Zero%20Knowledge%20Proof%20Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Zero%20Knowledge%20Proof%20Systems

Description:

Suppose we test Peggy 10 times and she comes out the correct side. ... asks Peggy to supply a square root of it. He then checks that it is an actual square root. ... – PowerPoint PPT presentation

Number of Views:266
Avg rating:3.0/5.0
Slides: 15
Provided by: josephar1
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: Zero%20Knowledge%20Proof%20Systems


1
Zero Knowledge Proof Systems
  • Joseph John Armbruster IV

2
Zero Knowledge Proofs
  • Allow one person to convince another person of
    some fact without ever revealing any information
    about the proof.
  • Are NOT proofs in a strict mathematical sense.
  • Provide overwhelming evidence towards the truth
    of a statement

3
Interactive Proof Systems
  • Challenge / Response
  • Peggy The Prover
  • Vic The Verifier
  • Peggy wishes to prove a statements truth to Vic
  • Peggy and Vic will communicate via a series of
    Rounds in a Challenge / Response manner
  • If Peggy can give a successful reply to all of
    Vics challenges, Vic accepts the truth of
    Peggys statement

4
Interactive Proof Systems
  • How does the Proof go?
  • Peggy makes a claim
  • Vic will challenge Peggy
  • Peggy will respond
  • Vic will accept or reject the response (end or
    ret. ii)
  • After N rounds (where N is determined by Vic),
    Vic will accept or reject Peggys claim.

5
Zero Knowledge Tunnel Example
I can go through the door
Prove it!
Here I am.
Come out to the left.
OK, you succeed.
Come out to the left.
Here I am.
OK, you succeed.
Here I am.
Come out to the right.
Ok. You fail!
Locked Door
Observation Point
6
Tunnel Observations
  • Peggy must choose the left or right side
  • 50 chance of fooling Vic !
  • Suppose we test Peggy 10 times and she comes out
    the correct side.
  • There is one chance in 210 that Peggy does not
    know how to go through the door.
  • Victor is therefore convinced she can (although
    he can keep on testing for further verification)

7
Other Tunnel Observations
  • What if someone was watching?
  • Are they convinced Peggy can go through the door?
  • NO, Peggy and Victor could have planned the
    sequence of lefts and rights ahead of time
  • Is there ever a proof?
  • Not in the strict mathematical sense.
  • There is overwhelming evidence obtained through a
    series of challenges and responses. Note This
    is how a Zero Knowledge proof works

8
Zero Knowledge Technique 1
  • Let N be the product of two primes, P and Q
  • Let Y be a square mod N with gcd(Y,N)1
  • Note Finding square roots modulo N is equivalent
    to factoring N
  • Peggy Claims to know a square root S of Y.
  • Victor wants to verify this, but Peggy does not
    want to reveal S!

9
Zero Knowledge Technique 1
  • Peggy chooses two random numbers R1, R2 with
    (R1)(R2) S (mod N )
  • Note R1 is chosen at Random with gcd(R1,N)1
  • and she lets R2 (S) (invR1)
  • Peggy Computes
  • X1R12 (mod N) and X2R22 (mod N)
  • Peggy Sends X1 and X2 to Victor

10
Zero Knowledge Technique 1
  • Victor checks that (X1)(X2)Y (mod N)
  • Victor randomly chooses X1 or X2 and asks Peggy
    to supply a square root of it. He then checks
    that it is an actual square root.
  • These steps are repeated until Victor is convinced

11
Zero Knowledge Technique 1
  • What if Peggy does not know the square root of Y?
  • She sends Victor X1 and X2 with (X1)(X2)Y
  • IF she knows the square root of Y, THEN she knows
    the square roots of X1 and X2.
  • IF she does not know the square root of Y, THEN
    it is still possible for her to know the square
    root of ONE of X1 and X2, but not both.

12
Zero Knowledge in Practice
  • Identification Schemes
  • Is it possible for Alice to identify herself to
    Bob without giving away her identifying
    information.
  • Examples
  • Feige-Fiat-Shamir Identification (FFS) Reduces
    the number of communications between Peggy and
    Victor. This is used as a general purpose
    Identification scheme.
  • Schnorr Identification The most attractive
    scheme. Requires a Trusted Authority (TA) to
    produce an ID which contains personal information.

13
Zero Knowledge In Practice
  • Okamoto Identification Scheme A modified
    Schnorr method which has been proven to be
    secure.
  • Guillou-Quisquater Scheme Identification scheme
    built upon RSA. This scheme has not been proven
    to be secure (even assuming the RSA cryptosystem
    is secure!) Like RSA, this method is a
    computationally intensive.

14
Homework
  • Questions or comments?
  • Does everyone understand what the questions are
    looking for?
Write a Comment
User Comments (0)
About PowerShow.com