Short Proofs of Knowledge for Factoring

The aim of this paper is to design a proof of knowledge for the factorization of an integer n. We propose a statistical zero-knowledge protocol similar to proofs of knowledge of discrete logarithm a la Schnorr. The efficiency improvement in comparison with the previously known schemes can be compared with the difference between the Fiat-Shamir scheme and the Schnorr one. Furthermore, the proof can be made non-interactive. From a practical point of view, the improvement is dramatic: the size of such a non-interactive proof is comparable to the size of the integer n and the computational resources needed can be kept low; three modular exponentiations both for the prover and the verifier are enough to reach a high level of security.