1 / 11

Zero Knowledge Protocol

Zero Knowledge Protocol. By Mike Breeden. Basic Principle. Peggy (prover) needs to prove to Victor (verifier) that she can go through the door without telling him how she does it. Properties of Zero Knowledge. Peggy cannot cheat Victor Victor cannot cheat Peggy

vera
Download Presentation

Zero Knowledge Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Zero Knowledge Protocol By Mike Breeden

  2. Basic Principle • Peggy (prover) needs to prove to Victor (verifier) that she can go through the door without telling him how she does it.

  3. Properties of Zero Knowledge • Peggy cannot cheat Victor • Victor cannot cheat Peggy • Victor doesn’t learn anything from the protocol

  4. Different Modes • Interactive • Parallel • Off-line

  5. Technique based on primes • n = pq • Let y be a square mod n; x2≡ y (mod n) gcd(y, n) = 1 • Claim: Peggy claims to know square root s of y; s ≡ sqrt(1/y) (mod n)

  6. (continued) • Peggy chooses one random numbers r1 with gcd(r1, n) = 1 and another random number r2≡ sr1-1 • Computes x1 ≡ r12 and x2 ≡ r22 (mod n) • Send x1 and x2 to Victor

  7. (continued) • Victor checks that x1x2≡ y (mod n), then chooses x1 or x2 and asks Peggy to supply a square root of it and verifies its correctness. • These steps are repeated until Victor is satisfied.

  8. Feige-Fiat-Shamir Identification Scheme • Peggy has secret numbers s1,…,sk. gcd(si,n) = 1 • vi≡ si-2 (mod n). vi are sent to Victor

  9. Feige-Fiat-Shamir Procedure • Peggy chooses random integer r, x ≡ r2 (mod n). x is sent to Victor. • Victor chooses b1, …, bk with bi є {0,1} and send them to Peggy • Peggy computes y ≡rs1b1s2b2…skbk (mod n) and send y to Victor • Victor verifies x ≡ y2v1b1v2b2…vkbk (mod n) • Steps are repeated several times with different r

  10. Attacks on Zero Knowledge • Man-in-the-middle: • Chess Grandmaster Problem • Mafia Fraud

  11. References • Aronsson Hannu A. Zero Knowledge Protocols and Small Systems. 1995. http://www.tcm.hut.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html. • Schneier, Bruce. Applied Cryptography. 2nd Edition. John Wiley & Sons, Inc. 1996. 101-111. • Trappe, Wade and Lawrence C. Washington. Introduction to Cryptography with Coding Theory. Prentice Hall. 2002. 228 – 233.

More Related