Fig. 1
From: A covert authentication and security solution for GMOs
ZK proof of knowledge to verify authenticity. The prover and verifier are given the public input, an alleged signature (K 1,K 2)=μ with z=K 1, and the message (signature data) m. If \(\mu ={\mathcal {E}}(\sigma)\) is generated as above, then t 1=(s ′·σ)e and t 2=(g s+r,s ′ σ·y s+r) where s is the randomness used in ElGamal to encrypt s ′, and r is that used to encrypt σ. In this case, the protocol allows the prover to confirm the signature in ZK. If μ is a falsely implied signature, the protocol allows the prover to deny the signature in ZK