142 views

Uploaded by bregajalma

- VPN
- AN INNOVATIVE IDEA FOR PUBLIC KEY METHOD OF STEGANOGRAPHY
- Paper on Stego_audio
- Credit Card Encryption in SAP Environments
- 5.Implementation of Cryptography Using Pc With RF(1)
- Network security1
- SS-V
- Cybersecurity_Course_Outline_vs.3FINALhr.pdf
- DNA Computing Network Security
- An Efficient Data Sharing Technique in the Cloud an EDST
- What is Steganography
- 30 Cryptography
- Module7.1.pptx
- Zero Knowledge Protocols and Proof Systems
- Information Security in Health Care Centre Using Cryptography and Steganography
- IEEEPRO TECHNO SOLUTIONS -IEEE DOTNET PROJECT - VABKS Verifiable Attribute-based Keyword Search Over Outsourced Encrypted Data
- M.SC IT
- Notes on Intel
- ECES
- wireless comm systems1

You are on page 1of 16

Alma Bregaj

oWHAT IS ZERO KNOWLEDGE PROOF?

INFORMALLY, A ZERO-KNOWLEDGE PROOF IS A PROCEDURE THAT

ALLOWS ALICE TO CONVINCE BOB THAT A CERTAIN FACT IS TRUE

WITHOUT GIVING BOB ANY INFORMATION THAT WOULD LET BOB

CONVINCE OTHER PEOPLE THAT THE FACT IS TRUE.

PROOF PROTOCOL. AN INTERACTIVE PROOF PROTOCOL IS ONE THAT

AUTHENTICATES A PROVER TO A VERIFIER USING CHALLENGE-

RESPONSE MECHANISM. IN THIS KIND, THE VERIFIER CAN ACCEPT OR

REJECT THE PROVER AT THE END OF THEIR COMMUNICATION.

NOTION OF ZERO-KNOWLEDGE PROOF IN 1985.

ABSTRACT EXAMPLE (ALI BABA’S CAVE)

Alice is the the prover of the statement and Bob the verifier.

Alice can prove that she knows the word to open the door without

telling it to Bob.

•Bob enters the cave and shouts the name of the path he wants her

to use to return, either A or B, chosen at random.

•If she relly knows the magic word she will open the door and if

.

neccesary ,returns along the desired path.

•If she did not know the word the probability is 50% to return along

the desired path.To convince Bob they repeat this trick n-times (n

is large number).

APPLICATIONS

Research in zero-knowledge proofs has been motivated by authentication

systems where one party wants to prove its identity to a second party via

some secret information (such as a password) but doesn't want the second

party to learn anything about this secret. This is called a "zero-knowledge

proof of knowledge".

cryptographic protocols is to enforce honest behavior while maintaining

privacy. The idea is to force a user to prove, using a zero-knowledge proof,

that its behavior is correct according to the protocol.

e-voting, watermark verification, etc.

PROPERTIES OF ZERO-KNOWLEDGE PROOFS

convinced of this fact by an honest prover.

the honest verifier that it is true, except with some small probability.

anything other than this fact. This is formalized by showing that every

cheating verifier has some simulator that, given only the statement to be

proven , can produce a transcript that "looks like" an interaction between

the honest prover and the cheating verifier.

ADVANTAGES OF ZERO-KNOWLEDGE PROOFS

about prover’s secret s , he cannot impersonate the prover to a third

person. Also the prover cannot cheat the verifier with several iterations of

the protocol.

its interactive proofs nature. The costly computation related to encryption

is avoided.

with continuous use as no information about the secret is divulged.

various mathematical problems like discrete logarithms and integer

factorization

ZERO KNOWLEDGE PROTOCOLS

the information or secret itself during the protocol, or to any

eavesdropper.

The Fiat-Shamir protocol is the first practical zero-knowledge protocol

with cryptographic applications and is based on the difficulty of factoring.

A more common variation of the Fiat-Shamir protocol is the Feige-Fiat-

Shamir scheme ,Guillou and Quisquater further improved Fiat-Shamir's

protocol in terms of memory requirements and interaction (the number of

rounds in the protocol).

FIAT-SHAMIR IDENTIFICATION PROTOCOL

FIAT-SHAMIR AUTHENTICATION WITH

ARTIFICIALLY SMALL PARAMETERS

We know:

p = 3, q = 7 ⇒ n = 21 is the module.

v=4

s2 · v ≡ 1 mod 21 ⇒ 16 · 4 ≡ 1 mod 21 ⇒ s2 = 16 ⇒ s = 4 is

A’s secret.

Public elements: n = 21, ID, z, v = 4

Normal authentication

A knows s = 4, B knows v = 4

A chooses r = 5 and sends x = r2 mod n = 25 mod 21 = 4

If B chooses b = 1, A answers with y = r·s = 5·4 = 20

If B chooses b = 0, A answers with y = 5

In case b = 1, B verifies ≡ x/v (mod n) ⇒ = 400 ≡ 1 ≡ x/v =

4/4 = 1 OK

In case b = 0, B verifies ≡ x (mod n) ⇒ = 25 ≡ 4 ≡ x = 4 OK

(CONTINUED)FIAT-SHAMIR AUTHENTICATION

WITH ARTIFICIALLY SMALL PARAMETERS

Attacker A* doesn’t know s = 4:

Since no roots can be calculated (because p and q are unknown), he must

assume what the next b will be.

Assumption b = 1:

B wants to see ≡ x/v. A* will select y and calculate x. He can’t select x due

to the square root which he can’t calculate.

So: A* chooses y = 2 and 4 ≡ x/4 ⇒ x = 16 and transmits it.

If b = 1 indeed, then the protocol round is completed successfully.

If b = 0, then B will expect = x. A* can’t calculate that due to root

Assumption b=0:

B expects ≡ x. A must select y and since y = r mod n and x = mod n, he

must select r.

Let’s say r = 7. A* sends x = = 49 ≡ 7 mod 21.

If b = 0 indeed, y = r = 7 and = 49 ≡ 7 = x OK.

But if b=1, he would have to calculate y such that ≡ x/v ⇒ ≡ 7/4, which is

impossible.

probability of 50%. The protocol requires several rounds till it’s

complete, so, with every additional round, the probability of

success for an attacker decreases rapidly.

FEIGE-FIAT-SHAMIR IDENTIFICATION

PROTOCOL

FEIGE-FIAT-SHAMIR PROTOCOL WITH

ARTIFICIALLY SMALL PARAMETERS

T selects p=683,q=811 and publishes n=pq=553913

Integers k=3 and t=1 are defied as security

parameters.

Alice:

Selects 3 random integers , and 3 bits .

Computes with .

Alice’s public key is (441845,338402,124425,553913) and

private key is (157,43215,4646).

Alice selects r=1279,c=1 and compute x=2598 and

sends this to Bob.

Bob sends to A the 3-bit vector (0,0,1)

Alice computes and sends to Bob y=r

Bob computes and accepts Alice’s identity since z=+x

and z=0.

GUILLOU QUISQUATER PROTOCOL

REAL-TIME APPLICATIONS OF ZERO-

KNOWLEDGE PROOFS

voting, watermark verification, etc. Here, a few of them are mentioned:

show the presence of watermark in the image without actually revealing it

.This prevents any malicious user from removing the watermark and reselling

multiple copies of duplicate watermark. Kinoshita Hirotsugu uses zero

knowledge interactive proofs based on Digital Signatures to assert ownership

on an image.

Directv descrambler used to authenticate the subscriber’s card. This uses Fiat-

Shamir Zero Knowledge Protocol. The subscriber center holds the public key,

secret key and the address while the card holds the public key and address.

Every few seconds, the center requests all the cards to authenticate

themselves. Each card which is valid has the algorithm for some function F(x)

in its ROM while the data for F(x) is in EEPROM. As described earlier in Fiat-

Shamir protocol, virtually no knowledge is transferred between F(x) and

EEPROM

proposed secure computing environment to use zero knowledge proofing

techniques to verify authenticity of services and code.

REFERENCES

Wikipedia,

A Mitropoulos, and H. Meijer, “ Zero-knowledge proofs – a survey”

Gaurav Gain, “ Zero-knowledge proofs: A Survey”

Oren, Y., “ Properties of Zero-knowledge Proofs”.

MarkStamp,“NGSCB”,http://www.cs.sjsu.edu/faculty/stamp/CS165/my_ppt/4b_NGS

CB.ppt

J. -J. Quisquater, L. Gullou, and T Berson, “How to explain zero-knowledge protocols

to a children”

K. Gopalakrishnan, and Nasir Memon, “Protocols for watermark Verification”

www.cs.ecu.edu/~gopal/water.ps

Wenbo Mao, Modern Cryptography theory and practice

Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, “Handbook of Applied

Cryptography”

THANK YOU !

- VPNUploaded bykiransawant11
- AN INNOVATIVE IDEA FOR PUBLIC KEY METHOD OF STEGANOGRAPHYUploaded byJournal 4 Research
- Paper on Stego_audioUploaded byOlawole
- Credit Card Encryption in SAP EnvironmentsUploaded bymdunjic
- 5.Implementation of Cryptography Using Pc With RF(1)Uploaded byDasari Madhukrishna
- Network security1Uploaded byapi-19799369
- SS-VUploaded byAnkit Komar
- Cybersecurity_Course_Outline_vs.3FINALhr.pdfUploaded byiikh3ans
- DNA Computing Network SecurityUploaded byToaster97
- An Efficient Data Sharing Technique in the Cloud an EDSTUploaded byEditor IJRITCC
- What is SteganographyUploaded bySushant
- 30 CryptographyUploaded bycable
- Module7.1.pptxUploaded byHarpreet Singh
- Zero Knowledge Protocols and Proof SystemsUploaded byAbhijeet Anil Adsod
- Information Security in Health Care Centre Using Cryptography and SteganographyUploaded byAZOJETE
- IEEEPRO TECHNO SOLUTIONS -IEEE DOTNET PROJECT - VABKS Verifiable Attribute-based Keyword Search Over Outsourced Encrypted DataUploaded bysrinivasan
- M.SC ITUploaded bymmmmaran4u
- Notes on IntelUploaded byGeb Galagala
- ECESUploaded bynikhil
- wireless comm systems1Uploaded byabdulsahib
- Securing the Internet of ThingsUploaded byAli Eren
- Manet (Mobile Ad Hoc Networks)Uploaded byHimanshu Pathak
- Efficient Personalized Privacy Preservation Using AnonymizationUploaded byIRJET Journal
- STEGNOGRAPHYUploaded byManish Aeron
- seminar07_EnergeticStabilityUploaded byAndrei Cioroianu
- 051021Uploaded bysriashokcute
- presentation on Cyber SecurityUploaded byjibintbabu
- Assign 10Uploaded byPrateek Srivastava
- Paper 16-Efficient Threshold Signature SchemeUploaded byEditor IJACSA
- V2I11-IJERTV2IS111130Uploaded byNandha Kumar

- Barracuda Backup Administrator's Guide v42Uploaded byLuis Garcia Torre
- MyBatis 3 User GuideUploaded byabalderasr
- GBB Ready Uses Cases - Azure Advanced Workloads for Vertical Industry v2Uploaded byGerardo Reyes Ortiz
- RTU3Uploaded bycondorito10
- SRG-1150DN-EUploaded bysrinu1984
- Leanstacks Marionette SpringUploaded byxono10101
- Powered By osCommerceUploaded byRezdwan Hamid
- tnt conferenceUploaded byapi-238002194
- tancar antivirusUploaded byDavid Badosa Puig
- Acer Aspire 4253 (Quanta ZQG).pdfUploaded byIrsan Aditya Irsan
- Preethi ResumeUploaded byHarikrishnan Shunmugam
- Sap Basis Made EasyUploaded bySelva Kumar
- arvind babu rs lesson plan ii 11 2 2016Uploaded byapi-308798004
- Voip Iptel Introduction SRK1Uploaded bydoraemon007
- P Dileep ResumeUploaded byWaqaruddin
- WIRELESS COMMUNICATIONS AND MOBILE TECHNOLOGYUploaded bymycatalysts
- Network Functions Virtualisation (NFV) Release 2; Acceleration Technologies; VNF Interfaces Specification.pdfUploaded byscolic76
- GmailUploaded byJahnavi Singh
- ShineNet Manuale Utente ENGUploaded byhendra20
- Ruchika Kolkata EscortsUploaded byruchikaarora
- SiemensUploaded byAbhishek Chaubey
- 18427434 Modicon Quantum CatalogueUploaded bykiranasc
- CIO Information Technology Director CTO in New York City Resume Dilip KulkarniUploaded byDilipKulkarni2
- SFT0088-Cryptography-and-Network-Security-Assignment - Copy.docxUploaded byCee Kay MuZiK
- 177-Glimmer.docxUploaded byWawan Dermawan
- pmUploaded byAnwar Ashraf Ashrafi
- ofdm codeUploaded byApeksha Tejwani
- Writing Your Formal EmailUploaded bychemamedina
- ING5 Ficha1 Prof.ritaUploaded byAna Rita Valente Valente
- Op ClinkUploaded byIveth Ivana Fernandez Apaza