An efficient and secure two-flow zero-knowledge identification protocol

Abstract

In this paper, we propose a new zero-knowledge identification protocol. While the protocol consists of only two message flows, it does not rely on any underlying signature or encryption scheme. Its zero-knowledge property is preserved under concurrent composition and reset settings. It is secure under the strongest attack model which incorporates concurrent attacks, active-intruder attacks and reset attacks. Meanwhile its performance in computation and communication is close to that of the most efficient identification protocols not based on signature or encryption systems, most of which are insecure in this strong attack model.