1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children.

Slides:



Advertisements
Similar presentations
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Advertisements

Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Session 4 Asymmetric ciphers.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1 Adapted from Oded Goldreich’s course lecture notes.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
Lecture 6: Public Key Cryptography
Strong Password Protocols
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
Lecture 11: Strong Passwords
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Network Security – Special Topic on Skype Security.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Flipping coins over the telephone and other games.
Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Multi-Party Proofs and Computation Based in part on materials from Cornell class CS 4830.
Zero Knowledge Proofs Matthew Pouliotte Anthony Pringle Cryptography November 22, 2005 “A proof is whatever convinces me.” -~ Shimon Even.
Private key
Cryptography CS Lecture 19 Prof. Amit Sahai.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Public Key Encryption Major topics The RSA scheme was devised in 1978
Cryptographic Hash Function
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
09 Zero Knowledge Proof Hi All, One more topic to go!
Zero-Knowledge Proofs
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Presentation transcript:

1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children

2 SC700 A2 Internet Information Protocols 3/20/ The Fact: Identifications and passwords are essential parts in a secured system in which they prevent unauthorized access to private materials. 2.The Problem: Passwords are assigned to authorized personnel and are meant to be kept secret. But ironically, one often have to give out his/her password during authentication. That’s not very safe! 3.The Solution: Zero-Knowledge Protocol! How to Explain Zero-Knowledge Protocols to Your Children – J. ChuBackground

3 SC700 A2 Internet Information Protocols 3/20/ Zero-Knowledge Protocols allow one party to access a secured area without having that party to give out any private or secret information. 2.Examples of Zero-Knowledge Protocols: a. Bizcard b. Fiat-Shamir Protocol c. Guillou-Quisquater’s Analogy How to Explain Zero-Knowledge Protocols to Your Children – J. ChuIntroduction

4 SC700 A2 Internet Information Protocols 3/20/2001 Imagine the following scenario: Bob: “Let me in! I have access to this area!” Alice: “Oh really? What is the secret password?” Bob: “I can’t tell you my password; it’s a secret.” Alice: “That’s too bad. Because you cannot get in without telling me your secret password.” There must be a better solution… How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example

5 SC700 A2 Internet Information Protocols 3/20/2001 The Zero-Knowledge Protocol: Assume that the password is a positive integer. Equipment: A deck of cards 1.While Alice is looking away. Bob counts from the top of the deck until he reaches the card that corresponds to the password. Bob then make an unique mark on one side of that card and turn over all the cards in the deck (without changing their order) and hand the deck to Alice. 2.Now Bob is looking away. Alice also counts from the top of the deck until she reaches the card that corresponds to the password. Alice then make an unique mark on the other side of that card. To conceal the secret, Alice shuffles the deck. 3.If the shuffled deck contains one card having distinct marks on both its sides, then it is possible that both Bob and Alice knows the password. Therefore, Bob is able to prove his knowledge of the password without revealing it to Alice. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example Continues

6 SC700 A2 Internet Information Protocols 3/20/2001 The Zero-Knowledge Protocol Phase II: However, Alice is not convinced that Bob actually knows the password because the protocol is not perfect. Simply because Bob might have guessed the password! Since the password, s, is a positive integer, it has to be limited by a range, z, such that: 1  s  z. If Bob doesn’t actually know the password, he could have guessed it anyway with a probability of 1/z. The Solution: Alice can request Bob to perform the exact same experiment k times so that the probability of Bob correctly guessing the password every time is reduced to (1/z) k. When (1/z) k is small enough, that is, when the probability of Bob actually knowing the password is high enough, Alice may grant Bob access to his account without worrying that he might be an imposter. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example Continues

7 SC700 A2 Internet Information Protocols 3/20/2001 “I can’t tell you my secret, but I can prove to you that I know the secret.” How to Explain Zero-Knowledge Protocols to Your Children – J. Chu To Make a Short Story Even Shorter…

8 SC700 A2 Internet Information Protocols 3/20/ The Prover (Bob): Bob has to prove that he knows some kind of secret (such as a password to a restricted area) but he doesn’t want to share it with anyone, not even the Verifier. 2.The Verifier (Alice): Alice has to verify whether Bob knows the secret or not. She can perform a series of experiment with Bob until she is ~100% certain whether Bob is authorized (or not). 3.The Malice (Oscar): Simply put, the bad guy who tries to cheat the security system. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Actors

9 SC700 A2 Internet Information Protocols 3/20/ Completeness: The Verifier will always accept a proof from the Prover, given that they both follows the correct protocol. 2. Soundness: The Verifier will not accept any “incorrect” proof from the Prover,given that the Verifier follows the correct protocol. 3. Zero-Knowledge: During the whole “proving” process, the Verifier will learn nothing about the Prover’s secret, nor will she be able to prove that secret to any other party. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Properties of Zero-Knowledge Protocols

10 SC700 A2 Internet Information Protocols 3/20/2001 Fact: It is easier to compute x 2 than x 1/2. Chosen is an arithmetic modulo n = pq, where p and q are primes. Bob (the Prover) will choose a number s in Z n. He will keep s (private key) a secret but publish v = s 2 mod n (public key). During authentication, Bob will randomly choose a number r in Z n and sends x = r 2 mod n to Alice (the Verifier). After receiving x, Alice will randomly choose a number e, where e is in {0,1}, and send it to Bob. After receiving e, Bob will send y = rs e to Alice. Alice will now need to check whether y 2 mod n = xv e mod n. If yes, Bob has passed the test. Alice might request Bob to perform the experiment as many times as she desires until she’s certain of Bob’s authority. Throughout the entire process, Alice will only need to work with the publicly known number x, e, & v and will learn nothing about the secret s. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Fiat-Shamir Protocol

11 SC700 A2 Internet Information Protocols 3/20/2001 Security Analysis: Assuming that Oscar (the Malice) is listening to the entire transmission between Alice and Bob, he will not be able to learn anything about Bob’s secret since the secret itself had never been revealed or transmitted. The fact that r is random prevents Oscar from recognizing any patterns between the values of y i, where i represents the i th transmission. The fact that it is difficult to determine the square root of x increasing the level of security of the protocol. With Alice performing the experiment k times, it is almost impossible for Oscar to impersonate Bob, given the fact that Oscar himself does not know the secret s. Since each time Oscar will have a 50% chance of passing Alice’s test. The probability of Oscar passing all k tests will be (1/2) k. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Fiat-Shamir Protocol Continues

12 SC700 A2 Internet Information Protocols 3/20/2001 How is it possible to explain the concepts of Zero-Knowledge Protocols to young children? How to Explain Zero-Knowledge Protocols to Your Children – J. Chu A BC The Analogy of Ali Baba’s Cave Guillou-Quisquater’s Analogy

13 SC700 A2 Internet Information Protocols 3/20/2001 Quick Review: Ali Baba had discovered the secret of this strange cave. In which the password “open sesame” will vanish the secret wall between point B and point C, creating a loop. Without the knowledge of the password. One would see dead ends at both B & C. Years later, the cave was discovered and Mick Ali, a researcher is able to acquire the secret password of the cave. To prove his great discovery, Mick Ali invites a television network to make a documentary of the cave. Mick Ali wished not to share his secret password, however. So he set up a scenario, in which he would go to either point B or C, and a reporter will randomly request Mick Ali to go to point A via either the left or the right passage. Knowing the secret of the cave, Mick Ali had no trouble passing the reporter’s test. And therefore proving that he knows the password without having to reveal it. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu A BC However, a fake version of the documentary had been made. It involved an Ali-look-alike performing the same experiment. But without the knowledge of the secret, the actor can only succeed 50% of the time. However, after editing the film, no one in the world can tell the different between the real and the fake version. Guillou-Quisquater’s Analogy Continues

14 SC700 A2 Internet Information Protocols 3/20/2001 Points of the Analogy: By performing a series of verification experiment, it is possible to prove that you know a certain secret without sharing it with anyone. Zero-Knowledge Protocols help prevent leaks of any secret information by not directly requesting the secret itself during verification. Zero-Knowledge Protocols won’t care if you actually know the password or not, as long as you can prove that you know it. Faking the proof of knowing the secret is possible, but it has a low probability of success. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Guillou-Quisquater’s Analogy Continues

15 SC700 A2 Internet Information Protocols 3/20/ Network Authentications 2.Smart Cards 3.Key Exchanges 4.Digital Signatures How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Real-World Applications

16 SC700 A2 Internet Information Protocols 3/20/2001 Advantages of Zero-Knowledge Protocols: Secured – Not requiring the revelation of one’s secret. Simple – Does not involve complex encryption methods. Disadvantages of Zero-Knowledge Protocols: Limited – Secret must be numerical, otherwise a translation is needed. Lengthy – There are 2k computations, each computation requires a certain amount of running time. Imperfect – The Malice can still intercept the transmission (i.e. messages to the Verifier or the Prover might be modified or destroyed). How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Pros and Cons

17 SC700 A2 Internet Information Protocols 3/20/2001 H. A. Aronsson, “Zero Knowledge Protocols and Small Systems”, “ H. L. Marko, “Authentication Protocols Lecture Notes”, “ “Integrity Science – The Source for Knowledge-based Authentication”, “ J.J. Quisquater and L. Guillou. "How to explain zero-knowledge protocols to your children", Lecture Notes in Computer Science, 435 (1990), How to Explain Zero-Knowledge Protocols to Your Children – J. Chu References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.