Batching Schnorr identification scheme with applications to privacy-preserving authorization and low-bandwidth communication devices

Abstract

We present a batch version of Schnorr's identification scheme. Our scheme uses higher degree polynomials that enable the execution of several Schnorr's protocol at a cost very close to that of a single execution. We present a full proof of security that our scheme is secure against impersonation attacks. The main application of this result is a very efficient way for a party to prove that it holds several secret keys (i.e. identities), where each identity is linked to a specific authorization. This approach protects the privacy of the prover allowing her to prove only the required set of authorizations required to perform a given task, without disclosing whether she is in possession of other privileges or not. We also show that our scheme is suitable to be implemented on lowbandwidth communication devices. We present an implementation of a smart card employing recent technology for the use of LEDs (Light Emitting Diodes) for bidirectional communication. Another contribution of our paper is to show that this new technology allows the implementation of strong cryptography. © International Association for Cryptologic Research 2004.