摘要 |
The proof verification system of the present invention is composed of a proving device (100) and a verifying device (200). The proving device (100) holds m items of n items of secret data, and finds a plurality of Commit values from a portion of the plurality of elements of a cyclic group to transmit to the verifying device. Upon receiving a Challenge value c from the verifying device, the proving device generates remaining elements of a plurality of elements of the cyclic group, calculates a plurality of response values from the result, and transmits the plurality of elements of the cyclic group and the plurality of response values. The verifying device (200), upon receiving the plurality of Commit values from the proving device, transmits to the proving device a Challenge value c that is chosen from a plurality of random numbers, and upon receiving the plurality of elements of the cyclic group and the plurality of response values from the proving device, verifies the validity of the plurality of elements of the cyclic group, and if proper, verifies whether the proof statement resulting from the set (Commit value, Challenge value, response value) is valid or not.
|