This action might not be possible to undo. Are you sure you want to continue?

By Subha Rajagopalan Jaisheela Kandagal

Zero Knowledge Proofs • • • • • • Introduction Properties of ZKP Advantages of ZKP Examples Fiat-Shamir Identification Protocol Real-Time Applications .

• ZKP instance of Interactive Proof System • Interactive Proof Systems – Challenge-Response Authentication – Prover and Verifier – Verifier Accepts or Rejects the Prover . Micali. and Rackoff. 1985.Zero Knowledge Proofs (ZKP) • Goldwasser.

ZKP • Zero knowledge Transfer between the Prover and the Verifier • The verifier accepts or rejects the proof after multiple challenges and responses • Probabilistic Proof Protocol • Overcomes Problems with Password Based Authentication .

Properties of ZKP • Completeness – Succeeds with high probability for a true assertion given an honest verifier and an honest prover. given a dishonest prover and an honest verifier . • Soundness – Fails for any other false assertion.

Advantages of ZKP • • • • As name Suggests – Zero Knowledge Transfer Computational Efficiency – No Encryption No Degradation of the protocol Based on problems like discrete logarithms and integer factorization .

Classic Example • Ali Baba’s Cave Alice has to convince Bob She knows the secret to open the cave door without telling the secret (“Open Sesame”).html) .rsasecurity.com/rsalabs/faq/2-1-8. (source: http://www.

the Verifier A B A B A B : x = r2 mod n : e { 0.Fiat-Shamir Identification Protocol • 3 Message Protocol • Alice A.1} : y = r * se mod n is y2 = x * ve ? • A random modulus n. the Prover and Bob B. product of two large prime numbers p and q generated by a trusted party and made public • Prover chooses secret s relatively prime to n • prover computes v = s2 mod n. where v is the public key .

Fiat-Shamir Identification Protocol • Alice chooses a random number r (1 r n-1) • Sends to Bob x = r2 mod n – commitment • Bob randomly sends either a 0 or a 1 ( e { 0. Alice computes the response as y = r if e = 0 or otherwise y = r*s mod n • Bob accepts the response upon checking y2 x * ve mod n .1}) as his challenge • Depending on the challenge from Bob.

Alice should not repeat r .Fiat-Shamir Identification Protocol • After many iterations. if he knows Bob’s challenge in advance: – Generate random r – If expected challenge is 1. send x = r2/v mod n as commitment. send x = r mod n as commitment • Probability that any Intruder impersonating the prover can send the right response is only ½ • Probability reduced as iterations are increased • Important . with a very high probability Bob can verify Alice’s identity • Alice’s response does not reveal the secret s (with y = r or y = r* s mod n) • An intruder can prove Alice’s identity without knowing the secret. and y = r as response – If expected challenge is 0.

e-cash etc. .Applications • Watermark Verification – Show the presence of watermark without revealing information about it – prevents from removing the watermark and reselling multiple duplicate copies • Others – e-voting.

Products • Sky’s VideoCrypt – Analogue decoding card for satellite DirecTV descrambler used to authenticate the subscriber’s card – Uses Fiat-Shamir Zero Knowledge Protocol • NGSCB – New Generation Secure Computing Base – Zero Knowledge for code attestations .

CRYPTO ’95 Lecture Notes in Computer Science. van Oorschot. and H. “ Zero-knowledge proofs – a survey”. Handbook of Applied Cryptography. [1] . Silvio Micali and Avi Wigderson. [7] Oren. Security Engineering [3] Wenbo Mao. Scott A.rsa.. Vanstone.References Alfred J. Paul C. Advances in Cryptology. Menezes. [2] Ross Anderson. Modern Cryptography theory and practice [4] Don Coppersmith (Ed. “ Properties of Zero-knowledge Proofs”.com [6] Oded Goldreich. [8] A Mitropoulos. Meijer.). [5] www. “ Proofs that yield nothing but their validity and a methodology of cryptographic protocol design”. Y.

Sign up to vote on this title

UsefulNot usefulZero Knowledge proofs

Zero Knowledge proofs

- 9803007v4by Ubiratã Pereira de Souza
- Evidence+assignment+1by Anonymous nlPRH8UVp
- Refrigerated Transport Co., Inc. And Osborn Transportation, Inc. v. Interstate Commerce Commission and the United States of America, 686 F.2d 881, 11th Cir. (1982)by Scribd Government Docs
- Number Theory and Cryptographyby pramod_bdvt

- hidden data in PE file secret messages.pdfby Elsa Cristina David
- Circumstantial Evidenceby Gunjan Jhamb
- United States v. Richard P. Santoro, Also Known as Rick, Michael Ploshnick Keith Nelson Scott Shay Sameh Sherabi, Also Known as Sam Daniel McGann Victor Vega Edward Cespedes Joseph Dortona Franco Dortona Charles T. Heehler John Nalick Meyers Pollock Robbins, Inc., 302 F.3d 76, 2d Cir. (2002)by Scribd Government Docs
- Herrera vs Alba Digestby Paolo Adalem

- Zero KnowledgeProofsII
- QKD_abhi
- How to Decrypt 802
- Admissibility of Evidence
- Circumstantial Evidence or Indirect Evidence
- is.doc
- final_P12
- What Is
- McCoy v. Whirlpool Corp, 10th Cir. (2008)
- Evidence Sept 1
- Department of Labor
- People vs Sandiganbayan
- 9803007v4
- Evidence+assignment+1
- Refrigerated Transport Co., Inc. And Osborn Transportation, Inc. v. Interstate Commerce Commission and the United States of America, 686 F.2d 881, 11th Cir. (1982)
- Number Theory and Cryptography
- Santioque v Calma
- 16.6.05 Hearsay _A MacDonald QC
- Lambros_D._Callimahos_Part_2
- Salazar vs People
- hidden data in PE file secret messages.pdf
- Circumstantial Evidence
- United States v. Richard P. Santoro, Also Known as Rick, Michael Ploshnick Keith Nelson Scott Shay Sameh Sherabi, Also Known as Sam Daniel McGann Victor Vega Edward Cespedes Joseph Dortona Franco Dortona Charles T. Heehler John Nalick Meyers Pollock Robbins, Inc., 302 F.3d 76, 2d Cir. (2002)
- Herrera vs Alba Digest
- RFC3711
- McGachey v Air Force09-3304c
- Dotcom & Ors v USA Disclosure)
- 180418.PDF(Manuel Bakunawa)
- United States v. John F. Williams, 11th Cir. (2014)
- Ang Tibay vs. CIR
- Zero Knowledge Proofs

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

We've moved you to where you read on your other device.

Get the full title to continue

Get the full title to continue reading from where you left off, or restart the preview.

scribd