Zero Knowledge Protocols and Proof Systems
Zero-knowledge protocols allow identification, key exchange and other basic cryptographic operations to be implemented without leaking any secret information during the conversation and with smaller computational requirements than using comparable public key protocols. Thus Zero-knowledge protocols seem very attractive especially in smart card and embedded applications. There is quite a lot written about zero-knowledge protocols in theory, but not so much practical down-to-earth material is available even though zero-knowledge techniques have been used in many applications. Some of the practical aspects of zero-knowledge protocols and related issues are discussed, in the mind-set of minimalistic practical environments. The hardware technology used in these environments is described, and resulting real-world practical problems are related to zero-knowledge protocols. A very lightweight zero knowledge protocol is outlined and its possible uses and cryptographic strengths and weaknesses are analyzed.
ZERO-KNOWLEDGE PROTOCOL BASICS
Zero-knowledge protocols, as their name says, are cryptographic protocols which do not reveal the information or secret itself during the protocol, or to any eavesdropper. They have some very interesting properties, e.g. as the secret itself (e.g. your identity) is not transferred to the verifying party, they cannot try to masquerade as you to any third party.
Although Zero-knowledge protocols look a bit unusual, most usual cryptographic problems can be solved by using them, as well as with public key cryptography. For some applications, like key exchange (for later normal cheap and fast symmetric encryption on the communications link) or proving mutual identities, zero-knowledge protocols can in many occasions be a very good and suitable solution.
2.1 THE PARTIES IN A ZERO-KNOWLEDGE PROTOCOL
The following people appear in zero-knowledge protocols:
Peggy the Prover
Peggy has some information that she wants to prove to Victor, but she doesn't want to tell the secret itself to Victor.
Victor the Verifier
Victor asks Peggy a series of questions, trying to find out if Peggy really knows the secret or not. Victor does not learn anything of the secret itself, even if he would cheat or not adhere to the protocol.
Eve the Eavesdropper
Eve is listening to the conversation between Peggy and Victor. A good zero-knowledge protocol also makes sure that any third-party will not learn a thing about the secret, and will not even be able to replay it for anyone else later to convince them.