Amos Fiat

How to prove yourself: practical solutions to identification and signature problems

In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack if factoring is difficult, and typical implementations require only 1% to 4% of the number of modular multiplications required by the RSA scheme. Due to their simplicity, security and speed, these schemes are ideally suited for microprocessor-based devices such as smart cards, personal computers, and remote control systems.

Zero-knowledge proofs of identity

In this paper we extend the notion of interactive proofs of assertions to interactive proofs of knowledge. This leads to the definition of unrestricted input zero-knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions). We show the relevance of these notions to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. The advantages of thinking in terms of proofs of knowledge rather than proofs of assertions are demonstrated in two efficient variants of the scheme: unrestricted input zero-knowledge proofs of knowledge are used in the construction of a scheme which needs no directory; a version of the scheme based on parallel interactive proofs (which are not known to be zero knowledge) is proved secure by observing that the identification protocols are proofs of knowledge.

Zero knowledge proofs of identity

In this paper we extend the notion of zero knowledge proofs of membership (which reveal one bit of information) to zero knowledge proofs of knowledge (which reveal no information whatsoever). After formally defining this notion, we show its relevance to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. In the last part of the paper we consider the question of sequential versus parallel executions of zero knowledge protocols, define a new notion of “transferable information”, and prove that the parallel version of our identification scheme (which is not known to be zero knowledge) is secure since it reveals no transferable information.

Polymorphic Arrays: A Novel VLSI Layout For Systolic Computers

This paper proposes a novel architecture for massively parallel systolic computers, which is based on results from lattice theory. In the proposed architecture, each processor is connected to four other processors via constant-lenght wires in an regular borderless pattern. The mapping of processes to processors is continuous, and the architecture guarantees exceptional load uniformity for rectangular process arrays of arbitrary sizes. In addition, no timesharing is ever required when the ration of processes to processors is smaller than 1//spl radic/5.

How to find a battleship

Consider a “sea” of M squares which contains (at some unknown location) a “battleship” of K squares. Both the sea and the battleship can assume any rectangular shape. Our goal is to find the battleship by probing at least one of its squares. In this paper we describe a deterministic strategy for this problem which is guaranteed to locate the battleship in at most c1M/K probes, where c1 ≈ 3.065.

Polymorphic arrays: A novel VLSI layout for systolic computers

Abstract This paper proposes a novel architecture for massively parallel systolic computers, which is based on results from lattice theory. In the proposed architecture, each processor is connected to four other processors via constant-length wires in a regular borderless pattern. The mapping of processes to processors is continuous, and the architecture guarantees exceptional load uniformity for rectangular process arrays of arbitrary sizes. In addition, no time-sharing is ever required when the ratio of processes to processors is smaller than 1 √5 .