Zero-Knowledge Challenge-Responce Protocol

Question

Good day to everyone.

I am trying to implement an e voting system (just for reference -it is not important though-it is described at the Internet Voting Protocol Based on Improved Implicit Security by Abhishek Parakh & Subhash Kak Version of record first published: 29 Jun 2010. ).

The protocol I am trying to implement mentions that "The Polling Station verifies the validity of Voter-id by conducting a zero-knowledge challenge-response protocol with the Registry Authority to validate the signature of voter-id."

I have searched at Google, and at Wikipedia about this protocol, but I didn't get much information. It is very important for me, to learn about what is this protocol, and what Polling station has to sent to Registry Authority, and what Registry Authority has to send back. Basically, I need to know how I can achieve to validate the voter-id.

Thank you very much for your time.

Ps. I just created account at this forum. If you need to provide you with any further information please ask it, and I will answer.

Answer 1

Reading the original paper, I figure out the question. This voting scheme employed the well-known undeniable signature scheme, proposed by Chaum and Van Antwerpen in 1989 (or Chaum 1990 or Chaum and Van Antwerpen 1991).

• KeyGen: The RA is a signer and has a public key $X = g^x$ and a secret key $x$
• Sign: For a message $m \in \mathbb{G} = \mathbb{Z}_p$, the signature is $\sigma = m^x \in \mathbb{G}$. (In your case, $m = r_{id}$.)
• Cofirmation: The verifier (the polling station) and the signer (the RA) interacts to verify a token $(r_{id},\sigma)$ from a voter is correct or not.

In confirmation, the RA proves that $\log_g(X) = \log_{r_{id}}(\sigma)$. You can find the standard $\Sigma$ protocol for this confirmation, say, the $\Sigma$ protocol for the DDH language.

You can find the $\Sigma$ protocol for the DDH language in the lecture notes available at the web.

• Section 5 of Berry Schoenmakers: Lecture Notes - Cryptographic Protocols
• Lindell: Sigma protocols and Zero Knowledge (Session 5 of Winter School on Secure Computation and Efficiency)

Answer 2

Unfortunately, you are probably not going to be able to fill in the missing details, unless you have a great deal of crypto experience (which it sounds like you don't have).

You could start by reading about zero-knowledge proofs. There's a lot of information on that subject available. You will need to know it before you can progress. It sounds like you are saying that the paper does not specify the particular zero-knowledge proof protocol to use; they just claim that it's possible to invent one. Therefore, to fill in the missing details, apparently you're going to have to invent the zero-knowledge proof protocol. That requires quite a bit of knowledge and experience with zero-knowledge proofs.

In practice, it's probably not realistic to think that you're going to be able to teach yourself this in a reasonable time frame. Therefore, I think you should give up on trying to implement this protocol. It sounds like the protocol is not fully specified, and thus is not really ready to be implemented. If the protocol is not fully specified, that's probably a pretty good hint that this is not ready for practical deployment, and implementing it is going to be beyond the reach of all but an expert in the area.