1 / 17

How to Explain Zero-Knowledge Protocols to Your Children

How to Explain Zero-Knowledge Protocols to Your Children. Paper Presentation by J. Chu. 3/20/2001. SC700 A2 Internet Information Protocols. Background. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu.

othello
Download Presentation

How to Explain Zero-Knowledge Protocols to Your Children

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Explain Zero-KnowledgeProtocols to Your Children Paper Presentation by J. Chu 3/20/2001 SC700 A2 Internet Information Protocols

  2. Background How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • 1. The Fact: Identifications and passwords are essential parts in a secured system in which they prevent unauthorized access to private materials. • The Problem:Passwords are assignedto authorized personnel and are meant to be kept secret. But ironically, one often have to give out his/her password during authentication. That’s not very safe! • The Solution:Zero-Knowledge Protocol! 3/20/2001 SC700 A2 Internet Information Protocols

  3. Introduction How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Zero-Knowledge Protocols allow one party to access a secured area without having that party to give out any private or secret information. • Examples of Zero-Knowledge Protocols: a. Bizcard b. Fiat-Shamir Protocol c. Guillou-Quisquater’s Analogy 3/20/2001 SC700 A2 Internet Information Protocols

  4. The Bizcard Example How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu Imagine the following scenario: Bob: “Let me in! I have access to this area!” Alice: “Oh really? What is the secret password?” Bob: “I can’t tell you my password; it’s a secret.” Alice: “That’s too bad. Because you cannot get in without telling me your secret password.” There must be a better solution… 3/20/2001 SC700 A2 Internet Information Protocols

  5. The Bizcard Example Continues How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • The Zero-Knowledge Protocol: • Assume that the password is a positive integer.Equipment: A deck of cards • While Alice is looking away. Bob counts from the top of the deck until he reaches the card that corresponds to the password. Bob then make an unique mark on one side of that card and turn over all the cards in the deck (without changing their order) and hand the deck to Alice. • Now Bob is looking away. Alice also counts from the top of the deck until she reaches the card that corresponds to the password. Alice then make an unique mark on the other side of that card. To conceal the secret, Alice shuffles the deck. • If the shuffled deck contains one card having distinct marks on both its sides, then it is possible that both Bob and Alice knows the password. Therefore, Bob is able to prove his knowledge of the password without revealing it to Alice. 3/20/2001 SC700 A2 Internet Information Protocols

  6. The Bizcard Example Continues How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • The Zero-Knowledge Protocol Phase II: • However, Alice is not convinced that Bob actually knows the password because the protocol is not perfect. Simply because Bob might have guessed the password! • Since the password, s, is a positive integer, it has to be limited by a range, z, such that: 1 s  z.If Bob doesn’t actually know the password, he could have guessed it anyway with a probability of 1/z. • The Solution: Alice can request Bob to perform the exact same experiment k times so that the probability of Bob correctly guessing the password every time is reduced to (1/z)k. • When (1/z)k is small enough, that is, when the probability of Bob actually knowing the password is high enough, Alice may grant Bob access to his account without worrying that he might be an imposter. 3/20/2001 SC700 A2 Internet Information Protocols

  7. To Make a Short Story Even Shorter… How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu “I can’t tell you my secret,but I can prove to youthat I know the secret.” 3/20/2001 SC700 A2 Internet Information Protocols

  8. The Actors How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • 1. The Prover (Bob): Bob has to prove that he knows some kind of secret (such as a password to a restricted area) but he doesn’t want to share it with anyone, not even the Verifier. • The Verifier (Alice): Alice has to verify whether Bob knows the secret or not. She can perform a series of experiment with Bob until she is ~100% certain whether Bob is authorized (or not). • The Malice (Oscar): Simply put, the bad guy who tries to cheat the security system. 3/20/2001 SC700 A2 Internet Information Protocols

  9. Properties of Zero-Knowledge Protocols How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • 1. Completeness: The Verifier will always accept a proof from the Prover, given that they both follows the correct protocol. • Soundness:The Verifier will not accept any “incorrect” proof from the Prover, given that the Verifier follows the correct protocol. • Zero-Knowledge:During the whole “proving” process, the Verifier will learn nothing about the Prover’s secret, nor will she be able to prove that secret to any other party. 3/20/2001 SC700 A2 Internet Information Protocols

  10. The Fiat-Shamir Protocol How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Fact: It is easier to compute x2 than x1/2. • Chosen is an arithmetic modulo n = pq, where p and q are primes. • Bob (the Prover) will choose a number s in Zn. He will keep s (private key) a secret but publish v = s2mod n (public key). • During authentication, Bob will randomly choose a number r in Zn and sends x = r2mod n to Alice (the Verifier). • After receiving x, Alice will randomly choose a number e, where e is in {0,1}, and send it to Bob. • After receiving e, Bob will send y = rse to Alice. • Alice will now need to check whether y2 mod n = xvemod n. If yes, Bob has passed the test. Alice might request Bob to perform the experiment as many times as she desires until she’s certain of Bob’s authority. Throughout the entire process, Alice will only need to work with the publicly known number x, e, & v and will learn nothing about the secret s. 3/20/2001 SC700 A2 Internet Information Protocols

  11. The Fiat-Shamir Protocol Continues How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Security Analysis: • Assuming that Oscar (the Malice) is listening to the entire transmission between Alice and Bob, he will not be able to learn anything about Bob’s secret since the secret itself had never been revealed or transmitted. • The fact that r is random prevents Oscar from recognizing any patterns between the values of yi, where i represents the ith transmission. • The fact that it is difficult to determine the square root of x increasing the level of security of the protocol. • With Alice performing the experiment k times, it is almost impossible for Oscar to impersonate Bob, given the fact that Oscar himself does not know the secret s. Since each time Oscar will have a 50% chance of passing Alice’s test. The probability of Oscar passing all k tests will be (1/2)k. 3/20/2001 SC700 A2 Internet Information Protocols

  12. Guillou-Quisquater’s Analogy How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu How is it possible to explain the concepts of Zero-Knowledge Protocols to young children? The Analogy of Ali Baba’s Cave A B C 3/20/2001 SC700 A2 Internet Information Protocols

  13. Guillou-Quisquater’s Analogy Continues How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu Quick Review: Ali Baba had discovered the secret of this strange cave. In which the password “open sesame” will vanish the secret wall between point B and point C, creating a loop. Without the knowledge of the password. One would see dead ends at both B & C. Years later, the cave was discovered and Mick Ali, a researcher is able to acquire the secret password of the cave. To prove his great discovery, Mick Ali invites a television network to make a documentary of the cave. Mick Ali wished not to share his secret password, however. So he set up a scenario, in which he would go to either point B or C, and a reporter will randomly request Mick Ali to go to point A via either the left or the right passage. Knowing the secret of the cave, Mick Ali had no trouble passing the reporter’s test. And therefore proving that he knows the password without having to reveal it. However, a fake version of the documentary had been made. It involved an Ali-look-alike performing the same experiment. But without the knowledge of the secret, the actor can only succeed 50% of the time. However, after editing the film, no one in the world can tell the different between the real and the fake version. A B C 3/20/2001 SC700 A2 Internet Information Protocols

  14. Guillou-Quisquater’s Analogy Continues How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Points of the Analogy: • By performing a series of verification experiment, it is possible to prove that you know a certain secret without sharing it with anyone. • Zero-Knowledge Protocols help prevent leaks of any secret information by not directly requesting the secret itself during verification. • Zero-Knowledge Protocols won’t care if you actually know the password or not, as long as you can prove that you know it. • Faking the proof of knowing the secret is possible, but it has a low probability of success. 3/20/2001 SC700 A2 Internet Information Protocols

  15. Real-World Applications How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Network Authentications • Smart Cards • Key Exchanges • Digital Signatures 3/20/2001 SC700 A2 Internet Information Protocols

  16. Pros and Cons How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu • Advantages of Zero-Knowledge Protocols: • Secured – Not requiring the revelation of one’s secret. • Simple – Does not involve complex encryption methods. • Disadvantages of Zero-Knowledge Protocols: • Limited – Secret must be numerical, otherwise a translation is needed. • Lengthy – There are 2k computations, each computation requires a certain amount of running time. • Imperfect – The Malice can still intercept the transmission (i.e. messages to the Verifier or the Prover might be modified or destroyed). 3/20/2001 SC700 A2 Internet Information Protocols

  17. References How to Explain Zero-KnowledgeProtocols to Your Children – J. Chu H. A. Aronsson, “Zero Knowledge Protocols and Small Systems”, “http://www.tml.hut.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html”, 1995 H. L. Marko, “Authentication Protocols Lecture Notes”, “http://www.cs.cmu.edu/afs/cs/academic/class/15827-f98/www/Slides/lecture3”, 1998 “Integrity Science – The Source for Knowledge-based Authentication”, “http://www.integritysciences.com”, 1996-2000 J.J. Quisquater and L. Guillou. "How to explain zero-knowledge protocols to your children", Lecture Notes in Computer Science, 435 (1990), 628-631. 3/20/2001 SC700 A2 Internet Information Protocols

More Related