Presented by: Suparita Parakarn 50-7038-103-2 Kinzang Wangdi 51-7018-007-8 Research Report Presentation Computer Network Security.

Slides:

Advertisements

Similar presentations

Security in Open Environments

Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Digital Signatures and Hash Functions. Digital Signatures.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Oblivious Transfer based on the McEliece Assumptions

Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Lecture 6: Public Key Cryptography

Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Lecture 11: Strong Passwords

1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children.

Chapter 9 Simple Authentication Protocols

Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.

Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.

Introduction to Quantum Key Distribution

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Digital Signatures, Message Digest and Authentication Week-9.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,

Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.

Multi-Party Proofs and Computation Based in part on materials from Cornell class CS 4830.

Zero Knowledge Proofs Matthew Pouliotte Anthony Pringle Cryptography November 22, 2005 “A proof is whatever convinces me.” -~ Shimon Even.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.

Cryptography CS Lecture 19 Prof. Amit Sahai.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

Zero-Knowledge Proofs Ben Hosp. Classical Proofs A proof is an argument for the truth or correctness of an assertion. A classical proof is an unambiguous.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.

Chapter eight: Authentication Protocols 2013 Term 2.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Zero Knowledge r Two parties:  All powerful prover P  Polynomially bounded verifier V r P wants to prove a statement to V with the following properties:

IP, (NON)ISOGRAPH and Zero Knowledge Protocol COSC 6111 Advanced Algorithm Design and Analysis Daniel Stübig.

Topic 36: Zero-Knowledge Proofs

Zero Knowledge Anupam Datta CMU Fall 2017

刘振上海交通大学计算机科学与工程系电信群楼3-509

Practical Aspects of Modern Cryptography

09 Zero Knowledge Proof Hi All, One more topic to go!

刘振上海交通大学计算机科学与工程系电信群楼3-509

ITIS 6200/8200 Chap 5 Dr. Weichao Wang.

Presentation transcript:

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security

Introduction Properties of Zero-Knowledge Proofs Classic Example of Zero-Knowledge Fiat-Shamir protocol Interactive Proof What Attacker can do? Secrecy of Zero Knowledge Conclusion

Shafi Goldwasser, Silvio Micali, Charles Rackoff put forward the basic idea of Zero Knowledge Proof in 1985 Zero Knowledge protocol is an instance of interactive proof protocol Zero Knowledge Protocol overcomes major concerns of password based authentication Verifier knows some information about one who proves (prover) Zero Knowledge protocol is to enable the prover convince the verifier that the prover knows secret without revealing the secret itself.

Protocols are mostly based on probabilistic Proof hold good with high probability of success Not necessarily absolute Verifier may accept or reject the proof after exchanging multiples messages The probability of errors can be reduced with increasing the number of challenges and responses

Zero Knowledge protocols derived their properties from interactive proof protocols Completeness The protocol is consider complete, if it succeeds with a very high probability for an honest verifier and honest prover Soundness If the fact is false, the verifier rejects the proof

Alice wants to prove to Bob that she knows how to open the secret door between R and S. Bob goes to P Alice goes to R or S Bob goes to Q and tells Alice to come from one side or the other of the cave If Alice knows the secret, she can appear from the correct side of the cave every time Bob repeats as many times until he believe Alice knows to open the secret door Note that Bob doesn’t know which path she has gone down Bob’s Cave

Suppose Alice doesn’t know the secret word, then she would be able to come back by the named path if Bob were to name the same path that she entered by Since Bob will name the path at random, he will have 50% chances of getting the right path If they repeats this tricks many times, her chances of returning from Bob’s named path becomes very small But if Alice reliably appears from the Bob’s named path, he can conclude that she is likely to know the secret word to open the magic door. From Bob’s Cave indicates that a zero knowledge proof is possible in principle Can we achieve the same effect without the cave?

Zero knowledge transfer Verifier does not learn any thing about prover’s secret S Verifier cannot impersonate prover to a third person Prover cannot cheat the verifier with several iterations of the protocol Efficiency Computational efficiency is due to its interactive proofs nature Costly computation related to encryption are avoided Degradation The security of protocol itself does not get degraded with continuous use as no information about the secret is made known

If public keys are used for authentication both the parties should know public key If one party does not know others public key, then they should send certificate. In the certificate, owner’s identity is revealed Zero Knowledge Proof allow authentication with secrecy of identity In Fiat-Shamir protocol, both party knows public value v, but there is nothing in v that identifies both the party

Watermark verification It is very important to show the presence of watermark in the image without actually revealing it This prevents any malicious user from removing the watermark and reselling multiple copies of duplicate watermark NGSCB Next Generation Secure Computing Base (NGSCB) is Microsoft’s proposed secure computing environment to use zero knowledge proofing techniques to verify authenticity of services and code

Special case of interactive proofs Zero knowledge proofs offer a way to prove knowledge to someone without transferring any additional knowledge to that person