In response to the current need for fast, secure and cheap public-key cryptography, we propose an interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, very short transmission and minimal on-line computation. This leads to both efficient and secure applications well suited to implementation on low cost smart cards. We introduce GPS, a Schnorr-like scheme that does not require knowledge of the order of the group nor of the group element. As a consequence, it can be used with most cryptographic group structures, including those of unknown order. Furthermore, the computation of the prover's response is done over the integers, hence can be done with very limited computational capabilities. This paper provides complete security proofs of the identification scheme. From a practical point of view, the possible range of parameters is discussed and a report on the performances of an actual implementation on a cheap smart card is included: a complete and secure authentication can be performed in less than 20 milliseconds with low cost equipment.

Authors and Affiliations

1. France Telecom Research & Development, 42 rue des Coutures, BP 6243, F-1406, Caen Cedex 4, France

   Marc Girault

2. DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg, F-75700, Paris 07 SP, France

   Guillaume Poupard

3. Ecole normale superieure, Departement d'informatique, 45 rue d'Ulm, F-75230, Paris Cedex 05, France

   Jacques Stern

Corresponding author

Correspondence toGuillaume Poupard.

Reprints and permissions