Schnorr Identification Protocol
Schnorr identification protocol
Schnorr Identification Scheme - GeeksforGeeks
Ring Signatures (Part 1): Schnorr Identity Protocol
Schnorr’s identification protocol
Identification protocol is different than signature scheme as identification protocol is used to identify that prover holds the private while signature scheme is used to verify that the holder indeed used the private key to sign the message and generate the signature.
Steps followed in schnorr identification protocol:
Let there be two parties and ,
- Alex has private key , public key =
- Generates random value,
- is sent to Alice
- Alice generates random challenge , and send to Alex
- Alex sends back:
- Alice verifies:
Not feasible, requires interaction from verifier. Also not publicly verifiable as both parties have to be involved.
Non-Interactive protocols like Fiat-Shamir which transforms any interactive to non-interactive.
Schnorr Digital Signature
- Introduction to Schnorr Signatures
- Schnorr Digital Signature - GeeksforGeeks
- How Schnorr signatures may improve Bitcoin
Used to implement “Proof of Knowledge”. Used in cryptography to prove to verifier that prover knows something . Verifier gets convinced that they are communicating with the prover without verifier’s knowledge of private key and prover is in fact, right about his private key.
Features:
- faster than ECDSA as doesn’t have to calculate
- linear
But this also proposes other disadvantages that this signature scheme can’t be used for aggregation and multi-sigs due to its linearity.
Non-interactive Schnorr identification protocol also exists using Fiat-Shamir transformation where challenge is not generated by verifier but where g: generator, q: prime number, h: public key, u: public key of random nonce