On Sigma-Protocols and (packed) Black-Box Secret Sharing Schemes

$\Sigma$-protocols are a widely utilized, relatively simple and well understood type of zero-knowledge proofs. However, the well known Schnorr $\Sigma$-protocol for proving knowledge of discrete logarithm in a cyclic group of known prime order, and similar protocols working over this type of groups, are hard to generalize to dealing with other groups. In particular with hidden order groups, due to the inability of the knowledge extractor to invert elements modulo the order. In this paper, we introduce a universal construction of $\Sigma$-protocols designed to prove knowledge of preimages of group homomorphisms for any abelian finite group. In order to do this, we first establish a general construction of a $\Sigma$-protocol for $\mathfrak{R}$-module homomorphism given only a linear secret sharing scheme over the ring $\mathfrak{R}$, where zero knowledge and special soundness can be related to the privacy and reconstruction properties of the secret sharing scheme. Then, we introduce a new construction of 2-out-of-$n$ packed black-box secret sharing scheme capable of sharing $k$ elements of an arbitrary (abelian, finite) group where each share consists of $k+\log n-3$ group elements. From these two elements we obtain a generic ``batch\u27\u27 $\Sigma$-protocol for proving knowledge of $k$ preimages of elements via the same group homomorphism, which communicates $k+\lambda-3$ elements of the group to achieve $2^{-\lambda}$ knowledge error. For the case of class groups, we show that our $\Sigma$-protocol improves in several aspects on existing proofs for knowledge of discrete logarithm and other related statements that have been used in a number of works. Finally, we extend our constructions from group homomorphisms to the case of ZK-ready functions, introduced by Cramer and Damg\aa rd in Crypto 09, which in particular include the case of proofs of knowledge of plaintext (and randomness) for some linearly homomorphic encryption schemes such as Joye-Libert encryption. However, in the case of Joye-Libert, we show an even better alternative, using Shamir secret sharing over Galois rings, which achieves $2^{-k}$ knowledge soundness by communicating $k$ ciphertexts to prove $k$ statements

On the subgroup permutability degree of some finite simple groups.

PhDConsider a finite group G and subgroups H;K of G. We say that H and K permute if HK = KH and call H a permutable subgroup if H permutes with every subgroup of G. A group G is called quasi-Dedekind if all subgroups of G are permutable. We can define, for every finite group G, an arithmetic quantity that measures the probability that two subgroups (chosen uniformly at random with replacement) permute and we call this measure the subgroup permutability degree of G. This measure quantifies, among others, how close a finite group is to being quasi-Dedekind, or, equivalently, nilpotent with modular subgroup lattice. The main body of this thesis is concerned with the behaviour of the subgroup permutability degree of the two families of finite simple groups PSL2(2n), and Sz(q). In both cases the subgroups of the two families of simple groups are completely known and we shall use this fact to establish that the subgroup permutability degree in each case vanishes asymptotically as n or q respectively tends to infinity. The final chapter of the thesis deviates from the main line to examine groups, called F-groups, which behave like nilpotent groups with respect to the Frattini subgroup of quotients. Finally, we present in the Appendix joint research on the distribution of the density of maximal order elements in general linear groups and offer code for computations in GAP related to permutabilityChrysovergis Endowment, under the auspices of the National Scholarships Foundation of Greec

Inverse zero-sum problems and algebraic invariants

In this article, we study the maximal cross number of long zero-sumfree sequences in a finite Abelian group. Regarding this inverse-type problem, we formulate a general conjecture and prove, among other results, that this conjecture holds true for finite cyclic groups, finite Abelian p-groups and for finite Abelian groups of rank two. Also, the results obtained here enable us to improve, via the resolution of a linear integer program, a result of W. Gao and A. Geroldinger concerning the minimal number of elements with maximal order in a long zero-sumfree sequence of a finite Abelian group of rank two.Comment: 17 pages, to appear in Acta Arithmetic