This preview shows page 1. Sign up to view the full content.
Unformatted text preview: erfect. There is a simulator that gives transcripts identically distributed to real transcripts (the Hamiltonian cycle and graph isomorphism examples). — Statistical. There is a simulator that gives transcripts identically distributed to real transcripts, except for some constant number of exceptions. — Computational. There is a simulator that gives transcripts indistinguishable from real transcripts. — No-use. A simulator may not exist, but we can prove that Victor will not learn any polynomial amount of information from the proof (the parallel example). Over the years, extensive work, both theoretical and applied, has been done on minimum-disclosure and zero-knowledge proofs. Mike Burmester and Yvo Desmedt invented broadcast interactive proofs, where one prover can broadcast a zero-knowledge interactive proof to a large group of verifiers . Cryptographers proved that everything that can be proven with an interactive proof can also be proven with a zero-knowledge interactive proof [753,137]. A good survey article on the topic is . For additional mathematical details, variations, protocols, and applications, consult [590,619,240,319,620,113,241,1528,660,238,591,617,510,592,214,104,216,832, 97,939,622,482,615,618,215,476,71]. A lot has been written on this subject. 5.2 Zero-Knowledge Proofs of Identity
In the real world, we often use physical tokens as proofs of identity: passports, driver’s licenses, credit cards, and so on. The token contains something that links it to a person: a picture, usually, or a signature, but it could almost as easily be a thumbprint, a retinal scan, or a dental x-ray. Wouldn’t it be nice to do the same thing digitally? Using zero-knowledge proofs as proofs of identity was first proposed by Uriel Feige, Amos Fiat, and Adi Shamir [566,567]. Alice’s private key becomes a function of her “identity.” Using a zero-knowledge proof, she proves that she knows her private key and therefore proves her identity. Algorithms for thi...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10