Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children.

Published byAldous Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children."— Presentation transcript:

1 1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children

2 2 SC700 A2 Internet Information Protocols 3/20/2001 1.The Fact: Identifications and passwords are essential parts in a secured system in which they prevent unauthorized access to private materials. 2.The Problem: Passwords are assigned to authorized personnel and are meant to be kept secret. But ironically, one often have to give out his/her password during authentication. That’s not very safe! 3.The Solution: Zero-Knowledge Protocol! How to Explain Zero-Knowledge Protocols to Your Children – J. ChuBackground

3 3 SC700 A2 Internet Information Protocols 3/20/2001 1.Zero-Knowledge Protocols allow one party to access a secured area without having that party to give out any private or secret information. 2.Examples of Zero-Knowledge Protocols: a. Bizcard b. Fiat-Shamir Protocol c. Guillou-Quisquater’s Analogy How to Explain Zero-Knowledge Protocols to Your Children – J. ChuIntroduction

4 4 SC700 A2 Internet Information Protocols 3/20/2001 Imagine the following scenario: Bob: “Let me in! I have access to this area!” Alice: “Oh really? What is the secret password?” Bob: “I can’t tell you my password; it’s a secret.” Alice: “That’s too bad. Because you cannot get in without telling me your secret password.” There must be a better solution… How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example

5 5 SC700 A2 Internet Information Protocols 3/20/2001 The Zero-Knowledge Protocol: Assume that the password is a positive integer. Equipment: A deck of cards 1.While Alice is looking away. Bob counts from the top of the deck until he reaches the card that corresponds to the password. Bob then make an unique mark on one side of that card and turn over all the cards in the deck (without changing their order) and hand the deck to Alice. 2.Now Bob is looking away. Alice also counts from the top of the deck until she reaches the card that corresponds to the password. Alice then make an unique mark on the other side of that card. To conceal the secret, Alice shuffles the deck. 3.If the shuffled deck contains one card having distinct marks on both its sides, then it is possible that both Bob and Alice knows the password. Therefore, Bob is able to prove his knowledge of the password without revealing it to Alice. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example Continues

6 6 SC700 A2 Internet Information Protocols 3/20/2001 The Zero-Knowledge Protocol Phase II: However, Alice is not convinced that Bob actually knows the password because the protocol is not perfect. Simply because Bob might have guessed the password! Since the password, s, is a positive integer, it has to be limited by a range, z, such that: 1  s  z. If Bob doesn’t actually know the password, he could have guessed it anyway with a probability of 1/z. The Solution: Alice can request Bob to perform the exact same experiment k times so that the probability of Bob correctly guessing the password every time is reduced to (1/z) k. When (1/z) k is small enough, that is, when the probability of Bob actually knowing the password is high enough, Alice may grant Bob access to his account without worrying that he might be an imposter. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Bizcard Example Continues

7 7 SC700 A2 Internet Information Protocols 3/20/2001 “I can’t tell you my secret, but I can prove to you that I know the secret.” How to Explain Zero-Knowledge Protocols to Your Children – J. Chu To Make a Short Story Even Shorter…

8 8 SC700 A2 Internet Information Protocols 3/20/2001 1.The Prover (Bob): Bob has to prove that he knows some kind of secret (such as a password to a restricted area) but he doesn’t want to share it with anyone, not even the Verifier. 2.The Verifier (Alice): Alice has to verify whether Bob knows the secret or not. She can perform a series of experiment with Bob until she is ~100% certain whether Bob is authorized (or not). 3.The Malice (Oscar): Simply put, the bad guy who tries to cheat the security system. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Actors

9 9 SC700 A2 Internet Information Protocols 3/20/2001 1. Completeness: The Verifier will always accept a proof from the Prover, given that they both follows the correct protocol. 2. Soundness: The Verifier will not accept any “incorrect” proof from the Prover,given that the Verifier follows the correct protocol. 3. Zero-Knowledge: During the whole “proving” process, the Verifier will learn nothing about the Prover’s secret, nor will she be able to prove that secret to any other party. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Properties of Zero-Knowledge Protocols

10 10 SC700 A2 Internet Information Protocols 3/20/2001 Fact: It is easier to compute x 2 than x 1/2. Chosen is an arithmetic modulo n = pq, where p and q are primes. Bob (the Prover) will choose a number s in Z n. He will keep s (private key) a secret but publish v = s 2 mod n (public key). During authentication, Bob will randomly choose a number r in Z n and sends x = r 2 mod n to Alice (the Verifier). After receiving x, Alice will randomly choose a number e, where e is in {0,1}, and send it to Bob. After receiving e, Bob will send y = rs e to Alice. Alice will now need to check whether y 2 mod n = xv e mod n. If yes, Bob has passed the test. Alice might request Bob to perform the experiment as many times as she desires until she’s certain of Bob’s authority. Throughout the entire process, Alice will only need to work with the publicly known number x, e, & v and will learn nothing about the secret s. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Fiat-Shamir Protocol

11 11 SC700 A2 Internet Information Protocols 3/20/2001 Security Analysis: Assuming that Oscar (the Malice) is listening to the entire transmission between Alice and Bob, he will not be able to learn anything about Bob’s secret since the secret itself had never been revealed or transmitted. The fact that r is random prevents Oscar from recognizing any patterns between the values of y i, where i represents the i th transmission. The fact that it is difficult to determine the square root of x increasing the level of security of the protocol. With Alice performing the experiment k times, it is almost impossible for Oscar to impersonate Bob, given the fact that Oscar himself does not know the secret s. Since each time Oscar will have a 50% chance of passing Alice’s test. The probability of Oscar passing all k tests will be (1/2) k. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu The Fiat-Shamir Protocol Continues

12 12 SC700 A2 Internet Information Protocols 3/20/2001 How is it possible to explain the concepts of Zero-Knowledge Protocols to young children? How to Explain Zero-Knowledge Protocols to Your Children – J. Chu A BC The Analogy of Ali Baba’s Cave Guillou-Quisquater’s Analogy

13 13 SC700 A2 Internet Information Protocols 3/20/2001 Quick Review: Ali Baba had discovered the secret of this strange cave. In which the password “open sesame” will vanish the secret wall between point B and point C, creating a loop. Without the knowledge of the password. One would see dead ends at both B & C. Years later, the cave was discovered and Mick Ali, a researcher is able to acquire the secret password of the cave. To prove his great discovery, Mick Ali invites a television network to make a documentary of the cave. Mick Ali wished not to share his secret password, however. So he set up a scenario, in which he would go to either point B or C, and a reporter will randomly request Mick Ali to go to point A via either the left or the right passage. Knowing the secret of the cave, Mick Ali had no trouble passing the reporter’s test. And therefore proving that he knows the password without having to reveal it. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu A BC However, a fake version of the documentary had been made. It involved an Ali-look-alike performing the same experiment. But without the knowledge of the secret, the actor can only succeed 50% of the time. However, after editing the film, no one in the world can tell the different between the real and the fake version. Guillou-Quisquater’s Analogy Continues

14 14 SC700 A2 Internet Information Protocols 3/20/2001 Points of the Analogy: By performing a series of verification experiment, it is possible to prove that you know a certain secret without sharing it with anyone. Zero-Knowledge Protocols help prevent leaks of any secret information by not directly requesting the secret itself during verification. Zero-Knowledge Protocols won’t care if you actually know the password or not, as long as you can prove that you know it. Faking the proof of knowing the secret is possible, but it has a low probability of success. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Guillou-Quisquater’s Analogy Continues

15 15 SC700 A2 Internet Information Protocols 3/20/2001 1.Network Authentications 2.Smart Cards 3.Key Exchanges 4.Digital Signatures How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Real-World Applications

16 16 SC700 A2 Internet Information Protocols 3/20/2001 Advantages of Zero-Knowledge Protocols: Secured – Not requiring the revelation of one’s secret. Simple – Does not involve complex encryption methods. Disadvantages of Zero-Knowledge Protocols: Limited – Secret must be numerical, otherwise a translation is needed. Lengthy – There are 2k computations, each computation requires a certain amount of running time. Imperfect – The Malice can still intercept the transmission (i.e. messages to the Verifier or the Prover might be modified or destroyed). How to Explain Zero-Knowledge Protocols to Your Children – J. Chu Pros and Cons

17 17 SC700 A2 Internet Information Protocols 3/20/2001 H. A. Aronsson, “Zero Knowledge Protocols and Small Systems”, “http://www.tml.hut.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html”, 1995 H. L. Marko, “Authentication Protocols Lecture Notes”, “http://www.cs.cmu.edu/afs/cs/academic/class/15827-f98/www/Slides/lecture3”, 1998 “Integrity Science – The Source for Knowledge-based Authentication”, “http://www.integritysciences.com”, 1996-2000 J.J. Quisquater and L. Guillou. "How to explain zero-knowledge protocols to your children", Lecture Notes in Computer Science, 435 (1990), 628-631. How to Explain Zero-Knowledge Protocols to Your Children – J. Chu References

Download ppt "1 SC700 A2 Internet Information Protocols 3/20/2001 Paper Presentation by J. Chu How to Explain Zero-Knowledge Protocols to Your Children."

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of.

Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.

Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1 Adapted from Oded Goldreich’s course lecture notes.

1 Adapted from Oded Goldreich’s course lecture notes.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Similar presentations

Ads by Google