson. How to Prove All NP-Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design, 1986.
s

.
D. M. Gorden and K. S. McCurely. Massively parallel computation of discrete logarithms, Advances in cryptology CRYPTO 92, p.g. 312-323, Springer Verlag , [GMR86],1993.

[8]

AUTHOR PROFILE
Brijesh Kumar Chaurasia,Reader, CSE,IITM, Profile:M.Tech. (Computer Science) from Devi Ahilya Vishwa ,Vidhialaya, Indore (M.P.).Area of Expertise and Interest: Web Mining, Data Mining, Search Engine Technology ,OOAD with UML, Software Testing, Cryptography.Experience details:Presently I am working as a Reader in Computer Science and Engineering, IITM, Gwalior (M.P.).Five Years experience as a Lecturer in ITM Universe, Sithouli,Gwalior (M. P.),1.5 years experience in design and development of Suns applications using J2EE under Windows environment