Presentation is loading. Please wait.

Presentation is loading. Please wait.

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

Published bySheila Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: " 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious."— Presentation transcript:

1

2  5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious Signatures  5.6 Digital Certified Mail  5.7 Simultaneous Exchange of Secrets

3  The usual way for Alice to prove something to Bob is for Alice to tell him.  Zero-knowledge proof: This protocol proves to Bob that Alice does have a piece of information, but it does not give Bob any way to know what the information is.

4  These proofs take the form of interactive protocols. Bob asks Alice a series of questions. If Alice knows the secret, she can answer all the questions correctly. If she does not, she has some chance 50% of answering correctly. After 10 or so questions, Bob will be convinced that Alice knows the secret. Yet none of the questions or answers gives Bob any information about Alice’s information— only about her knowledge of it.

5 1.Bob stands at point A. 2.Alice walks all the way into the cave, either to point C or point D. 3.After Alice has disappeared into the cave, Bob walks to point B. 4.Bob shouts to Alice, asking her either to: (a) come out of the left passage or (b) come out of the right passage. 5.Alice complies, using the magic words to open the secret door if she has to. 6.Alice and Bob repeat steps (1) through (5) n times.

6  Rounds of a basic zero-knowledge proof: (1) ◦ Alice uses her information and a random number to transform the hard problem into another hard problem, one that is isomorphic to the original problem. She then uses her information and the random number to solve this new instance of the hard problem. ◦ Alice commits to the solution of the new instance, using a bit-commitment scheme. ◦ Alice reveals to Bob the new instance. Bob cannot use this new problem to get any information about the original instance or its solution.

7  Rounds of a basic zero-knowledge proof: (2) ◦ Bob asks Alice either to:  (a) prove to him that the old and new instances are isomorphic (i.e., two different solutions to two related problems), or  (b) open the solution she committed to in step (2) and prove that it is a solution to the new instance. ◦ Alice complies. ◦ Alice and Bob repeat steps (1) through (5) n times.

8  An example: (1) ◦ Peggy randomly permutes G and gets a new graph, H. Since G and H are topologically isomorphic, if she knows the Hamiltonian cycle of G then she can easily find the Hamiltonian cycle of H. If she didn’t create H herself, determining the isomorphism between two graphs would be another hard problem; She then encrypts H to get H´.

9  An example: (2) ◦ Peggy gives Victor a copy of H´. ◦ Victor asks Peggy either to:  (a) prove to him that H´ is an encryption of an isomorphic copy of G, or  (b) show him a Hamiltonian cycle for H.

10  An example: (3) ◦ Peggy complies. She either:  (a) proves that H´ is an encryption of an isomorphic copy of G by revealing the permutations and decrypting everything, without showing a Hamiltonian cycle for either G or H, or  (b) shows a Hamiltonian cycle for H by decrypting only those lines that constitute a Hamiltonian cycle, without proving that G and H are topologically isomorphic. ◦ Peggy and Victor repeat steps (1) through (4) n times.

11  With normal public-key cryptography, Alice needs a signed certificate that associates Bob’s public key with his identity.  Identity-based cryptosystems is called Non- Interactive Key Sharing (NIKS) systems. Bob’s public key is based on his name and network address (or telephone number, or physical street address, or whatever).  For identity-based cryptography, Bob’s public key is his identity.

12  Bob now has one of the two messages from Alice and Alice does not know which one he was able to read successfully.  Generally, there are three types of oblivious transfer protocols: ◦ 1 in 2 ◦ 1 in n ◦ m in n

13  Properties of Oblivious transfer ◦ Correctness: Bob can get m messages of n ◦ Privacy for Bob: Alice cannot know what Bob got. ◦ Privacy for Alice: Bob cannot read the rest messages.

14

15  Contract Signing with an Arbitrator  Simultaneous Contract Signing without an Arbitrator (Face-to-Face)  Simultaneous Contract Signing without an Arbitrator (Not Face-to-Face)  Simultaneous Contract Signing without an Arbitrator (Using Cryptography)  Digital Certified Mail

16 Not face to face, without arbitrator

17 Using cryptography

18

19  Alice knows secret A; Bob knows secret B. Alice is willing to tell Bob A, if Bob tells her B. Bob is willing to tell Alice B, if Alice tells him A.

20  Secure multiparty computation is a protocol in which a group of people can get together and compute any function of many variables in a special way. Each participant in the group provides one or more variables. The result of the function is known to everyone in the group, but no one learns anything about the inputs of any other members other than what is obvious from the output of the function.

21

22  Two millionaires want to know who is more richer, but neither of them like to reveal his wealth. How to do this?

Download ppt " 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem

Public Key Cryptosystem
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,

Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.

Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

Similar presentations

Ads by Google