Presented by:Presented by:Suparita Parakarn 50-7038-103-2Kinzang Wangdi 51-7018-007-8

Research Report PresentationResearch Report Presentation

Computer Network SecurityComputer Network Security

IntroductionProperties of Zero-Knowledge ProofsClassic Example of Zero-KnowledgeFiat-Shamir protocolInteractive Proof What Attacker can do?Secrecy of Zero Knowledge Conclusion

Shafi Goldwasser, Silvio Micali, Charles Rackoff put forward the basic idea of Zero Knowledge Proof in 1985Zero Knowledge protocol is an instance of interactive proof protocolZero Knowledge Protocol overcomes major concerns of password based authentication

Verifier knows some information about one who proves (prover)

Zero Knowledge protocol is to enable the prover convince the verifier that the prover knows secret without revealing the secret itself.

Protocols are mostly based on probabilistic

Proof hold good with high probability of successNot necessarily absolute

Verifier may accept or reject the proof after exchanging multiples messagesThe probability of errors can be reduced with increasing the number of challenges and responses

Zero Knowledge protocols derived their properties from interactive proof protocolsCompleteness

The protocol is consider complete, if it succeeds with a very high probability for an honest verifier and honest prover

SoundnessIf the fact is false, the verifier rejects the proof

Alice wants to prove to Bob that she knows how to open the secret door between R and S.

Bob goes to PAlice goes to R or SBob goes to Q and tells Alice to come from one side or the other of the caveIf Alice knows the secret, she can appear from the correct side of the cave every time

Bob repeats as many times until he believe Alice knows to open the secret doorNote that Bob doesn’t know which path she has gone down

Bob’s CaveBob’s Cave

Suppose Alice doesn’t know the secret word, then she would be able to come back by the named path if Bob were to name the same path that she entered bySince Bob will name the path at random, he will have 50% chances of getting the right pathIf they repeats this tricks many times, her chances of returning from Bob’s named path becomes very smallBut if Alice reliably appears from the Bob’s named path, he can conclude that she is likely to know the secret word to open the magic door.From Bob’s Cave indicates that a zero knowledge proof is possible in principle

Can we achieve the same effect without the cave?

Zero knowledge transfer Verifier does not learn any thing about prover’s secret SVerifier cannot impersonate prover to a third personProver cannot cheat the verifier with several iterations of the protocol

EfficiencyComputational efficiency is due to its interactive proofs natureCostly computation related to encryption are avoided

DegradationThe security of protocol itself does not get degraded with continuous use as no information about the secret is made known

If public keys are used for authentication both the parties should know public keyIf one party does not know others public key, then they should send certificate. In the certificate, owner’s identity is revealedZero Knowledge Proof allow authentication with secrecy of identityIn Fiat-Shamir protocol, both party knows public value v, but there is nothing in v that identifies both the party

Watermark verificationIt is very important to show the presence of watermark in the image without actually revealing it This prevents any malicious user from removing the watermark and reselling multiple copies of duplicate watermark

NGSCBNext Generation Secure Computing Base (NGSCB) is Microsoft’s proposed secure computing environment to use zero knowledge proofing techniques to verify authenticity of services and code

Special case of interactive proofsZero knowledge proofs offer a way to prove knowledge to someone without transferring any additional knowledge to that person