Presentation is loading. Please wait.

Presentation is loading. Please wait.

26 th May 20031 Comparative Study on Zero- Knowledge Identification Protocols Konidala M. Divyan International Research Center for Information Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "26 th May 20031 Comparative Study on Zero- Knowledge Identification Protocols Konidala M. Divyan International Research Center for Information Security."— Presentation transcript:

1 26 th May 20031 Comparative Study on Zero- Knowledge Identification Protocols Konidala M. Divyan International Research Center for Information Security Director: Prof. Kwangjo Kim Discrete Mathematics-Term Project Final Presentation, Lectured by: Prof. Kwangjo Kim

2 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 2 Introduction Identification –Allows one party (the verifier) to gain assurances, that the identity of another (the prover) is as declared, thereby preventing impersonation. Methods of Identification –Passwords (Weak Authentication) –Challenge-response identification (Strong Authentication) Symmetric-Key Techniques Public-Key Techniques –Zero-Knowledge Identification Protocols

3 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 3 Introduction Zero-knowledge Identification Protocols –Based on, Interactive Proof Systems and Zero-Knowledge Proofs –Use random numbers as challenges and as commitments to prevent cheating –Do not rely on digital signatures or public- key encryption, block ciphers, sequence numbers, and timestamps.

4 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 4 Discrete Mathematics Vs My Term Project Projects one of the practical uses of Discrete Mathematics in the field of Information Security My topic is strongly based on the following Discrete Mathematics concepts –Logic, Sets, and Functions –Algorithms (Their Analysis), the Integers, and Matrices –Counting, Relations –Graphs

5 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 5 My Term Project Vs My Major My Major –Cryptology and Information Security –Advising Prof: Prof. Kwangjo Kim Earlier concentrated only on the “zero- knowledge interactive proofs” based on –Integer Factorization Problem (RSA) Fiat-Shamir Identification Protocol Feige-Fiat-Shamir Identification Protocol Guillou-Quisquater (GQ) identification Protocol –Discrete Logarithmic Problem Schnorr Identification Protocol

6 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 6 My Term Project Vs My Major Through this term project, I could concentrate on the “zero-knowledge interactive proofs” based on –Graph Problems Hamiltonian cycles of large graphs Graph Isomorphism Graph Coloring

7 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 7 My Term Project Vs My Major Study on these zero-knowledge interactive proofs helped me in analyzing their importance in my M.S. degree research topic “Security in Pervasive Computing” –Cause they involve very few computations when compared to other Symmetric Key and PKI protocols –Very useful for light weight devices used in pervasive environments

8 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 8 Goal of Term Project Compare the following Zero-Knowledge Identification Protocols based on –Integer Factorization Problem (like RSA) Feige-Fiat-Shamir Identification Protocol Guillou-Quisquater (GQ) identification Protocol –Discrete Logarithmic Problem Schnorr Identification Protocol –Graph Problems Hamiltonian cycles of large graphs Graph Isomorphism Graph Coloring

9 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 9 Goal of Term Project Comparison Criteria –Communications –Computations –Memory –Security Guarantees –Trust required in third party

10 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 10 Overview of Zero-Knowledge Concepts A prover demonstrates knowledge of a secret while revealing no information whatsoever of use to the verifier in conveying this demonstration of knowledge to others. ZK Protocols are instances of –interactive proof systems, Prover and verifier exchange multiple messages (challenges and responses) Proofs are probabilistic rather than absolute; need be correct only with bounded probability,

11 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 11 Overview of Zero-Knowledge Concepts –Proofs of knowledge Interactive proofs used for identification A possesses some secret s, and attempts to convince B it has knowledge of s by correctly responding to queries which require knowledge of s to answer. Should satisfy “Completeness” and “Soundness” properties –Zero-knowledge property there exists an expected polynomial-time algorithm (simulator) which can produce, upon input of the assertion(s) to be proven but without interacting with the real prover (Simulatable)

12 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 12 Zero-knowledge vs. other asymmetric protocols No degradation with usage –Resist chosen-text attacks Encryption avoided Efficient Unproven assumptions –many ZK protocols (“proofs of knowledge”) themselves rely on the same unproven assumptions as PK techniques

13 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 13 General Structure of ZK Protocols A  B : witness A  B : challenge A  B : response Combination of –cut-and-choose protocols and challenge-response protocols

14 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 14 Modes of Operations Interactive –where prover and verifier interactively go through the protocol, building up the certainty piece by piece. Parallel –where prover creates a number of problems and verifier asks for a number of solutions at a time. This can be used to bring down the number of interactive messages with a slow- response-time connection. Off line –where prover creates a number of problems, and then uses a cryptographically strong one-way hash function on the data and the set of problems to play the role of verifier, to select a random solution wanted for each problem. He then appends these solutions to the message. This mode can be used for digital signatures

15 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 15 ZK Proof based on Integer Factorization Problem Feige-Fiat-Shamir Identification Protocol (1998) 1. One-time setup. –(a) Selection of system parameters: A trusted center T selects and publishes an RSA- like modulus n = pq but keeps primes p and q secret. –(b) Selection of pre-entity secrets: Each prover A selects a secret s 1,s 2,..s k 1 ≤ s k ≤ n - 1, and k random bits b 1,…b k compute v i =(-1) b i (s i 2 ) - 1 mod n, 1 ≤ i ≤ k and registers (v 1 … v k, n) with T as its public key. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

16 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 16 Feige-Fiat-Shamir Identification Protocol 2.Protocol Actions –a)A choose integer r, bit b, compute x=(-1) b r 2 mod n, sends x (the witness) to B –b)B sends to A challenge a random k-bit vector (e 1,e 2,...e k ) –c)A compute y=r  k j=1 s j e j mod n and send y to B (the response) –d)B compute z=y 2  k j= v j e j mod n. verifies z=  x and z  0 ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

17 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 17 Example of Feige-Fiat-Shamir Identification Protocol 1. The trusted center T selects the primes p = 683, q = 811, and publishes n = pq = 553913. Integers k = 3 and t = 1 are defined as security parameters. 2. Entity A does the following. –(a) Selects 3 random integers s 1 =157, s 2 = 43215, s 3 = 4646, and 3 bits b 1 = 1, b 2 = 0, b 3 = 1. –(b) Computes v 1 = 441845, v 2 = 338402, and v 3 = 124423. –(c) A’s public key is (441845, 338402, 124423, 553913) and private key is (157, 43215, 4646). 3. Protocol Actions –(a) A chooses r = 1279, b = 1, computes x = 25898, and sends this to B. –(b) B sends to A the 3-bit vector (0, 0, 1). –(c) A computes and sends to B y = r. s 3 mod n = 403104. –(d) B computes z = y 2 v 3 mod n = 25898 and accepts A’s identity since z = +x and z  0. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

18 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 18 Guillou-Quisquater (GQ) Identification Protocol (1988) System Parameters –Private: p, q, s=v -1 mod  (n) –n=pq, v >2 User Parameters –The secret of A with J A =f(I A ) is J A -s mod n Protocol Messages (Repeat t times) –A sends to B(Commit): I A, x=r v mod n for a random r –B sends to A(Challenge): a random e with 1=<e=<v –A sends to B(Response): y=r s A e mod n Verify –B computes z=J A e y v mod n –Accept A’s proof of identity if z = x and z  0 ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

19 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 19 ZK Proof based on Discrete Logarithmic Problem Schnorr Identification Protocol (1990) System Parameters –Primes p and q with q|p-1 –h=g (p-1)/q mod p has order q (g is a generator of GF(p)) –Verification public key for the signature S T (m), a parameter t User Parameters –A chooses a private key a and computes the public key v=h -a –A transfers v to T and obtains cert A =(I A,v,S T (I A,v)) ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

20 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 20 Schnorr Identification Protocol Protocol Messages (Repeat t times) –A sends to B(Commit): cert A, x=h r mod p for a random r –B authenticates A’s public key and sends to A(Challenge): a random e with 1=<e=<2 t <q –A sends to B(Response): y=ae+r mod q Verify –B computes z=h y v e mod p –Accept A’s proof of identity if z=x ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

21 ZK Proof based on Graph Problem Graph-Isomorphism A pair of two graphs, Where Lets  be an isomorphism between the input graphs, namely  is 1-1 and onto mapping of the vertex set V 1 to the vertex set V 2 so that ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

22 Graph Isomorphism Prover’s first step(A1): Select random permutation  over V 1, construct the set, and send to the verifier. Verifier’s first step (B1): B gets H from P. V select and send it to P. P is supposed to answer with an isomorphism between and ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles GG

23 Graph Isomorphism (A2): If  =1, then send  =  to B. Otherwise send  =    -1 to B. (B2): If  is an isomorphism between G  and H then B output 1, otherwise it outputs 0. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

24 Graph Isomorphism (Flow) ProverVerifier  =Random Permutation H   G 1  R {1,2} If  =1, send  =  otherwise  =    -1  Accept iff H =  (G  )  H

25 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 25 Graph Isomorphism example 2 5 1 4 3 G1G1G1G1 3 1 2 G2G2G2G2 5 4 Common input: two graphs G 1 and G 2.  Only P knows . ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

26 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 26 Graph Isomorphism example 2 5 1 4 3 G1G1G1G1 5 3 4 1 2 H  3 1 2 5 4 G2G2G2G2  =    -1 Only P knows . A sends H to B. B gets  and accepts. B sends  =2 to A.

27 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 27 Graph 3 Coloring ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles Common Input: A graph 1 2 34 5 1 2 34 5 P can paint the graph in 3 colors. P must keep the coloring a secret.

28 1 2 34 5 1 2 34 5 1 2 34 5 Graph 3 Coloring P chooses a random color permutation. He puts all the nodes inside envelopes. And sends them to the verifier. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

29 Graph 3 Coloring Verifier receives a 3- colored graph, but colors are hidden. 1 2 34 5 1 2 34 5 He chooses an edge at random. And asks the prover to open the 2 envelopes. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

30 Graph 3 Coloring Prover opens the envelopes, revealing the colors. 1 2 34 5 123 Verifier accepts if the colors are different. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

31 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 31 Graph 3 Coloring G = (V,E) is 3-colorable if there exists a mapping for every. Let  be a 3-coloring of G, and let  be a permutation over {1,2,3} chosen randomly. Define a random 3-coloring. Put each  (v) in a box with v marked on it. Send all the boxes to the verifier. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

32 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 32 Graph 3 Coloring Verifier selects an edge at random asking to inspect the colors. Prover sends the keys to boxes u and v. Verifier uses the keys to open the boxes. If he finds 2 different colors from {1,2,3} - Accept. Otherwise - Reject. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

33 Graph 3 Coloring(Flow)  (1)  (n)  (2) 12n P V P V Key u, key v P V

34 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 34 Hamiltonian Cycles Similar to Graph Isomorphism ZK Identification Protocol The Hamiltonian cycle for a graph is a path through the graph that passes every node exactly once. – For an extremely large graph, this is very hard (hard enough) to calculate. The prover's secret is the Hamiltonian cycle of a graph. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

35 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 35 Hamiltonian Cycles The prover gives the verifier a permuted version of the original graph, Verifier can ask for either –prove that the graph is a permutation of the original graph, or –show the Hamiltonian path for the permuted graph. one of these can be calculated easily from the original data, but to know both, to be able to respond to both possible requests, requires knowledge of the secret, i.e. the Hamiltonian path of the graph ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

36 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 36 Hamiltonian Cycles A must use a different permuted graph in each round, as he should never give both solutions to the same problem to B. This protocol is theoretical because of the requirement for the graph to be extremely large, and the large memory and message size requirements it has. ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

37 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 37 Analysis Protocol Family Messa ge Size Protocol Iterations Amount of Calculation Memory Requirements Zero-knowledgelargemanylarge Public-keylargeOnevery largelarge SymmetricsmallOnesmall Cryptographic protocol families and their calculation and memory requirements

38 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 38 Analysis ZK ID Protocol Comparison Criteria FFSGQ Probability of forgery 1/2 kt Provably Secure against chosen message attack 1/v t Security Assumption Required Extracting square Roots modulo large composite integers n of unknown factorization. Equivalent to that of factoring n Extracting v th roots modulo the composite integer n Equivalent to that of factoring n Computationally intractable Zero- Knowledge & Soundness K = O(log(log n)): asymptotic upper bound T =  (log n): asymptotic tight bound Verifier: soundness  large t Prover: zero-knowledge property  small t Soundness v -t = O(e -kt )  v t = O((log n) c ) for a constant c zero-knowledge property tv = O((log n) c ) for constant c Parameter Selection Choosing k and t such that kt = 20, k=5, t=4, allows a 1 in a million chance of impersonation Similar as FFS ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

39 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 39 Analysis ZK ID Protocol Comparison Criteria FFSGQ Computational Efficiency modulo multiplication(steps) by prover e.g. kt=20, N: 512bit k=20, t=1  1+20/2 = 11(steps) k=1, t=20  20+20/2 = 30(steps) modulo multiplication(steps) by prover e.g. kt=20, N: 512bit t=1, m=20=log 2 (Y)  20  3=60(steps) Bandwidth and memory for secrets Simultaneous reduction is not possible cause it requires k user secrets and t iterations for an estimated security (probability of cheating) of 1/ 2 -kt. allows the simultaneous reduction of both memory (parameter k ) and transmission bandwidth (parameter t ) with k = t = 1, by introducing the public exponent v > 2 with the intention that the probability of successful cheating becomes 1/ v -kt OthersComputationally efficientMemory efficient ZKP–IFP FFS Protocol GQ Protocol ZKP–DLP Schnorr Protocol ZKP–Graph Prob. Graph Isomorphism Graph Coloring Hamiltonian Cycles

40 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 40 Analysis Comparison Criteria Schnorr Identification Protocol Probability of forgery 1/2 t Security Assumption Required computing discrete logs modulo a prime p - DLP Zero-Knowledge & Soundness protocol reveals “no useful information” about a because x is a random number, and y is perturbed by the random number r. The protocol is not zero-knowledge for large e Parameter Selection t must be sufficiently large to make the probability 1/2 t of correctly guessing the challenge e negligible. t = 40, q >= 2 2t = 280 was originally suggested in the case that a response is required within seconds Other The design allows pre-computation, reducing the real-time computation for the claimant to one multiplication modulo a prime q Suitable for claimants of limited computational ability. protocol was designed to require only three passes, and a low communications bandwidth reduces the required number of transmitted bits

41 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 41 Analysis ZK ID Protocol Comparison Criteria Graph IsomorphismGraph 3 Coloring Probability of forgery 1/2 k 1/e k Where e ~ 2.718 is the natural logarithm base Security Assumption Required Graph IsomorphismColoring all the vertices of a graph with 3 colors such that the vertices connected by edges have different colors Zero- Knowledge & Soundness Perfect zero-knowledge interactive proof system Parameter Selection Minimum of 24 vertices = 256 edges Similar as Graph Isomorphism

42 26 th May 2003Comparative Study on Zero- Knowledge Identification Protocols 42 Future Work Study Digital Signatures using Zero- Knowledge Protocols –Fiat-Shamir Digital Signature Protocol –Guillou-Quisquater Digital Signature Protocol –Schnorr Digital Signature Protocol Consider other modes of operations like parallel and offline modes in detail Study other Zero-Knowledge protocols –Permuted Kernels Identification Scheme

Download ppt "26 th May 20031 Comparative Study on Zero- Knowledge Identification Protocols Konidala M. Divyan International Research Center for Information Security."

Similar presentations

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim.

Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,

Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.

Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
1 Adapted from Oded Goldreich’s course lecture notes.

1 Adapted from Oded Goldreich’s course lecture notes.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.

Zero-Knowledge Proofs And Their Applications in Cryptographic Systems Sultan Almuhammadi ICS 454.
Zero-Knowledge Proof System Slides by Ouzy Hadad, Yair Gazelle & Gil Ben-Artzi Adapted from Ely Porat course lecture notes.

Zero-Knowledge Proof System Slides by Ouzy Hadad, Yair Gazelle & Gil Ben-Artzi Adapted from Ely Porat course lecture notes.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.

Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.

Similar presentations

Ads by Google