Professional Documents
Culture Documents
Zero Knowledge Proofs: by Subha Rajagopalan Jaisheela Kandagal
Zero Knowledge Proofs: by Subha Rajagopalan Jaisheela Kandagal
By
Subha Rajagopalan
Jaisheela Kandagal
Zero Knowledge Proofs
• Introduction
• Properties of ZKP
• Advantages of ZKP
• Examples
• Fiat-Shamir Identification Protocol
• Real-Time Applications
Zero Knowledge Proofs (ZKP)
• Completeness
– Succeeds with high probability for a true
assertion given an honest verifier and an honest
prover.
• Soundness
– Fails for any other false assertion, given a
dishonest prover and an honest verifier
Advantages of ZKP
(source: http://www.rsasecurity.com/rsalabs/faq/2-1-8.html)
Fiat-Shamir Identification Protocol
• 3 Message Protocol
• Alice A, the Prover and Bob B, the Verifier
A B : x = r2 mod n
A B : e { 0,1}
A B : y = r * se mod n is y2 = x * ve ?
• A random modulus n, product of two large prime numbers p and q generated by a trusted party
and made public
• Prover chooses secret s relatively prime to n
• prover computes v = s2 mod n, where v is the public key
Fiat-Shamir Identification Protocol
• Watermark Verification
– Show the presence of watermark without
revealing information about it
– prevents from removing the watermark and
reselling multiple duplicate copies
• Others – e-voting, e-cash etc.
Products
• Sky’s VideoCrypt
– Analogue decoding card for satellite DirecTV
descrambler used to authenticate the
subscriber’s card
– Uses Fiat-Shamir Zero Knowledge Protocol
• NGSCB – New Generation Secure Computing
Base
– Zero Knowledge for code attestations
References
[1] Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone,
Handbook of Applied Cryptography.
[2] Ross Anderson, Security Engineering
[3] Wenbo Mao, Modern Cryptography theory and practice
[4] Don Coppersmith (Ed.), Advances in Cryptology- CRYPTO ’95
Lecture Notes in Computer Science.
[5] www.rsa.com
[6] Oded Goldreich, Silvio Micali and Avi Wigderson, “ Proofs that
yield nothing but their validity and a methodology of
cryptographic protocol design”.
[7] Oren, Y., “ Properties of Zero-knowledge Proofs”.
[8] A Mitropoulos, and H. Meijer, “ Zero-knowledge proofs – a
survey”.