Schnorr-like identification scheme resistant to malicious subliminal setting of ephemeral secret

Abstract In this paper we analyze security of Schnorr Identification Scheme ( IS ) against subliminal setting of ephemeral secrets. We introduce a new strong security model, which allows the adversary to learn or set ephemeral values on the side of the prover. In this model, we define an IS scheme to be secure, if such an adversary, playing role of a verifier, cannot later impersonate the prover. The model primarily reflects a scenario, where the random number generator used for ephemeral secrets has been maliciously implemented or integrated. After showing that the original Schnorr IS is not secure in our model, we propose a modification, immune to such malicious activity. We prove the security of the modified construction in our new strong model. To prove the construction is practical, we provide an implementation and performance comparison with the original construction.