Cryptography Project Report
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for
Distributed Systems
Vaishnavi C Shubin
B190653EC
Abstract
Security has always been a major concern in most net-
works and distributed systems, and authentication is
the central issue because it protects against unautho-
rised use and ensures the system’s proper operation.
This paper investigates and proposes DS-NIZKP, a
method for authenticating users using three factors
(password, smart-card, and biometrics) based on the
Zero Knowledge Proof (ZKP) concept, so that no
sensitive information is revealed during a communi-
cation. The proposal makes use of the digital signa-
ture (DS) concept to verify the identity of the sender
or signer within a single communication. Because
DS uses asymmetric encryption, a one-way hash of
the user’s identity is generated and signed with the
private key.Hashing prevents information about the
user from being revealed, whereas signing provides
authentication, non-repudiation, and integrity. This
approach not only saves time by requiring only a sin-
gle message between the prover and the verifier, but it
also protects the user’s privacy in distributed systems.
1 Introduction
A distributed system is a group of autonomous computer sys-
tems that are physically separated but linked by a centralised
computer network that is outfitted with distributed system
software. The autonomous computers will communicate with
one another by sharing resources and files and carrying out
the tasks that have been assigned to them.One of the most
critical issues in distributed systems is security. When data is
spread across multiple networks or information is transferred
over public networks, it becomes vulnerable to attacks.. Au-
thentication of local and remote entities in the system is a
critical concern when developing a secure distributed system.
Authentication is a process in which a node (or user) provides
some form of proof of his identity in order to access the sys-
tem where he had previously registered for an account. This
entails demonstrating that he is the same user who created the
account. Authentication is simply identification plus verifi-
cation. A proof of identity can be any piece of information
accepted by an authentication server: something users own,
something they know, or something they are. It is also critical
that no authentication information leaks while authenticating
a user in order to prevent a third party from impersonating
the user.Zero knowledge protocols can be used to improve on
this.
Jhansy Harshitha
B190628EC
This project paper focuses on authentication and proposes a
ZKP-based authentication mechanism for use in distributed
systems.
2 Zero Knowledge Proof (ZKP)
Zero Knowledge Proof (ZKP) is a protocol which enables one
party (the prover) to demonstrate knowledge of a certain secret
to another party (the verifier) without revealing any informa-
tion about the secret itself.A ZKP must satisfy three major re-
quirements: completeness, soundness, and zero-knowledge.
Completeness means that a prover P can always successfully
complete the proof for any valid input (i.e. the verifier ac-
cepts the prover’s claim). Soundness ensures that no mali-
cious prover P can build a valid proof system (i.e., no prover
can ever persuade the verifier if its claim is false). Zero-
knowledge ensures that no malicious verifier V can derive
additional knowledge from the interaction (i.e. the verifier
cannot learn anything other than the fact).
ZKP algorithms are classified into two types:
1. Interactive ZKPs: Interactive ZKP algorithms involve a
series of mathematical challenges which the receiving
party must satisfy, which implies a very high communi-
cation cost.
2. Non-Interactive ZKPs: Non-Interactive ZKP algorithms
do not involve any interaction between the parties in-
volved, or the verification process occurs at a later stage.
This necessitates the use of more computing resources.
Only one message is required to verify the user’s identity.
In this project, node authentication is carried out using an
NIZKP-based approach and a digital signature known as DS-
NIZKP.This method makes use of a digital signature with a
hash function to provide zero knowledge authentication of
both the sender and the message.
3 Digital signature
A digital signature is an authentication mechanism that allows
the message’s creator to attach a code that serves as a signature.
Typically, the signature is created by taking the message’s hash
and encrypting it with the creator’s private key. Asymmetric
encryption is used in digital signatures, which typically consist
of three algorithms:
1. A key generation algorithm: generates private key and
public key for a signer
 2. A signing algorithm: Non-Interactive ZKP algorithms do
not involve any interaction between the parties involved,
or the verification process occurs at a later stage. This
necessitates the use of more computing resources. Only
one message is required to verify the user’s identity.
3. A signature verifying algorithm: Given the message,
public key, and signature, receiving party either accepts
or rejects the message’s claim to authenticity.
4 Hash Funtion
A hash function is a function that takes a variable-length
message as input and converts it into a fixed-length output
known as a hash value or message digest. A hash function’s
primary goal is data integrity. Indeed, any change to any bit
in the message results in a change in the hash value with a
high probability. Cryptographic hash function that has three
main properties : the hash value is simple to compute for any
given input message Finding two distinct messages with the
same hash value is impossible. It is impossible to reconstruct
a message from its hash value. The Secure Hash Algorithms
(SHA) are a family of cryptographic hash functions which are
commonly used.
5 Proposed Approach
5.1 Preliminaries
The proposed scheme uses a password based authentication.
We generate a digital signature by hashing a message into a
short (fixed-length) string (via the SHA-1 algorithm) and then
applying the RSA signature scheme to the resulting hash-
value. The signature is then formed by encrypting this hash
value with the sender’s private key. The message as well as
the signature are then sent. The message is received by the
recipient, who generates a hash value. The recipient also uses
the sender’s public key to decrypt the signature.
5.1.1 RSA operation
RSA algorithm is a widely used asymmetric cryptography al-
gorithm.
Key generation: Select two large prime numbers (p and q)
Determine n = p*q and z = (p-1)(q-1) Select a number e where
1 ¡e¡ z Determine d = e-1mod (p-1)(q-1) You can package a
private key pair as (n,d) and public key pair as (n,e).
Encryption/Decryption Function: After generating the
keys, you pass the parameters to the functions that compute
the ciphertext and plaintext using the appropriate key.
If the plaintext is m, then the ciphertext = me mod n. If the
ciphertext is c, the plaintext = cd mod n.
5.2 DS-NIZKP-based authentication
The proposed solution consists of 03 stages as described be-
low.
5.2.1 Stage 1: Building user’s identity (ID)
What the user knows yields id1. The identity is then hashed,
using a hash function, to obtain a digest of fixed size. Some-
thing user knows refers to password or PIN, social security
number, mother’s maiden name, pet’s name, a picture, etc
5.2.2 Stage 2: Generating user’s signature (Sign)
Encrypting each hashed component of the identity above with
the user’s private key yields the user’s signature. This encryp-
tion ensures privacy, non-repudiation, and integrity.
Sign = EPR (ID) = EPR (id1)
where E is an encryption function and PR the user’s private key
After the signature has been generated, the pair user identity
and signature, (ID, sign) is sent to the server for verification.
5.3 Stage 3: Verification of user’s information
Verification of user’s signature: The server decrypts Sign
using the user’s public key and verifies with the received ID
information .
Sign’ = DPU (Sign) = DPU (EPR(id1) )
where D is a decryption function and PU the user’s public key
6 Security analysis
The user generates, hashes, and signs its identity before sub-
mitting it to the authentication server. The server validates
the user by examining its signature. Each component of the
obtained signature Sign’ must match those of the one received
Sign for the user to be valid. The user identity ID’s validity
is clearly dependent on the validity of its signature Sign as
well as the validity of each of its components . As a result,
if the server is honest, it will easily detect the invalid identity.
As a result, the ZKP completeness and soudness property is
satisfied.
Before sending personal information to the server, DS-NIZKP
uses a cryptographic hash function to disguise it. Hash func-
tions have the property of making recovering a message from
its hash value impossible (one way functions; which means
they cannot be reversed). So the authentication server receives
only the values required to individually prove the validity of
the user’s identity, but the user does not send any value to the
server in order for the server to reveal the value of an identity.
As a result, the protocol’s zero-knowledge property is satis-
fied.
The SHA-1 family algorithms we chose are intended to pro-
vide unique properties such as resistance to collision, pre-
image, and second pre-image attacks. As a result, the pro-
posal is immune to common cryptographic operations-based
attacks (such as identity theft and Man in the Middle attacks),
because its security is supported by NIZKP and is based on
digital signatures, current standard hashing, and encryption.
7 Conclusion
DS-NIZKP just requires one factor for user authentication.
Each user can self-generate a number of authorised identities
to demonstrate his or her legal status when connecting with
peer users, service providers, or other infrastructure thanks
to the system’s non-interactive ZKP and homomorphic en-
cryption design. Digital signatures have been used to apply
the ZKP principle and safeguard user privacy. The proposed
method is more straightforward because there is only one mes-
sage required, as opposed to the interaction between the prover
and the verifier in normal ZKP systems.
References
[1] DS-NIZKP: A ZKP-based Strong Authentication using
Digital Signature for Distributed Systems ”International
Journal of Computer Science and Information Security
(IJCSIS)” Vol. 16, No. 6, June 2018

[2] Thomas Y .C. Woo and Simon S. Lam, Authentication

for Distributed Systems, In Internet Besieged: Countering
Cyberspace Scofflaws. 1997. ACM Press and Addison-
Wesley.

[3] Gerardo I. Simar, A Primer on Zero Knowledge

Protocols, Universidad Nacional del Sur, 2002