Skip to content
Related Articles
Open in App
Not now

Related Articles

Schnorr Identification Scheme

Improve Article
Save Article
  • Difficulty Level : Hard
  • Last Updated : 05 Sep, 2020
Improve Article
Save Article

Schnorr signature is known for its simplicity and is among the first whose security is based on the intractability of certain discrete logarithm problems. The Schnorr digital signature scheme is different from the identification scheme. An identification scheme is used for the holder of the private key to prove to you that they hold the private key. A signature scheme in addition proves that the key holder used their private key with a specific message as an input value in order to generate a verifiable digital signature on that specific message. 

Schnorr Identification Scheme with the discrete logarithm

Meaning of equivalence ‘≡’

The elements of the integers modulo (often shortened to “mod”) 36 are 0, 1, . . . , 34, 35. Then 41 is equivalent to 5 modulo 36, written 41 ≡ 5 mod 36, because when 41 is divided by 36 the remainder is 5.

Similarly, we also have 57 ≡ 5 mod 26.

Discrete logarithm:

Discrete logarithms are logarithms defined with regard to multiplicative cyclic groups. If G is a multiplicative cyclic group and g is a generator of G, then from the definition of cyclic groups, we know every element h in G can be written as gx for some x. The discrete logarithm to the base g of h in the group G is defined to be x .

If the group is A, and the generator is 2, then the discrete logarithm of 1 is 4 because 24 ≡ 1 mod 5.

Logarithm logb(a) is a number x such that bx = a, for given numbers a and b. Analogously, in any group G, powers bk can be defined for all integers k, and the discrete logarithm logb(a) is an integer k such that bk = a.

We have the following 3 parameters:

  • g is the Generator,
  • x is the secret value
  • p is the prime number.


The prover Sanchita has a proving public key of (g, X) where g is a generator, and X=gx(modN). After Sanchita generates her public proving key, she will then be challenged by Sachin to produce the correct result. A discrete logarithm is an integer x satisfying the equation ax≡b(modm) where a and m are relatively prime.

With Schnorr identification, Sanchita (the prover) has a proving public key of (N, g, X) and a proving secret key of (N, x). N is a prime number for the modulus operation, and x is the secret, and where:


On the registration of the secret, Sanchita generates a random value (y), and then computes Y:


This value is sent to Sachin (who is the verifier). Sachin then generates a random value (c) and sends this to Sanchita. This is a challenge for Sanchita to produce the correct result. Sanchita then computes:


He then sends this to Sachin in order to prove that he knows x. Sachin then computes two values:

val1 = YXc(modN)
val2 = gz(modN)

If the values are the same (val1≡val2), Sanchita has proven that she knows x.

This works because:

YXc = gygxc = gy+cx
gz = gy+cx


import random
import sys
generator = 3
secretVal = random.randint(1, 97)
X = pow(generator, secretVal) % PRIMENO
y = random.randint(1, 97)
Y = pow(generator, y) % PRIMENO
print("Sanchita (the Prover) generates these values:")
print("secretVal(secret)= ", secretVal)
print("X= ", X)
print("\nSanchita generates a random value (y):")
print("y=", y)
print("\nSanchita computes Y = generator^y \
(mod PRIMENO) and passes to Sachin:")
print("Y=", Y)
print("\nSachin generates a random value (c) and\
passes to Sanchita:")
c = random.randint(1, 97)
print("c=", c)
print("\nSanchita calculates z = y.secretVal^c \
(mod PRIMENO) and send to Sachin (the Verifier):")
z = (y + c * secretVal)
print("z=", z)
print("\nSachin now computes val=generator^z (mod PRIMENO)\
and (Y X^c (mod PRIMENO)) and determines if they are the same\primeNo")
val1 = pow(generator, z) % PRIMENO
val2 = (Y * (X**c)) % PRIMENO
print("val1= ", val1, end=' ')
print(" val2= ", val2)
if (val1 == val2):
    print("Sanchita has proven that she knows x")
    print("Failure to prove")


schnorr identification scheme python


  • It has its use case in cryptographic research
  • It is used in the implementation of Zero-Knowledge Proof.
  • It provides a more secure way for authentication without the prover revealing its secret key.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!