Đang chuẩn bị liên kết để tải về tài liệu:
modern cryptography theory and practice wenbo mao phần 10

demonstratingnumerous cuộc tấn công vào các đề án như vậy, các giao thức và các hệ thống thuộcSybex đã cố gắng trong suốt cuốn sách này để phân biệt thương hiệu độc quyền từ các thuật ngữ mô tả bằng cách làm theo phong cách vốn được sử dụng bởi nhà sản xuất. | result . Theorem 18.1 r where is the class of all languages whose membership questions can be answered by IP protocols. - Moreover from our study in 4.4.1 we know that the completeness respectively soundness probability bound can be enlarged resp. reduced to arbitrarily closing to 1 resp. 0 by sequentially and independently repeating P V polynomially many times in the size of the common input and by V taking majority election to reach an acceptance rejection decision. Now let us review all the notions introduced so far by looking at a concrete example of IP protocol Prot 18.1. Protocol 18.1 An lnteractive Proof Protocol for Subgroup Membership see Remark 18.1 regarding the name of this protocol _ COMMON INPUT i. f a one-way function over satisfying the homomorphic condition Wj y e f x y f x f y ii. X f z for some - PRIVATE INPUT of Alice z n OUTPUT TO Bob Membership X 6 f 1 i.e. X is generated by f 1 . Repeat the following steps m times 1. Alice picks - . computes Commit i k and sends Commit to Bob 2. Bob picks Challenge ẽU 0 1 and sends it to Alice . o__ Ị k if Challenge 0 A 2 mod n if Challenge 1 3 She sends Response to Bob 4. Bob checks Response Commit Commit X if Challenge 0 if Challenge 1 he rejects and aborts the protocol if the checking shows error Bob accepts. Example 18.1. InProt 18.1 Alice is a prover and Bob is a verifier. The common input to Alice Bob is X f z . . . . . wheref is a one-way and homomorphic function over - stated in Prot 18.1. The membership claim made by Alice is that - 1 I C This is in fact the subgroup membershipX f 1 since X f 1 z see Remark 18.1 for a general condition for this problem to be hard for Bob . Alice s private input is as the pre-image of X under the one-way and homomorphic function f. In the protocol the two parties interact m times and produce the following proof transcript Commit .Challenge . Response .Commit .Challenge Response . The protocol outputsAccept if every checking conducted by Bob .