Upload
shanon-stokes
View
213
Download
1
Tags:
Embed Size (px)
Citation preview
Presented by:Presented by:Suparita Parakarn 50-7038-103-2Kinzang Wangdi 51-7018-007-8
Research Report PresentationResearch Report Presentation
Computer Network SecurityComputer Network Security
IntroductionProperties of Zero-Knowledge ProofsClassic Example of Zero-KnowledgeFiat-Shamir protocolInteractive Proof What Attacker can do?Secrecy of Zero Knowledge Conclusion
Shafi Goldwasser, Silvio Micali, Charles Rackoff put forward the basic idea of Zero Knowledge Proof in 1985Zero Knowledge protocol is an instance of interactive proof protocolZero Knowledge Protocol overcomes major concerns of password based authentication
Verifier knows some information about one who proves (prover)
Zero Knowledge protocol is to enable the prover convince the verifier that the prover knows secret without revealing the secret itself.
Protocols are mostly based on probabilistic
Proof hold good with high probability of successNot necessarily absolute
Verifier may accept or reject the proof after exchanging multiples messagesThe probability of errors can be reduced with increasing the number of challenges and responses
Zero Knowledge protocols derived their properties from interactive proof protocolsCompleteness
The protocol is consider complete, if it succeeds with a very high probability for an honest verifier and honest prover
SoundnessIf the fact is false, the verifier rejects the proof
Alice wants to prove to Bob that she knows how to open the secret door between R and S.
Bob goes to PAlice goes to R or SBob goes to Q and tells Alice to come from one side or the other of the caveIf Alice knows the secret, she can appear from the correct side of the cave every time
Bob repeats as many times until he believe Alice knows to open the secret doorNote that Bob doesn’t know which path she has gone down
Bob’s CaveBob’s Cave
Suppose Alice doesn’t know the secret word, then she would be able to come back by the named path if Bob were to name the same path that she entered bySince Bob will name the path at random, he will have 50% chances of getting the right pathIf they repeats this tricks many times, her chances of returning from Bob’s named path becomes very smallBut if Alice reliably appears from the Bob’s named path, he can conclude that she is likely to know the secret word to open the magic door.From Bob’s Cave indicates that a zero knowledge proof is possible in principle
Can we achieve the same effect without the cave?
Zero knowledge transfer Verifier does not learn any thing about prover’s secret SVerifier cannot impersonate prover to a third personProver cannot cheat the verifier with several iterations of the protocol
EfficiencyComputational efficiency is due to its interactive proofs natureCostly computation related to encryption are avoided
DegradationThe security of protocol itself does not get degraded with continuous use as no information about the secret is made known
If public keys are used for authentication both the parties should know public keyIf one party does not know others public key, then they should send certificate. In the certificate, owner’s identity is revealedZero Knowledge Proof allow authentication with secrecy of identityIn Fiat-Shamir protocol, both party knows public value v, but there is nothing in v that identifies both the party
Watermark verificationIt is very important to show the presence of watermark in the image without actually revealing it This prevents any malicious user from removing the watermark and reselling multiple copies of duplicate watermark
NGSCBNext Generation Secure Computing Base (NGSCB) is Microsoft’s proposed secure computing environment to use zero knowledge proofing techniques to verify authenticity of services and code
Special case of interactive proofsZero knowledge proofs offer a way to prove knowledge to someone without transferring any additional knowledge to that person