[摘要] These days it is rather common in cryptology to see ideas which originated in the setting of finite fields being extended to Z*N. However, the security results do not necessarily generalise to Z*N. In this paper we illustrate this phenomenon by pointing out a flaw in the soundness proof of a zero-knowledge protocol in a timed commitment scheme of Boneh and Naor. Notes: Steven Galbraith and Kenny Paterson, Information Security Group, Mathematics Department, Royal Holloway University of London, Egham, Surrey TW20 0EX, UK 3 Pages