This preview shows page 1. Sign up to view the full content.
Unformatted text preview: t, she can provide either proof in step (4) to Victor. However, if she does not know a Hamiltonian cycle for G, she cannot create an encrypted graph H´ which can meet both challenges. The best she can do is to create a graph that is either isomorphic to G or one that has the same number of points and lines and a valid Hamiltonian cycle. While she has a 50 percent chance of guessing which proof Victor will ask her to perform in step (3), Victor can repeat the protocol enough times to convince himself that Peggy knows a Hamiltonian cycle for G. Parallel ZeroKnowledge Proofs
The basic zeroknowledge protocol involves n exchanges between Peggy and Victor. Why not do them all in parallel: (1) Peggy uses her information and n random numbers to transform the hard problem into n different isomorphic problems. She then uses her information and the random numbers to solve the n new hard problems. (2) Peggy commits to the solution of the n new hard problems. (3) Peggy reveals to Victor the n new hard problems. Victor cannot use these new problems to get any information about the original problems or its solutions. (4) For each of the n new hard problems, Victor asks Peggy either to: (a) prove to him that the old and new problems are isomorphic, or (b) open the solution she committed to in step (2) and prove that it is a solution to the new problem. (5) Peggy complies for each of the n new hard problems. Unfortunately, it’s not that simple. This protocol does not have the same zeroknowledge properties as the previous protocol. In step (4), Victor can choose the challenges as a oneway hash of all the values committed to in the second step, thus making the transcript nonsimulatable. It is still zeroknowledge, but of a different sort. It seems to be secure in practice, but no one knows how to prove it. We do know that in certain circumstances, certain protocols for certain problems can be run in parallel while retaining their zeroknowledge property [247,106,546,616]. Previous Table of Contents Next Products  Co...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details