Zero-Knowledge Proof-of-Knowledge protocols are of particular interest for
authentication systems as developed for example in the IBM research laboratory in
Zurich. There is an arbitrary number of protocol instances that vary in terms of
protocol structure, additional restrictions on the preimages of the
homomorphisms, but also regarding the homomorphisms and groups itself that are
used. Depending on the concrete instance these protocols have
certain properties that might be useful for such systems.
The generation of a complete protocol instance for reasons of specification or
testing is a very time-consuming and error prone piece of work. Therefore this
process should be automated by the compiler that was developed during this diploma
thesis.
For this purpose an input language was created that allows to specify instances
of a certain protocol type and to add additional
types of checks using some auxiliary parameters. The user has the choice between
different levels of abstraction in specifying a certain protocol instance.
The compiler itself is written in java and is based on the traditional
object-oriented compiler design patterns. It contains in its library the basic skeleton of the
well-known Sigma protocol and of the 2Sigma protocol that was developed in the
research lab.
The compiler reads the input files with the protocol specifications written in
the input language mentioned above and checks for syntactical
correctness. Furthermore some semantic checks on the proper use of the protocol
parameters are performed. From these informations the compiler generates the
protocol instance either written as latex code or as java source code. The
latex code shows the detailed specification of the protocol instance consisting
of the documentation of the involved algebraic elements,
the facts that can be deduced in case of acceptance of the proof and all the steps performed during the
protocol execution. In case of java code generation it produces runnable java source code.
This code is based on an interface hierarchy that was developed during this
diploma thesis as well. At runtime the protocol instance has to be instantiated
with concrete implementations and can then be used for example for testing
reasons.